Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Dozens of Pop-ups + PC slow!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Dozens of Pop-ups + PC slow!

Unread postby Marcelo Almeida » November 15th, 2014, 10:55 am

Hello, guys.

It's been a week my laptop has been showing some pop-ups on any website I visit and I can't fix it. On top of that, it has become considerably slow. Here are my FRST64 logs! Thanks in advance.

P.S I had do deactivate my Norton anti-virus to run the FRST64.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Marcelo Almeida (administrator) on MARCELO on 15-11-2014 11:50:12
Running from C:\Users\Marcelo Almeida\Desktop
Loaded Profile: Marcelo Almeida (Available profiles: Marcelo Almeida)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BavSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BHipsSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\bavhm.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BavTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\Start Savin\FrameworkEngine.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
() C:\Program Files (x86)\Start Savin\FrameworkEngine.exe
() C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
() C:\Program Files (x86)\AppEnable\updateAppEnable.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Dropbox, Inc.) C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\AppEnable\bin\utilAppEnable.exe
() C:\Program Files (x86)\AppEnable\bin\AppEnable.PurBrowse64.exe
() C:\Program Files (x86)\AppEnable\bin\AppEnable.BrowserAdapter.exe
() C:\Program Files (x86)\AppEnable\bin\AppEnable.BrowserAdapter64.exe
() C:\Program Files (x86)\AppEnable\bin\AppEnable.BOASHelper.exe
() C:\Program Files (x86)\AppEnable\bin\AppEnable.BOASPRT.exe
() C:\Program Files (x86)\AppEnable\bin\AppEnable.BOAS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BavTray.exe [1683304 2014-08-21] (Baidu, Inc.)
HKLM-x32\...\RunOnce: [Start Savin-repairJob] => wscript.exe "C:\Users\Marcelo Almeida\AppData\Local\Start Savin\repair.js" "Start Savin-repairJob"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3161253163-2864934560-918969146-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-3161253163-2864934560-918969146-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3161253163-2864934560-918969146-1001\...\MountPoints2: {0cb30354-50cc-11e4-82c2-5c514f76d7bf} - "D:\LGAutoRun.exe"
HKU\S-1-5-21-3161253163-2864934560-918969146-1001\...\MountPoints2: {f6f29572-7ad4-11e3-8258-5c514f76d7bf} - "D:\LGAutoRun.exe"
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Marcelo Almeida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BavShx64.dll (Baidu, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
SearchScopes: HKLM - DefaultScope {B0FB88A0-7C41-452B-B361-7CC27ECC7380} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?si ... &src=ds&p={searchTerms}
SearchScopes: HKLM - {B0FB88A0-7C41-452B-B361-7CC27ECC7380} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - DefaultScope {B0FB88A0-7C41-452B-B361-7CC27ECC7380} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?si ... &src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {B0FB88A0-7C41-452B-B361-7CC27ECC7380} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKCU - DefaultScope {B0FB88A0-7C41-452B-B361-7CC27ECC7380} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?si ... &src=ds&p={searchTerms}
SearchScopes: HKCU - {B0FB88A0-7C41-452B-B361-7CC27ECC7380} URL =
BHO: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO.dll ()
BHO-x32: AppEnable -> {23d4646c-263a-4e2d-a08c-6c704557973d} -> C:\Program Files (x86)\AppEnable\AppEnablebho.dll (AppEnable)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: 54.204.28.26 imfpmncmbojnbdhnogcegojocabhpbnh
Tcpip\Parameters: [DhcpNameServer] 192.168.25.1

