
ZA-Scan V1.0.0.4 Updated 04-May-2015
Tool run by Orlando Junior on 18/06/2015 at 11:06:09,48.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Orlando Junior\Downloads\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\Program Files\Norman\Npm\Bin\nfservice.exe
C:\Program Files\Norman\Ngs\Bin\Nnf.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\Program Files\Norman\Npm\Bin\nwscmon.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
D:\drivers\avg instalado\avgfws.exe
D:\drivers\avg instalado\avgidsagent.exe
D:\drivers\avg instalado\avgwdsvc.exe
C:\Program Files\Norman\Npt\Bin\Npsvc32.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Norman\Npm\Bin\Njeeves2.exe
C:\Program Files\Norman\npc\bin\nuaa.exe
C:\Program Files\Norman\nig\bin\nigsvc32.exe
C:\Program Files\Norman\nsc\bin\nassvc32.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Sync Photos to Storage\Sync Photos to Storage.exe
C:\Program Files (x86)\HIDPoint Media Server\bin\hidpointmediaserver.exe
D:\drivers\avg instalado\avgui.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Norman\Npm\Bin\zlhh.exe
C:\Program Files\Norman\nig\bin\niguser.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Norman\npf\bin\npfuser.exe
C:\Users\Orlando Junior\Downloads\ZA-Scan.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\ORLAND~1\AppData\Local\Temp\ZAScan.exe

==== Services(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R2 - [!SASCORE] - SAS Core Service - c:\program files\superantispyware\sascore64.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
R2 - [avgfws] - Firewall do AVG - d:\drivers\avg instalado\avgfws.exe
R2 - [AVGIDSAgent] - AVGIDSAgent - d:\drivers\avg instalado\avgidsagent.exe
R2 - [avgwd] - Watchdog do AVG - d:\drivers\avg instalado\avgwdsvc.exe
R2 - [GbpSv] - Gbp Service - c:\progra~2\gbplugin\gbpsv.exe
R2 - [nfservice] - Norman Flight Recorder service - c:\program files\norman\npm\bin\nfservice.exe
R2 - [NNFSVC] - Norman Network Filtering service - c:\program files\norman\ngs\bin\nnf.exe
R2 - [NPFSvc32] - Norman Personal Firewall Service - c:\program files\norman\npf\bin\npfsvc32.exe
R2 - [NPROSECSVC] - Norman Security service - c:\program files\norman\ngs\bin\nprosec.exe
R2 - [npsvc32] - Norman Privacy Service - c:\program files\norman\npt\bin\npsvc32.exe
R2 - [nseupdatesvc] - Norman Engine Update Service - c:\program files\norman\nse\bin\nseupdatesvc.exe
R2 - [nvoy] - Norman Resource Provider (NICCA) - c:\program files\norman\npm\bin\nvoy.exe
R2 - [NVSvc] - NVIDIA Driver Helper Service - c:\windows\system32\nvvsvc.exe
R2 - [NWSCMON] - Norman WSC Monitor Service - c:\program files\norman\npm\bin\nwscmon.exe
R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R3 - [NIG] - Norman Intrusion Guard - c:\program files\norman\nig\bin\nigsvc32.exe
R3 - [NJeeves2] - Norman Jeeves - c:\program files\norman\npm\bin\njeeves2.exe
R3 - [NUAA] - Norman User Activity Agent - c:\program files\norman\npc\bin\nuaa.exe
R3 - [Scheduler] - Norman Scheduler Service - c:\program files\norman\npm\bin\scheduler.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
S2 - [SetupARService] - SetupARService - c:\program files (x86)\realtek\audio\setupafterrebootservice.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S2 - [TuneUp.UtilitiesSvc] - AVG PC TuneUp Service - c:\program files (x86)\avg\avg pc tuneup\tuneuputilitiesservice64.exe [x]
S2 - [vToolbarUpdater18.4.0] - vToolbarUpdater18.4.0 - c:\program files (x86)\common files\avg secure search\vtoolbarupdater\18.4.0\toolbarupdater.exe [x]
S2 - [WtuSystemSupport] - WtuSystemSupport - c:\program files (x86)\avg web tuneup\wtusystemsupport.exe [x]
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files (x86)\microsoft office\office12\grooveauditservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
S4 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [Bonjour Service] - Serviço do Bonjour - c:\program files\bonjour\mdnsresponder.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - c:\program files (x86)\intel\intel(r) integrated clock controller service\iccproxy.exe
S4 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
S4 - [SwitchBoard] - SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
S4 - [Warsaw Technology] - Warsaw Technology - c:\program files\diebold\warsaw\core.exe
S4 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe

==== Drivers(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R0 - [AVGIDSHA] - AVGIDSHA - C:\Windows\system32\Drivers\AVGIDSHA.sys
R0 - [Avgloga] - AVG Logging Driver - C:\Windows\system32\Drivers\Avgloga.sys
R0 - [Avgmfx64] - AVG Mini-Filter Resident Anti-Virus Shield - C:\Windows\system32\Drivers\Avgmfx64.sys
R0 - [Avgrkx64] - AVG Anti-Rootkit Driver - C:\Windows\system32\Drivers\Avgrkx64.sys
R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - TCP/IP Protocol Driver - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [tdx] - NetIO Legacy TDI Support Driver - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
S4 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-133983044-2439270887-2289158305-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Sync Photos to Storage"="C:\Program Files (x86)\Sync Photos to Storage\Sync Photos to Storage.exe  -silent"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"AVG_UI"="D:\drivers\avg instalado\avgui.exe /TRAYONLY"
"Norman ZANDA"="C:\Program Files\Norman\Npm\Bin\ZLH.EXE /LOAD /SPLASH"
"NOELauncher64"="C:\Program Files\Norman\nsc\bin\noelauncher64.exe /load"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Sync Photos to Storage"="C:\Program Files (x86)\Sync Photos to Storage\Sync Photos to Storage.exe  -silent"

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"AppEx Accelerator UI"="C:\\Program Files\\AMD Quick Stream\\AMDQuickStream.exe -h"
"DAEMON Tools Lite"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"
"HydraVisionDesktopManager"="\"C:\\Program Files (x86)\\ATI Technologies\\HydraVision\\HydraDM.exe\""
"iCloudServices"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudServices.exe"
"iCloudDrive"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudDrive.exe                                                                                                                                                                                              "
"ApplePhotoStreams"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe                                                                                                                                                                                        "


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"AdobeCS5ServiceManager"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5ServiceManager\\CS5ServiceManager.exe\" -launchedbylogin"
"SwitchBoard"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"
"AVG_UI"="\"C:\\Program Files (x86)\\AVG\\AVG2014\\avgui.exe\" /TRAYONLY"
"GrooveMonitor"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"StartCCC"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\amd64\\CLIStart.exe\" MSRun"
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"vProt"="\"C:\\Program Files (x86)\\AVG Web TuneUp\\vprot.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"AdobeAAMUpdater-1.0"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""
"Diebold - Warsaw"="C:\\Program Files\\Diebold\\Warsaw\\core.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""


==== Startup Folders ======================

2015-06-08 15:39:16	1235	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HIDPoint Media Server.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\0215piiUpdateInfo.job --a------ C:\ProgramData\Avg_Update_0215pii\0215pii_AVG-Secure-Search-Update.exe [17/02/2015 10:29]
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [16/06/2015 19:17]
C:\Windows\tasks\DriverEasy Scheduled Scan.job --a------ C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [01/04/2015 23:53]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/04/2015 14:19]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/04/2015 14:19]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\0215piiUpdateInfo" [C:\ProgramData\Avg_Update_0215pii\0215pii_AVG-Secure-Search-Update.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-OrlandoJunior-Jessica Poblan" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]
"C:\Windows\SysNative\tasks\DriverEasy Scheduled Scan" [C:\Program Files\Easeware\DriverEasy\DriverEasy.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Chromium Look ======================

