Infecção Linkbucks!

Ola pessoal sou novo no fórum e estou aqui atras de ajuda, pois já estou com este problema ha alguns dias e não consigo resolver.
O meu caso é o seguinte tenho um roteador tp link modelo TL-WR841ND de 300Mbps e dois notebooks acer um com windows 7 e outro com o 8 que apresentam o mesmo problema, sendo que já resetei o roteador e troquei o firmware só que não desliguei o modem como li em outro tópico, espero ajuda de como devo proceder agora e se devo executar o mesmo processo nos dois pcs!

1)
Copie o link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

2)
Cole o link diretamente na barra de endereço de seu navegador e tecla (Enter)
* Carregando a página selecione seu navegador.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

3)
Clique no botão (+ Gratuito).

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Reinicie seu navegador

Pronto..

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Essa é unica alternativa por enquanto!

Você já resetou o Roteador e não resolveu o problema por alguns dias ?

 Olá Richard.

Siga as dicas que o Brando Lee te passou acima e faça também o seguinte para eliminar este problema do Linkbucks:

1) Resetar o modem e roteador

2) Trocar as senhas de acesso ao roteador e modem e da rede

3) Atualizar o Firmware de seu modem e roteador.

4) Desligar o roteador e o modem

5) Ligar todos novamente
________________________________

Sua internet é via rádio? Se a sua internet for via rádio, entre em contato com o provedor de sua internet, explique o problema para eles e peça a eles que troquem os DNS de sua conexão na central.

Depois disto nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

Bom pessoal desde já agradeço a atenção de todos, instalei novamente o safebrowse que não ajudou, resetei o roteador e troquei a senha mas a "praga" continua a incomodar, mas desta vez consigo visualizar videos do youtube que antes não funcionava, estou com dúvida em relação ao firmware do roteador estou com a versão mais atual do meu modelo devo atualizar com uma versão anterior para ver se muda alguma coisa?Minha internet é via rádio ou o único jeito é entrar em contato com o provedor da internet pra trocar o DNS.

Você possui o manual do roteador?

Caso negativo, deixo o link dele:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

No início da página 53 do manual há uma figura que mostra:

Primary DNS

Secondary DNS

Coloque:

Primary DNS: 198.153.192.40

Secondary DNS: 198.153.194.40

Salve as alterações

Saia do roteador

Desligue o PC e o roteador

Aguarde uns segundos e volte a ligá-los.

richardschenkel escreveu:Bom pessoal desde já agradeço a atenção de todos, instalei novamente o safebrowse que não ajudou, resetei o roteador e troquei a senha mas a "praga" continua a incomodar, mas desta vez consigo visualizar videos do youtube que antes não funcionava, estou com dúvida em relação ao firmware do roteador estou com a versão mais atual do meu modelo devo atualizar com uma versão anterior para ver se muda alguma coisa?Minha internet é via rádio ou o único jeito é entrar em contato com o provedor da internet pra trocar o DNS.

Safebrowse nao remove a praga, mas ele bloqueia o redirecionamento para a pagina Linkbucks e redireciona para pagina legítima!

Então Richard conseguiu adicionar os DNS sugerido pelo Wings ?

Consegui trocar o DNS mas o problema persiste, e agora consigo visualizar mas não consigo responder o tópico tive que acessar de outro local para responder por isso a demora, e agora qual o próximo passo?

Talvez estes DNS's sejam muito restritos. Experimente:

208.67.222.222
208.67.220.220

Também não resolveu continua na mesma!

richardschenkel escreveu:Também não resolveu continua na mesma!

Sim...mas já consegue responder no tópico?

Na ultima vez consegui mas agora não esta mais funcionando sempre que digito e clico em enviar aparece a mensagem dizendo que é para digitar uma mensagem antes de enviar, notei que na caixa do titulo quando clico para escrever ela fica com o contorno amarelo e da mensagem não acontece, isso é normal?

Fui mexer agora no note com windows 7 ele estava sem acesso a net configurei e coloquei a nova senha e para minha surpresa parece estar curado fui verificar o DNS e ele mudou automaticamente para 198.153.192.40 e 198.153.194.40 o que devo fazer agora como configurar o pc para esta praga não voltar mais e o que devo fazer no note com o windows 8 estou com medo de mexer e voltar tudo novamente gostaria de algumas dicas para fazer uma limpeza e ficar bem protegido!

richardschenkel escreveu:Fui mexer agora no note com windows 7 ele estava sem acesso a net configurei e coloquei a nova senha e para minha surpresa parece estar curado fui verificar o DNS e ele mudou automaticamente para 198.153.192.40 e 198.153.194.40 o que devo fazer agora como configurar o pc para esta praga não voltar mais e o que devo fazer no note com o windows 8 estou com medo de mexer e voltar tudo novamente gostaria de algumas dicas para fazer uma limpeza e ficar bem protegido!