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.0.0.100\IPSFF [2014-01-12]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (YouTube) - C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
CHR Extension: (Pesquisa do Google) - C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
CHR Extension: (AppEnable) - C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcejkfffdheooipdonddmccfmldmjbgb [2014-11-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BAVSvc; C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BAVSvc.exe [2030544 2014-08-21] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BHipsSvc.exe [469144 2014-08-21] (Baidu, Inc.)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-11] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-08] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MaintainerSvc4.00.5030318; C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe [123632 2014-11-13] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 Update AppEnable; C:\Program Files (x86)\AppEnable\updateAppEnable.exe [525552 2014-11-15] ()
R2 Util AppEnable; C:\Program Files (x86)\AppEnable\bin\utilAppEnable.exe [525552 2014-11-15] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)
S2 Update WiseEnhance; "C:\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U3 BdApiUtil; C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BdApiUtil64.sys [148288 2014-08-21] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BdCameraProtect64.sys [24704 2014-05-27] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [56640 2014-05-27] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [37696 2014-05-27] (Baidu, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [91616 2014-05-27] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [70912 2014-06-12] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [144960 2014-06-13] (Baidu, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [23368 2013-08-06] (ELAN Microelectronic Corp.)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\IPSDefs\20141112.001\IDSvia64.sys [633560 2014-10-29] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 LgBttPort; C:\Windows\system32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\drivers\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\system32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20141112.037\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20141112.037\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-26] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1506000.020\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R1 {55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64; C:\Windows\System32\drivers\{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys [48776 2014-11-15] (StdLib)
R1 {60795004-05ce-4992-8494-ff332d4bc1e6}Gw64; C:\Windows\System32\drivers\{60795004-05ce-4992-8494-ff332d4bc1e6}Gw64.sys [48776 2014-11-09] (StdLib)
R1 {c5db642e-a4dc-48dc-a9f5-088bcf85b719}Gw64; C:\Windows\System32\drivers\{c5db642e-a4dc-48dc-a9f5-088bcf85b719}Gw64.sys [48776 2014-11-11] (StdLib)
S3 usbbus; \SystemRoot\System32\drivers\lgx64bus.sys [X]
S3 UsbDiag; \SystemRoot\system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; \SystemRoot\system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 11:50 - 2014-11-15 11:50 - 00024992 _____ () C:\Users\Marcelo Almeida\Desktop\FRST.txt
2014-11-15 11:49 - 2014-11-15 11:50 - 00000000 ____D () C:\FRST
2014-11-15 11:49 - 2014-11-15 11:49 - 02116608 _____ (Farbar) C:\Users\Marcelo Almeida\Desktop\FRST64.exe
2014-11-15 11:42 - 2014-11-15 02:32 - 00048776 _____ (StdLib) C:\Windows\system32\Drivers\{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys
2014-11-12 10:09 - 2014-10-23 02:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:09 - 2014-10-23 02:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 03:43 - 2014-11-11 20:34 - 00048776 _____ (StdLib) C:\Windows\system32\Drivers\{c5db642e-a4dc-48dc-a9f5-088bcf85b719}Gw64.sys
2014-11-11 23:42 - 2014-11-11 23:42 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-10 02:51 - 2014-11-13 18:51 - 00000000 ____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009
2014-11-10 02:21 - 2014-11-09 16:32 - 00048776 _____ (StdLib) C:\Windows\system32\Drivers\{60795004-05ce-4992-8494-ff332d4bc1e6}Gw64.sys
2014-11-09 22:35 - 2014-11-09 22:35 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk
2014-11-09 22:35 - 2014-11-09 22:35 - 00001149 _____ () C:\Users\Public\Desktop\BS.Player FREE.lnk
2014-11-09 22:35 - 2014-11-09 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
2014-11-09 22:33 - 2014-11-09 22:38 - 00000000 ____D () C:\Users\Marcelo Almeida\AppData\Roaming\BSplayer
2014-11-09 22:33 - 2014-11-09 22:33 - 00000000 ____D () C:\Users\Marcelo Almeida\AppData\Roaming\BSplayer Pro
2014-11-09 22:33 - 2014-11-09 22:33 - 00000000 ____D () C:\Program Files (x86)\Webteh
2014-11-09 22:30 - 2014-11-09 22:30 - 00000009 _____ () C:\END
2014-11-09 22:29 - 2014-11-09 22:29 - 00771576 _____ (© 2014 ClientConnect Ltd.) C:\Users\Marcelo Almeida\Downloads\bsplayer267.1076.exe
2014-11-09 22:28 - 2014-11-09 22:28 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-11-09 22:28 - 2014-11-09 22:28 - 00000000 ____D () C:\Users\Marcelo Almeida\AppData\Roaming\Baidu
2014-11-09 22:28 - 2014-11-09 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-11-09 22:28 - 2014-11-09 22:28 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-11-09 22:28 - 2014-11-09 22:28 - 00000000 ____D () C:\ProgramData\baidu
2014-11-09 22:28 - 2014-11-09 22:28 - 00000000 ____D () C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804
2014-11-09 22:28 - 2014-06-13 07:03 - 00144960 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2014-11-09 22:28 - 2014-06-12 23:11 - 00070912 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef64.sys
2014-11-09 22:28 - 2014-05-27 03:19 - 00091616 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnbasex64.sys
2014-11-09 22:28 - 2014-05-27 03:19 - 00056640 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2014-11-09 22:28 - 2014-05-27 03:19 - 00037696 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2014-11-09 22:21 - 2014-11-11 23:39 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-11-09 22:20 - 2014-11-15 11:46 - 00000000 ____D () C:\Program Files (x86)\AppEnable
2014-11-09 22:20 - 2014-11-09 22:20 - 24743106 _____ () C:\Users\Marcelo Almeida\Downloads\vlc-media-player-2-1-5-32-bits [1].exe
2014-11-09 22:20 - 2014-11-09 22:20 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-11-02 16:09 - 2014-11-02 16:09 - 00755891 _____ (Centro de Seleção e de Promoção de Eventos - CESPE\UNB ) C:\Users\Marcelo Almeida\Downloads\setup_CESPE (1).exe
2014-11-02 16:09 - 2014-11-02 16:09 - 00001280 _____ () C:\Users\Public\Desktop\CESPE - Autenticação Externa.lnk
2014-10-30 13:19 - 2014-09-03 20:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-30 13:19 - 2014-09-03 20:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-30 13:10 - 2014-09-03 21:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-30 11:10 - 2014-08-16 01:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-30 11:10 - 2014-08-16 01:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-30 11:10 - 2014-08-16 01:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-30 11:10 - 2014-08-16 00:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-30 11:10 - 2014-08-16 00:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-30 11:10 - 2014-08-16 00:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-30 11:10 - 2014-08-16 00:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-30 11:10 - 2014-08-16 00:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-30 11:10 - 2014-08-16 00:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-30 11:10 - 2014-08-15 22:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-30 11:10 - 2014-08-15 22:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-30 11:10 - 2014-08-15 21:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-30 11:10 - 2014-08-15 21:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-30 11:10 - 2014-08-15 21:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-30 11:10 - 2014-08-15 21:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-30 11:10 - 2014-08-15 21:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-30 11:10 - 2014-08-15 21:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-30 11:10 - 2014-08-15 21:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-30 11:10 - 2014-08-15 21:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-30 11:10 - 2014-08-15 21:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-30 11:10 - 2014-08-15 21:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-30 11:10 - 2014-08-15 21:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-30 11:10 - 2014-08-15 21:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-30 11:10 - 2014-08-15 21:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-30 11:10 - 2014-08-15 21:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-30 11:10 - 2014-08-15 21:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-30 11:10 - 2014-08-15 21:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-30 11:10 - 2014-08-15 21:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-30 11:10 - 2014-08-15 21:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-30 11:10 - 2014-08-15 21:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-30 11:10 - 2014-08-15 21:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-30 11:10 - 2014-08-15 21:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-30 11:10 - 2014-08-15 21:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-30 11:10 - 2014-08-15 21:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-30 11:10 - 2014-07-31 20:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-10-30 08:33 - 2014-09-27 19:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-30 08:33 - 2014-09-25 19:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-30 08:33 - 2014-09-25 19:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-30 08:33 - 2014-09-25 19:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-30 08:33 - 2014-09-25 19:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-30 08:33 - 2014-09-25 19:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-30 08:33 - 2014-09-25 19:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-30 08:33 - 2014-09-18 23:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-30 08:33 - 2014-09-18 22:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-30 08:33 - 2014-09-18 22:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-30 08:33 - 2014-09-18 22:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-30 08:33 - 2014-09-18 22:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-30 08:33 - 2014-09-18 22:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-30 08:33 - 2014-09-18 22:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-30 08:33 - 2014-09-18 22:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-30 08:33 - 2014-09-18 22:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-30 08:33 - 2014-09-18 22:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-30 08:33 - 2014-09-18 21:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-30 08:33 - 2014-09-18 21:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-30 08:33 - 2014-09-18 21:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-30 08:33 - 2014-09-18 21:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-30 08:33 - 2014-09-18 21:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-30 08:33 - 2014-09-18 21:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-30 08:33 - 2014-09-18 21:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-30 08:33 - 2014-09-18 21:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-30 08:33 - 2014-09-18 21:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-30 08:33 - 2014-09-18 21:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-30 08:33 - 2014-09-18 20:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-30 08:33 - 2014-09-18 20:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-30 08:33 - 2014-09-18 20:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-30 08:33 - 2014-09-18 20:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-30 08:33 - 2014-09-08 00:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-30 08:33 - 2014-09-07 22:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-30 08:33 - 2014-09-07 22:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-30 08:33 - 2014-09-07 21:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-30 08:33 - 2014-09-07 21:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-30 08:33 - 2014-09-07 21:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-30 08:33 - 2014-09-07 21:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-30 08:33 - 2014-09-07 21:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-30 08:33 - 2014-09-07 21:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-30 08:33 - 2014-09-07 21:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-30 08:33 - 2014-09-07 20:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-30 08:33 - 2014-09-07 20:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-30 08:33 - 2014-09-07 20:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-30 08:33 - 2014-09-07 20:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-30 08:32 - 2014-09-03 21:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-30 08:32 - 2014-09-03 21:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-30 08:30 - 2014-10-09 19:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-30 08:30 - 2014-10-08 19:09 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-30 08:30 - 2014-09-18 22:24 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-30 08:30 - 2014-09-13 03:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-30 08:30 - 2014-09-13 02:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-30 08:30 - 2014-08-28 22:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-30 08:30 - 2014-08-28 20:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-30 08:30 - 2014-08-28 20:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-29 13:42 - 2014-11-02 16:25 - 00000000 ____D () C:\Program Files (x86)\CESPE - Autenticação Externa
2014-10-29 13:42 - 2014-11-02 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CESPE - Autenticação Externa
2014-10-29 13:42 - 2014-10-29 13:42 - 00755891 _____ (Centro de Seleção e de Promoção de Eventos - CESPE\UNB ) C:\Users\Marcelo Almeida\Downloads\setup_CESPE.exe
2014-10-29 13:38 - 2014-10-29 13:39 - 50449456 _____ (Microsoft Corporation) C:\Users\Marcelo Almeida\Downloads\dotNetFx40_Full_x86_x64.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 11:50 - 2014-01-11 12:39 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3161253163-2864934560-918969146-1001
2014-11-15 11:49 - 2013-10-24 06:42 - 01337311 _____ () C:\Windows\WindowsUpdate.log
2014-11-15 11:49 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-15 11:47 - 2013-08-22 12:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-15 11:46 - 2014-01-11 12:48 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{162B34B6-BB77-4F3D-BC63-1F166E60BDAC}
2014-11-15 11:46 - 2013-10-24 06:51 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-15 11:46 - 2013-08-22 10:25 - 00000269 _____ () C:\Windows\win.ini
2014-11-15 11:45 - 2014-02-06 03:40 - 00000000 ___RD () C:\Users\Marcelo Almeida\Dropbox
2014-11-15 11:45 - 2014-02-06 03:38 - 00000000 ____D () C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox
2014-11-15 11:44 - 2014-02-06 03:39 - 00000000 ____D () C:\Users\Marcelo Almeida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-15 11:42 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-13 02:32 - 2014-04-29 14:16 - 00000380 _____ () C:\Windows\Tasks\bench-S-1-5-21-3161253163-2864934560-918969146-1001.job
2014-11-12 16:46 - 2013-10-24 06:51 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 16:41 - 2013-10-24 06:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 16:41 - 2013-10-24 06:51 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-11 23:47 - 2013-09-16 01:15 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 23:44 - 2013-08-22 10:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-11 23:42 - 2014-01-13 17:07 - 00000000 ___RD () C:\Users\Marcelo Almeida\Google Drive
2014-11-11 23:42 - 2014-01-11 13:18 - 00000000 ___DO () C:\Users\Marcelo Almeida\SkyDrive
2014-11-11 23:42 - 2013-10-24 06:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-11 23:42 - 2013-08-22 11:46 - 00043972 _____ () C:\Windows\setupact.log
2014-11-11 23:42 - 2013-08-22 11:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 23:41 - 2013-09-16 01:04 - 00021976 _____ () C:\Windows\PFRO.log
2014-11-11 23:41 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-11-11 23:41 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\FileManager
2014-11-11 23:41 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\Camera
2014-11-11 23:41 - 2013-08-22 10:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-11-11 22:12 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\rescache
2014-11-11 15:25 - 2014-04-29 14:16 - 00000380 _____ () C:\Windows\Tasks\bench-sys.job
2014-11-11 06:36 - 2013-08-22 12:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-09 22:48 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-11-06 14:39 - 2013-10-24 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-03 02:02 - 2014-04-29 14:16 - 00003250 _____ () C:\Windows\System32\Tasks\bench-sys
2014-11-03 02:02 - 2014-04-29 14:16 - 00003248 _____ () C:\Windows\System32\Tasks\bench-S-1-5-21-3161253163-2864934560-918969146-1001
2014-11-03 02:02 - 2014-04-29 14:16 - 00000000 ____D () C:\Users\Marcelo Almeida\AppData\Local\Start Savin
2014-11-02 16:41 - 2014-04-27 02:34 - 00000000 ____D () C:\temp
2014-11-02 16:25 - 2013-08-22 11:44 - 00481968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-02 16:24 - 2014-07-10 19:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-02 16:24 - 2013-08-22 12:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-02 16:24 - 2013-08-22 12:36 - 00000000 ____D () C:\Windows\WinStore
2014-11-02 16:23 - 2014-01-18 01:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-02 16:19 - 2014-01-18 01:28 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-02 16:11 - 2014-02-10 19:30 - 00000000 ____D () C:\Users\Marcelo Almeida\AppData\Local\CrashDumps
2014-10-29 21:55 - 2013-08-22 12:38 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-29 21:55 - 2013-08-22 12:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-29 17:00 - 2014-01-11 12:34 - 00000000 ____D () C:\Users\Marcelo Almeida

