PDA

View Full Version : how to get rid of pubted & arecio.work click hijacking ?



Ron Wolpa
2015-10-17, 18:45
The problem is click redirect to :

first to pubted.com/w/d/p.php?z=7121 and then to arecio.work/w/d/o.php?z=7121&adbIsActive=true&original_z=8435
until loading the final target site (usually chinese selling crap stuff)

After the 1st time I scanned the system with Spybot , it looked like it had solved the matter , however two weeks later the trouble started again.
I´ve just scanned the system , this time was in vain , some clicks are still redirected.
Any suggestions please ? Thank you

Juliet
2015-10-18, 00:38
Please back up your registry!

Backup the Registry:
Credit: Dakeyras

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.


Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg


Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg


Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features be viewed HERE (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325)


``````````````````````````````````````````````````````

Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs

Farbar Log


Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.

Note:
You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

(A simple way to check your system: Start --> Computer (right click) --> Properties
How to determine whether a computer is running a 32-bit version or 64-bit version (http://support.microsoft.com/kb/827218)of the Windows operating system


Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Please make sure All Users is checked



Do not check
*List BCD
*Drivers MD5
*Shortcut txt

Or your logs will be too long to post.



Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"
Please copy and paste log into your topic.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach that along with the FRST.txt into your reply.



aswMBR Log

Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.

Please download aswMBR (http://public.avast.com/%7Egmerek/aswMBR.exe) to your desktop.



Double click the aswMBR icon to run it.
If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) log.




If the infection prevents you from obtaining logs please start a topic and make note of the situation, provide details of the computer's current symptoms and wait for a response.
Do not post other logs or use "code wrap" unless requested in that format. :)

Ron Wolpa
2015-10-18, 02:18
Backed up my registry , scanned with Farbar recovery tool but stalled on aswMBR ;
I do not have AVAST I have installed A V G ANTIVIRUS.
Thank you anyway for your help.

Juliet
2015-10-18, 02:26
Backed up my registry , scanned with Farbar recovery tool but stalled on aswMBR ;
I do not have AVAST I have installed A V G ANTIVIRUS.
Thank you anyway for your help.

aswMBR is a specialized tool that scans for rootkits, doesn't matter which antivirus you have installed it's an independent tool.

Can you post the logs created by Farbar Recovery Tool, there should be 2.

Ron Wolpa
2015-10-18, 02:37
Sorry I had no idea aswMBR was an independent tool.
The logs are pasted below :
***************
1- addition.txt
**************

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-10-2015
Ran by Ron Wolpa (2015-10-17 20:02:38)
Running from D:\DOWNLOADS\FARBAR_&_REGISTRY_BACKUP
Windows 8 Pro (X64) (2013-08-29 12:11:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1940904984-816926392-2436131406-500 - Administrator - Disabled)
Convidado (S-1-5-21-1940904984-816926392-2436131406-501 - Limited - Disabled)
Emergency (S-1-5-21-1940904984-816926392-2436131406-1007 - Administrator - Enabled) => C:\Users\Emergency
HomeGroupUser$ (S-1-5-21-1940904984-816926392-2436131406-1003 - Limited - Enabled)
Ron Wolpa (S-1-5-21-1940904984-816926392-2436131406-1001 - Administrator - Enabled) => C:\Users\Ron Wolpa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
1310 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
1310_Help (x32 Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
4Videosoft MKV Video Converter (HKLM-x32\...\4Videosoft MKV Video Converter_is1) (Version: - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.03.01 - ASUSTeK Computer Inc.)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Alien Skin Eye Candy 7 (HKLM\...\Alien Skin Eye Candy 7) (Version: - Alien Skin)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Any Audio Converter 4.0.6 (HKLM-x32\...\Any Audio Converter_is1) (Version: - Any-Audio-Converter.com)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.10.0 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.11.125 - ASUS Cloud Corporation)
Atualizações da NVIDIA 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6172 - AVG Technologies)
AVG 2015 (Version: 15.0.4447 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6172 - AVG Technologies) Hidden
AviSynth 2.5 (HKLM-x32\...\Avisynth) (Version: - )
Bandwidth Monitor v3.4 build 757 (HKLM-x32\...\{A92AB371-E1AC-478B-B4C1-62984CFB7396}_is1) (Version: - BWMONITOR.COM)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Convert DVD to AVI (HKLM-x32\...\{300B9E83-E406-4DF7-8A21-E8A90E4F8B91}_is1) (Version: - convertdvdtoavi.com)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Core FTP Pro (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - )
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
CPUID ASUS CPU-Z 1.61 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.61 - CPUID, Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dic Michaelis - UOL (HKLM-x32\...\WDIC) (Version: - )
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Focus 500,000 Images (x32 Version: 3.20.0000 - Focus) Hidden
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
IcoFX 2.7 (HKLM-x32\...\IcoFX 2_is1) (Version: - )
IconRestorer 1.0.8.1 SR1 (HKLM-x32\...\IconRestorer Free_is1) (Version: - FSL - FreeSoftLand)
ID3-TagIT 3 (HKLM-x32\...\ID3-TagIT 3_is1) (Version: 3 - Michael Pluemper)
ISO Opener (HKLM-x32\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version: - www.isoopener.com)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Media Foundation FLAC Codec (HKLM-x32\...\{5B47D5CC-38D3-4853-9A9E-AD1C7C717D40}) (Version: 1.2.0.0 - Alexander Demidov)
MediaHuman Audio Converter versão 1.9.3 (HKLM-x32\...\MediaHuman Audio Converter_is1) (Version: 1.9.3 - MediaHuman)
Micrografx Picture Publisher 10 (HKLM-x32\...\{04AABF6D-55C5-4779-ABF9-992016E913A2}) (Version: 1.0.0.0 - Micrografx)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 11 DiscSpeed (HKLM-x32\...\{B8B03F99-F600-4D96-ADBD-2F384240FB9C}) (Version: 11.0.00400 - Nero AG)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)
NSIS namefix.pl (HKLM-x32\...\namefix.pl) (Version: - )
NVIDIA Driver de áudio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Driver de controle do 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Driver de gráficos 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pacote de Compatibilidade para o sistema Office 2007 (HKLM-x32\...\{90120000-0020-0416-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Painel de controle da NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.0.75 - Avid Technology, Inc.)
Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.115 - Corel Corporation)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version: - Password Unlocker Studio)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.5 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Screenshot It Enabler (HKLM-x32\...\{888148E5-C3AE-4CF4-B50D-7CBF7A16AECD}) (Version: 1.02.0000 - Edward Kim)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SmartFTP Client Setup Files 4.0 (x64) (remove only) (HKLM-x32\...\SmartFTP Client 4.0 (x64) Setup Files) (Version: 4.0 - SmartSoft Ltd)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sound Forge Pro 11.0 (HKLM-x32\...\{A376BDE2-EE3D-11E2-AA13-F04DA23A5C58}) (Version: 11.0.234 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.1 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs, LLC)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC)
Topaz ReMask 4 (HKLM-x32\...\Topaz ReMask 4) (Version: 4.0.0 - Topaz Labs, LLC)
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs, LLC)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WampServer 2.4 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
Windows 8 Desktop Gadgets (HKLM\...\Windows 8 Desktop Gadgets_is1) (Version: 1.1 - PainteR)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Winrar Activator version 1.2 (HKLM-x32\...\{AE0B3F2A-EB65-4D01-A3E1-6D879C6AAF2A}_is1) (Version: 1.2 - Rarlab)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
Xilisoft Audio Converter Pro (HKLM-x32\...\Xilisoft Audio Converter Pro) (Version: 6.5.0 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1940904984-816926392-2436131406-1001_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()

==================== Restore Points =========================

27-09-2015 11:47:42 Ponto de Verificação Agendado
06-10-2015 11:44:48 Ponto de Verificação Agendado
17-10-2015 14:21:24 Ponto de Verificação Agendado

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-09-15 14:43 - 2015-09-15 14:43 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01749292-D5E6-484C-9CD2-3030AF309742} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {050450DC-6901-4816-A363-2936A3E37A7A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {0D36C344-68FA-4F94-9618-1F1E936AE157} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2BA75D3B-EAAF-4ADE-AD81-9DC589D97B8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {41002650-BF7F-4559-9EB5-B52A1D25BF42} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {412E9F61-3D5D-4A5A-820A-148A1A22A77E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1940904984-816926392-2436131406-1001UA => C:\Users\Ron Wolpa\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5BA1C08A-FB4D-4065-91B0-9BACDF368B85} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {63CFF000-06C9-4268-B9B6-9BE996F7ABB7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6BC80FA3-7AE7-4AF1-987A-026A5A720C2F} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {983A36D5-56BA-490B-8FCB-4096680BFCE6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1940904984-816926392-2436131406-1001Core => C:\Users\Ron Wolpa\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {99393318-8377-4E0B-A9BA-AA4B8FD38FAF} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {B3A7D82E-E9E6-4618-A876-795372BA383E} - System32\Tasks\{1FF0E561-3FEB-4C29-9DCF-EA9E41EC3867} => pcalua.exe -a "C:\Users\Ron Wolpa\AppData\Roaming\webssearches\UninstallManager.exe" -c -ptid=exp <==== ATTENTION
Task: {B5465C78-7DCB-44C2-8C7C-82C6DB606F57} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B7566459-8030-4F9A-B2C6-15CDC8BF0A4F} - System32\Tasks\AdobeAAMUpdater-1.0-RonWolpa-pc-Ron Wolpa => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {C59F2A95-6D2E-4CFE-919A-5D46BE35282B} - System32\Tasks\{D892A452-AE07-4F47-A681-4BB4B20BE409} => Chrome.exe hxxp://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {CB718EAF-1B74-4771-AA4E-08830651F09B} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {CCE79B89-8AED-4713-9744-84593DE1D3D4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1940904984-816926392-2436131406-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: {D01975D9-EA07-4C38-BE71-2C8B5AA88CC6} - System32\Tasks\{78571C76-4ADE-4254-82A0-E691751B6E49} => Chrome.exe hxxp://ui.skype.com/ui/0/6.7.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: {D048D54E-CB20-49A5-A702-058692B9736D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D26BD872-72E5-4339-93A7-AB79E9945AE0} - System32\Tasks\CCleanerSkipUAC => C:\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {D881E106-2410-4486-BC5E-C9EBBB5C2ADE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1940904984-816926392-2436131406-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: {DCF20DC6-94EB-46F3-83B3-21E8039FB6E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E00DF185-C519-4657-82DC-8CA193B833B8} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {E1250D78-CE47-484D-A6FE-8636C6632DE3} - System32\Tasks\Open Chrome => Chrome.exe --new-window
Task: {FD831C8F-F7BA-4D7C-A2D8-221182A0398F} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {FDAAC693-8198-43AC-AA99-E86238FD3B91} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1940904984-816926392-2436131406-1001Core.job => C:\Users\Ron Wolpa\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1940904984-816926392-2436131406-1001UA.job => C:\Users\Ron Wolpa\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe--new-window RonWolpa-pc\Ron Wolpa

==================== Loaded Modules (Whitelisted) ==============

2013-08-29 09:20 - 2014-07-02 15:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-29 09:22 - 2012-06-01 06:42 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2013-08-29 09:15 - 2009-03-30 03:32 - 00032768 ____R () C:\Windows\DAODx.exe
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-15 01:44 - 2010-07-15 01:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-09-25 00:02 - 2015-09-02 00:23 - 00074752 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2012-10-01 18:56 - 2012-10-01 18:56 - 00240256 _____ () C:\Program Files\Microsoft Office\Office15\IEAWSDC.DLL
2013-08-29 09:22 - 2015-10-17 18:52 - 00033792 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-08-29 09:22 - 2010-06-28 23:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2013-10-31 12:05 - 2013-10-31 12:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-08-29 09:24 - 2012-08-03 05:41 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2013-08-29 09:24 - 2012-08-03 16:40 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2013-08-29 09:23 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2013-08-29 09:23 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2013-08-29 09:23 - 2011-09-26 19:36 - 00869376 ____N () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2013-08-29 09:23 - 2012-10-08 17:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2013-08-29 09:23 - 2013-05-08 15:22 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2013-08-29 09:24 - 2012-06-19 12:56 - 01305600 ____N () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2013-08-29 09:24 - 2012-08-14 11:14 - 01123840 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2013-08-29 09:24 - 2012-07-20 09:39 - 01047040 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2013-08-29 09:23 - 2013-04-15 14:19 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2013-08-29 09:23 - 2012-05-28 21:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2013-08-29 09:23 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2013-08-29 09:23 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2013-08-29 09:23 - 2012-08-29 18:09 - 00875520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2013-08-29 09:22 - 2010-08-22 23:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2013-08-29 09:23 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-15 14:07 - 2015-10-08 21:53 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll
2015-10-15 14:07 - 2015-10-08 21:53 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll
2013-08-29 09:23 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2015-09-24 13:26 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-24 13:26 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-24 13:26 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-08-29 09:24 - 2012-07-31 15:21 - 00152064 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll
2013-08-29 09:24 - 2012-08-15 14:42 - 00786432 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll
2013-08-29 09:24 - 2010-10-05 08:22 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Ron Wolpa\AppData\Local\VvkMVE11S8ENeXs:YbSAy0TtTjfoRKF5jTbpxC

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1940904984-816926392-2436131406-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ron Wolpa\AppData\Roaming\FSL\IconRestorer\Wallpapers\IconRestorer.bmp
DNS Servers: 200.204.0.10 - 200.204.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1DEC4EAF-2B8D-4E5F-963B-EE311A7591A4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AD1F51A7-E7AA-439A-8750-2A71048C5EA0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A411AB6F-404A-4855-89E1-D16C9F1ADCD2}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{01AF538E-49EA-4266-B60E-920B59CEFF19}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{5603585E-5BB6-4DA6-82F6-71023CAB6CE8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{07AAED28-FCFB-41D8-B0C0-28E637714F4B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FA045C69-01DE-46B4-8741-96975E3172E9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{572A3A37-5558-49FA-8604-032BF20850DE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{F3DFC1DB-DE17-4FDC-A9B9-256F071AC096}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{FEAC52A2-0235-4E75-A2CB-5146BC2116F8}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{723CF897-FFAE-4155-9F71-0CA117203DD6}] => (Allow) C:\Nero\KM\KwikMedia.exe
FirewallRules: [{A1630947-70AF-4D96-BCAC-775A0A60021C}] => (Allow) C:\Nero\KM\KwikMedia.exe
FirewallRules: [{C4AAF7A9-A217-411A-B2DF-323B263CCE5D}] => (Allow) LPort=808
FirewallRules: [{1A74CE45-6501-4647-B752-2E6A7BB01CF7}] => (Allow) C:\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{FB74FD2D-EB0B-4AC8-844D-869A9A9A6841}] => (Allow) C:\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{A3C9D447-5294-4113-9A43-55B24215AE92}] => (Allow) C:\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{FBBF5337-5791-4690-AC78-25577475AEB9}] => (Allow) C:\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{5F2785FE-17B8-4FD1-B3EE-D3C9DE8E83D3}] => (Allow) C:\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{AE136946-7B1E-45D4-A45A-9433AC586C2B}] => (Allow) C:\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [TCP Query User{94E4366D-BE24-4FE6-B2AA-D94BE4224749}C:\aceftp 3 pro\aceftp3.exe] => (Block) C:\aceftp 3 pro\aceftp3.exe
FirewallRules: [UDP Query User{5A09034C-21D2-4E46-A1BD-B1A242D8604F}C:\aceftp 3 pro\aceftp3.exe] => (Block) C:\aceftp 3 pro\aceftp3.exe
FirewallRules: [{4C929799-B1AA-43C1-B49C-5984EA27CBF0}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{07A72D8D-018C-421E-BB58-2F19981C6952}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{DAC379A8-AA71-40F6-8963-E81927760DE7}C:\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [UDP Query User{8689C686-4B6F-4E91-877B-5981E8D79BBB}C:\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{91789348-24A9-4AEF-B9F0-22254E848EDF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DA2CF528-8894-4425-8042-492B09FC5AA5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DCFA5049-F873-4848-B7AE-B24514F6503B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EA3D59AE-29B8-4AB4-B5DF-89A5E368A3F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{711A2FF3-9BB1-462B-B6D5-31647B86FC0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2BD52F24-2BAC-4613-BA08-2372BE8B4718}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BA52B2FB-1BDE-462B-B194-254402276D0B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{CE8B2256-D5EA-43FC-ACC7-B64D8DF813A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{F5902121-FE83-45A3-8C2F-90EAAB435321}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{94277B05-BFAC-4110-A2EF-1978F886A2A0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{851F662B-2811-48FB-A445-055421DC2FB6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{29DD75E8-AD3A-4A7E-80F2-9A84CB2DBB8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{798F4610-18F4-4BEB-9E49-76E86DCC2FE2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{84BD3355-6CE9-4794-B56D-1571FEDD0558}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{BC26C22F-F05F-4D1E-8EB2-E81BA7AF11EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{BB636655-CF0E-4E15-8499-299AEC71821F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{4E80E63B-2D7B-4103-A9F6-D6393ADC0DDF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{5A2F9F57-2634-43D0-A5D2-C7485E749547}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{7AB0525B-E330-45A4-8367-C3661968E3BB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{BAB02C19-5A45-4B24-93F7-4BB4C0C7A37B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{3505E110-A530-49BD-8CA0-445DA2755F7C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{4E8FD9A5-44B9-446E-8279-F169EC6BAC59}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C4E067F5-91C3-40D9-923E-B907DE5FF08C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{B0923118-3187-440A-B06A-E36E4924E475}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{D98811A5-661D-4E82-878B-669442436F74}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{F41552D3-D29B-470C-89F5-2F72F322AA75}] => (Allow) C:\Users\Ron Wolpa\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{D8204E84-24D9-4B86-9653-B65B3D819995}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{4D55DC6E-3FC6-49F4-B9F7-B6387CA3D4AB}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{584AC12E-E206-47ED-86F4-2C19BDF92928}] => (Allow) C:\Users\Ron Wolpa\AppData\Local\Temp\7zS494A\HPDiagnosticCoreUI.exe
FirewallRules: [{B91FF210-0B4A-48CF-9B0A-C7D48686EEC7}] => (Allow) C:\Users\Ron Wolpa\AppData\Local\Temp\7zS494A\HPDiagnosticCoreUI.exe
FirewallRules: [{6940F69E-A6C6-4268-A6A1-1D6828B271C2}] => (Allow) C:\Users\Ron Wolpa\AppData\Local\Temp\7zS0AB8\HPDiagnosticCoreUI.exe
FirewallRules: [{F04E3893-DAD9-4C8C-AF65-37AD9B33EF0B}] => (Allow) C:\Users\Ron Wolpa\AppData\Local\Temp\7zS0AB8\HPDiagnosticCoreUI.exe