Deve deixar uma senha bem forte e deixá-la anotada para não esquecer.

Mais nada à fazer.

E o problema voltou! Funcionou perfeitamente até ontem, pelo que pude ver o DNS mudou novamente para 208.67.222.222 e 208.67.220.220 como devo fazer para fixar um numero DNS para esse problema não voltar?

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Smeenk)

*Extraia o arquivo Zoek.exe para o Desktop (Área de Trabalho)

*Clique com o botão direito do mouse no Zoek e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Cole as linhas em marrom no espaço do Zoek

hijackthis;
chromelook;
firefoxlook;
hostslook;
silentrunners;

*Clique [Run Script]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Cole ou anexe o relatório C:\zoek-results.txt

Aqui esta o relatório:


Zoek.exe Version 4.0.0.5 Updated 30-November-2013
Tool run by Acer on 02/12/2013 at 20:20:23,26.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Acer\Desktop\zoek.exe [Script inserted]

==== System Restore Info ======================

02/12/2013 20:21:14 Zoek.exe System Restore Point Created Succesfully.

==== Hosts File Content ======================

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1       localhost
# ::1             localhost

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [22/11/2013 14:17]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Acer\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [20/11/2013 20:07]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\8ayubryh.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\8ayubryh.default
EE8D96E7899D12FC3AA5DB2034C0853C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll - Shockwave Flash
402F73996235A5ED472D3B31C4FD4BC5 - C:\Users\Acer\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Acer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
CC918D6A687C517BA3D17A9CCF4B3CEC - C:\Users\Acer\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Acer\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[08/11/2013 19:40]

Google Docs - Acer - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Acer - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Acer - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Acer - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - Acer - Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Acer - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
SafeBrowse - Acer - Default\Extensions\obkfjhifkbhimlocpddgamonjihinpak
GBBD Banco do Brasil - Acer - Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Acer - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\3765be36-0053-49aa-9ee8-500aa4f3a257.exe /check
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CFA5362-859D-4194-969D-2362297244A8}: NameServer = 198.153.192.40,198.153.194.40
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Broadcom Card Reader Service (BrcmCardReader) - Broadcom Corp. - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc.  - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" [Atheros Communications]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} = "C:\Users\Acer\AppData\Local\Temp\cis74B4.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} [file not found]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
LManager = (empty string) [file not found]
AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [AVAST Software]
20131121 = C:\Program Files\AVAST Software\Avast\setup\emupdate\3765be36-0053-49aa-9ee8-500aa4f3a257.exe /check [AVAST Software]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{11111111-1111-1111-1111-110411111133}\(Default) = CrossriderApp0041133
 -> {HKLM...CLSID} = Wifi Protector BI
                  \InProcServer32\(Default) = C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-bho64.dll [file not found]

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\(Default) = (no title provided)
 -> {HKLM...CLSID} = avast! Online Security
                  \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [AVAST Software]

{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}\(Default) = IESpeakDoc
 -> {HKLM...CLSID} = CIESpeechBHO Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [Qualcomm Atheros Commnucations]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
 -> {HKLM...Wow...CLSID} = avast! Online Security
                        \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

{C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = G-Buster Browser Defense
 -> {HKLM...Wow...CLSID} = GbIehObj Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\GbPlugin\gbieh.dll [Banco do Brasil]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
 -> {HKLM...CLSID} = avast
                  \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = ELAN Control Panel
 -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.]

