Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer Is Mining Bitcoins !


  • This topic is locked This topic is locked
5 replies to this topic

#1 s3ng1r

s3ng1r

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 14 June 2015 - 01:44 PM

First, thank you all and sorry for bad English and the Translator Google!

 

So friends, my first post on the forum,
 I'm sorry if I made a mistake

 

From a 2 week, the computer is loading an unnamed process, which is in the Windows / Temp folder, concludes that it is a script that download these 'lsaas "and" svchost ", opening the logs in the same folder that is concluded by mining bitcoins but I do not know where this script is, nor how it performs, first time I read it, so I came to ask help from friends Forums new, already ahead, put the log of this spectacular FRST program that just met. I thank help everyone and hugs

 
Did a scan with Malwarebytes, identified the Miner, but when I restart, it reruns the script miner and download again
 
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by marco_000 (administrator) on MARCOS on 14-06-2015 15:39:04
Running from C:\Users\marco_000\Downloads
Loaded Profiles: marco_000 (Available Profiles: marco_000)
Platform: Windows 10 Pro Insider Preview (X64) OS Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\sihost.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.4.120_x64__8wekyb3d8bbwe\remindersserver.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Flux Software LLC) C:\Users\marco_000\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
() C:\Windows\Temp\lsass.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Windows\Temp\svchost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-14] (Raptr, Inc)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe] => C:\Program Files\Windows Multimedia Platform\System.exe [1281625 2015-04-17] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7210656 2015-04-25] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7210656 2015-04-25] (Microsoft Corporation)
HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\Run: [f.lux] => C:\Users\marco_000\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399224 2015-04-02] (BitTorrent, Inc.)
HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\Run: [Spotify Web Helper] => C:\Users\marco_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-22] (Spotify Ltd)
HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\Run: [Spotify] => C:\Users\marco_000\AppData\Roaming\Spotify\spotify.exe [7168568 2015-05-22] (Spotify Ltd)
HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\Run: [OneDrive] => C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-06-02] (Microsoft Corporation)
HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31232 2015-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-02] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2015-04-09] (Perfect World Entertainment Inc)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\marco_000\AppData\Roaming\Mozilla\Firefox\Profiles\miu90lzr.default-1433261007731
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2015-04-09] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4170533712-3209951924-2990677416-1001: gastecnologia.com.br/sf/abn -> C:\Users\marco_000\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-19] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-4170533712-3209951924-2990677416-1001: gastecnologia.com.br/sf/abn64 -> C:\Users\marco_000\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll [2015-05-29] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-4170533712-3209951924-2990677416-1001: gastecnologia.com.br/sf/cef -> C:\Users\marco_000\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-4170533712-3209951924-2990677416-1001: gastecnologia.com.br/sf/cef64 -> C:\Users\marco_000\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-05-29]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-05-29]
FF Extension: Youtube MP3 Podcaster - C:\Users\marco_000\AppData\Roaming\Mozilla\Firefox\Profiles\miu90lzr.default-1433261007731\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-06-06]
FF Extension: MEGA - C:\Users\marco_000\AppData\Roaming\Mozilla\Firefox\Profiles\miu90lzr.default-1433261007731\Extensions\firefox@mega.co.nz.xpi [2015-06-02]
FF Extension: Test Pilot - C:\Users\marco_000\AppData\Roaming\Mozilla\Firefox\Profiles\miu90lzr.default-1433261007731\Extensions\testpilot@labs.mozilla.com.xpi [2015-06-02]
FF Extension: Google Translator for Firefox - C:\Users\marco_000\AppData\Roaming\Mozilla\Firefox\Profiles\miu90lzr.default-1433261007731\Extensions\translator@zoli.bod.xpi [2015-06-02]