Some content of TEMP:
====================
C:\Users\Marcelo Almeida\AppData\Local\Temp\dlLogic.exe
C:\Users\Marcelo Almeida\AppData\Local\Temp\dltr.exe
C:\Users\Marcelo Almeida\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ja2fv.dll
C:\Users\Marcelo Almeida\AppData\Local\Temp\file_to_run55131.exe
C:\Users\Marcelo Almeida\AppData\Local\Temp\GCVerifier.dll
C:\Users\Marcelo Almeida\AppData\Local\Temp\lowproc.exe
C:\Users\Marcelo Almeida\AppData\Local\Temp\SfpcHelper_installFinish.exe
C:\Users\Marcelo Almeida\AppData\Local\Temp\SfpcHelper_installStart.exe
C:\Users\Marcelo Almeida\AppData\Local\Temp\stubhelper.dll
C:\Users\Marcelo Almeida\AppData\Local\Temp\vcredist9_x86.exe
C:\Users\Marcelo Almeida\AppData\Local\Temp\verifier.exe
C:\Users\Marcelo Almeida\AppData\Local\Temp\wmfdist.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-11 21:32

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by Marcelo Almeida at 2014-11-15 11:50:42
Running from C:\Users\Marcelo Almeida\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Baidu Antivirus (Enabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Connect Add-in (HKU\S-1-5-21-3161253163-2864934560-918969146-1001\...\Adobe Connect Add-in) (Version: - )
Adobe Reader XI (11.0.09) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AppEnable (HKLM\...\AppEnable) (Version: 2014.11.09.202144 - AppEnable) <==== ATTENTION
Baidu Antivirus (HKLM-x32\...\Baidu Antivirus) (Version: 4.4.4.82804 - Baidu, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.67.1076 - AB Team, d.o.o.)
Camtasia Studio 8 (HKLM-x32\...\{BFA04EE0-8240-4667-8D53-45496A901C33}) (Version: 8.1.2.1327 - TechSmith Corporation)
CESPE - Autenticação Externa versão 1.0 (HKLM-x32\...\{7D44DD33-0C65-48E3-8F05-3198A78949FE}_is1) (Version: 1.0 - Centro de Seleção e de Promoção de Eventos - CESPE\UNB)
Dragon Assistant Application en-US version 1.5.11 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.12 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.12 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.11 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.4 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.4 - Nuance Communications, Inc.)
Dropbox (HKU\S-1-5-21-3161253163-2864934560-918969146-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
ETDWare PS/2_SMBus-X64 11.8.13.3_WHQL (HKLM\...\Elantech) (Version: 11.8.13.3 - ELAN Microelectronic Corp.)
Genesys Logic USB2.0 Card Reader (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.7 - Genesys Logic)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1056 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{72814a2c-2e03-4a50-b30a-43e7884b3934}) (Version: 16.5.1 - Intel Corporation)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
LG USB Modem Drivers (HKLM-x32\...\{3E8DE1A6-B365-4FF6-B917-2892A34990E8}) (Version: 4.9.7 - LG Electronics)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prezi (HKLM-x32\...\{BD44409B-A691-4B97-B33D-F07E1DE791F3}) (Version: 5.1.1 - Prezi.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7026 - Realtek Semiconductor Corp.)
Start Savin (HKLM-x32\...\35450_Start Savin) (Version: 1.0 - Gratifying Apps)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.1C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.9C - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3161253163-2864934560-918969146-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161253163-2864934560-918969146-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161253163-2864934560-918969146-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161253163-2864934560-918969146-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161253163-2864934560-918969146-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161253163-2864934560-918969146-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161253163-2864934560-918969146-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161253163-2864934560-918969146-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161253163-2864934560-918969146-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

10-10-2014 22:25:13 Installed LG USB Modem Drivers.
30-10-2014 13:48:49 Windows Update
02-11-2014 19:18:42 Windows Update
12-11-2014 00:32:47 Windows Update
15-11-2014 14:42:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2014-11-03 02:02 - 00000871 ____A C:\Windows\system32\Drivers\etc\hosts
54.204.28.26 imfpmncmbojnbdhnogcegojocabhpbnh