{B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension
 -> {HKLM...CLSID} = WinRAR
                  \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{472083B0-C522-11CF-8763-00608CC02F24} = avast
 -> {HKLM...CLSID} = avast
                  \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]

{B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension
 -> {HKLM...CLSID} = AppShellPage Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [Qualcomm Atheros Commnucations]

{C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu
 -> {HKLM...CLSID} = ContextMenu Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtContextMenu.dll [Qualcomm Atheros Commnucations]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{472083B0-C522-11CF-8763-00608CC02F24} = avast
 -> {HKLM...Wow...CLSID} = avast
                        \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

{E37CB5F0-51F5-4395-A808-5FA49E399F83} = GbPlugin ShlObj
 -> {HKLM...Wow...CLSID} = GbPluginObj Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\GbPlugin\gbieh.dll [Banco do Brasil]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\

{ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider
 -> {HKLM...CLSID} = AthCredentialProvider
                  \InProcServer32\(Default) = AthCredentialProvider.dll [Qualcomm Atheros Commnucations]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider
 -> {HKLM...CLSID} = AthCredentialProvider
                  \InProcServer32\(Default) = AthCredentialProvider.dll [Qualcomm Atheros Commnucations]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F}
 -> {HKLM...CLSID} = AppShellPage Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [Qualcomm Atheros Commnucations]

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
 -> {HKLM...CLSID} = avast
                  \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
 -> {HKLM...Wow...CLSID} = avast
                        \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
 -> {HKLM...CLSID} = WinRAR
                  \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
 -> {HKLM...Wow...CLSID} = WinRAR
                        \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
 -> {HKLM...CLSID} = avast
                  \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
 -> {HKLM...Wow...CLSID} = avast
                        \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1}
 -> {HKLM...CLSID} = FTShellContext Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [Qualcomm Atheros Commnucations]

MWLIVShellExt\(Default) = {B1B294FE-EC1E-4fef-AF68-D34CE3E38157}
 -> {HKLM...CLSID} = MWLIVShell Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll [Egis Technology Inc. ]
 -> {HKLM...Wow...CLSID} = MWLIVShell Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\MWLIVShellExt.dll [Egis Technology Inc. ]

ShredderContextMenu\(Default) = {521065F1-DE6C-4E46-BBCB-89B0D0BE860D}
 -> {HKLM...CLSID} = ShredContextMenu Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [Egis Technology Inc.]
 -> {HKLM...Wow...CLSID} = ShredContextMenu Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec Shredder\x86\ShredderContextMenu.dll [Egis Technology Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}
 -> {HKLM...CLSID} = Ath_CopyHook
                  \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\FolderViewImpl.dll [Qualcomm Atheros Commnucations]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
 -> {HKLM...CLSID} = GraphicsShellExt Class
                  \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
 -> {HKLM...CLSID} = avast
                  \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
 -> {HKLM...Wow...CLSID} = avast
                        \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
 -> {HKLM...CLSID} = WinRAR
                  \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
 -> {HKLM...Wow...CLSID} = WinRAR
                        \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
 -> {HKLM...CLSID} = WinRAR
                  \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
 -> {HKLM...Wow...CLSID} = WinRAR
                        \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]


Default executables:
--------------------

.hta
HKLM\SOFTWARE\Classes\htafile\(Default) = HTML Application
HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %* [MS]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

EnableCursorSuppression = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Windows\Web\Wallpaper\acer01.jpg


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AcerClearfiMediaAutoPlayMOVIE\
Provider = Acer
InvokeProgID = AcerClearfiMediaAutoPlayMOVIE\AutoPlay
InvokeVerb = open
HKLM\SOFTWARE\Classes\AcerClearfiMediaAutoPlayMOVIE\AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\Acer\clear.fi Media\clearfiMediaAutoplay.exe  %1 MOVIE [Acer Incorporated]

AcerClearfiMediaAutoPlayMUSIC\
Provider = Acer
InvokeProgID = AcerClearfiMediaAutoPlayMUSIC\AutoPlay
InvokeVerb = open
HKLM\SOFTWARE\Classes\AcerClearfiMediaAutoPlayMUSIC\AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\Acer\clear.fi Media\clearfiMediaAutoplay.exe  %1 MUSIC [Acer Incorporated]

MagicUSBCable\
Provider = @%windir%\system32\migwiz\wet.dll,-588
CLSID = {0C776A5A-FC42-4870-8D65-D62ADD9184FF}
 -> {HKLM...CLSID} = Magic USB Cable Class ID
                  \LocalServer32\(Default) = "C:\Windows\System32\MigAutoPlay.exe" [MS]

MSFhConfigBackup\
Provider = @C:\Windows\system32\fhautoplay.dll,-100
InvokeProgID = FHConfig.AutoPlayHandler
InvokeVerb = config
HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPromptEachTime\
Provider = @C:\Windows\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTime
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
 -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
                  \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSPromptEachTimeNoContent\
Provider = @C:\Windows\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTimeNoContent
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
 -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
                  \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