FirewallRules: [{58A65016-5FA5-4B36-A800-90E736A71D38}] => (Allow) C:\Users\Ron Wolpa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{43EC7351-9989-4D4C-A171-D7A51EB5CD48}] => (Allow) C:\Users\Ron Wolpa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4DF58BC3-C3AD-4200-BF49-8EE04697C585}] => (Block) %SystemDrive%\COREL_GRAPHIC_SUITE_X6\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe
FirewallRules: [{79B08531-1859-4C61-9929-1A36828A0853}] => (Block) %SystemDrive%\COREL_GRAPHIC_SUITE_X6\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe
FirewallRules: [TCP Query User{305B8F53-DDDD-49F4-9648-5E17CAF2A77A}C:\users\ron wolpa\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Allow) C:\users\ron wolpa\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [UDP Query User{2D930562-6AF0-4E83-B452-3DA80896D78E}C:\users\ron wolpa\appdata\local\temp\kmsnano\qemu-system-i386.exe] => (Allow) C:\users\ron wolpa\appdata\local\temp\kmsnano\qemu-system-i386.exe
FirewallRules: [{05A963DE-9286-4994-BC29-9D9056930390}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{38D90191-9B59-4188-8E83-A470C960DD22}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{5695C1D5-8A21-4FF4-AA2C-E5B05659BCD1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2F2D6991-AD79-4923-998E-76E7EC5D3143}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1488DA16-A1E2-4697-8B58-34480EABCF7A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{9DE3ADCA-0830-4612-AA9E-AD0116B8D49D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{AFE096ED-0A53-4D5F-9FCB-3BB1B0F4F100}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{679162C7-899A-4EB2-80BF-5D03CC2328A6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{5DD513A5-51B2-4E08-A4BF-52BF9D527FC2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{DDAF66B7-600A-4A42-A49E-476492741E1E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2015 06:54:16 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (10/17/2015 06:44:36 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (10/17/2015 02:10:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Assembly dependente ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (10/17/2015 02:10:02 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1". Erro no arquivo de manifesto ou de política SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2", na linha SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".
A definição é SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error: (10/17/2015 02:07:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Assembly dependente ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (10/17/2015 02:07:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"1". Erro no arquivo de manifesto ou de política SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"2", na linha SMC,processorArchitecture="x86",type="win32",version="8.2.0.0"3.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".
A definição é SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error: (10/16/2015 10:41:01 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (10/16/2015 10:35:32 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (10/14/2015 01:21:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (10/14/2015 01:15:58 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4


System errors:
=============
Error: (10/17/2015 06:55:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Testador de instrumentação de gerenciam. do Windows, mas essa ação falhou com o seguinte erro:
%%1056

Error: (10/17/2015 06:55:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Cliente da Política de Grupo, mas essa ação falhou com o seguinte erro:
%%1056

Error: (10/17/2015 06:54:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Server, mas essa ação falhou com o seguinte erro:
%%1056

Error: (10/17/2015 06:53:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Update foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos: Reiniciar o serviço.

Error: (10/17/2015 06:53:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Serviço SSTP foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (10/17/2015 06:53:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Testador de instrumentação de gerenciam. do Windows foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço.

Error: (10/17/2015 06:53:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Temas foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos: Reiniciar o serviço.

Error: (10/17/2015 06:53:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Detecção do hardware do shell foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos: Reiniciar o serviço.

Error: (10/17/2015 06:53:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Serviço de Notificação de Eventos do Sistema foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço.

Error: (10/17/2015 06:53:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Agendador de Tarefas foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos: Reiniciar o serviço.


CodeIntegrity:
===================================
Date: 2014-08-26 10:21:36.327
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-26 10:21:36.296
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-26 10:21:36.279
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-26 10:21:35.898
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-26 10:21:35.879
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-26 10:21:35.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-26 10:21:35.452
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-26 10:21:35.436
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-26 10:21:35.415
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-26 10:21:34.897
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX(tm)-8150 Eight-Core Processor
Percentage of memory in use: 33%
Total physical RAM: 8094.93 MB
Available physical RAM: 5368.55 MB
Total Virtual: 16286.93 MB
Available Virtual: 13118.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:205.41 GB) (Free:141.07 GB) NTFS
Drive d: (FILES) (Fixed) (Total:725.58 GB) (Free:589.86 GB) NTFS
Drive i: () (Removable) (Total:14.89 GB) (Free:12.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A3E980DC)

Partition: GPT.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 02B72D0A)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

==================== End of Addition.txt ============================



***************
2- F A R B A R
**************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-10-2015
Ran by Ron Wolpa (administrator) on RONWOLPA-PC (17-10-2015 20:01:52)
Running from D:\DOWNLOADS\FARBAR_&_REGISTRY_BACKUP
Loaded Profiles: Ron Wolpa (Available Profiles: Ron Wolpa & Emergency & DefaultAppPool)
Platform: Windows 8 Pro (X64) Language: Português (Brasil)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Windows\DAODx.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(BWMONITOR.COM) C:\BandwidthMonitor\BWMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(FSL - Freesoftland) C:\IconRestorer\IconRestorer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) D:\DOWNLOADS\FARBAR_&_REGISTRY_BACKUP\FARBAR_RECOVERY_SCAN_TOOL.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.11.125\AsusWSPanel.exe [3353472 2012-09-17] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2013-08-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3778472 2015-10-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-02] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Run: [BandwidthMonitor] => C:\BandwidthMonitor\BWMonitor.exe [224256 2008-10-09] (BWMONITOR.COM)