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07EE3E0D-D07A-4F52-928B-AD85532C847C} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {56B67DC6-CF1D-47FC-BBF1-237B11CA0C80} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-23] (Realtek Semiconductor)
Task: {70CEB282-A3AF-4431-BD39-D836056C1FF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: {72607300-DB12-4A4D-95C7-7E15B5328D92} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {8246F48F-42C9-4D53-A8E6-75BCC85B32C5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3161253163-2864934560-918969146-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {83AA8F3E-EF4F-4CB1-A013-C6C1FAD9F5B7} - System32\Tasks\bench-S-1-5-21-3161253163-2864934560-918969146-1001 => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-04-04] () <==== ATTENTION
Task: {8AF60CDF-1A56-4B61-A79C-861CB0A2AC6B} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-04-04] () <==== ATTENTION
Task: {9599A92B-7FF4-491F-8513-D9CA620A9ED5} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-08-28] (TODO: <Company name>)
Task: {982DB6E9-6012-4C9A-BF7E-87A044876570} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3161253163-2864934560-918969146-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A107E28D-9420-4896-8779-2FFF096AF708} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {A7692323-0198-498D-8A62-C5467DDD519C} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C7562E6A-51EF-4B07-ABEA-0CA2AD35374A} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {D334887D-61F8-40A1-A418-915AF6F5CB08} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {D89F52ED-FA8B-4CAD-BFC6-9D68A67104FB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-02] (Microsoft Corporation)
Task: {E386E6E2-DBD7-49ED-96E7-547804C385F2} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: {E4F9B634-D3C1-4DF5-A5D5-E59516345010} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EEEF2CF9-65B5-4F0F-AF24-9615246587D4} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-08] ()
Task: {F2CC6F42-A4CA-4BB5-A49C-E75B9424BE18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)
Task: C:\Windows\Tasks\bench-S-1-5-21-3161253163-2864934560-918969146-1001.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-10 16:54 - 2013-09-10 16:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-08-12 23:06 - 2013-08-12 23:06 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-12 23:06 - 2013-08-12 23:06 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-12 23:06 - 2013-08-12 23:06 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2010-01-30 07:40 - 2010-01-30 07:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-25 02:38 - 2010-03-25 02:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-07-18 22:38 - 2012-07-18 22:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 18:24 - 2013-08-01 18:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2013-10-24 06:44 - 2013-08-08 23:08 - 00065536 _____ () C:\Windows\SysWOW64\UMonit64.exe
2014-11-03 01:18 - 2014-11-03 01:18 - 00264024 _____ () C:\Program Files (x86)\Start Savin\FrameworkEngine.exe
2013-08-22 04:19 - 2013-08-22 03:54 - 00174592 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd
2013-08-22 04:19 - 2013-08-22 03:54 - 00050176 _____ () C:\Windows\system32\WinMetadata\Windows.Data.winmd
2013-08-22 04:19 - 2013-08-22 03:54 - 00030208 _____ () C:\Windows\system32\WinMetadata\Windows.Foundation.winmd
2014-11-09 23:35 - 2014-11-13 18:51 - 00123632 _____ () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe
2014-11-09 17:25 - 2014-11-15 11:43 - 00525552 _____ () C:\Program Files (x86)\AppEnable\updateAppEnable.exe
2014-11-10 02:20 - 2014-11-15 11:46 - 00525552 _____ () C:\Program Files (x86)\AppEnable\bin\utilAppEnable.exe
2014-11-10 02:21 - 2014-11-15 02:32 - 00353008 _____ () C:\Program Files (x86)\AppEnable\bin\AppEnable.PurBrowse64.exe
2014-11-10 02:21 - 2014-11-15 07:31 - 00098544 _____ () C:\Program Files (x86)\AppEnable\bin\AppEnable.BrowserAdapter.exe
2014-11-10 02:21 - 2014-11-15 07:31 - 00114928 _____ () C:\Program Files (x86)\AppEnable\bin\AppEnable.BrowserAdapter64.exe
2014-11-15 11:49 - 2014-11-13 20:25 - 01649904 _____ () C:\Program Files (x86)\AppEnable\bin\AppEnable.BOASHelper.exe
2014-11-15 11:49 - 2014-11-13 20:25 - 01786608 _____ () C:\Program Files (x86)\AppEnable\bin\AppEnable.BOASPRT.exe
2014-11-15 11:49 - 2014-11-13 20:25 - 01791216 _____ () C:\Program Files (x86)\AppEnable\bin\AppEnable.BOAS.exe
2014-11-09 22:28 - 2014-08-21 23:46 - 00208744 _____ () C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BavDllFilter.dll
2014-11-09 22:28 - 2014-08-21 23:45 - 00541032 _____ () C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\sqlite.dll
2013-10-24 06:50 - 2013-07-02 18:30 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2013-10-24 06:50 - 2013-07-02 18:30 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2013-10-24 06:50 - 2013-07-02 18:30 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2013-10-24 06:50 - 2013-07-02 18:30 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2013-10-24 06:50 - 2013-07-02 18:30 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2013-10-24 06:50 - 2013-07-02 18:30 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2013-10-24 06:50 - 2013-07-02 18:29 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2014-11-11 23:42 - 2014-11-11 23:42 - 00098816 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32api.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00110080 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\pywintypes27.dll
2014-11-11 23:42 - 2014-11-11 23:42 - 00364544 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\pythoncom27.dll
2014-11-11 23:42 - 2014-11-11 23:42 - 00045568 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\_socket.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 01160704 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\_ssl.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00320512 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32com.shell.shell.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00713216 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\_hashlib.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 01175040 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\wx._core_.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00805888 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\wx._gdi_.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00811008 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\wx._windows_.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 01062400 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\wx._controls_.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00735232 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\wx._misc_.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00128512 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\_elementtree.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00127488 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\pyexpat.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00557056 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\pysqlite2._sqlite.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00087552 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\_ctypes.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00119808 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32file.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00108544 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32security.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00007168 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\hashobjs_ext.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00167936 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32gui.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00018432 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32event.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00038912 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32inet.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00011264 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32crypt.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00070656 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\wx._html2.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00027136 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\_multiprocessing.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00035840 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32process.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00686080 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\unicodedata.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00122368 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\wx._wizard.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00024064 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32pipe.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00025600 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32pdh.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00525640 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\windows._lib_cacheinvalidation.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00010240 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\select.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00017408 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32profile.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00022528 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\win32ts.pyd
2014-11-11 23:42 - 2014-11-11 23:42 - 00078336 _____ () C:\Users\Marcelo Almeida\AppData\Local\Temp\_MEI60562\wx._animate.pyd
2013-10-24 06:30 - 2013-09-03 20:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-03 01:18 - 2014-11-03 01:18 - 00356584 _____ () C:\Program Files (x86)\Start Savin\FrameworkBHO.dll
2014-11-15 11:45 - 2014-11-15 11:45 - 00043008 _____ () c:\Users\Marcelo Almeida\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ja2fv.dll
2013-08-23 16:01 - 2013-08-23 16:01 - 25100288 _____ () C:\Users\Marcelo Almeida\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Marcelo Almeida\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3161253163-2864934560-918969146-500 - Administrator - Disabled)
Guest (S-1-5-21-3161253163-2864934560-918969146-501 - Limited - Disabled)
Marcelo Almeida (S-1-5-21-3161253163-2864934560-918969146-1001 - Administrator - Enabled) => C:\Users\Marcelo Almeida

==================== Faulty Device Manager Devices =============

Name: HID-compliant touch screen
Description: HID-compliant touch screen
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 11:06:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/12/2014 06:49:04 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/12/2014 00:27:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000374
Fault offset: 0x000debd8
Faulting process id: 0x2554
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (11/11/2014 11:42:38 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/11/2014 10:02:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (11/11/2014 09:45:52 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/08/2014 08:00:31 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/07/2014 10:14:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/06/2014 05:48:49 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/05/2014 02:54:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


System errors:
=============
Error: (11/15/2014 11:49:04 AM) (Source: DCOM) (EventID: 10016) (User: MARCELO)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MarceloMarcelo AlmeidaS-1-5-21-3161253163-2864934560-918969146-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/13/2014 06:57:25 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (11/12/2014 04:41:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).

Error: (11/12/2014 10:06:36 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (11/11/2014 11:42:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update WiseEnhance service failed to start due to the following error:
%%2

Error: (11/11/2014 11:25:48 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (11/09/2014 10:28:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Baidu Hips Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/09/2014 10:28:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Baidu Antivirus Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/02/2014 04:25:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update WiseEnhance service failed to start due to the following error:
%%2

Error: (11/02/2014 04:23:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB2998174).


Microsoft Office Sessions:
=========================
Error: (11/12/2014 11:06:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/12/2014 06:49:04 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/12/2014 00:27:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63ntdll.dll6.3.9600.1727853eeb4a3c0000374000debd8255401cffe26799acca2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dllc7d5f128-6a1b-11e4-82cb-5c514f76d7bf

Error: (11/11/2014 11:42:38 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/11/2014 10:02:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: SystemThe parameter is incorrect. (0x80070057)

Error: (11/11/2014 09:45:52 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/08/2014 08:00:31 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/07/2014 10:14:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/06/2014 05:48:49 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/05/2014 02:54:44 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


CodeIntegrity Errors:
===================================
Date: 2014-04-25 22:07:46.014
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-04-25 22:07:45.951
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-04-25 21:30:05.260
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-04-25 21:30:05.182
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-04-25 21:25:09.328
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-04-25 21:25:09.265
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-04-25 20:39:23.733
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-04-25 20:39:23.673
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 47%
Total physical RAM: 6057.09 MB
Available physical RAM: 3198.54 MB
Total Pagefile: 7209.09 MB
Available Pagefile: 3727.46 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (TI10676500D) (Fixed) (Total:688.38 GB) (Free:623.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 11.2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
Marcelo Almeida
Regular Member
 
Posts: 34
Joined: July 4th, 2006, 2:35 am
Advertisement
Register to Remove

Re: Dozens of Pop-ups + PC slow!

Unread postby MWR 3 day Mod » November 18th, 2014, 4:00 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Dozens of Pop-ups + PC slow!

Unread postby Gary R » November 19th, 2014, 5:20 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Dozens of Pop-ups + PC slow!

Unread postby Gary R » November 19th, 2014, 5:57 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Marcelo Almeida

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 8.1, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There are clear indications of infection on your computer, but before we start to remove it, there's a few things I need you to do for me.

First ...

You have 2 anti-virus programs installed on your computer ...

Norton
Baidu


... this will cause you no end of problems, and will not improve the security of your computer, since they will conflict with each other.

You need to decide which one you want to keep, and UNINSTALL the other one.

Reboot your computer once that is done.

Please note .... if you want to remove Norton, then do not use the onboard uninstaller because it does not do a very good job, instead use this tool from Norton ... ftp://ftp.symantec.com/public/english_u ... l_Tool.exe

Next ...

I need you to run a further scan tool for me ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

I need you to run search for me with FRST ....

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;AppEnable;Start Savin

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • adwcleaner log
  • search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Dozens of Pop-ups + PC slow!