MSWPDNetworkConfigHandler\
Provider = @C:\Windows\system32\wpdshext.dll,-503
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /NetworkConfig;%SystemRoot%\system32\xwizard.exe;RunWizard {34c219bd-85c1-4338-95e8-788a36901dc2} /z %s
 -> {HKLM...CLSID} = WPDShextAutoplay
                  \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

NTIBurner\
Provider = NTI Media Maker
InvokeProgID = NTIBurnerOpen
InvokeVerb = open
HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = "C:\Program Files (x86)\NTI\NTI Media Maker 9\Launcher.exe" [null data]


Startup items in "Acer" & "All Users" startup folders:
------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp {++}
Acer Backup Manager Tray -> shortcut to: C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k [NTI Corporation]


Windows Sidebar Gadgets: {++}
------------------------

C:\Users\Acer\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget"


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater ->  launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
ALU ->  launches: C:\Program Files (x86)\Acer\Live Updater\updater.exe -auto [null data]
ALUAgent ->  launches: C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [null data]
avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software]
DeviceDetector -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [CyberLink]
EgisUpdate ->  launches: "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d [Egis Technology Inc.]
FacebookUpdateTaskUserS-1-5-21-219001957-32817796-3576587927-1001Core ->  launches: C:\Users\Acer\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver [Facebook Inc.]
FacebookUpdateTaskUserS-1-5-21-219001957-32817796-3576587927-1001UA ->  launches: C:\Users\Acer\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler [Facebook Inc.]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
Optimize Start Menu Cache Files-S-1-5-21-219001957-32817796-3576587927-500 ->  launches: {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF}
 -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = C:\Windows\System32\twinapi.dll [MS]
 -> {HKLM...Wow...CLSID} = (no title provided)
                        \InProcServer32\(Default) = C:\Windows\SysWOW64\twinapi.dll [MS]
PMMUpdate ->  launches: "C:\Program Files\EgisTec IPS\PMMUpdate.exe" [Egis Technology Inc.]
Power Management ->  launches: "C:\Program Files\Acer\Acer Power Management\ePowerTray.exe" [Acer Incorporated]
Wifi Protector BI-chromeinstaller ->  launches: C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-chromeinstaller.exe /installcrx /agentregpath='Wifi Protector BI' /extensionfilepath='C:\Program Files (x86)\Wifi Protector BI\41133.crx' /appid=41133 /srcid='000343' /subid='0' /zdata='0' /bic=DD360415136B4967B111A74C6FC0468DIE /verifier=b80680961767fd800f01e514c479cfa2 /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1385512738 /statsdomain=http://stats.srvstatsdata.com /errorsdomain=http://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=gggcfobanppcgiladbnkkbekiblafleg /extensionversion=1.25.34 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyMzCsCNsHO9TycGsmN+FCfkeqUSyoULNbXGg/0DIV8WIpscCfcmIY99QqFPb5i6oFIm+7bEPaMl9CXU91ttt5G/SgaAIQCeEBUiu2R36Ts9AhcUoU5PRaYF1J21UsMdBrlYa5BRirL3PJBtbYa7XDMk02P4U5bO3/rCjz8NfHKQIDAQAB /allusers /allprofiles /externallog='' [file not found]
Wifi Protector BI-codedownloader ->  launches: C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-codedownloader.exe /reinstallapp /agentregpath='Wifi Protector BI' /appid=41133 /srcid='000343' /subid='0' /zdata='0' /bic=DD360415136B4967B111A74C6FC0468DIE /verifier=b80680961767fd800f01e514c479cfa2 /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1385512738 /statsdomain=http://stats.srvstatsdata.com /errorsdomain=http://errors.srvstatsdata.com /codedownloaddomain=http://app-static.crossrider.com /allusers /externallog='' [file not found]
Wifi Protector BI-enabler ->  launches: C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-enabler.exe /enablebho /agentregpath='Wifi Protector BI' /appid=41133 /srcid='000343' /subid='0' /zdata='0' /bic=DD360415136B4967B111A74C6FC0468DIE /verifier=b80680961767fd800f01e514c479cfa2 /installerversion=1_31_153 /installationtime=1385512738 /statsdomain=http://stats.srvstatsdata.com /errorsdomain=http://errors.srvstatsdata.com /bhoguid=11111111-1111-1111-1111-110411111133 /allusers /externallog='' [file not found]
Wifi Protector BI-firefoxinstaller ->  launches: C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-firefoxinstaller.exe /installxpi /agentregpath='Wifi Protector BI' /extensionfilepath='C:\Program Files (x86)\Wifi Protector BI\41133.xpi' /appid=41133 /srcid='000343' /subid='0' /zdata='0' /bic=DD360415136B4967B111A74C6FC0468DIE /verifier=b80680961767fd800f01e514c479cfa2 /installerversion=1_31_153 /installerfullversion=1.31.153.0 /installationtime=1385512738 /statsdomain=http://stats.srvstatsdata.com /errorsdomain=http://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=2a38bb3a-2651-43ea-8e33-1325f47ced9d@026bd02c-1dd9-4619-b720-7261e5ecae02.com /extensionversion=0.93 /prefsbranch=a2a38bb3a265143ea8e331325f47ced9d026bd02c1dd94619b7207261e5ecae02com41133 /updateurl=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/41133.rdf /extensionname='Wifi Protector BI' /extensiondesc='Wifi Protector Extension provides phishing protection and monitors internet activity to ensure protection is enabled when necessary.' /publishername='Speedchecker' /allusers /allprofiles /externallog='' [file not found]
Wifi Protector BI-updater ->  launches: C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-updater.exe /runupdater /agentregpath='Wifi Protector BI' /appid=41133 /srcid='000343' /subid='0' /zdata='0' /bic=DD360415136B4967B111A74C6FC0468DIE /verifier=b80680961767fd800f01e514c479cfa2 /installerversion=1_31_153 /installationtime=1385512738 /statsdomain=http://stats.srvstatsdata.com /errorsdomain=http://errors.srvstatsdata.com /monetizationdomain=http://stats.syncstatsdata.com /geoserviceurl=http://ipgeoapi.com/ /updatejsondomain=http://update.srvstatsdata.com /updaterversion=2 /externallog='' [file not found]