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Run: [Facebook Update] => "C:\Users\Ron Wolpa\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Run: [Meefryevv] => "C:\Users\Ron Wolpa\AppData\Roaming\Edwaog\agixcaa.exe"
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Run: [MinhaBox.br] => C:\MINHATECACOMBR\MinhaBox.exe
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Run: [GoogleChromeAutoLaunch_E3335438B37BE60B16F151A06E1B8E10] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-08] (Google Inc.)
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\MountPoints2: {9bcb50b0-d26f-11e3-bec4-74d02b323da7} - "F:\AutoRun.exe" "motorola.html"
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\MountPoints2: {9bcb535b-d26f-11e3-bec4-74d02b323da7} - "F:\AutoRun.exe" "motorola.html"
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\...\MountPoints2: {a2c1e644-afa3-11e3-beb4-74d02b323da7} - "F:\AutoRun.exe" "motorola.html"
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.11.125\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.11.125\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.11.125\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-01]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013-09-05]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Ron Wolpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe InDesign CS6 Keygen.lnk [2015-02-05]
ShortcutTarget: Adobe InDesign CS6 Keygen.lnk -> C:\ProgramData\{26afd134-9520-83f3-26af-fd13495244d2}\Adobe InDesign CS6 Keygen.exe (No File)
Startup: C:\Users\Ron Wolpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconRestorer.lnk [2014-12-04]
ShortcutTarget: IconRestorer.lnk -> C:\IconRestorer\IconRestorer.exe (FSL - Freesoftland)
Startup: C:\Users\Ron Wolpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\openfiles.lnk [2014-10-17]
ShortcutTarget: openfiles.lnk -> C:\Users\Ron Wolpa\AppData\Roaming\Microsoft\Windows\IEUpdate\openfiles.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 195.154.226.139 173.255.117.19
Tcpip\..\Interfaces\{6B9FD051-B94C-4841-9B03-FC419F2EEA6E}: [NameServer] 200.204.0.10 200.204.0.138
Tcpip\..\Interfaces\{729268D6-C85B-4D4F-81C1-7D655E22BA5A}: [DhcpNameServer] 195.154.226.139 173.255.117.19
Tcpip\..\Interfaces\{C02CAB3E-C922-4371-A1DD-E72CF76EF979}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FAEEDEC2-D019-40C6-996A-D11F38F16045}: [NameServer] 200.204.0.10 200.204.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1940904984-816926392-2436131406-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.br.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2013-08-29] (RealPlayer)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-28] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-28] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ron Wolpa\AppData\Roaming\Mozilla\Firefox\Profiles\4ru12mt6.default
FF Keyword.URL:
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeExManDetect -> C:\ADOBE\PHOTOSHOPCS6\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-08-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2013-08-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2013-08-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2013-08-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-08-29] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\V_L_C\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\ADOBE\PHOTOSHOPCS6\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1940904984-816926392-2436131406-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ron Wolpa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-1940904984-816926392-2436131406-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-08-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-26] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "","hxxp://www.google.com/"
CHR Profile: C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-13]
CHR Extension: (Adblock Plus) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-28]
CHR Extension: (Adblock for Youtube™) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-09-05]
CHR Extension: (Google Search) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-16]
CHR Extension: (Tampermonkey) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-10-10]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-09-20]
CHR Extension: (sunglasses) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\elcjekocfhomlfniihikpmbbgjdbgcoo [2014-11-07]
CHR Extension: (club lelivros) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbalemnedcfcoekmnppcneacoijhndgk [2014-11-17]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-01-26]
CHR Extension: (Dark Horizon) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncjjeokpcnllmmbbipeaagmdpdpiadin [2015-09-17]
CHR Extension: (AVG Secure Search) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-09-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-16]
CHR Extension: (Gmail) - C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-05] (AVG Technologies CZ, s.r.o.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
S2 wstpSvc; C:\Windows\System32\wstpSvc.dll [1626112 2014-12-22] () [File not signed]
S2 Apache2.4; "C:\xampp\apache\bin\httpd.exe" -k runservice [X]
S2 FileZillaServer; "C:\xampp\filezillaftp\filezillaserver.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314800 2015-10-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3295984 2012-07-26] (Broadcom Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35232 2013-01-28] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [230904 2013-01-28] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: wstpSvc -> C:\Windows\System32\wstpSvc.dll ()

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-17 19:58 - 2015-10-17 19:58 - 00000207 _____ C:\Windows\tweaking.com-regbackup-RONWOLPA-PC-Windows-8-Pro-(64-bit).dat
2015-10-17 19:58 - 2015-10-17 19:58 - 00000000 ____D C:\RegBackup
2015-10-17 19:55 - 2015-10-17 20:01 - 00000000 ____D C:\FRST
2015-10-16 11:21 - 2015-10-16 11:21 - 00000541 _____ C:\Users\Ron Wolpa\Desktop\NET.lnk
2015-10-12 03:33 - 2015-10-12 03:33 - 00297000 _____ C:\Windows\Minidump\101215-33462-01.dmp
2015-10-11 23:36 - 2015-10-12 10:09 - 00000000 ____D C:\Users\Ron Wolpa\AppData\LocalLow\uTorrent
2015-10-11 14:15 - 2015-10-11 14:15 - 00296888 _____ C:\Windows\Minidump\101115-30856-01.dmp
2015-10-05 11:14 - 2015-10-05 11:14 - 00314800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-10-03 16:20 - 2015-10-03 16:20 - 00296944 _____ C:\Windows\Minidump\100315-24835-01.dmp
2015-10-02 12:32 - 2015-10-02 12:32 - 00000117 _____ C:\Windows\system32\netcfg-737853.txt
2015-10-02 12:32 - 2015-10-02 12:32 - 00000117 _____ C:\Windows\system32\netcfg-736293.txt
2015-10-02 12:30 - 2015-10-02 12:30 - 00000117 _____ C:\Windows\system32\netcfg-653410.txt