Unread postby Marcelo Almeida » November 19th, 2014, 12:21 pm

# AdwCleaner v4.101 - Report created 19/11/2014 at 13:17:47
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows 8.1 (64 bits)
# Username : Marcelo Almeida - MARCELO
# Running from : C:\Users\Marcelo Almeida\Desktop\adwcleaner_4.101.exe
# Option : Scan

***** [ Services ] *****

Service Found : Update WiseEnhance
Service Found : Update AppEnable
Service Found : Util AppEnable
Service Found : {55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64
Service Found : {820a714f-c526-4777-8e87-e9d6612e0938}Gw64

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Marcelo Almeida\daemonprocess.txt
File Found : C:\Windows\System32\\drivers\{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys
File Found : C:\Windows\System32\\drivers\{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys
Folder Found : C:\Program Files (x86)\AppEnable
Folder Found : C:\Program Files (x86)\Bench
Folder Found : C:\Program Files (x86)\WiseEnhance
Folder Found : C:\Program Files\pcreg
Folder Found : C:\ProgramData\baidu
Folder Found : C:\Users\MARCEL~1\AppData\Local\Temp\AppEnable
Folder Found : C:\Users\MARCEL~1\AppData\Local\Temp\WiseEnhance
Folder Found : C:\Users\Marcelo Almeida\AppData\Local\BenchUpdater
Folder Found : C:\Users\Marcelo Almeida\AppData\Local\Mobogenie
Folder Found : C:\Users\Marcelo Almeida\AppData\LocalLow\Datamngr
Folder Found : C:\Users\Marcelo Almeida\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Marcelo Almeida\AppData\Roaming\baidu
Folder Found : C:\Users\Marcelo Almeida\Documents\Mobogenie
Folder Found : C:\Users\Public\Documents\baidu

***** [ Scheduled Tasks ] *****

Task Found : bench-sys
Task Found : bench-S-1-5-21-3161253163-2864934560-918969146-1001
Task Found : bench-sys

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll
Key Found : HKCU\Software\AppEnable
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\free-sound-recorder.en.softonic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pazera-free-mp4-to-avi-converter.softonic.com.br
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pt.delta.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com.br
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\veoh.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.veoh.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23d4646c-263a-4e2d-a08c-6c704557973d}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23d4646c-263a-4e2d-a08c-6c704557973d}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\AppEnable
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateAppEnable.exe
Key Found : HKLM\SOFTWARE\AdvertisingSupport
Key Found : HKLM\SOFTWARE\AppEnable
Key Found : HKLM\SOFTWARE\Bench
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{23d4646c-263a-4e2d-a08c-6c704557973d}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{c23377c7-beab-42c0-86b7-efc18e9f24d6}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23d4646c-263a-4e2d-a08c-6c704557973d}
Key Found : HKLM\SOFTWARE\Start Savin
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update AppEnable
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util AppEnable
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.toshiba.com
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.toshiba.com

-\\ Google Chrome v

[C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [9796 octets] - [19/11/2014 13:14:24]
AdwCleaner[R1].txt - [8577 octets] - [19/11/2014 13:17:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [8637 octets] ##########
Marcelo Almeida
Regular Member
 
Posts: 34
Joined: July 4th, 2006, 2:35 am

Re: Dozens of Pop-ups + PC slow!

Unread postby Marcelo Almeida » November 19th, 2014, 12:25 pm

Farbar Recovery Scan Tool (x64) Version: 19-11-2014
Ran by Marcelo Almeida at 2014-11-19 13:24:32
Running from C:\Users\Marcelo Almeida\Desktop
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;AppEnable;Start Savin" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f41624-2083-45cd-ac36-af8119a22a41}]
""="CLocationSearchQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Classes\ActivatableClasses\CLSID\{90190C2A-F5D5-58DC-A7C7-240B0AC7638B}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"

[HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001_Classes\ActivatableClasses\CLSID\{90190C2A-F5D5-58DC-A7C7-240B0AC7638B}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Trolltech]

[HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]

[HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Conduit]


===================== Search result for "AppEnable" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32]
""="C:\Program Files (x86)\AppEnable\bin\{820a714f-c526-4777-8e87-e9d6612e0938}64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}]
""="IAppEnableBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\0\win32]
""="C:\Program Files (x86)\AppEnable\bin\{820a714f-c526-4777-8e87-e9d6612e0938}64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}\1.0]
""="AppEnableIEClientLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}\1.0\HELPDIR]
""="C:\Program Files (x86)\AppEnable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23d4646c-263a-4e2d-a08c-6c704557973d}]
""="AppEnable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32]
""="C:\Program Files (x86)\AppEnable\bin\{820a714f-c526-4777-8e87-e9d6612e0938}.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}]
""="IAppEnableBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\0\win32]
""="C:\Program Files (x86)\AppEnable\bin\{820a714f-c526-4777-8e87-e9d6612e0938}64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}\1.0]
""="AppEnableIEClientLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}\1.0\HELPDIR]
""="C:\Program Files (x86)\AppEnable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable]
"UninstallString"="C:\Program Files (x86)\AppEnable\AppEnableuninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable]
"InstallLocation"="C:\Program Files (x86)\AppEnable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable]
"Publisher"="AppEnable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable]
"URLUpdateInfo"="http://appenable.info"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AppEnable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"AppEnable.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"AppEnable.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"AppEnable.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"AppEnable.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"AppEnable.BOAS.exe"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AppEnable_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAppEnable_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilAppEnable_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23d4646c-263a-4e2d-a08c-6c704557973d}]
""="AppEnable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{23d4646c-263a-4e2d-a08c-6c704557973d}]
""="AppEnable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32]
""="C:\Program Files (x86)\AppEnable\bin\{820a714f-c526-4777-8e87-e9d6612e0938}.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}]
""="IAppEnableBHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\0\win32]
""="C:\Program Files (x86)\AppEnable\bin\{820a714f-c526-4777-8e87-e9d6612e0938}64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}\1.0]
""="AppEnableIEClientLib"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}\1.0\HELPDIR]
""="C:\Program Files (x86)\AppEnable"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Util AppEnable]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies]
""="0file://C:\Program Files (x86)\AppEnable\bin\Pac9064.js"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DA0C47C8-9B2A-4D6C-B4B2-5E1CEAF799C8}"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AppEnable\bin\AppEnable.BRT.Helper.exe|Name=AppEnable.BRT.Helper.exe|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Update AppEnable]
"ImagePath"=""C:\Program Files (x86)\AppEnable\updateAppEnable.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Util AppEnable]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Util AppEnable]
"DisplayName"="Util AppEnable"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util AppEnable]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies]
""="0file://C:\Program Files (x86)\AppEnable\bin\Pac9064.js"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DA0C47C8-9B2A-4D6C-B4B2-5E1CEAF799C8}"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AppEnable\bin\AppEnable.BRT.Helper.exe|Name=AppEnable.BRT.Helper.exe|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update AppEnable]
"ImagePath"=""C:\Program Files (x86)\AppEnable\updateAppEnable.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util AppEnable]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util AppEnable]
"DisplayName"="Util AppEnable"

[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateAppEnable.exe]

[HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\AppEnable]

[HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Internet Explorer\DOMStorage\api.appenable.info]

[HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3161253163-2864934560-918969146-1001\Software\AppEnable]

[HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apiappenableinfo-a.akamaihd.net]

[HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"="file://C:\Program Files (x86)\AppEnable\bin\Pac9064.js"

[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\AppEnable.BRT.Helper.exe]

[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\utilAppEnable.exe]

===================== Search result for "Start Savin" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}]
""="Start Savin BHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}]
""="Start Savin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{355D86D4-B4A1-4B88-B612-61E95B9037FA}\1.0\0\win32]
""="C:\Program Files (x86)\Start Savin\FrameworkEngine.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6AC79E82-97F6-4F4C-9A97-4D0D2804A7F5}\1.0\0\win32]
""="C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}]
""="Start Savin BHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}]
""="Start Savin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A0A878FE-A634-4363-9661-4617F6A487D7}]
""="Start Savin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A0A878FE-A634-4363-9661-4617F6A487D7}\LocalServer32]
"ServerExecutable"="C:\Program Files (x86)\Start Savin\FrameworkEngine.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{355D86D4-B4A1-4B88-B612-61E95B9037FA}\1.0\0\win32]
""="C:\Program Files (x86)\Start Savin\FrameworkEngine.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6AC79E82-97F6-4F4C-9A97-4D0D2804A7F5}\1.0\0\win32]
""="C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355D86D4-B4A1-4B88-B612-61E95B9037FA}]
"AppPath"="C:\Program Files (x86)\Start Savin\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node]
"35450"="Start Savin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355D86D4-B4A1-4B88-B612-61E95B9037FA}]
"AppPath"="C:\Program Files (x86)\Start Savin\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}]
""="Start Savin BHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Start Savin-repairJob"="wscript.exe "C:\Users\Marcelo Almeida\AppData\Local\Start Savin\repair.js" "Start Savin-repairJob""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\35450_Start Savin]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\35450_Start Savin]
"DisplayIcon"="C:\Users\Marcelo Almeida\AppData\Local\Start Savin/icon.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\35450_Start Savin]
"UninstallString"="C:\Users\Marcelo Almeida\AppData\Local\Start Savin\uninstall.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Start Savin]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}]
""="Start Savin BHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}]
""="Start Savin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A0A878FE-A634-4363-9661-4617F6A487D7}]
""="Start Savin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A0A878FE-A634-4363-9661-4617F6A487D7}\LocalServer32]
"ServerExecutable"="C:\Program Files (x86)\Start Savin\FrameworkEngine.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{355D86D4-B4A1-4B88-B612-61E95B9037FA}\1.0\0\win32]
""="C:\Program Files (x86)\Start Savin\FrameworkEngine.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6AC79E82-97F6-4F4C-9A97-4D0D2804A7F5}\1.0\0\win32]
""="C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll"

====== End Of Search ======
Marcelo Almeida
Regular Member
 
Posts: 34
Joined: July 4th, 2006, 2:35 am

Re: Dozens of Pop-ups + PC slow!