C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
.NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
 -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = mscoree.dll [MS]
.NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C}
 -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = mscoree.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
 -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                  \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
 -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                        \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\AppID
SmartScreenSpecific ->  launches: {9f2b0085-9218-42a1-88b0-9f0e65851666}
 -> {HKLM...CLSID} = Windows SmartScreen Task Handler
                  \InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS]
 -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler
                        \InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent /increment [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
StartupAppTask ->  launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData
CleanupTemporaryState ->  launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
 -> {HKLM...CLSID} = Certificate Services Client Task Handler
                  \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
 -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                        \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
 -> {HKLM...CLSID} = Certificate Services Client Task Handler
                  \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
 -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                        \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
ProactiveScan ->  launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1}
 -> {HKLM...CLSID} = Proactive Scan
                  \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66}
 -> {HKLM...CLSID} = BthSQM
                  \InProcServer32\(Default) = C:\Windows\System32\BthSQM.dll [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
 -> {HKLM...CLSID} = KernelCeipCustomHandler
                  \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
Uploader ->  launches: %windir%\system32\WSqmCons.exe -u [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
 -> {HKLM...CLSID} = UsbCeip
                  \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
 -> {HKLM...Wow...CLSID} = UsbCeip
                        \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
 -> {HKLM...CLSID} = Data Integrity Scan
                  \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c -h -o -$ [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888}
 -> {HKLM...CLSID} = DsmRefreshTask Class
                  \InProcServer32\(Default) = C:\Windows\System32\DeviceSetupManagerAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
 -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                  \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
File History (maintenance mode) ->  launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A}
 -> {HKLM...CLSID} = FhTaskHandler Class
                  \InProcServer32\(Default) = C:\Windows\System32\fhtask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: A9A33436-678B-4c9c-A211-7CC38785E79D
 -> {HKLM...CLSID} = WinSAT Task Manger Task
                  \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
 -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                        \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}
 -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
                  \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS]
RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}
 -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
                  \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
MNO Metadata Parser ->  launches: %SystemRoot%\System32\MbaeParserTask.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
 -> {HKLM...CLSID} = HotStart User Agent
                  \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
 -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                  \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
 -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                        \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg
BindingWorkItemQueueHandler ->  launches: {5AA199A0-1CED-43A5-9B85-3226086738A3}
 -> {HKLM...CLSID} = Binding Engine Task Handler
                  \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS]
 -> {HKLM...Wow...CLSID} = Binding Engine Task Handler
                        \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack
BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371}
 -> {HKLM...CLSID} = PerfTrack TaskHandler class
                  \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\PI
Secure-Boot-Update ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
 -> {HKLM...CLSID} = TPM Maintenance Task Handler
                  \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]
Sqm-Tasks ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
 -> {HKLM...CLSID} = TPM Maintenance Task Handler
                  \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209}
 -> {HKLM...CLSID} = Device Installation Group Policy Task Handler
                  \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS]
Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b}
 -> {HKLM...CLSID} = Device Installation Reboot Dialog Task
                  \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS]
Sysprep Generalize Drivers ->  launches: %SystemRoot%\System32\drvinst.exe 6 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: {927ea2af-1c54-43d5-825e-0074ce028eee}
 -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = C:\Windows\System32\energytask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
 -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
                  \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
 -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
                        \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
 -> {HKLM...CLSID} = RasMobilityManager
                  \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
 -> {HKLM...CLSID} = RegistryIdleBackupHandler
                  \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
StartComponentCleanup ->  launches: 752073A1-23F2-4396-85F0-8FDB879ED0ED [InProcServer32 entry not found]

C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}
 -> {HKLM...CLSID} = Delayed Background Upload Task Handler
                  \InProcServer32\(Default) = C:\Windows\system32\SettingSyncInfo.dll [MS]
 -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler
                        \InProcServer32\(Default) = C:\Windows\system32\SettingSyncInfo.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Setup
Pre-staged GDR Notification ->  launches: %windir%\system32\NotificationUI.exe /Applicability [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43}
 -> {HKLM...CLSID} = Shell Create Object Task Delegate
                  \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
 -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate
                        \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
FamilySafetyMonitor ->  launches: %windir%\System32\wpcmon.exe [MS]
FamilySafetyRefresh ->  launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA}
 -> {HKLM...CLSID} = FamilySafety.WebSync
                  \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS]
IndexerAutomaticMaintenance ->  launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
 -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
                  \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]
 -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
                        \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
 -> {HKLM...CLSID} = GadgetsManager Class
                  \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
 -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
                  \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]
 -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
                        \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
SpaceAgentTask ->  launches: %windir%\system32\SpaceAgent.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
WsSwapAssessmentTask ->  launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
 -> {HKLM...CLSID} = RunTask
                  \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
 -> {HKLM...Wow...CLSID} = RunTask
                        \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler
Maintenance Configurator ->  launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8}
 -> {HKLM...CLSID} = Maintenance Configurator
                  \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]
Manual Maintenance ->  launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
 -> {HKLM...CLSID} = Maintenance Launcher Handler
                  \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]
Regular Maintenance ->  launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
 -> {HKLM...CLSID} = Maintenance Launcher Handler
                  \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
 -> {HKLM...CLSID} = MsCtfMonitor task handler
                  \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
 -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                        \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
ForceSynchronizeTime ->  launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
 -> {HKLM...CLSID} = Time Synchronization Task Handler
                  \InProcServer32\(Default) = C:\Windows\system32\TimeSyncTask.dll [MS]
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TPM
Tpm-Maintenance ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
 -> {HKLM...CLSID} = TPM Maintenance Task Handler
                  \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
 -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                  \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
 -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                        \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
Scheduled Start ->  launches: C:\Windows\system32\sc.exe start wuauserv [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask ->  launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
 -> {HKLM...CLSID} = Wininet Cache task object
                  \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
 -> {HKLM...Wow...CLSID} = Wininet Cache task object
                        \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WS
Badge Update ->  launches: {00CCDDF6-5107-424D-853D-3907AE5502DC}
 -> {HKLM...CLSID} = WinStore Tile Badge Updater
                  \InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS]
License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS]
Sync Licenses ->  launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E}
 -> {HKLM...CLSID} = WinStore License Sync task
                  \InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS]
WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS]
WSTask ->  launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129}
 -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = C:\Windows\System32\WSService.dll [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-219001957-32817796-3576587927-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} = (no title provided)
 -> {HKLM...CLSID} = avast! Online Security
                  \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [AVAST Software]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided)
 -> {HKLM...Wow...CLSID} = avast! Online Security
                        \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{7815BE26-237D-41A8-A98F-F7BD75F71086}\
MenuText = Send by Bluetooth to
CLSIDExtension = {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
 -> {HKLM...CLSID} = CIESpeechBHO Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [Qualcomm Atheros Commnucations]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AtherosSvc, AtherosSvc, C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [Qualcomm Atheros Commnucations]
avast! Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [AVAST Software]
avast! Firewall, avast! Firewall, "C:\Program Files\AVAST Software\Avast\afwServ.exe" [AVAST Software]
Broadcom Card Reader Service, BrcmCardReader, C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [Broadcom Corp.]
CCDMonitorService, CCDMonitorService, C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [Acer Incorporated]
Dritek RF Button Command Service, RfButtonDriverService, C:\Windows\RfBtnSvc64.exe [Dritek System INC.]
Dritek WMI Service, DsiWMIService, C:\Program Files (x86)\Launch Manager\dsiwmis.exe [Dritek System Inc.]
Elan Service, ETDService, C:\Program Files\Elantech\ETDService.exe [ELAN Microelectronics Corp.]
ePower Service, ePowerSvc, "C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe" [Acer Incorporated]
Gbp Service, GbpSv, C:\PROGRA~2\GbPlugin\GbpSv.exe [GAS Tecnologia]
Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation]
Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [Intel Corporation]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
NTI IScheduleSvc, NTI IScheduleSvc, C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [NTI Corporation]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<> MCODS,