Google Slides - Jessica Poblan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Jessica Poblan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Jessica Poblan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Jessica Poblan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Jessica Poblan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Jessica Poblan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Chrome Hotword Shared Module - Jessica Poblan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - Jessica Poblan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Jessica Poblan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Porsche - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg
Tiberium Alliances - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe
Chrome Hotword Shared Module - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
GBBD Banco do Brasil - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp
AVG Secure Search - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Google Wallet - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
Gmail - Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Orlando Junior\AppData\Local\Google\Chrome\User Data\Default\Preferences
194D83F18D0A10FBE0302D1"},"default_search_provider":{"keyword":"79E34B387777B715D789F231E26886A587CF679D7A7AAAE2CF21B1305B768FF0","name":"D9D82E4838476A7B60D696CB4714C3E18D231D334BC724CF9912DA48F968B75B","search_url":"0CF98948AB18EF1F37B7C15B51EC86936DF8CFA1067C37162633837936715A22"},"default_search_provider_data":{"template_url_data":"46E9FE48A4E52DC96962998206D0463CFCEAF88F261085AFD72146DB5E8ABA06"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"132AC6A97E4AD5B0C4ADCE2B3943AEFE4622B548B0DFDBF58861877D4E3441B2","ahfgeienlihckogmohjhadlkjgocpleb":"8D2E7E9953FED4CF8B86BC3147D9C176A6507CF40F231C65A7F49E559F213531","aohghmighlieiainnegkcijnfilokake":"E5FE942CCA96C76603B047CB161637EE4FBDC183FFD118288B513EE156100004","apdfllckaahabafndbhieahigkjlhalf":"0CC3E5B354E5DD42AF670510F200D4C067737BE7C78943291B7E612F8A2D6020","bepbmhgboaologfdajaanbcjmnhjmhfn":"53E5AFDAFC8D07B16103B3143A402EC9A3FBD76357146C707493E67C3495DF93","blpcfgokakmgnkcojhhkbfbldkacnbeo":"2598A399FBF653F6DFCDC339EFBB6CB6F628CBBDFCA851C4C25F9ABA5DE9CAFF","coobgpohoikkiipiblmjeljniedjpjpf":"D0119117E8AA71251E4EE0E3FF2C59FA0F8C499618CC5C6C1A5CB84EA37677EA","eemcgdkfndhakfknompkggombfjjjeno":"E07F4ABA7A4C669A0AF46AE0D057CBB18C717874E31A8EC964F164F271CA134F","ennkphjdgehloodpbhlhldgbnhmacadg":"7425A0393AA9169E830A51AE45A47C93EC96E32470FC8FA8735AF8102671B80A","felcaaldnbdncclmgdcncolpebgiejap":"91E688076B972A15ED2A33344D62272BFDD5953C8C0FC21CDE654CFD6D0C51D5","gfdkimpbcpahaombhbimeihdjnejgicl":"07059F34B73DB66F1AB676AD874D98918411C478D284AB5DA65B6711044204B0","gkclphmapdcppbmekmbkcjfanpmoidpg":"49FCAC6E6FA87D0AFA874102675521B491C64418D36E3DC92223B984EB0F43DD","jgaeopgjojikeoiidmfaejkifhgjoooe":"6560C45B2EFBC6B2CB9F8E25231871B4849ACC8867F595BCFF6BB587C83444FF","kmendfapggjehodndflmmgagdbamhnfd":"CB671A3EE6ABC4CB5C9AAA507AD08CD4D21E1C983E613C152CB10898D74E92F6","lccekmodgklaepjeofjdjpbminllajkg":"5A83821828140375A5B776F55AD486603E5CD7BBF1A900334F66D5269CB43C4B","ljbpjacpcdffkiphigolapmgdabbhpjm":"FF5496171A7455257BBD00738076B3FBB8EA085D435BD7BF7BB769B52E2321C5","mfehgcgbbipciphmccgaenjidiccnmng":"7ED6D13C7422FE610FA8E4F0756B3B5A15F55A4FE9A10E02D644802F644B7DB