Unread postby Gary R » November 19th, 2014, 7:17 pm

OK, let's get started on cleaning up your computer.

First ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\RunOnce: [Start Savin-repairJob] => wscript.exe "C:\Users\Marcelo Almeida\AppData\Local\Start Savin\repair.js" "Start Savin-repairJob"
HKLM-x32\...\RunOnce: [Start Savin-repairJob] => wscript.exe "C:\Users\Marcelo Almeida\AppData\Local\Start Savin\repair.js" "Start Savin-repairJob"
HKU\S-1-5-21-3161253163-2864934560-918969146-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3161253163-2864934560-918969146-1001\...\MountPoints2: {0cb30354-50cc-11e4-82c2-5c514f76d7bf} - "D:\LGAutoRun.exe"
HKU\S-1-5-21-3161253163-2864934560-918969146-1001\...\MountPoints2: {f6f29572-7ad4-11e3-8258-5c514f76d7bf} - "D:\LGAutoRun.exe"
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?si ... &src=ds&p= {searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?si ... &src=ds&p= {searchTerms}
SearchScopes: HKCU - DefaultScope {B0FB88A0-7C41-452B-B361-7CC27ECC7380} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?si ... &src=ds&p= {searchTerms}
SearchScopes: HKCU - {B0FB88A0-7C41-452B-B361-7CC27ECC7380} URL =
BHO: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll ()
BHO-x32: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO.dll ()
BHO-x32: AppEnable -> {23d4646c-263a-4e2d-a08c-6c704557973d} -> C:\Program Files (x86)\AppEnable\AppEnablebho.dll (AppEnable)
R2 Update AppEnable; C:\Program Files (x86)\AppEnable\updateAppEnable.exe [525552 2014-11-15] ()
R2 Util AppEnable; C:\Program Files (x86)\AppEnable\bin\utilAppEnable.exe [525552 2014-11-15] ()
S2 Update WiseEnhance; "C:\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe" [X]
Task: {83AA8F3E-EF4F-4CB1-A013-C6C1FAD9F5B7} - System32\Tasks\bench-S-1-5-21-3161253163-2864934560-918969146-1001 => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-04-04] () <==== ATTENTION
Task: {8AF60CDF-1A56-4B61-A79C-861CB0A2AC6B} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-04-04] () <==== ATTENTION
Task: {E386E6E2-DBD7-49ED-96E7-547804C385F2} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-S-1-5-21-3161253163-2864934560-918969146-1001.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Trolltech" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Conduit" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23d4646c-263a-4e2d-a08c-6c704557973d}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AppEnable" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION" /v "AppEnable.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" /v "AppEnable.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" /v "AppEnable.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" /v "AppEnable.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" /v "AppEnable.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AppEnable_RASMANCS" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAppEnable_RASMANCS" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilAppEnable_RASMANCS" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23d4646c-263a-4e2d-a08c-6c704557973d}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{23d4646c-263a-4e2d-a08c-6c704557973d}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util AppEnable" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{DA0C47C8-9B2A-4D6C-B4B2-5E1CEAF799C8}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update AppEnable" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util AppEnable" /f
Reg: Reg.exe delete "HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateAppEnable.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\AppEnable" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Internet Explorer\DOMStorage\api.appenable.info" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3161253163-2864934560-918969146-1001\Software\AppEnable" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apiappenableinfo-a.akamaihd.net" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "AutoConfigURL" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\AppEnable.BRT.Helper.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\utilAppEnable.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6AC79E82-97F6-4F4C-9A97-4D0D2804A7F5}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A0A878FE-A634-4363-9661-4617F6A487D7}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6AC79E82-97F6-4F4C-9A97-4D0D2804A7F5}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node" /v "35450" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /v "Start Savin-repairJob" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\35450_Start Savin" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Start Savin" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A0A878FE-A634-4363-9661-4617F6A487D7}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6AC79E82-97F6-4F4C-9A97-4D0D2804A7F5}" /f
C:\Program Files (x86)\AppEnable
C:\Program Files (x86)\Start Savin
C:\Users\Marcelo Almeida\AppData\Local\Start Savin
C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • Fixlog.txt
  • Please let me know how your computer is running now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Dozens of Pop-ups + PC slow!

Unread postby Marcelo Almeida » November 19th, 2014, 8:59 pm

# AdwCleaner v4.101 - Report created 19/11/2014 at 21:55:12
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Marcelo Almeida - MARCELO
# Running from : C:\Users\Marcelo Almeida\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update WiseEnhance
[#] Service Deleted : Update AppEnable
[#] Service Deleted : Util AppEnable
Service Deleted : {55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64
Service Deleted : {820a714f-c526-4777-8e87-e9d6612e0938}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\WiseEnhance
[!] Folder Deleted : C:\Program Files (x86)\AppEnable
[!] Folder Deleted : C:\Program Files (x86)\AppEnable
Folder Deleted : C:\Program Files\pcreg
Folder Deleted : C:\Users\MARCEL~1\AppData\Local\Temp\WiseEnhance
Folder Deleted : C:\Users\MARCEL~1\AppData\Local\Temp\AppEnable
Folder Deleted : C:\Users\Marcelo Almeida\AppData\Local\BenchUpdater
Folder Deleted : C:\Users\Marcelo Almeida\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Marcelo Almeida\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Marcelo Almeida\AppData\Roaming\baidu
Folder Deleted : C:\Users\Marcelo Almeida\Documents\Mobogenie
Folder Deleted : C:\Users\Public\Documents\baidu
File Deleted : C:\END
File Deleted : C:\Windows\System32\\drivers\{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys
File Deleted : C:\Windows\System32\\drivers\{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys
File Deleted : C:\Users\Marcelo Almeida\daemonprocess.txt
File Deleted : C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : bench-sys
Task Deleted : bench-S-1-5-21-3161253163-2864934560-918969146-1001

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update AppEnable
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util AppEnable
Key Deleted : HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateAppEnable.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23D4646C-263A-4E2D-A08C-6C704557973D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{c23377c7-beab-42c0-86b7-efc18e9f24d6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23D4646C-263A-4E2D-A08C-6C704557973D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23D4646C-263A-4E2D-A08C-6C704557973D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23D4646C-263A-4E2D-A08C-6C704557973D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppEnable
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\Bench
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Start Savin
Key Deleted : HKLM\SOFTWARE\AppEnable
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\free-sound-recorder.en.softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pazera-free-mp4-to-avi-converter.softonic.com.br
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pt.delta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com.br
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\veoh.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.veoh.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Google Chrome v

[C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [9796 octets] - [19/11/2014 13:14:24]
AdwCleaner[R1].txt - [8789 octets] - [19/11/2014 13:17:47]
AdwCleaner[R2].txt - [8998 octets] - [19/11/2014 21:53:50]
AdwCleaner[S0].txt - [7490 octets] - [19/11/2014 21:55:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7550 octets] ##########
Marcelo Almeida
Regular Member
 
Posts: 34
Joined: July 4th, 2006, 2:35 am

Re: Dozens of Pop-ups + PC slow!