2015-10-02 12:30 - 2015-10-02 12:30 - 00000117 _____ C:\Windows\system32\netcfg-652770.txt
2015-10-02 12:29 - 2015-10-02 12:29 - 00000117 _____ C:\Windows\system32\netcfg-560090.txt
2015-10-02 12:28 - 2015-10-02 12:28 - 00000117 _____ C:\Windows\system32\netcfg-541947.txt
2015-10-02 12:28 - 2015-10-02 12:28 - 00000117 _____ C:\Windows\system32\netcfg-538515.txt
2015-10-02 12:26 - 2015-10-02 12:26 - 00000117 _____ C:\Windows\system32\netcfg-410579.txt
2015-10-02 12:26 - 2015-10-02 12:26 - 00000117 _____ C:\Windows\system32\netcfg-405883.txt
2015-10-02 12:25 - 2015-10-02 12:25 - 00000117 _____ C:\Windows\system32\netcfg-311206.txt
2015-10-02 12:24 - 2015-10-02 12:25 - 00000117 _____ C:\Windows\system32\netcfg-307275.txt
2015-10-02 12:17 - 2015-10-02 12:17 - 00000117 _____ C:\Windows\system32\netcfg-248166.txt
2015-09-28 12:34 - 2015-10-12 03:33 - 595756849 _____ C:\Windows\MEMORY.DMP
2015-09-28 12:34 - 2015-09-28 12:34 - 00296992 _____ C:\Windows\Minidump\092815-29156-01.dmp
2015-09-27 15:59 - 2015-09-27 15:59 - 00000117 _____ C:\Windows\system32\netcfg-14326008.txt
2015-09-27 12:05 - 2015-09-27 12:05 - 00000117 _____ C:\Windows\system32\netcfg-286823.txt
2015-09-27 12:05 - 2015-09-27 12:05 - 00000117 _____ C:\Windows\system32\netcfg-284904.txt
2015-09-27 12:04 - 2015-09-27 12:04 - 00000117 _____ C:\Windows\system32\netcfg-217902.txt
2015-09-27 12:04 - 2015-09-27 12:04 - 00000117 _____ C:\Windows\system32\netcfg-216373.txt
2015-09-27 12:03 - 2015-09-27 12:03 - 00000117 _____ C:\Windows\system32\netcfg-174206.txt
2015-09-27 12:00 - 2015-09-27 12:00 - 00000117 _____ C:\Windows\system32\netcfg-1778707.txt
2015-09-27 12:00 - 2015-09-27 12:00 - 00000117 _____ C:\Windows\system32\netcfg-1775041.txt
2015-09-27 11:35 - 2015-09-27 11:35 - 00000117 _____ C:\Windows\system32\netcfg-252144.txt
2015-09-27 11:35 - 2015-09-27 11:35 - 00000117 _____ C:\Windows\system32\netcfg-252035.txt
2015-09-27 11:34 - 2015-09-27 11:34 - 00000117 _____ C:\Windows\system32\netcfg-231708.txt
2015-09-26 12:34 - 2015-09-26 12:34 - 00000117 _____ C:\Windows\system32\netcfg-1980463.txt
2015-09-26 12:34 - 2015-09-26 12:34 - 00000117 _____ C:\Windows\system32\netcfg-1979418.txt
2015-09-26 12:31 - 2015-09-26 12:31 - 00000117 _____ C:\Windows\system32\netcfg-1844025.txt
2015-09-26 12:31 - 2015-09-26 12:31 - 00000117 _____ C:\Windows\system32\netcfg-1843136.txt
2015-09-26 12:29 - 2015-09-26 12:29 - 00000117 _____ C:\Windows\system32\netcfg-1730472.txt
2015-09-26 12:29 - 2015-09-26 12:29 - 00000117 _____ C:\Windows\system32\netcfg-1730409.txt
2015-09-26 12:28 - 2015-09-26 12:28 - 00000117 _____ C:\Windows\system32\netcfg-1621380.txt
2015-09-26 12:27 - 2015-09-26 12:28 - 00000117 _____ C:\Windows\system32\netcfg-1600601.txt
2015-09-26 12:04 - 2015-09-26 12:04 - 00000117 _____ C:\Windows\system32\netcfg-213471.txt
2015-09-26 12:04 - 2015-09-26 12:04 - 00000117 _____ C:\Windows\system32\netcfg-204844.txt
2015-09-25 00:02 - 2015-09-25 00:02 - 00001031 _____ C:\Users\Public\Desktop\FVC.lnk
2015-09-25 00:02 - 2015-09-25 00:02 - 00000000 ____D C:\FREEMAKE_VIDEO_CONVERTER
2015-09-24 23:48 - 2015-09-24 23:48 - 00000283 _____ C:\Users\Ron Wolpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SHIT (3).lnk
2015-09-24 14:39 - 2015-09-24 14:39 - 00000117 _____ C:\Windows\system32\netcfg-94241030.txt
2015-09-24 13:26 - 2015-10-17 10:33 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
2015-09-24 13:26 - 2015-10-17 10:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-24 13:26 - 2015-09-24 13:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-24 13:26 - 2015-09-24 13:26 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-24 13:26 - 2015-09-24 13:26 - 00001379 _____ C:\Users\Public\Desktop\SPY.lnk
2015-09-24 13:26 - 2015-09-24 13:26 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-09-24 13:26 - 2015-09-24 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-24 13:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-09-23 21:34 - 2015-09-23 21:34 - 00000000 ____D C:\Users\Ron Wolpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2015-09-23 21:34 - 2015-09-23 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2015-09-23 21:34 - 2015-09-23 21:34 - 00000000 ____D C:\AVISYNTH
2015-09-23 14:36 - 2015-09-23 21:19 - 00000000 ____D C:\Users\Ron Wolpa\AppData\Roaming\HandBrake
2015-09-23 14:35 - 2015-09-23 14:35 - 00000618 _____ C:\Users\Emergency\Desktop\Handbrake.lnk
2015-09-23 14:35 - 2015-09-23 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-09-23 12:31 - 2015-09-23 12:31 - 00000117 _____ C:\Windows\system32\netcfg-205858.txt
2015-09-20 11:09 - 2015-09-20 11:16 - 00000000 ____D C:\AdwCleaner
2015-09-19 14:27 - 2015-09-25 10:58 - 00001520 _____ C:\Windows\PFRO.log
2015-09-17 22:42 - 2015-10-17 19:04 - 01528634 _____ C:\Windows\WindowsUpdate.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-17 20:00 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\sru
2015-10-17 19:18 - 2013-10-12 14:28 - 00000968 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1940904984-816926392-2436131406-1001UA.job
2015-10-17 19:18 - 2013-10-12 14:28 - 00000946 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1940904984-816926392-2436131406-1001Core.job
2015-10-17 19:04 - 2013-08-29 13:51 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-17 19:02 - 2012-07-26 07:33 - 00863538 _____ C:\Windows\system32\prfh0416.dat
2015-10-17 19:02 - 2012-07-26 07:33 - 00192408 _____ C:\Windows\system32\prfc0416.dat
2015-10-17 19:02 - 2012-07-26 04:28 - 02035856 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-17 18:58 - 2013-08-29 09:18 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1940904984-816926392-2436131406-1001
2015-10-17 18:54 - 2013-08-29 13:51 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-17 18:54 - 2012-07-26 04:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-17 18:53 - 2014-05-03 00:14 - 00000000 ____D C:\Temp
2015-10-17 18:52 - 2013-08-29 09:20 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2015-10-17 18:52 - 2013-08-29 09:20 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-17 15:30 - 2015-06-18 12:29 - 00000000 ____D C:\Users\Ron Wolpa\AppData\Roaming\vlc
2015-10-17 14:18 - 2013-08-29 16:07 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2015-10-17 14:18 - 2013-08-29 16:07 - 00000000 ____D C:\ProgramData\MFAData
2015-10-17 10:59 - 2013-09-12 11:13 - 00000000 ____D C:\Users\Ron Wolpa\temp
2015-10-17 10:59 - 2013-09-12 11:12 - 00000939 _____ C:\Users\Ron Wolpa\AppData\Roaming\__AvidCloudManager.log
2015-10-17 10:41 - 2013-09-12 11:12 - 00007813 _____ C:\Users\Ron Wolpa\AppData\Roaming\RONWOLPA-PC.MTBF.txt
2015-10-17 10:41 - 2013-09-12 11:11 - 00000000 ____D C:\Users\Ron Wolpa\AppData\Local\Avid
2015-10-17 10:41 - 2013-09-12 11:03 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2015-10-17 10:21 - 2013-08-29 09:41 - 00000000 ____D C:\Users\Ron Wolpa\AppData\Local\Adobe
2015-10-16 20:13 - 2013-08-29 19:21 - 00000000 ____D C:\Users\Ron Wolpa\Documents\Outlook Files
2015-10-16 00:42 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-10-15 17:37 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-10-15 12:19 - 2014-03-31 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-13 21:41 - 2013-09-12 11:12 - 00000903 _____ C:\Users\Ron Wolpa\AppData\Roaming\__AvidCloudManagerPrevious.log