FF Extension: Stylish - C:\Users\marco_000\AppData\Roaming\Mozilla\Firefox\Profiles\miu90lzr.default-1433261007731\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-06-02]
FF Extension: Adblock Plus - C:\Users\marco_000\AppData\Roaming\Mozilla\Firefox\Profiles\miu90lzr.default-1433261007731\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-02]
FF Extension: Theme Font & Size Changer - C:\Users\marco_000\AppData\Roaming\Mozilla\Firefox\Profiles\miu90lzr.default-1433261007731\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2015-06-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-05-27]
FF HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\marco_000\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
FF Extension: GBBD Banco Santander (Brasil) S.A. - C:\Users\marco_000\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2015-04-12]
FF HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\marco_000\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\marco_000\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-04-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AJRouter; C:\Windows\System32\AJRouter.dll [19968 2015-04-25] (Microsoft Corporation)
S4 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88584 2015-04-09] (Perfect World Entertainment Inc)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [325120 2015-04-25] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [51712 2015-04-25] (Microsoft Corporation)
S3 ClipSVC; C:\Windows\System32\ClipSVC.dll [539136 2015-04-25] (Microsoft Corporation)
R2 CoreUIRegistrar; C:\Windows\system32\coremessaging.dll [709240 2015-04-25] (Microsoft Corporation)
R2 CoreUIRegistrar; C:\Windows\SysWOW64\coremessaging.dll [476672 2015-04-25] (Microsoft Corporation)
S3 DcpSvc; C:\Windows\system32\dcpsvc.dll [195584 2015-04-25] (Microsoft Corporation)
S3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [32256 2015-04-25] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagnosticsHub.StandardCollector.Service.exe [26624 2015-04-25] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [269312 2015-04-25] (Microsoft Corporation)
S2 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [111616 2015-04-25] (Microsoft Corporation)
S2 DoSvc; C:\Windows\system32\svchost.exe [39992 2015-04-25] (Microsoft Corporation)
S2 DoSvc; C:\Windows\SysWOW64\svchost.exe [34800 2015-04-25] (Microsoft Corporation)
S3 DsSvc; C:\Windows\System32\DsSvc.dll [140288 2015-04-25] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [248832 2015-06-02] (Microsoft Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [114176 2015-04-25] (Microsoft Corporation)
S3 lfsvc; C:\Windows\System32\lfsvc.dll [23040 2015-04-25] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [18944 2015-04-25] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [159232 2015-04-25] (Microsoft Corporation)
S3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [333824 2015-04-25] (Microsoft Corporation)
S3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [236544 2015-04-25] (Microsoft Corporation)
S3 NgcSvc; C:\Windows\system32\ngcsvc.dll [421376 2015-04-25] (Microsoft Corporation)
S3 PhoneSvc; C:\Windows\System32\PhoneService.dll [646656 2015-04-25] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RetailDemoService.dll [709120 2015-04-25] (Microsoft Corporation)
S3 SensorService; C:\Windows\system32\SensorService.dll [162304 2015-04-25] (Microsoft Corporation)
S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [594944 2015-04-25] (Microsoft Corporation)
S3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2626560 2015-04-25] (Microsoft Corporation)
S3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [1865728 2015-04-25] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R3 tiledatamodelsvc; C:\Windows\system32\tileobjserver.dll [446464 2015-04-25] (Microsoft Corporation)
R2 UserManager; C:\Windows\System32\usermgr.dll [631808 2015-04-25] (Microsoft Corporation)
S3 UsoSvc; C:\Windows\system32\usocore.dll [316928 2015-04-25] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [450048 2015-04-25] (Microsoft Corporation)
S3 WalletSvc; C:\Windows\system32\WalletService.dll [482304 2015-04-25] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [352880 2015-04-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16728 2015-04-25] (Microsoft Corporation)
S3 WpnService; C:\Windows\system32\WpnService.dll [48640 2015-04-25] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [705024 2015-04-25] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1107968 2015-04-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-12-21] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2015-05-26] ()
S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [31232 2015-04-25] (Microsoft Corporation)
S3 CapImg; C:\Windows\System32\drivers\capimg.sys [102912 2015-04-25] (Microsoft Corporation)
S4 cnghwassist; C:\Windows\System32\DRIVERS\cnghwassist.sys [38888 2015-04-25] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_b1983a736b1fed34\CompositeBus.sys [39424 2015-04-25] (Microsoft Corporation)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-28] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3437032 2015-04-25] (QLogic Corporation)
S3 fcvsc; C:\Windows\System32\drivers\fcvsc.sys [30720 2015-04-25] (Microsoft Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83456 2015-06-02] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfnclass.sys [20480 2015-04-25] (Microsoft Corporation)
S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [48104 2015-04-25] (Microsoft Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424936 2015-04-25] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [27648 2015-04-25] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2015-05-26] ()
S0 LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [103912 2015-04-25] (LSI Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [90600 2015-04-25] (LSI Corporation)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [59880 2015-04-25] (Avago Technologies)
R2 mirahid; C:\Windows\System32\drivers\mirahid.sys [35840 2015-04-25] (Microsoft Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705512 2015-04-25] (Mellanox)
R2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [38400 2015-04-25] (Microsoft Corporation)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76264 2015-04-25] (Mellanox)
U5 NdisCap; C:\Windows\System32\Drivers\NdisCap.sys [49664 2015-04-25] (Microsoft Corporation)
U5 NdisWan; C:\Windows\System32\Drivers\NdisWan.sys [187904 2015-04-25] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [66560 2015-04-25] ()
S3 netvsc; C:\Windows\System32\drivers\netvsc.sys [94208 2015-04-25] (Microsoft Corporation)
S2 OneSyncSvc; No ImagePath
R2 OneSyncSvc_Session1; No ImagePath
U2 OneSyncSvc_Session2; No ImagePath
U2 OneSyncSvc_Session3; No ImagePath
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58344 2015-04-25] (LSI Corporation)
S0 percsas3i; C:\Windows\System32\drivers\percsas3i.sys [58856 2015-04-25] (Avago Technologies)
S3 PimIndexMaintenanceSvc; No ImagePath
R3 PimIndexMaintenanceSvc_Session1; No ImagePath
U3 PimIndexMaintenanceSvc_Session2; No ImagePath
U3 PimIndexMaintenanceSvc_Session3; No ImagePath
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [933864 2015-04-25] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2015-03-31] (Synaptics Incorporated)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61440 2015-04-25] (Microsoft Corporation)
S0 storufs; C:\Windows\System32\drivers\storufs.sys [39912 2015-04-25] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_c3e4290174519138\swenum.sys [17384 2015-04-25] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [43008 2015-04-25] ()
S3 Ufx01000; C:\Windows\System32\drivers\ufx01000.sys [239592 2015-04-25] (Microsoft Corporation)
S3 UfxChipidea; C:\Windows\System32\drivers\UfxChipidea.sys [89576 2015-04-25] (Microsoft Corporation)
S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [123368 2015-04-25] (Microsoft Corporation)
S3 UnistoreSvc; No ImagePath
R3 UnistoreSvc_Session1; No ImagePath
U3 UnistoreSvc_Session2; No ImagePath
U3 UnistoreSvc_Session3; No ImagePath
S3 UrsChipidea; C:\Windows\System32\drivers\urschipidea.sys [19456 2015-04-25] (Microsoft Corporation)
S3 UrsCx01000; C:\Windows\System32\drivers\urscx01000.sys [52200 2015-04-25] (Microsoft Corporation)
S3 UrsSynopsys; C:\Windows\System32\drivers\urssynopsys.sys [18432 2015-04-25] (Microsoft Corporation)
S3 UserDataSvc; No ImagePath
R3 UserDataSvc_Session1; No ImagePath
U3 UserDataSvc_Session2; No ImagePath
U3 UserDataSvc_Session3; No ImagePath
S3 vhf; C:\Windows\System32\drivers\vhf.sys [28672 2015-04-25] (Microsoft Corporation)
S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [683520 2015-04-25] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117224 2015-04-25] (Microsoft Corporation)
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [105504 2015-04-25] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [16928 2015-04-25] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [27112 2015-04-25] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59368 2015-04-25] (Mellanox)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-04-25] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [92160 2015-04-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: dosvc -> No ServiceDLL Path.