7","mfffpogegjflfpflabcdkioaeobkgjik":"2B131033A1D4179709F7AEF50D34B73029BA027E6756581E8B2242CA8C63CE20","mgndgikekgjfcpckkfioiadnlibdjbkf":"DBAA366A20CE235E82C4BAB288613CB01EBCD84AE1B78F18EFCD3180B801A0A0","mhjfbmdgcfjbbpaeojofohoefgiehjai":"87103229DC43AD05AD5931C8F79F982E426E77D607ADD40E0062EEB01BAC6D88","mkeabchhfifpaaoefpockjhaphjmoapp":"3DC305BB1EB619AD1D4FE7BB71F7521C36574BDBFDF76D4FD775DD2449C6B751","nbpagnldghgfoolbancepceaanlmhfmd":"74E56BECA6DE680EBF6FDF2136DC562DC9EB4326ED6EF43FF600B0E912CACC43","ndibdjnfmopecpmkdieinmbadjfpblof":"D5233748645575B9FDEFA284D7BDC624B03BF6952FF111A315492C4289F6B211","neajdppkdcdipfabeoofebfddakdcjhd":"77D08C20B82F44BBA5E928D76A4C5C1C51069645156107791BA3DE9ECF71EC75","nkeimhogjdpnpccoofpliimaahmaaome":"58CCFE3622D0DCFED4DF6DD00A4B6C148CAA6AC0281C5A3200E2169AC3D44A4C","nmmhkkegccagdldgiimedpiccmgmieda":"E12B6924B094C79530C9B28178B826F93C6361EF5B0DCA24AC751FE047AACE30","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"FEECE473629E5CCB0105EF0C558532867DBB09B445304368D77C183DA59511D9","pbcaplhfkihhldmlbjhgajdeghjdbffi":"24534D44C539EBEB7277EFCEF05D4E1B830CC3C3827EC38030A91B2BDA997C7A","pjkljhegncpnkpknbcohdijeoejaedia":"F9333B32656D720855F46EBB2B00F912FABA2AA056CD12898CAB9AFFC3DD5806"}},"google":{"services":{"last_username":"B9F350E11BC2FF744403142E77F2F2D1CFAA3025C13278206C90DEB70D841163","username":"F0C2D4EE48E2437FC3639917F329F994C06BE4CDEF7A958193A34AFDBA44E9AA"}},"homepage":"BA4BA9C16B31DC2C68A625A4B4B2712577EE25D702271EAC7EFD7A55E1E4AAAF","homepage_is_newtabpage":"7D5C0DA760C235C7DAB51F43FC427C79CF6B26417FE4A1C2A226C565CCF85BFA","pinned_tabs":"37C19209C7D8E51BEAE191E8E5C2B84678F3025D51BBB60DC226273D1E6CECD4","prefs":{"preference_reset_time":"6B8382B988427700398E20C011F596CB75F1D9262482ABEB2BAFC1252F322996"},"profile":{"reset_prompt_memento":"26B484BD2ECA5F53C05BFC4782D3F316AB55E64658DFEC22666C5DBA15CCBA17"},"safebrowsing":{"incidents_sent":"246FED9FDB7F506FB631EA13A05542CAF5FC2F74E1122176A12FD2CC4AA30898"},"search_provider_overrides":"8472436B80C3B0240CBB46B4CC140B6F684E4A0D24B5EAFC634A28F83D1D7748","session":{"restore_on_startup":"6DCC80F29C71302AD81CDA5A5D47D5F567AE306AD9CDB6224408BA85E3CCC5E0","startup_urls":"8F0847F19F81C5DFF078423A92E29D774524D050519107F0793FDE394A22B6B9"},"software_reporter":{"prompt_reason":"856B87995DBB0C148950679DF6C8ABED3317A0F061B0E89AFF651B11414B72E6","prompt_seed":"B68586E847BE2E6C1F6FEBCB33D186FB3E0D930EACAD8C01E3C7FB1FE650E1C2","prompt_version":"42A8468FF589FFA1A7FFB468D93ABC6D5BF752E4E59BE4ECC9050672D71FE4DC"},"sync":{"remaining_rollback_tries":"F5D69295426B7A442C998A893E831865FA2AB8DFB9705532EA5BDF4A01105FB0"}},"super_mac":"C4971B70C18B049EEB562704662A2C721D8649F83F3AB02828351F3D06E5B2AF"},"safebrowsing":{"incidents_sent":{"6":{"script_request_incident":"42"}}},"session":{"restore_on_startup":5,"startup_urls":["http://www.google.com.br/","http://mysearch.avg.com?cid={6DA7A1B6-A109-4BE6-8A16-627E89865AFE}&mid=f7c9bf2bf9914085b46b09909c1d369f-06ce4fc639803a2e3563922518183d8e94088cb9&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-20 23:37:24&v=17.2.0.38&pid=safeguard&sg=&sap=hp","http://www.awesomehp.com/?type=hp&ts=1394468879&from=amt&uid=MZMPC032HBCD-00000_SBR2013092035521"]},"sync":{"remaining_rollback_tries":0}}


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

==== EOF on 18/06/2015 at 11:16:48,43 ======================