2015-10-13 00:39 - 2014-12-02 21:28 - 00000000 ____D C:\Users\Ron Wolpa\AppData\Roaming\uTorrent
2015-10-12 03:33 - 2013-08-30 06:13 - 00000000 ____D C:\Windows\Minidump
2015-10-04 17:10 - 2013-09-06 21:23 - 00003234 _____ C:\Windows\System32\Tasks\SidebarExecute
2015-09-29 14:26 - 2013-10-22 08:33 - 00000000 ____D C:\Users\Ron Wolpa\AppData\Roaming\CoreFTP
2015-09-26 12:00 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\NDF
2015-09-25 00:15 - 2014-11-06 22:27 - 00007635 _____ C:\Users\Ron Wolpa\AppData\Local\resmon.resmoncfg
2015-09-25 00:02 - 2014-04-28 14:06 - 00000000 ____D C:\Users\Todos os Usuários\Freemake
2015-09-25 00:02 - 2014-04-28 14:06 - 00000000 ____D C:\Users\Ron Wolpa\Documents\Freemake
2015-09-25 00:02 - 2014-04-28 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-09-25 00:02 - 2014-04-28 14:06 - 00000000 ____D C:\ProgramData\Freemake
2015-09-24 23:50 - 2013-08-29 09:36 - 00003354 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1940904984-816926392-2436131406-1001
2015-09-24 23:50 - 2013-08-29 09:36 - 00003228 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1940904984-816926392-2436131406-1001
2015-09-24 13:51 - 2013-10-02 20:34 - 00000132 _____ C:\Users\Ron Wolpa\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-09-24 13:50 - 2015-06-28 10:06 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-20 11:21 - 2012-07-26 02:26 - 00524288 ___SH C:\Windows\system32\config\BBI

==================== Files in the root of some directories =======

2013-10-02 20:34 - 2015-09-24 13:51 - 0000132 _____ () C:\Users\Ron Wolpa\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-05-09 14:52 - 2014-05-09 14:52 - 0000132 _____ () C:\Users\Ron Wolpa\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-12-07 16:44 - 2015-03-23 19:04 - 0000132 _____ () C:\Users\Ron Wolpa\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-05-08 19:09 - 2014-05-08 19:09 - 0000040 _____ () C:\Users\Ron Wolpa\AppData\Roaming\cdr.ini
2014-07-19 16:25 - 2014-07-19 16:27 - 0001510 _____ () C:\Users\Ron Wolpa\AppData\Roaming\PS13_panel.log
2013-09-12 11:12 - 2015-10-17 10:41 - 0007813 _____ () C:\Users\Ron Wolpa\AppData\Roaming\RONWOLPA-PC.MTBF.txt
2013-09-12 11:12 - 2015-10-17 10:59 - 0000939 _____ () C:\Users\Ron Wolpa\AppData\Roaming\__AvidCloudManager.log
2013-09-12 11:12 - 2015-10-13 21:41 - 0000903 _____ () C:\Users\Ron Wolpa\AppData\Roaming\__AvidCloudManagerPrevious.log
2014-11-19 14:04 - 2014-11-19 14:04 - 181974983 _____ () C:\Users\Ron Wolpa\AppData\Local\ACCCx2_8_1_451.zip.aamdownload
2014-11-19 14:04 - 2014-11-19 14:04 - 0002089 _____ () C:\Users\Ron Wolpa\AppData\Local\ACCCx2_8_1_451.zip.aamdownload.aamd
2015-02-04 20:54 - 2015-02-04 21:23 - 183677480 _____ () C:\Users\Ron Wolpa\AppData\Local\ACCCx2_9_0_465.zip.aamdownload
2015-02-04 20:54 - 2015-02-04 21:18 - 0002195 _____ () C:\Users\Ron Wolpa\AppData\Local\ACCCx2_9_0_465.zip.aamdownload.aamd
2015-02-09 14:33 - 2015-02-28 19:34 - 0001456 _____ () C:\Users\Ron Wolpa\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-11-06 22:27 - 2015-09-25 00:15 - 0007635 _____ () C:\Users\Ron Wolpa\AppData\Local\resmon.resmoncfg
2014-12-10 18:01 - 2014-12-10 18:01 - 0000000 _____ () C:\Users\Ron Wolpa\AppData\Local\{07453C67-60F0-49B6-9AEE-65960DA0877E}
2015-02-24 20:48 - 2015-02-24 20:49 - 0000000 _____ () C:\Users\Ron Wolpa\AppData\Local\{5148E698-ABC6-41F5-BFA9-7D4FFA8785D0}
2014-12-17 11:52 - 2014-12-17 11:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-27 12:13 - 2014-04-30 11:53 - 0019535 _____ () C:\ProgramData\empty.ico
2014-07-01 21:58 - 2014-07-01 22:04 - 0000814 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-09 11:02

==================== End of FRST.txt ============================


***************
3- A S W M B R L O G
**************



aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-10-17 20:29:00
-----------------------------
20:29:00.074 OS Version: Windows x64 6.2.9200
20:29:00.074 Number of processors: 8 586 0x102
20:29:00.074 ComputerName: RONWOLPA-PC UserName: Ron Wolpa
20:29:03.477 Initialize success
20:29:03.492 VM: initialized successfully
20:29:03.492 VM: Amd CPU supported
20:29:12.303 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003b
20:29:12.303 Disk 0 Vendor: ST1000DM003-1CH162 CC46 Size: 953869MB BusType: 11
20:29:12.396 Disk 0 MBR read successfully
20:29:12.396 Disk 0 MBR scan
20:29:12.396 Disk 0 unknown MBR code
20:29:12.412 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
20:29:12.428 Disk 0 scanning C:\Windows\system32\drivers
20:29:18.434 Service scanning
20:29:29.564 Modules scanning
20:29:29.564 Disk 0 trace - called modules:
20:29:29.595 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:29:29.595 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008c66060]
20:29:30.110 3 CLASSPNP.SYS[fffff88001f668aa] -> nt!IofCallDriver -> [0xfffffa80079fc6c0]
20:29:30.110 5 amd_xata.sys[fffff88000f75634] -> nt!IofCallDriver -> \Device\0000003b[0xfffffa80079ff4e0]
20:29:30.125 Disk 0 statistics 105335/0/0 @ 9,67 MB/s
20:29:30.125 Scan finished successfully
20:29:45.345 Disk 0 MBR has been saved successfully to "D:\DOWNLOADS\FARBAR_&_REGISTRY_BACKUP\MBR.dat"
20:29:45.345 The log file has been saved successfully to "D:\DOWNLOADS\FARBAR_&_REGISTRY_BACKUP\aswMBR_log.txt"



So here they are , thank you for your support !

Juliet
2015-10-18, 03:13
http://i.imgur.com/goGMWSt.gifP2P Warning

------------------------------
I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)

Your P2P software can be removed by following the instructions below.

Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the aforementioned programme(s), right-click and click Uninstall.

If you choose not to, please refrain from using the programme(s) during this process.





Running from D:\DOWNLOADS\FARBAR_&_REGISTRY_BACKUP

We need to move FRST to desktop in order for it to work correctly.

Please go to D:\DOWNLOADS\FARBAR_&_REGISTRY_BACKUP locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
Task: {B3A7D82E-E9E6-4618-A876-795372BA383E} - System32\Tasks\{1FF0E561-3FEB-4C29-9DCF-EA9E41EC3867} => pcalua.exe -a "C:\Users\Ron Wolpa\AppData\Roaming\webssearches\UninstallManager.exe" -c -ptid=exp <==== ATTENTION
AlternateDataStreams: C:\Users\Ron Wolpa\AppData\Local\VvkMVE11S8ENeXs:YbSAy0TtTjfoRKF5jTbpxC
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin HKU\S-1-5-21-1940904984-816926392-2436131406-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ron Wolpa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-1940904984-816926392-2436131406-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~~~~~~~~~~~``

please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt

Ron Wolpa
2015-10-18, 04:01
Hello
Thank you very much for your support but allow me to disagree regarding uTorrent and p2p , resource very useful that I employ daily during 15 years and never had any trouble.
I usually download .avi movies or if I download something else which contains a .exe I check 1st before running.
As a matter of fact I´ve already deleted some suspicious files during this time.
In order to get .torrents or magnetic link I am very careful as well.