NETSVC: DcpSvc -> C:\Windows\system32\dcpsvc.dll (Microsoft Corporation)
NETSVC: NetSetupSvc -> C:\Windows\System32\NetSetupSvc.dll (Microsoft Corporation)
NETSVC: RetailDemo -> C:\Windows\system32\RetailDemoService.dll (Microsoft Corporation)
NETSVC: UsoSvc -> C:\Windows\system32\usocore.dll (Microsoft Corporation)
NETSVC: dmwappushservice -> C:\Windows\system32\dmwappushsvc.dll (Microsoft Corporation)
NETSVC: WalletSvc -> C:\Windows\system32\WalletService.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: XblGameSave -> C:\Windows\System32\XblGameSave.dll (Microsoft Corporation)
NETSVC: XblAuthManager -> C:\Windows\System32\XblAuthManager.dll (Microsoft Corporation)
NETSVC: DmEnrollmentSvc -> C:\Windows\system32\Windows.Internal.Management.dll (Microsoft Corporation)
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 15:10 - 2015-06-14 15:10 - 00086633 _____ C:\Users\marco_000\Downloads\Addition.txt
2015-06-14 15:09 - 2015-06-14 15:39 - 00028279 _____ C:\Users\marco_000\Downloads\FRST.txt
2015-06-14 15:09 - 2015-06-14 15:39 - 00000000 ____D C:\FRST
2015-06-14 15:09 - 2015-06-14 15:09 - 00000000 ____D C:\Users\marco_000\Downloads\backups
2015-06-14 15:04 - 2015-06-14 15:04 - 02109952 _____ (Farbar) C:\Users\marco_000\Downloads\FRST64.exe
2015-06-14 14:58 - 2015-06-14 14:58 - 00000000 ___HD C:\OneDriveTemp
2015-06-14 14:57 - 2015-06-14 14:57 - 00016148 _____ C:\WINDOWS\system32\MARCOS_marco_000_HistoryPrediction.bin
2015-06-14 14:12 - 2015-06-14 14:12 - 00000000 ____D C:\Users\Todos os Usuários\ATI
2015-06-14 14:12 - 2015-06-14 14:12 - 00000000 ____D C:\ProgramData\ATI
2015-06-14 14:07 - 2015-06-14 14:07 - 00056548 _____ C:\WINDOWS\SysWOW64\CCCInstall_201506141407598059.log
2015-06-14 14:07 - 2015-06-14 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-06-14 14:06 - 2015-06-14 14:06 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-06-14 14:05 - 2015-06-14 14:05 - 00061155 _____ C:\WINDOWS\SysWOW64\CCCInstall_201506141405007919.log
2015-06-14 12:12 - 2015-06-14 12:12 - 00000000 ____D C:\Users\marco_000\AppData\Local\Publishers
2015-06-14 12:00 - 2015-06-14 12:00 - 00000000 _____ C:\WINDOWS\system32\OCL42D8.tmp
2015-06-13 10:48 - 2015-06-13 10:48 - 00000000 _____ C:\WINDOWS\system32\OCL50C7.tmp
2015-06-13 09:43 - 2015-06-13 09:43 - 00000000 _____ C:\WINDOWS\system32\OCL26AD.tmp
2015-06-13 02:36 - 2015-06-13 02:36 - 02165881 _____ C:\Users\marco_000\Desktop\Untitled-1.psd
2015-06-13 02:15 - 2015-06-13 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-12 20:58 - 2015-06-12 20:58 - 00000000 _____ C:\WINDOWS\system32\OCLF2F7.tmp
2015-06-12 11:08 - 2015-06-12 11:08 - 00002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-12 10:49 - 2015-06-12 10:49 - 00000000 _____ C:\WINDOWS\system32\OCL2E28.tmp
2015-06-11 23:10 - 2015-06-11 23:10 - 00000000 _____ C:\WINDOWS\system32\OCLD84B.tmp
2015-06-11 21:57 - 2015-06-11 22:09 - 163199584 _____ C:\Users\marco_000\Downloads\gapps-lp-20150222-signed.zip
2015-06-11 21:51 - 2015-06-11 21:52 - 11540342 _____ C:\Users\marco_000\Downloads\com.android.vending-v5.6.8-80360800-Android-2.3.apk
2015-06-11 19:42 - 2015-06-11 19:42 - 00000000 _____ C:\WINDOWS\system32\OCL5A11.tmp
2015-06-11 11:50 - 2015-06-11 11:50 - 00000000 _____ C:\WINDOWS\system32\OCL48C2.tmp
2015-06-10 23:52 - 2015-06-10 23:52 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-06-10 21:11 - 2015-06-10 21:11 - 00000000 _____ C:\WINDOWS\system32\OCLEC60.tmp
2015-06-10 21:08 - 2015-06-10 21:09 - 00000000 ____D C:\Users\marco_000\Desktop\Infoservice banner
2015-06-08 23:08 - 2015-06-13 22:49 - 00001008 _____ C:\Users\marco_000\Desktop\Open Broadcaster Software.lnk
2015-06-08 23:08 - 2015-06-09 00:33 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\OBS
2015-06-08 23:08 - 2015-06-08 23:08 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-06-08 23:08 - 2015-06-08 23:08 - 00000000 ____D C:\Program Files\OBS
2015-06-08 23:08 - 2015-06-08 23:08 - 00000000 ____D C:\Program Files (x86)\OBS
2015-06-08 23:07 - 2015-06-08 23:08 - 07072745 _____ C:\Users\marco_000\Downloads\OBS_0_651b_Installer.exe
2015-06-06 21:23 - 2015-06-06 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer
2015-06-06 21:23 - 2015-06-06 21:23 - 00000000 ____D C:\Program Files (x86)\Tribo Gamer
2015-06-06 21:21 - 2015-06-06 21:21 - 00000000 ____D C:\Users\Todos os Usuários\Electronic Arts
2015-06-06 21:21 - 2015-06-06 21:21 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-06-06 18:18 - 2015-06-06 18:18 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mortal Kombat X.lnk
2015-06-06 16:11 - 2015-06-06 19:22 - 00000000 ____D C:\Program Files (x86)\Mortal Kombat X
2015-06-06 15:15 - 2015-06-06 18:18 - 00001072 _____ C:\Users\Public\Desktop\Mortal Kombat X.lnk
2015-06-06 15:15 - 2015-06-06 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mortal Kombat X
2015-06-06 04:52 - 2015-06-06 04:52 - 00062035 _____ C:\WINDOWS\SysWOW64\CCCInstall_201506060452123728.log
2015-06-06 04:51 - 2015-06-14 14:05 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-06-06 04:49 - 2015-06-06 04:49 - 00052689 _____ C:\WINDOWS\SysWOW64\CCCInstall_201506060449593554.log
2015-06-06 04:49 - 2015-06-06 04:49 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Roaming\ATI
2015-06-06 04:49 - 2015-06-06 04:49 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\ATI
2015-06-06 04:49 - 2015-06-06 04:49 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2015-06-06 04:49 - 2015-06-06 04:49 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2015-06-06 04:49 - 2015-06-06 04:49 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2015-06-06 04:49 - 2015-06-06 04:49 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2015-06-06 04:45 - 2015-06-06 04:45 - 00865792 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-06-06 04:45 - 2015-06-06 04:45 - 00102912 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-06-06 04:45 - 2015-06-06 04:45 - 00102400 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-06-06 04:45 - 2015-06-06 04:45 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-06-06 04:45 - 2015-06-06 04:45 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-06-06 04:44 - 2015-06-06 04:44 - 27535872 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-06-06 04:44 - 2015-06-06 04:44 - 22318592 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-06-06 04:44 - 2015-06-06 04:44 - 09003520 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-06-06 04:44 - 2015-06-06 04:44 - 07416832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-06-06 04:44 - 2015-06-06 04:44 - 00250756 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat
2015-06-06 04:44 - 2015-06-06 04:44 - 00249088 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
2015-06-06 04:44 - 2015-06-06 04:44 - 00204800 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-06-06 04:44 - 2015-06-06 04:44 - 00189952 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-06-06 04:44 - 2015-06-06 04:44 - 00160256 _____ C:\WINDOWS\system32\atieah64.exe
2015-06-06 04:44 - 2015-06-06 04:44 - 00143872 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-06-06 04:44 - 2014-09-15 19:17 - 33867264 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-06-06 04:44 - 2014-09-15 19:17 - 28770304 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-06-06 04:44 - 2014-09-15 19:16 - 00065024 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-06-06 04:44 - 2014-09-15 19:16 - 00058880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-06-06 04:44 - 2014-09-15 18:59 - 00900608 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-06-06 04:44 - 2014-09-15 18:59 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-06-06 04:44 - 2014-09-15 18:59 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-06-06 03:10 - 2015-06-06 22:11 - 97803928 _____ C:\Users\marco_000\Downloads\454JusD15DLX.part1.rar.part
2015-06-06 02:48 - 2015-06-11 21:45 - 00003042 _____ C:\WINDOWS\setupact.log
2015-06-06 02:48 - 2015-06-06 02:48 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-06 02:20 - 2015-06-06 02:20 - 01880003 _____ C:\Users\marco_000\Downloads\FlexRena84.zip
2015-06-06 02:20 - 2015-06-06 02:20 - 00000000 ____D C:\Users\marco_000\Downloads\FlexRena84
2015-06-06 00:32 - 2015-06-06 00:32 - 00281040 _____ C:\WINDOWS\Minidump\060615-23031-01.dmp
2015-06-06 00:27 - 2015-06-06 00:32 - 349573773 _____ C:\WINDOWS\MEMORY.DMP
2015-06-06 00:27 - 2015-06-06 00:27 - 00281096 _____ C:\WINDOWS\Minidump\060615-23781-01.dmp
2015-06-06 00:27 - 2015-06-06 00:27 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-06 00:19 - 2015-06-06 05:14 - 00000000 ____D C:\Users\marco_000\Desktop\HDDScan-3.3
2015-06-05 23:32 - 2015-06-14 14:58 - 00000191 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-05 23:10 - 2015-06-13 10:43 - 00001392 _____ C:\WINDOWS\PFRO.log
2015-06-05 22:56 - 2015-06-05 22:57 - 06549184 _____ (Piriform Ltd) C:\Users\marco_000\Downloads\ccsetup506.exe
