Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-09-2015 01 Ran by Usuario (administrator) on USUARIO-PC (13-09-2015 13:44:50) Running from C:\Users\Usuario\Downloads Loaded Profiles: Usuario (Available Profiles: Usuario) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Português (Brasil) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe (Dell) C:\Program Files\Battery Meter\BTMeter.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Opera Software) C:\Program Files\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files\Opera\31.0.1889.174\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files\Opera\31.0.1889.174\opera.exe (Opera Software) C:\Program Files\Opera\31.0.1889.174\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.) HKLM\...\Run: [SiSTray] => C:\Program Files\SiS VGA Utilities\SiSTray.exe [557056 2010-12-15] (Silicon Integrated Systems Corporation) HKLM\...\Run: [BTMeter] => C:\Program Files\Battery Meter\BTMeter.exe [537896 2008-07-11] (Dell) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor) Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [X] HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehCef.dll No File [ ] ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{AD08596B-109F-492C-8729-24AA1C79DB28}: [NameServer] 189.38.95.95,189.38.95.96 Tcpip\..\Interfaces\{AD08596B-109F-492C-8729-24AA1C79DB28}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/ SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> DefaultScope {50826969-F119-4C6B-A6CB-F141DED48FF8} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {50826969-F119-4C6B-A6CB-F141DED48FF8} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2741043627-4026230127-4029745268-1000 -> {93F0317E-3C5A-41EB-B53D-87FDDE46A9B5} URL = hxxp://www.google.com/search?hl=en&q={searchTerms} BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehCef.dll No File FireFox: ======== FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: PDF Architect 3 -> C:\Program Files\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH) Chrome: ======= CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-09] CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09] CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-09] CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-09] CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-09] CHR Extension: (Planilhas do Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-09] CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-09] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-09] CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 PDF Architect 3; C:\Program Files\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH) S3 PDF Architect 3 CrashHandler; C:\Program Files\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH) R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [9856 2007-04-19] () R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-06-15] (REALiX(tm)) R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2015-06-20] (GAS Tecnologia) R0 uagp35; C:\Windows\System32\DRIVERS\sisagpx.sys [58400 2009-08-01] (Silicon Integrated Systems Corporation) U5 GbpKm; C:\Windows\System32\Drivers\GbpKm.sys [46552 2014-11-03] (GAS Tecnologia) S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-13 13:44 - 2015-09-13 13:45 - 00009337 _____ C:\Users\Usuario\Downloads\FRST.txt 2015-09-11 18:59 - 2015-09-13 12:28 - 00000168 _____ C:\Windows\setupact.log 2015-09-11 18:59 - 2015-09-11 18:59 - 00000000 _____ C:\Windows\setuperr.log 2015-09-11 13:49 - 2015-09-11 13:59 - 22892794 _____ (Audacity Team ) C:\Users\Usuario\Downloads\audacity-win-2-0-6.exe 2015-09-11 12:56 - 2015-09-11 12:56 - 00000000 ____D C:\Users\Usuario\Downloads\Originals 2015-09-10 20:06 - 2015-09-10 20:06 - 00001351 _____ C:\Users\Usuario\Desktop\Opera.lnk 2015-09-10 10:23 - 2015-09-10 10:23 - 00000000 ____D C:\Users\Todos os Usuários\Auslogics 2015-09-10 10:23 - 2015-09-10 10:23 - 00000000 ____D C:\ProgramData\Auslogics 2015-09-10 10:21 - 2015-09-10 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2015-09-10 10:21 - 2015-09-10 10:23 - 00000000 ____D C:\Program Files\Auslogics 2015-09-10 10:15 - 2015-09-10 10:15 - 00001226 _____ C:\Users\Usuario\Desktop\Revo Uninstaller.lnk 2015-09-10 10:15 - 2015-09-10 10:15 - 00000000 ____D C:\Program Files\VS Revo Group 2015-09-10 10:14 - 2015-09-10 10:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Usuario\Downloads\revosetup.exe 2015-09-09 11:54 - 2015-09-13 13:44 - 00000000 ____D C:\Users\Usuario\Downloads\FRST-OlderVersion 2015-09-03 15:35 - 2015-09-11 12:35 - 00000000 ____D C:\Users\Usuario\Downloads\DENTISTAS 2015-09-03 14:38 - 2015-09-03 14:38 - 00703448 _____ (Opera Software) C:\Users\Usuario\Downloads\Opera_NI_stable.exe 2015-09-03 14:06 - 2015-09-03 14:07 - 01308672 _____ C:\Users\Usuario\Downloads\zoek.exe 2015-09-03 09:24 - 2015-09-10 20:00 - 00000000 ____D C:\zoek_backup 2015-09-02 14:07 - 2015-09-03 11:31 - 00000000 ____D