Unread postby Marcelo Almeida » November 19th, 2014, 9:10 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-11-2014
Ran by Marcelo Almeida at 2014-11-19 22:02:06 Run:1
Running from C:\Users\Marcelo Almeida\Desktop
Loaded Profile: Marcelo Almeida (Available profiles: Marcelo Almeida)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\RunOnce: [Start Savin-repairJob] => wscript.exe "C:\Users\Marcelo Almeida\AppData\Local\Start Savin\repair.js" "Start Savin-repairJob"
HKLM-x32\...\RunOnce: [Start Savin-repairJob] => wscript.exe "C:\Users\Marcelo Almeida\AppData\Local\Start Savin\repair.js" "Start Savin-repairJob"
HKU\S-1-5-21-3161253163-2864934560-918969146-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3161253163-2864934560-918969146-1001\...\MountPoints2: {0cb30354-50cc-11e4-82c2-5c514f76d7bf} - "D:\LGAutoRun.exe"
HKU\S-1-5-21-3161253163-2864934560-918969146-1001\...\MountPoints2: {f6f29572-7ad4-11e3-8258-5c514f76d7bf} - "D:\LGAutoRun.exe"
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?si ... &src=ds&p= {searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?si ... &src=ds&p= {searchTerms}
SearchScopes: HKCU - DefaultScope {B0FB88A0-7C41-452B-B361-7CC27ECC7380} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?si ... &src=ds&p= {searchTerms}
SearchScopes: HKCU - {B0FB88A0-7C41-452B-B361-7CC27ECC7380} URL =
BHO: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll ()
BHO-x32: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO.dll ()
BHO-x32: AppEnable -> {23d4646c-263a-4e2d-a08c-6c704557973d} -> C:\Program Files (x86)\AppEnable\AppEnablebho.dll (AppEnable)
R2 Update AppEnable; C:\Program Files (x86)\AppEnable\updateAppEnable.exe [525552 2014-11-15] ()
R2 Util AppEnable; C:\Program Files (x86)\AppEnable\bin\utilAppEnable.exe [525552 2014-11-15] ()
S2 Update WiseEnhance; "C:\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe" [X]
Task: {83AA8F3E-EF4F-4CB1-A013-C6C1FAD9F5B7} - System32\Tasks\bench-S-1-5-21-3161253163-2864934560-918969146-1001 => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-04-04] () <==== ATTENTION
Task: {8AF60CDF-1A56-4B61-A79C-861CB0A2AC6B} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-04-04] () <==== ATTENTION
Task: {E386E6E2-DBD7-49ED-96E7-547804C385F2} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-S-1-5-21-3161253163-2864934560-918969146-1001.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Trolltech" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Conduit" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23d4646c-263a-4e2d-a08c-6c704557973d}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AppEnable" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION" /v "AppEnable.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" /v "AppEnable.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" /v "AppEnable.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" /v "AppEnable.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" /v "AppEnable.BOAS.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AppEnable_RASMANCS" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAppEnable_RASMANCS" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilAppEnable_RASMANCS" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23d4646c-263a-4e2d-a08c-6c704557973d}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{23d4646c-263a-4e2d-a08c-6c704557973d}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util AppEnable" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{DA0C47C8-9B2A-4D6C-B4B2-5E1CEAF799C8}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update AppEnable" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util AppEnable" /f
Reg: Reg.exe delete "HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateAppEnable.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\AppEnable" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Internet Explorer\DOMStorage\api.appenable.info" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3161253163-2864934560-918969146-1001\Software\AppEnable" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apiappenableinfo-a.akamaihd.net" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "AutoConfigURL" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\AppEnable.BRT.Helper.exe" /f
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\utilAppEnable.exe" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6AC79E82-97F6-4F4C-9A97-4D0D2804A7F5}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A0A878FE-A634-4363-9661-4617F6A487D7}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6AC79E82-97F6-4F4C-9A97-4D0D2804A7F5}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node" /v "35450" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /v "Start Savin-repairJob" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\35450_Start Savin" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Start Savin" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A0A878FE-A634-4363-9661-4617F6A487D7}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6AC79E82-97F6-4F4C-9A97-4D0D2804A7F5}" /f
C:\Program Files (x86)\AppEnable
C:\Program Files (x86)\Start Savin
C:\Users\Marcelo Almeida\AppData\Local\Start Savin
C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Start Savin-repairJob => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Start Savin-repairJob => Value not found.
HKU\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
"HKU\S-1-5-21-3161253163-2864934560-918969146-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cb30354-50cc-11e4-82c2-5c514f76d7bf}" => Key deleted successfully.
"HKCR\CLSID\{0cb30354-50cc-11e4-82c2-5c514f76d7bf}" => Key not found.
"HKU\S-1-5-21-3161253163-2864934560-918969146-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6f29572-7ad4-11e3-8258-5c514f76d7bf}" => Key deleted successfully.
"HKCR\CLSID\{f6f29572-7ad4-11e3-8258-5c514f76d7bf}" => Key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
"C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll" => Value Data not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?si ... &src=ds&p= {searchTerms} => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?si ... &src=ds&p= {searchTerms} => Value not found.
\\SearchScopes: HKCU - DefaultScope {B0FB88A0-7C41-452B-B361-7CC27ECC7380} URL = => Value not found.
\\SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?si ... &src=ds&p= {searchTerms} => Value not found.
\\SearchScopes: HKCU - {B0FB88A0-7C41-452B-B361-7CC27ECC7380} URL = => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" => Key deleted successfully.
"HKCR\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23d4646c-263a-4e2d-a08c-6c704557973d}" => Key not found.
"HKCR\Wow6432Node\CLSID\{23d4646c-263a-4e2d-a08c-6c704557973d}" => Key not found.
Update AppEnable => Service not found.
Util AppEnable => Service not found.
Update WiseEnhance => Service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83AA8F3E-EF4F-4CB1-A013-C6C1FAD9F5B7}" => Key not found.
C:\Windows\System32\Tasks\bench-S-1-5-21-3161253163-2864934560-918969146-1001 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-S-1-5-21-3161253163-2864934560-918969146-1001" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AF60CDF-1A56-4B61-A79C-861CB0A2AC6B}" => Key not found.
C:\Windows\System32\Tasks\bench-sys not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E386E6E2-DBD7-49ED-96E7-547804C385F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E386E6E2-DBD7-49ED-96E7-547804C385F2}" => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg" => Key deleted successfully.
C:\Windows\Tasks\bench-S-1-5-21-3161253163-2864934560-918969146-1001.job not found.
C:\Windows\Tasks\bench-sys.job not found.

========= Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Trolltech" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Conduit" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{23d4646c-263a-4e2d-a08c-6c704557973d}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AppEnable" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION" /v "AppEnable.BOAS.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" /v "AppEnable.BOAS.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING" /v "AppEnable.BOAS.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD" /v "AppEnable.BOAS.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION" /v "AppEnable.BOAS.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AppEnable_RASMANCS" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateAppEnable_RASMANCS" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilAppEnable_RASMANCS" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23d4646c-263a-4e2d-a08c-6c704557973d}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{23d4646c-263a-4e2d-a08c-6c704557973d}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C23377C7-BEAB-42C0-86B7-EFC18E9F24D6}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util AppEnable" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" /v "{DA0C47C8-9B2A-4D6C-B4B2-5E1CEAF799C8}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update AppEnable" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util AppEnable" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateAppEnable.exe" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\AppEnable" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Internet Explorer\DOMStorage\api.appenable.info" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3161253163-2864934560-918969146-1001\Software\AppEnable" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apiappenableinfo-a.akamaihd.net" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3161253163-2864934560-918969146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v "AutoConfigURL" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\AppEnable.BRT.Helper.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\utilAppEnable.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6AC79E82-97F6-4F4C-9A97-4D0D2804A7F5}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A0A878FE-A634-4363-9661-4617F6A487D7}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6AC79E82-97F6-4F4C-9A97-4D0D2804A7F5}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node" /v "35450" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /v "Start Savin-repairJob" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\35450_Start Savin" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Start Savin" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A0A878FE-A634-4363-9661-4617F6A487D7}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{355D86D4-B4A1-4B88-B612-61E95B9037FA}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6AC79E82-97F6-4F4C-9A97-4D0D2804A7F5}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

"C:\Program Files (x86)\AppEnable" => File/Directory not found.

"C:\Program Files (x86)\Start Savin" directory move:

C:\Program Files (x86)\Start Savin\background.html => Moved successfully.
C:\Program Files (x86)\Start Savin\config.xml => Moved successfully.
C:\Program Files (x86)\Start Savin\extension_info.json => Moved successfully.
C:\Program Files (x86)\Start Savin\FrameworkBHO.dll => Moved successfully.
C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll => Moved successfully.
C:\Program Files (x86)\Start Savin\FrameworkEngine.exe => Moved successfully.
C:\Program Files (x86)\Start Savin\icons\button.png => Moved successfully.
C:\Program Files (x86)\Start Savin\icons\icon100.png => Moved successfully.
C:\Program Files (x86)\Start Savin\icons\icon128.png => Moved successfully.
C:\Program Files (x86)\Start Savin\icons\icon32.png => Moved successfully.
C:\Program Files (x86)\Start Savin\icons\icon48.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\browser_button.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\context_menu.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\context_menu_item_handler.html => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\framework_api.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\notification.html => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\notifications.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\options.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\ui_base.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\theme\bubble\bottom-left.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\theme\bubble\bottom-middle.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\theme\bubble\bottom-right.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\theme\bubble\middle-left.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\theme\bubble\middle-right.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\theme\bubble\tail-bottom.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\theme\bubble\tail-left.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\theme\bubble\tail-right.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\theme\bubble\tail-top.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\theme\bubble\top-left.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\theme\bubble\top-middle.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework-ui\theme\bubble\top-right.png => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\backgroundscript_engine.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\base.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\browser.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\console.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\framework.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\global.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\i18n.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\initialize.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\invoke_async.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\io.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\json2.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\lang.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\legacy.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\message_target.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\messaging.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\storage.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\timer.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\updater.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\userscript_client.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\userscript_engine.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\utils.js => Moved successfully.
C:\Program Files (x86)\Start Savin\framework\xhr.js => Moved successfully.
C:\Program Files (x86)\Start Savin\CanvasFramework\canvasscript_engine.js => Moved successfully.
C:\Program Files (x86)\Start Savin\CanvasFramework\canvas_bg.js => Moved successfully.
C:\Program Files (x86)\Start Savin\CanvasFramework\md5.js => Moved successfully.
C:\Program Files (x86)\Start Savin\CanvasFramework\registry.js => Moved successfully.
C:\Program Files (x86)\Start Savin\CanvasFramework\webrequest.js => Moved successfully.
C:\Program Files (x86)\Start Savin\AppFramework\appAPI_bg.js => Moved successfully.
C:\Program Files (x86)\Start Savin\AppFramework\appAPI_browseraction.js => Moved successfully.
C:\Program Files (x86)\Start Savin\AppFramework\appAPI_common.js => Moved successfully.
C:\Program Files (x86)\Start Savin\AppFramework\appAPI_content.js => Moved successfully.
C:\Program Files (x86)\Start Savin\AppFramework\appAPI_settings.js => Moved successfully.
C:\Program Files (x86)\Start Savin\AppFramework\appAPI_webrequest.js => Moved successfully.
C:\Program Files (x86)\Start Savin\AppFramework\jquery.min.js => Moved successfully.
Could not move "C:\Program Files (x86)\Start Savin" directory. => Scheduled to move on reboot.