2015-06-05 02:46 - 2015-06-05 04:09 - 253944881 _____ C:\Users\marco_000\Downloads\454JusD15DLX.part2.rar
2015-06-04 21:27 - 2015-06-04 21:27 - 00001109 _____ C:\Users\marco_000\Desktop\Crysis3 - Shortcut.lnk
2015-06-04 20:36 - 2015-06-06 21:23 - 00000000 ____D C:\Crysis 3
2015-06-04 13:49 - 2015-06-04 13:49 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2015-06-04 13:49 - 2015-06-04 13:49 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2015-06-04 13:45 - 2015-06-04 13:46 - 03550749 _____ C:\Users\marco_000\Downloads\Microsoft Windows Office Activator KMSPico 10.0.9.rar
2015-06-03 02:48 - 2015-06-14 15:18 - 00005230 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARCOS-marco_000 Marcos
2015-06-02 13:16 - 2015-06-02 13:16 - 00000000 ____D C:\Users\Public\Documents\PC Faster
2015-06-02 13:14 - 2015-06-02 13:14 - 00000000 ____D C:\Users\marco_000\AppData\Local\PeerDistRepub
2015-06-02 13:13 - 2015-06-02 13:14 - 00000000 ____D C:\AdwCleaner
2015-06-02 13:11 - 2015-06-02 13:12 - 02231296 _____ C:\Users\marco_000\Downloads\adwcleaner_4.206.exe
2015-06-02 13:05 - 2015-06-02 13:05 - 00003798 _____ C:\WINDOWS\System32\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}
2015-06-02 13:05 - 2015-06-02 13:05 - 00003474 _____ C:\WINDOWS\System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}
2015-06-02 13:05 - 2015-06-02 13:05 - 00003162 _____ C:\WINDOWS\System32\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}
2015-06-02 13:05 - 2015-06-02 13:05 - 00000692 _____ C:\WINDOWS\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
2015-06-02 13:05 - 2015-06-02 13:05 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-06-02 13:05 - 2015-06-02 13:05 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-06-02 13:05 - 2015-06-02 13:05 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}
2015-06-02 13:02 - 2015-06-02 13:02 - 00003364 _____ C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[973b]
2015-06-02 13:02 - 2015-06-02 13:02 - 00000374 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[973b].job
2015-06-02 11:56 - 2015-05-17 21:45 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-06-02 11:56 - 2015-05-17 21:44 - 02755072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-06-02 11:56 - 2015-05-17 21:43 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-06-02 11:56 - 2015-05-17 21:43 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-06-02 11:56 - 2015-05-17 21:00 - 19622912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-02 11:56 - 2015-05-17 20:49 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-02 11:56 - 2015-05-17 20:48 - 01342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-02 11:56 - 2015-05-17 20:48 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-06-02 11:56 - 2015-05-17 20:47 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-06-02 11:56 - 2015-05-17 20:03 - 20603904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-06-02 11:56 - 2015-05-17 20:00 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-06-02 11:55 - 2015-05-18 00:01 - 03456656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-02 11:55 - 2015-05-17 22:51 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-02 11:55 - 2015-05-17 22:30 - 02778456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-02 11:55 - 2015-05-17 22:20 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-02 11:55 - 2015-05-17 21:59 - 24580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-02 11:55 - 2015-05-17 21:50 - 12492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-02 11:55 - 2015-05-17 21:46 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-02 11:55 - 2015-05-17 21:46 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-02 11:55 - 2015-05-17 21:45 - 02678784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-02 11:55 - 2015-05-17 21:45 - 01564672 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-02 11:55 - 2015-05-17 21:45 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-06-02 11:55 - 2015-05-17 21:44 - 02114048 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-02 11:55 - 2015-05-17 21:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-06-02 11:55 - 2015-05-17 21:38 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-02 11:55 - 2015-05-17 21:15 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-02 11:55 - 2015-05-17 20:55 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-06-02 11:55 - 2015-05-17 20:49 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-02 11:55 - 2015-05-17 20:48 - 