So that I may assure you that I never had any trouble with files downloaded by means torrents.
Regarding to the current contamination I have to fess up that I know when it ocurred : as a site that promissed the download of a book (via http) loaded the Chrome window turned to red with Malware alert and I thought it was something like a false positive. I let it to load and from that moment on some clicks were redirected.
I will proceed as you taught me , uTorrent will be off during the process.
Thank you once again.

Ron Wolpa
2015-10-18, 04:23
F I X L O G


Loaded Profiles: Ron Wolpa (Available Profiles: Ron Wolpa & Emergency & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: {B3A7D82E-E9E6-4618-A876-795372BA383E} - System32\Tasks\{1FF0E561-3FEB-4C29-9DCF-EA9E41EC3867} => pcalua.exe -a "C:\Users\Ron Wolpa\AppData\Roaming\webssearches\UninstallManager.exe" -c -ptid=exp <==== ATTENTION
AlternateDataStreams: C:\Users\Ron Wolpa\AppData\Local\VvkMVE11S8ENeXs:YbSAy0TtTjfoRKF5jTbpxC
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin HKU\S-1-5-21-1940904984-816926392-2436131406-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ron Wolpa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-1940904984-816926392-2436131406-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3A7D82E-E9E6-4618-A876-795372BA383E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3A7D82E-E9E6-4618-A876-795372BA383E}" => key removed successfully
C:\Windows\System32\Tasks\{1FF0E561-3FEB-4C29-9DCF-EA9E41EC3867} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1FF0E561-3FEB-4C29-9DCF-EA9E41EC3867}" => key removed successfully
C:\Users\Ron Wolpa\AppData\Local\VvkMVE11S8ENeXs => ":YbSAy0TtTjfoRKF5jTbpxC" ADS removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => key removed successfully
"HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-1940904984-816926392-2436131406-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => key removed successfully
C:\Users\Ron Wolpa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => not found.
"HKU\S-1-5-21-1940904984-816926392-2436131406-1001\Software\MozillaPlugins\anvisoft.com/AdblockPlugin" => key removed successfully
C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lhmiofmipcpmhgihiecmpiekcacigpgb" => key removed successfully
EmptyTemp: => 583.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:14:03 ====

i noticed some keys were removed from the registry.

Juliet
2015-10-18, 04:50
AdwCleaner[CX].txt
JRT.txt
I also need to see the above.


Thank you very much for your support but allow me to disagree regarding uTorrent and p2p
It is my duty to inform users of the possibilities of infection that can be had by using P2P programs.

How is your computer now?

Ron Wolpa
2015-10-18, 16:39
How is your computer now?

Nope ,that´s amazing , it took a while to happen after booting the system and finally it redirected a click given on a blank corner of a site , the redirect occurred to http://pubted.com/w/d/p.php?z=7121 and loaded no advertisement , It happened again redirecting a click given on a link of a page.
What a thing this bloody bastard invented I wished I could break his front teeth !



REPORT CREATED BEFORE I ORDERED AdwCleaner v5.013 TO CLEAR THE SYSTEM
# AdwCleaner v5.013 - Relatório criado 18/10/2015 às 02:44:00
# Atualizado 09/10/2015 por Xplode
# Banco de dados : 2015-10-16.1 [Servidor]
# Sistema operacional : Windows 8 Pro (x64)
# Usuário : Ron Wolpa - RONWOLPA-PC
# Executando de : D:\DOWNLOADS\adwcleaner_5.013.exe
# Opção : Verificar
# Apoio : http://toolslib.net/forum

***** [ Serviços ] *****


***** [ Pastas ] *****

Pasta Encontrado : C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Pasta Encontrado : C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk

***** [ Arquivos ] *****

Arquivo Encontrado : C:\Users\Ron Wolpa\Desktop\net.lnk

***** [ DLLs ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****

Chave Encontrada : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}

***** [ Navegadores ] *****

[C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Encontrada : dkpejdfnpdkhifgbancbammdijojoffk
[C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Encontrada : ndibdjnfmopecpmkdieinmbadjfpblof

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1622 bytes] ##########

..........................................................................................................................
REPORT CREATED AFTER I ORDERED AdwCleaner v5.013 TO CLEAR THE SYSTEM



# AdwCleaner v5.013 - Relatório criado 18/10/2015 às 02:46:53
# Atualizado 09/10/2015 por Xplode
# Banco de dados : 2015-10-16.1 [Servidor]
# Sistema operacional : Windows 8 Pro (x64)
# Usuário : Ron Wolpa - RONWOLPA-PC
# Executando de : D:\DOWNLOADS\adwcleaner_5.013.exe
# Opção : Limpar
# Apoio : http://toolslib.net/forum

***** [ Serviços ] *****


***** [ Pastas ] *****

[-] Pasta Excluído : C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[-] Pasta Excluído : C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk

***** [ Arquivos ] *****

[-] Arquivo Excluído : C:\Users\Ron Wolpa\Desktop\net.lnk

***** [ DLLs ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****

[-] Chave Excluída : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}

***** [ Navegadores ] *****



[-] [C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Excluído : dkpejdfnpdkhifgbancbammdijojoffk
[-] [C:\Users\Ron Wolpa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Excluído : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

:: Configurações Winsock restauradas

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1708 bytes] ##########


CLEARLY a folder has been deleted.
I read some procedures to clear malware performed on safety mode , perhaps this would be the case to solve the matter.
Thank you.

Juliet
2015-10-18, 18:58
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) TO YOUR DESKTOP




Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i24.photobucket.com/albums/c30/ken545/0841859c-1a35-4dbd-b41a-e720629e3e22_zpst0yckuua.png



On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes


If a log does not pop up:

Open Malwarebytes and on the Dashboard click on History
Then Application Logs
Then Scan log
Select the date of the scan you just ran
Then click Export
On the dropdown list select Copy to Clipboard and paste it into this thread


~~~~~~~~~~~~~~~~~~~~~~~~~~`

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

Ron Wolpa
2015-10-20, 14:09
Quote Originally Posted by Juliet View Post
How is your computer now?.

In hindsight , before posting my last message I should have resetted Chrome.
I don´t want to count chickens before the eggs are hatched but it looks like I got rid of pubted.
After accomplishing the steps you taught me the problem remained as if I had done nothing.
Then I decided to reset Chrome (again , I have done it dozen of times) ,it looks like it was the missing step.
I´ve tested for hours and the redirect has not occurred so far.
Thank you very much for providing me with your support.

Juliet
2015-10-20, 15:09
Glad to hear it's better.

I still need to see

EsetScan log
Malwarebytes log

Juliet
2015-10-30, 00:07
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.