It's true. In the first log, this entrances are from GBPlugin used by brazilian bank Unibanco. This is the legit files of this plugins: gbiehuni.dll Tamanho: 368640 bytes MD5: 7b175796380360b0ae0d020c330f2045 C:\Arquivos de programas\GbPlugin\gbiehuni.dll uni.gpc Tamanho: 33312 bytes MD5: 6833c0cd3ace03108d957313b9e00408 C:\Arquivos de programas\GbPlugin\uni.gpc O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll ---------- In the second log, this entrances too are legitime. Belongs to internet banking plugin of Caixa. This is the legit files of this plugins: cef.gpc Tamanho: 64431 bytes MD5: 1D224338D4BB9A5B15D46496BBD5056D C:\Arquivos de programas\GbPlugin\cef.gpc gbiehcef.dll Tamanho: 366672 bytes MD5: 285176E4BC7D6778D9740E69BC584302 C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll Marcin/Bruce, please review this false positive.