C:\Users\Marcelo Almeida\AppData\Local\Start Savin => Moved successfully.
"C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 3.9 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-19 22:08:08)<=

C:\Program Files (x86)\Start Savin => Is moved successfully.

==== End of Fixlog ====
Marcelo Almeida
Regular Member
 
Posts: 34
Joined: July 4th, 2006, 2:35 am

Re: Dozens of Pop-ups + PC slow!

Unread postby Marcelo Almeida » November 19th, 2014, 9:15 pm

Hi, Gary!

First of all, thank you very much for the big help. There are no pop-ups showing up anymore. I believe it is all good now! Is there anything else I should do?

All the best,

Marcelo Almeida.
Marcelo Almeida
Regular Member
 
Posts: 34
Joined: July 4th, 2006, 2:35 am

Re: Dozens of Pop-ups + PC slow!

Unread postby Gary R » November 20th, 2014, 2:33 am

I'm glad to hear the pop-ups have stopped, but before we finish, I'd like to run a general scan on your computer, to make sure we've got everything. The tools we've used so far are specific to the infection you have, and because of that they're pretty "short sighted", so we need to find out if your infection came with any "fellow travellers", which they often do.

The following scan takes quite some time to run, but it is very thorough, and should flag anything we need to be concerned about.

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Dozens of Pop-ups + PC slow!

Unread postby Marcelo Almeida » November 21st, 2014, 9:14 pm

C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\AppEnableUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\updateAppEnable.exe.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\55bbc577fb0b4e778a51.dll.vir a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\55bbc577fb0b4e778a5164.dll.vir a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\6079500405ce49928494.dll.vir a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\6079500405ce4992849464.dll.vir a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\820a714fc52647778e87.dll.vir a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\820a714fc52647778e8764.dll.vir a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\AppEnable.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\AppEnable.BrowserAdapter64.exe.vir a variant of Win64/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\AppEnable.BRT.Helper.exe.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\c5db642ea4dc48dca9f5.dll.vir a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\c5db642ea4dc48dca9f564.dll.vir a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\tmp601.tmp.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\utilAppEnable.exe.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{60795004-05ce-4992-8494-ff332d4bc1e6}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{60795004-05ce-4992-8494-ff332d4bc1e6}64.dll.vir Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{820a714f-c526-4777-8e87-e9d6612e0938}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{820a714f-c526-4777-8e87-e9d6612e0938}64.dll.vir a variant of Win64/BrowseFox.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{c5db642e-a4dc-48dc-a9f5-088bcf85b719}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{c5db642e-a4dc-48dc-a9f5-088bcf85b719}64.dll.vir Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.Bromon.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.BroStats.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.BRT.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.CompatibilityChecker.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.GCUpdate.dll.vir a variant of MSIL/BrowseFox.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.PurBrowseG.dll.vir a variant of MSIL/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\BService\1.1\bhelper.dll.vir Win32/AdWare.SmartApps.E application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys.vir a variant of Win64/BrowseFox.CG potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys.vir a variant of Win64/BrowseFox.CG potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Start Savin\FrameworkBHO.dll.xBAD a variant of Win32/AdWare.SmartApps.H application
C:\FRST\Quarantine\C\Program Files (x86)\Start Savin\FrameworkBHO64.dll.xBAD a variant of Win32/AdWare.SmartApps.H application
C:\FRST\Quarantine\C\Program Files (x86)\Start Savin\FrameworkEngine.exe.xBAD Win32/AdWare.SmartApps.F application
C:\FRST\Quarantine\C\Users\Marcelo Almeida\AppData\Local\Start Savin\gpedit.exe Win32/AdWare.SmartApps.E application
C:\FRST\Quarantine\C\Users\Marcelo Almeida\AppData\Local\Start Savin\storageedit.exe Win32/AdWare.SmartApps.E application
C:\FRST\Quarantine\C\Users\Marcelo Almeida\AppData\Local\Start Savin\uninstall.exe Win32/Adware.SmartApps.K application
C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.bak Win32/BrowseFox.V potentially unwanted application
C:\temp\embededstub_new.exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\temp\onred.exe Win32/Conduit.SearchProtect.M potentially unwanted application
C:\Users\All Users\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.bak Win32/BrowseFox.V potentially unwanted application
C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcejkfffdheooipdonddmccfmldmjbgb\1.0.1_0\background.js Win32/BrowseFox.Q potentially unwanted application
C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcejkfffdheooipdonddmccfmldmjbgb\1.0.1_0\content.js Win32/BrowseFox.Q potentially unwanted application
C:\Users\Marcelo Almeida\Downloads\bsplayer267.1076.exe a variant of Win32/ClientConnect.A potentially unwanted application
Marcelo Almeida
Regular Member
 
Posts: 34
Joined: July 4th, 2006, 2:35 am

Re: Dozens of Pop-ups + PC slow!

Unread postby Gary R » November 22nd, 2014, 1:57 am

OK, most of what E-Set found are the encrypted quarantine files that ADWCleaner and FRST created when they removed things, however there are a few that we still need to remove.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.bak
C:\temp\embededstub_new.exe
C:\temp\onred.exe
C:\Users\All Users\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.bak
C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcejkfffdheooipdonddmccfmldmjbgb\1.0.1_0\background.js 
C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcejkfffdheooipdonddmccfmldmjbgb\1.0.1_0\content.js
C:\Users\Marcelo Almeida\Downloads\bsplayer267.1076.exe
EmptyTemp:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Also, let me know how your computer is behaving now please.




.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Dozens of Pop-ups + PC slow!

Unread postby Marcelo Almeida » November 22nd, 2014, 8:13 pm

Hi, Gary!

So far the computer seems to be running smoothly. No problem at all. Here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014 01
Ran by Marcelo Almeida at 2014-11-22 21:08:43 Run:2
Running from C:\Users\Marcelo Almeida\Desktop
Loaded Profile: Marcelo Almeida (Available profiles: Marcelo Almeida)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.bak
C:\temp\embededstub_new.exe
C:\temp\onred.exe
C:\Users\All Users\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.bak
C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcejkfffdheooipdonddmccfmldmjbgb\1.0.1_0\background.js
C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcejkfffdheooipdonddmccfmldmjbgb\1.0.1_0\content.js
C:\Users\Marcelo Almeida\Downloads\bsplayer267.1076.exe
EmptyTemp:
*****************

C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.bak => Moved successfully.
C:\temp\embededstub_new.exe => Moved successfully.
C:\temp\onred.exe => Moved successfully.
"C:\Users\All Users\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.bak" => File/Directory not found.
C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcejkfffdheooipdonddmccfmldmjbgb\1.0.1_0\background.js => Moved successfully.
C:\Users\Marcelo Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcejkfffdheooipdonddmccfmldmjbgb\1.0.1_0\content.js => Moved successfully.
C:\Users\Marcelo Almeida\Downloads\bsplayer267.1076.exe => Moved successfully.
EmptyTemp: => Removed 178.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Marcelo Almeida
Regular Member
 
Posts: 34
Joined: July 4th, 2006, 2:35 am

Re: Dozens of Pop-ups + PC slow!

Unread postby Gary R » November 23rd, 2014, 2:22 am

In that case we've just a little tidying up to do.

First we need to remove the programs we've been using to clean your computer.

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check all the boxes then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware