Can I just ask a question (it may sound stupid, but I am a novice to these problems)
in the log files for Farbar Recovery Scan Tools, it says that the items listed will be removed or restored to original values.... I noticed some legitimate programmes that I have running on my system, have these been modified and will any of them stop working because of these scans?
FRST Log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
Ran by c.oliveira (administrator) on WST-CO on 23-02-2015 13:07:22
Running from C:\Documents and Settings\c.oliveira\Desktop
Loaded Profiles: c.oliveira (Available profiles: XTR & c.oliveira & supportbpcc)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(South River Technologies, Inc.) C:\Program Files\WebDrive\wdService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\MEO Internet Movel-ZTE\CheckNDISPort_df.exe
() C:\Program Files\MEO Internet Movel-ZTE\CancelAutoPlay_df.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(South River Technologies, Inc.) C:\Program Files\WebDrive\webdrive.exe
(BitTorrent Inc.) C:\Documents and Settings\c.oliveira\Application Data\BitTorrent\BitTorrent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 11\Snagit32.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Dropbox, Inc.) C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\Dropbox.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 11\TscHelp.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 11\SnagPriv.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 11\SnagitEditor.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(ZabKat) C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16861184 2008-04-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Synchronization Manager] => C:\WINDOWS\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [CheckNDISPortF1ac59] => C:\Program Files\MEO Internet Movel-ZTE\CheckNDISPort_df.exe [468224 2014-07-10] ()
HKLM\...\Run: [CancelAutoPlay_df] => C:\Program Files\MEO Internet Movel-ZTE\CancelAutoPlay_df.exe [448256 2014-05-16] ()
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\...\Run: [WebDriveTray] => C:\Program Files\WebDrive\webdrive.exe [3636952 2014-07-08] (South River Technologies, Inc.)
HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\...\Run: [BitTorrent] => C:\Documents and Settings\c.oliveira\Application Data\BitTorrent\BitTorrent.exe [1680984 2015-01-19] (BitTorrent Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 11.lnk
ShortcutTarget: Snagit 11.lnk -> C:\Program Files\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\c.oliveira\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\c.oliveira\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [WebDrive] -> {37D70BD3-073C-4180-ADD9-C032EA5A7204} => C:\WINDOWS\system32\wdShellExt.dll (South River Technologies, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\Software\Microsoft\Internet Explorer\Main,Start Page =
http://companyweb
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1421340783271
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1421341692722
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2008-05-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.11
FireFox:
========
FF ProfilePath: C:\Documents and Settings\c.oliveira\Application Data\Mozilla\Firefox\Profiles\jjkug5kj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-15]
FF HKLM\...\Firefox\Extensions: [
smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2015-02-05]
FF HKU\S-1-5-21-1333942904-1058549214-2093110682-1165\...\Firefox\Extensions: [
smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WebDriveService; C:\Program Files\WebDrive\wdService.exe [2850520 2013-12-30] (South River Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-01] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-01] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-01] (HP)
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-23] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl03d3f541; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A363708A-7675-4D53-B5AD-06B9A24D2C63}\MpKsl03d3f541.sys [39464 2015-02-23] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35064 2015-02-09] ()
R2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [150232 2013-12-30] ()
S3 catchme; \??\C:\DOCUME~1\C3937~1.OLI\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 13:07 - 2015-02-23 13:07 - 00014654 _____ () C:\Documents and Settings\c.oliveira\Desktop\FRST.txt
2015-02-23 13:07 - 2015-02-23 13:07 - 00000000 ____D () C:\FRST
2015-02-23 13:05 - 2015-02-23 13:05 - 00000586 _____ () C:\Documents and Settings\c.oliveira\Desktop\JRT.txt
2015-02-23 12:40 - 2015-02-23 12:45 - 00000000 ____D () C:\AdwCleaner
2015-02-23 12:39 - 2015-02-23 12:39 - 01126912 _____ (Farbar) C:\Documents and Settings\c.oliveira\Desktop\FRST.exe
2015-02-23 12:24 - 2015-02-23 12:24 - 02126848 _____ () C:\Documents and Settings\c.oliveira\Desktop\adwcleaner_4.111.exe