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<> MCODS,


Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<> UpperFilters = <> aswKbd [AVAST Software],kbdclass [MS]




==== EOF on 02/12/2013 at 20:22:22,33 ======================

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Salve qualquer trabalho aberto e feche o seu navegador

*Execute-o, clique [Examinar] e aguarde o término

*Clique [Limpar] e aguarde o término

*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.

*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt

O outro relatório:

# AdwCleaner v3.014 - Relatório criado 02/12/2013 às 21:49:24
# Atualizado 01/12/2013 por Xplode
# Sistema Operacional : Windows 8 Single Language  (64 bits)
# Usuário : Acer - HOME
# Executando de : C:\Users\Acer\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v25.0.1 (pt-BR)

[ Arquivo : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\8ayubryh.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ Arquivo : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [982 octets] - [21/11/2013 11:48:49]
AdwCleaner[R1].txt - [1213 octets] - [02/12/2013 21:48:01]
AdwCleaner[S0].txt - [1039 octets] - [21/11/2013 11:52:25]
AdwCleaner[S1].txt - [1060 octets] - [02/12/2013 21:49:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1120 octets] ##########

Clique com o botão direito do mouse no Zoek e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Copie e cole as linhas em marrom no espaço do Zoek

autoclean;
emptyalltemp;
ipconfig /flushdns >> %temp%\log.txt;b

*Feche o seu navegador e clique [Run Script]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]

*Cole ou anexe o relatório apresentado

Segundo relatório Zoek:


Zoek.exe Version 4.0.0.5 Updated 30-November-2013
Tool run by Acer on 02/12/2013 at 22:24:00,47.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Acer\Desktop\zoek.exe [Script inserted]

==== Older Logs ======================

C:\zoek-results2013-12-02-222222.log 57225 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [22/11/2013 14:17]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Acer\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [20/11/2013 20:07]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\8ayubryh.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\8ayubryh.default
EE8D96E7899D12FC3AA5DB2034C0853C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll - Shockwave Flash
402F73996235A5ED472D3B31C4FD4BC5 - C:\Users\Acer\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Acer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
CC918D6A687C517BA3D17A9CCF4B3CEC - C:\Users\Acer\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Acer\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[08/11/2013 19:40]

avast Online Security - Acer - Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
SafeBrowse - Acer - Default\Extensions\obkfjhifkbhimlocpddgamonjihinpak
GBBD Banco do Brasil - Acer - Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Acer\AppData\Local\Mozilla\Firefox\Profiles\8ayubryh.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Acer\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 02/12/2013 at 22:37:35,69 ======================

Baixe o InstalledPrograms.zip e extraia o seu conteúdo

*Clique com o botão direito do mouse no InstalledPrograms.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [OK] > [Sim]