C:\Users\Usuario\Downloads\ComIntRepair 2015-09-02 11:16 - 2015-09-02 11:16 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Opera Software 2015-09-02 11:16 - 2015-09-02 11:16 - 00000000 ____D C:\Users\Usuario\AppData\Local\Opera Software 2015-09-02 11:13 - 2015-09-09 10:37 - 00000000 ____D C:\Program Files\Opera 2015-09-02 11:05 - 2015-09-02 11:05 - 00009565 _____ C:\Users\Usuario\Documents\favoritos_02_09_15.html 2015-09-02 10:10 - 2015-09-03 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-08-31 18:24 - 2015-08-31 18:24 - 00007605 _____ C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg 2015-08-31 17:09 - 2015-09-13 13:44 - 00000000 ____D C:\FRST 2015-08-31 17:07 - 2015-09-13 13:44 - 01694208 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe 2015-08-29 15:15 - 2015-08-29 15:15 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\ProductData 2015-08-25 11:08 - 2015-06-15 21:40 - 02531544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll 2015-08-25 10:24 - 2015-09-03 11:31 - 00000000 ____D C:\Program Files\K-Lite Codec Pack ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-13 12:47 - 2009-07-14 01:34 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-13 12:47 - 2009-07-14 01:34 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-13 12:40 - 2015-08-13 10:08 - 00803908 _____ C:\Windows\WindowsUpdate.log 2015-09-13 12:28 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-11 18:06 - 2015-06-11 20:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PhotoScape 2015-09-11 12:55 - 2015-07-14 16:28 - 00108544 ____H C:\Users\Usuario\Downloads\photothumb.db 2015-09-10 20:06 - 2015-06-10 21:55 - 00000000 ____D C:\Program Files\Google 2015-09-10 20:01 - 2015-06-09 20:26 - 00000000 ____D C:\Users\Usuario 2015-09-10 20:00 - 2015-06-25 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-09-10 20:00 - 2015-06-14 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2015-09-10 20:00 - 2015-06-12 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-09-10 20:00 - 2015-06-12 11:46 - 00000000 ____D C:\Program Files\CCleaner 2015-09-10 20:00 - 2015-06-11 18:28 - 00000000 ____D C:\Users\Todos os Usuários\Protexis 2015-09-10 20:00 - 2015-06-11 18:28 - 00000000 ____D C:\ProgramData\Protexis 2015-09-10 20:00 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF 2015-09-10 19:59 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\registration 2015-09-09 16:25 - 2010-11-20 23:33 - 00705268 _____ C:\Windows\system32\prfh0416.dat 2015-09-09 16:25 - 2010-11-20 23:33 - 00147108 _____ C:\Windows\system32\prfc0416.dat 2015-09-09 16:25 - 2010-11-20 18:01 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-09 11:41 - 2015-06-10 21:55 - 00000000 ____D C:\Users\Usuario\AppData\Local\Google 2015-09-09 11:36 - 2015-06-10 21:53 - 00000000 ____D C:\Users\Usuario\AppData\Local\Deployment 2015-09-09 11:35 - 2015-08-13 10:06 - 00000000 ____D C:\Users\Usuario\AppData\Local\Apps\2.0 2015-09-06 16:41 - 2015-06-11 19:19 - 00061361 _____ C:\Windows\FontData.fdb 2015-09-06 10:44 - 2015-06-13 21:51 - 00000000 ____D C:\Users\Usuario\Downloads\Nado 2015-09-03 11:31 - 2015-06-10 21:41 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-09-03 11:31 - 2015-06-10 21:41 - 00000000 ____D C:\Windows\system32\appraiser 2015-09-03 11:31 - 2015-06-10 20:11 - 00000000 ___SD C:\Windows\system32\GWX 2015-09-03 11:31 - 2010-11-20 23:33 - 00000000 ____D C:\Windows\system32\Drivers\pt-BR 2015-09-03 11:31 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\pt-BR 2015-09-03 11:31 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\AppCompat 2015-09-03 11:31 - 2009-07-13 23:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-09-03 11:27 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-09-03 11:23 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles 2015-08-31 11:23 - 2015-06-10 17:28 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\vlc 2015-08-26 12:17 - 2015-06-10 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC 2015-08-25 11:36 - 2009-07-14 01:53 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-25 11:33 - 2015-06-27 12:19 - 00000000 ____D C:\Windows\system32\RTCOM 2015-08-25 11:33 - 2015-06-10 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiS VGA Utilities 2015-08-25 11:33 - 2015-06-10 22:00 - 00000000 ____D C:\Program Files\SiS VGA Utilities 2015-08-25 11:33 - 2015-06-10 17:26 - 00000000 ____D C:\Program Files\MPC-HC 2015-08-25 11:33 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\rescache 2015-08-14 19:23 - 2015-07-30 19:33 - 00000000 ____D C:\Program Files\Recuva 2015-08-14 15:43 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system ==================== Files in the root of some directories ======= 2015-08-31 18:24 - 2015-08-31 18:24 - 0007605 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg 2015-06-15 21:43 - 2015-06-15 21:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-11 18:47 ==================== End of FRST.txt ============================