2015-02-23 12:24 - 2015-02-23 12:24 - 01388274 _____ (Thisisu) C:\Documents and Settings\c.oliveira\Desktop\JRT.exe
2015-02-20 13:17 - 2015-02-20 16:04 - 00000000 ____D () C:\59240e6160ad0ed03c2a
2015-02-20 12:35 - 2015-02-20 12:32 - 00068000 ____H () C:\WINDOWS\Minidump\Mini022015-01.dmp
2015-02-19 15:21 - 2015-02-22 17:21 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-02-19 15:21 - 2015-02-19 15:21 - 00000000 ____D () C:\Documents and Settings\XTR\Local Settings\temp
2015-02-19 15:21 - 2015-02-19 15:21 - 00000000 ____D () C:\Documents and Settings\supportbpcc\Local Settings\temp
2015-02-19 15:21 - 2015-02-19 15:21 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-02-19 15:20 - 2015-02-19 15:20 - 00019089 _____ () C:\ComboFix.txt
2015-02-19 15:15 - 2015-02-19 15:15 - 00000000 _RSHD () C:\cmdcons
2015-02-19 15:15 - 2015-01-21 10:42 - 00000211 _____ () C:\Boot.bak
2015-02-19 15:15 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-02-19 14:40 - 2015-02-19 15:21 - 00000000 ____D () C:\ComboFix
2015-02-19 14:40 - 2015-02-19 15:20 - 00000000 ____D () C:\Qoobox
2015-02-19 14:40 - 2015-02-19 14:40 - 00000000 ____D () C:\WINDOWS\erdnt
2015-02-19 14:40 - 2011-06-26 06:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-02-19 14:40 - 2010-11-07 17:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-02-19 14:40 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-02-19 14:40 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-02-19 14:40 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-02-19 14:40 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-02-19 14:40 - 2000-08-31 00:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-02-19 14:40 - 2000-08-31 00:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-02-19 14:40 - 2000-08-31 00:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-02-13 15:59 - 2015-02-13 15:57 - 00068000 ____H () C:\WINDOWS\Minidump\Mini021315-01.dmp
2015-02-13 12:23 - 2015-02-13 12:23 - 00000209 _____ () C:\Documents and Settings\c.oliveira\Desktop\RestorePoint.vbs
2015-02-13 10:01 - 2015-02-13 10:01 - 00000000 ____D () C:\Program Files\MSSOAP
2015-02-13 10:01 - 2015-02-13 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SOAP Toolkit Version 3
2015-02-13 09:49 - 2015-02-13 09:50 - 00000000 ____D () C:\Program Files\Chilkat Software Inc
2015-02-10 11:41 - 2015-02-10 12:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-02-09 15:28 - 2015-02-09 15:28 - 00094208 _____ () C:\WINDOWS\Minidump\Mini020915-03.dmp
2015-02-09 15:17 - 2015-02-09 15:17 - 00094208 _____ () C:\WINDOWS\Minidump\Mini020915-02.dmp
2015-02-09 15:04 - 2015-02-09 15:04 - 00094208 _____ () C:\WINDOWS\Minidump\Mini020915-01.dmp
2015-02-09 15:02 - 2015-02-10 12:04 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Desktop\mbar
2015-02-09 11:04 - 2001-08-17 13:53 - 00006784 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\serscan.sys
2015-02-09 11:04 - 2001-08-17 13:53 - 00006784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serscan.sys
2015-02-09 09:57 - 2015-02-09 09:57 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-09 09:57 - 2015-02-09 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-02-09 09:54 - 2015-02-09 09:55 - 15431256 _____ () C:\Documents and Settings\c.oliveira\Desktop\RogueKiller.exe
2015-02-06 09:49 - 2015-02-06 09:49 - 00007192 _____ () C:\WINDOWS\Wdf01009Inst.log
2015-02-06 09:49 - 2015-02-06 09:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0100$
2015-02-06 09:49 - 2015-02-06 09:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2015-02-06 09:49 - 2015-02-06 09:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2015-02-06 09:49 - 2015-02-06 09:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2015-02-06 09:49 - 2015-02-06 09:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2015-02-06 09:49 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWudf01009$
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_user_01_09_00.Wdf
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____D () C:\WINDOWS\system32\pt-PT
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____D () C:\WINDOWS\system32\pt-BR
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____D () C:\WINDOWS\system32\nl-NL
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____D () C:\WINDOWS\system32\it-IT
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____D () C:\WINDOWS\system32\fr-FR
2015-02-06 09:48 - 2015-02-06 09:48 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2015-02-05 14:05 - 2015-02-05 14:05 - 00001018 _____ () C:\Documents and Settings\All Users\Start Menu\HP Solution Center.lnk
2015-02-05 14:05 - 2015-02-05 14:05 - 00001018 _____ () C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
2015-02-05 14:05 - 2015-02-05 14:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2015-02-05 14:03 - 2015-02-05 14:03 - 00000731 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-02-05 14:01 - 2015-02-05 14:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-02-05 14:00 - 2015-02-05 14:00 - 00000000 ____D () C:\WINDOWS\hpojp8500a909
2015-02-05 13:59 - 2008-08-12 10:58 - 00118272 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpf3l082.dll
2015-02-05 13:57 - 2015-02-05 13:57 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-02-05 13:57 - 2015-02-05 13:57 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-02-05 13:57 - 2008-08-22 04:24 - 00271704 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpzids01.dll
2015-02-05 13:56 - 2015-02-09 11:15 - 00188690 _____ () C:\WINDOWS\hpwins22.dat
2015-02-05 13:56 - 2008-10-25 01:40 - 00002979 ____N () C:\WINDOWS\hpwmdl22.dat
2015-02-05 12:59 - 2015-02-05 12:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2015-02-05 12:04 - 2015-01-20 16:03 - 00233065 ____N () C:\WINDOWS\hpwins22.dat.temp
2015-02-05 12:04 - 2008-10-25 01:40 - 00002979 ____N () C:\WINDOWS\hpwmdl22.dat.temp
2015-02-04 09:49 - 2015-02-04 09:49 - 00688992 ____R (Swearware) C:\Documents and Settings\c.oliveira\Desktop\dds.com
2015-02-03 10:26 - 2015-02-03 10:26 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\Microsoft Help
2015-02-02 12:27 - 2015-02-23 12:49 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 11:59 - 2015-02-10 11:39 - 00108632 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-02 11:59 - 2015-02-02 11:59 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 11:59 - 2015-02-02 11:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-02 11:59 - 2015-02-02 11:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 11:59 - 2015-02-02 11:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-02-02 11:59 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-02 11:37 - 2015-02-02 11:37 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\Google
2015-02-02 11:37 - 2015-02-02 11:37 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Application Data\Google
2015-02-02 11:36 - 2015-02-02 11:36 - 00001864 _____ () C:\Documents and Settings\All Users\Desktop\Google Earth Pro.lnk
2015-02-02 11:36 - 2015-02-02 11:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth Pro
2015-02-02 11:35 - 2015-02-02 11:35 - 00000000 ____D () C:\Program Files\Google
2015-02-02 09:16 - 2015-02-02 09:16 - 00000330 _____ () C:\Documents and Settings\c.oliveira\Desktop\HP Printer Diagnostic Tools.url
2015-01-30 15:54 - 2015-01-30 15:54 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-30 13:20 - 2015-01-30 13:20 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\PDFCreator
2015-01-30 12:35 - 2015-01-30 12:35 - 00001557 _____ () C:\Documents and Settings\All Users\Desktop\MEO Internet Móvel.lnk
2015-01-30 12:35 - 2015-01-30 12:35 - 00000000 ____D () C:\WINDOWS\system32\SupportAppPBMEO Internet Movel-ZTE
2015-01-30 12:35 - 2015-01-30 12:35 - 00000000 ____D () C:\Program Files\MEO Internet Movel-ZTE
2015-01-30 12:35 - 2015-01-30 12:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MEO Internet Móvel
2015-01-30 11:55 - 2015-01-30 11:55 - 00000925 _____ () C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
2015-01-30 11:55 - 2015-01-30 11:55 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-30 11:55 - 2015-01-30 11:55 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\VS Revo Group
2015-01-30 11:55 - 2015-01-30 11:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2015-01-30 11:55 - 2015-01-30 11:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VS Revo Group
2015-01-30 11:55 - 2009-12-30 10:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-01-28 11:02 - 2015-01-28 11:02 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache
2015-01-28 11:02 - 2008-04-14 00:26 - 00030592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rndismpx.sys
2015-01-28 11:02 - 2008-04-14 00:26 - 00030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismpx.sys
2015-01-27 12:14 - 2015-01-27 12:14 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Application Data\Windows Search
2015-01-27 11:03 - 2015-01-27 11:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-27 10:39 - 2015-02-02 11:33 - 00004608 _____ () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-26 16:25 - 2015-01-22 11:38 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Desktop\SOURCES
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-23 13:07 - 2015-01-16 15:57 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Local Settings\Temp
2015-02-23 13:05 - 2015-01-19 13:52 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Application Data\BitTorrent
2015-02-23 13:05 - 2015-01-15 23:08 - 01926985 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-23 12:57 - 2015-01-16 16:40 - 00000000 ___RD () C:\Dropbox
2015-02-23 12:57 - 2015-01-15 18:07 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-02-23 12:56 - 2015-01-16 16:37 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Application Data\Dropbox
2015-02-23 12:47 - 2015-01-16 15:52 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2015-02-23 12:47 - 2015-01-15 23:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-23 12:47 - 2015-01-15 15:01 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-23 12:47 - 2015-01-15 15:01 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-23 12:47 - 2008-04-14 12:00 - 00012984 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-23 12:46 - 2015-01-20 14:01 - 02527550 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1333942904-1058549214-2093110682-1165-0.dat
2015-02-23 12:46 - 2015-01-20 14:01 - 00279846 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-02-23 12:46 - 2015-01-19 10:38 - 00000832 __RSH () C:\Documents and Settings\c.oliveira\ntuser.pol
2015-02-23 12:46 - 2015-01-16 15:58 - 00000178 ___SH () C:\Documents and Settings\c.oliveira\ntuser.ini
2015-02-23 12:46 - 2015-01-15 23:14 - 00018326 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-23 12:34 - 2015-01-15 23:38 - 00000000 ____D () C:\Outlook
2015-02-23 11:03 - 2015-01-22 14:29 - 00000000 ____D () C:\PHC16
2015-02-22 23:39 - 2015-01-15 14:53 - 00000000 ____D () C:\WINDOWS\security
2015-02-20 17:11 - 2015-01-16 15:57 - 00000000 ____D () C:\Documents and Settings\c.oliveira
2015-02-20 13:37 - 2015-01-15 17:12 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-20 13:24 - 2015-01-15 14:59 - 00615068 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-20 12:35 - 2015-01-22 14:16 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-19 15:33 - 2015-01-23 09:01 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-19 15:33 - 2015-01-23 09:01 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-19 15:19 - 2008-04-14 12:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-02-19 15:15 - 2015-01-15 14:57 - 00000327 __RSH () C:\boot.ini
2015-02-12 16:47 - 2015-01-15 14:59 - 00580970 _____ () C:\WINDOWS\setupapi.log
2015-02-12 16:46 - 2015-01-15 14:53 - 00000000 ____D () C:\WINDOWS\twain_32
2015-02-12 09:50 - 2015-01-16 16:40 - 00001039 _____ () C:\Documents and Settings\c.oliveira\Desktop\Dropbox.lnk
2015-02-12 09:50 - 2015-01-16 16:38 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Start Menu\Programs\Dropbox
2015-02-10 17:07 - 2015-01-15 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-02-09 11:15 - 2015-01-16 17:17 - 00021930 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-02-06 09:49 - 2015-01-15 14:59 - 01100112 _____ () C:\WINDOWS\iis6.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00982250 _____ () C:\WINDOWS\FaxSetup.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00478864 _____ () C:\WINDOWS\ocgen.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00453752 _____ () C:\WINDOWS\tsoc.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00338250 _____ () C:\WINDOWS\comsetup.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00307352 _____ () C:\WINDOWS\msmqinst.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00203234 _____ () C:\WINDOWS\ntdtcsetup.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00172821 _____ () C:\WINDOWS\netfxocm.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00068223 _____ () C:\WINDOWS\MedCtrOC.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00054579 _____ () C:\WINDOWS\ocmsn.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00050121 _____ () C:\WINDOWS\tabletoc.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00049384 _____ () C:\WINDOWS\msgsocm.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00001355 _____ () C:\WINDOWS\imsins.log
2015-02-06 09:49 - 2015-01-15 14:59 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2015-02-06 09:49 - 2015-01-15 14:58 - 00194537 _____ () C:\WINDOWS\setupact.log
2015-02-05 14:06 - 2008-04-14 12:00 - 00000617 _____ () C:\WINDOWS\win.ini
2015-02-05 14:05 - 2015-01-16 17:21 - 00000000 ____D () C:\Program Files\HP
2015-02-05 14:05 - 2015-01-16 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP
2015-02-05 13:52 - 2015-01-16 16:43 - 00000320 _____ () C:\Documents and Settings\c.oliveira\Desktop\my documents on 'srvmainRedirectedFoldersC.Oliveira' (U).lnk
2015-02-05 11:30 - 2015-01-16 16:08 - 00080048 _____ () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-02-05 11:29 - 2015-01-15 14:58 - 00290088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-28 11:41 - 2015-01-16 16:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-28 09:57 - 2015-01-21 10:44 - 00000000 ____D () C:\Documents and Settings\c.oliveira\Application Data\TeamViewer
==================== Files in the root of some directories =======
2015-01-16 17:29 - 2015-01-20 16:03 - 0001109 _____ () C:\Documents and Settings\c.oliveira\Application Data\ConvAPIPlugin.log
2015-01-27 10:39 - 2015-02-02 11:33 - 0004608 _____ () C:\Documents and Settings\c.oliveira\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Documents and Settings\c.oliveira\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfe7sha.dll
C:\Documents and Settings\c.oliveira\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\c.oliveira\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================