*Cole o relatório apresentado

INSTALLED SOFTWARE (69) - HOME - 03/12/2013 06:25:55

clear.fi SDK - Video 2 Ver: 2.1.1925 Installed: 03/12/2012
clear.fi SDK- Movie 2 Ver: 2.1.2008 Installed: 03/12/2012
Acer Backup Manager Ver: 4.0.0.0059 Installed: 05/09/2012
AcerCloud Ver: 2.01.3115 Installed: 03/12/2012
AcerCloud Docs Ver: 1.00.3201 Installed: 03/12/2012
Adobe AIR Ver: 3.9.0.1210
Adobe AIR Ver: 3.9.0.1210 Installed: 15/11/2013
Adobe Flash Player 11 Plugin Ver: 11.9.900.152
Agatha Christie - Death on the Nile Ver: 2.2.0.98
Aloha TriPeaks Ver: 2.2.0.98
avast! Internet Security Ver: 9.0.2008
Backup Manager v4 Ver: 4.0.0.0059 Installed: 05/09/2012
Bejeweled 3 Ver: 2.2.0.98
clear.fi Media Ver: 2.01.3108 Installed: 03/12/2012
clear.fi Photo Ver: 2.01.3108 Installed: 03/12/2012
Cradle Of Egypt Collector's Edition Ver: 2.2.0.98
CyberLink MediaEspresso 6.5 Ver: 6.5.3103_44819 Installed: 06/09/2012
CyberLink MediaEspresso 6.5 Ver: 6.5.3103_44819 Installed: 06/09/2012
Delicious: Emily's True Love Premium Edition Ver: 2.2.0.98
Dora's World Adventure Ver: 2.2.0.95
EaseUS Partition Master 9.2.1 Home Edition Installed: 04/05/2013
Facebook Video Calling 1.2.0.287 Ver: 1.2.287 Installed: 15/05/2013
Ferramentas do Visual Studio 2005 para Office Second Edition Runtime
GoldWave v5.70 Ver: 5.70
Google Chrome Ver: 31.0.1650.57 Installed: 04/05/2013
Google Update Helper Ver: 1.3.21.165 Installed: 12/10/2013
Identity Card Ver: 2.00.3004 Installed: 05/09/2012
Intel(R) Management Engine Components Ver: 8.1.0.1252
Intel(R) Processor Graphics Ver: 9.17.10.2867
Intel(R) Rapid Storage Technology Ver: 11.5.4.1001
Intel(R) SDK for OpenCL - CPU Only Runtime Package Ver: 2.0.0.37149
Jewel Match 3 Ver: 2.2.0.98
Launch Manager Ver: 7.0.5
Live Updater Ver: 2.00.3004 Installed: 05/09/2012
Microsoft Office Ver: 14.0.6120.5004 Installed: 03/12/2012
Microsoft Visual C++ 2005 Redistributable Ver: 8.0.59193 Installed: 03/12/2012
Microsoft Visual C++ 2005 Redistributable Ver: 8.0.61001 Installed: 03/12/2012
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Ver: 9.0.30729 Installed: 03/12/2012
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Ver: 9.0.30729.4148 Installed: 03/12/2012
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Ver: 9.0.30729.6161 Installed: 27/08/2013
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Ver: 10.0.40219 Installed: 03/12/2012
Microsoft Visual Studio 2005 Tools for Office Runtime Ver: 8.0.60940.0 Installed: 03/12/2012
Mozilla Firefox 25.0.1 (x86 pt-BR) Ver: 25.0.1
Mozilla Maintenance Service Ver: 25.0.1
Mystery P.I. - Curious Case of Counterfeit Cove Ver: 2.2.0.98
MyWinLocker 4 Ver: 4.0.14.35 Installed: 05/09/2012
MyWinLocker Suite Ver: 4.0.14.24 Installed: 05/09/2012
MyWinLocker Suite Ver: 4.0.14.24 Installed: 05/09/2012
NTI Media Maker 9 Ver: 9.0.2.9008 Installed: 03/12/2012
NTI Media Maker 9 Ver: 9.0.2.9008 Installed: 03/12/2012
Office Addin Ver: 2.01.3200 Installed: 03/12/2012
Office Addin 2003 Ver: 2.01.3200 Installed: 03/12/2012
Peggle Nights Ver: 2.2.0.98
Penguins! Ver: 2.2.0.98
Plants vs. Zombies - Game of the Year Ver: 2.2.0.98
Polar Bowler Ver: 2.2.0.97
Polar Golfer Ver: 2.2.0.98
Qualcomm Atheros WLAN and Bluetooth Client Installation Program Ver: 11.41 Installed: 08/11/2013
Realtek High Definition Audio Driver Ver: 6.0.1.6657 Installed: 03/12/2012
Shredder Ver: 2.0.8.9 Installed: 06/09/2012
Spotify Ver: 0.8.4.99.ga249b5f1 Installed: 03/12/2012
Tales of Lagoona Ver: 2.2.0.110
Update Installer for WildTangent Games App
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Ver: 9.0.30729 Installed: 03/12/2012
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) Ver: 1
WildTangent Games Ver: 1.0.3.0
WildTangent Games App Ver: 4.0.10.16
Zuma's Revenge Ver: 2.2.0.98

Bom dia...


Como está o PC?