02755072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-06-02 11:55 - 2015-05-17 20:48 - 02174464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-02 11:55 - 2015-05-17 20:48 - 02037248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-02 11:55 - 2015-05-17 20:47 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-06-02 11:55 - 2015-05-17 20:44 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-02 11:55 - 2015-05-17 20:40 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-06-02 11:55 - 2015-05-17 20:07 - 03595264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-02 11:55 - 2015-05-17 20:04 - 11318784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-02 11:01 - 2015-06-02 11:01 - 03300528 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\VIAPropPageExt.dll
2015-06-02 11:01 - 2015-06-02 11:01 - 02000640 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMAPO264.DLL
2015-06-02 11:01 - 2015-06-02 11:01 - 01728768 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\VMAPO232.DLL
2015-06-02 11:01 - 2015-06-02 11:01 - 00030728 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\VMfilt64.sys
2015-06-02 10:26 - 2015-06-02 10:26 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-06-02 09:44 - 2015-06-02 09:44 - 00000000 ____D C:\Users\marco_000\AppData\Local\Spartan
2015-06-02 09:42 - 2015-06-02 09:42 - 00000000 ___RD C:\Users\marco_000\3D Objects
2015-06-02 09:40 - 2015-06-02 09:42 - 00000000 ____D C:\Users\marco_000\AppData\Local\Comms
2015-06-02 09:40 - 2015-06-02 09:41 - 00002356 _____ C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-06-02 09:40 - 2015-06-02 09:40 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
2015-06-02 09:40 - 2015-06-02 09:40 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-06-02 09:38 - 2015-06-02 12:15 - 00000000 ____D C:\Users\marco_000\AppData\Local\GameDVR
2015-06-02 09:37 - 2015-06-14 14:57 - 00000000 ____D C:\Users\marco_000\AppData\Local\ActiveSync
2015-06-02 09:37 - 2015-06-02 09:37 - 00000020 ___SH C:\Users\marco_000\ntuser.ini
2015-06-02 09:37 - 2015-06-02 09:37 - 00000000 ____D C:\Users\marco_000\AppData\Local\TileDataLayer
2015-06-02 09:36 - 2015-06-13 00:25 - 00000000 ____D C:\Users\Todos os Usuários\USOShared
2015-06-02 09:36 - 2015-06-13 00:25 - 00000000 ____D C:\ProgramData\USOShared
2015-06-02 09:36 - 2015-06-02 09:36 - 00000000 ____D C:\Users\Todos os Usuários\USOPrivate
2015-06-02 09:36 - 2015-06-02 09:36 - 00000000 ____D C:\ProgramData\USOPrivate
2015-06-02 04:22 - 2015-06-14 14:59 - 00247309 _____ C:\WINDOWS\WindowsUpdate_AU_deprecated.log
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Músicas
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Imagens
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Meus Vídeos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Histórico
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Dados de Aplicativos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Usuário Padrão
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Todos os Usuários\Modelos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Todos os Usuários\Menu Iniciar
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Todos os Usuários\Documentos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Todos os Usuários\Dados de Aplicativos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Todos os Usuários
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Public\Documents\Minhas Músicas
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Public\Documents\Minhas Imagens
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Public\Documents\Meus Vídeos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\Modelos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\Meus Documentos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\Menu Iniciar
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\Documents\Minhas Músicas
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\Documents\Minhas Imagens
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\Documents\Meus Vídeos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\Dados de Aplicativos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\Configurações Locais
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\AppData\Local\Histórico
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\AppData\Local\Dados de Aplicativos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\Ambiente de Rede
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default\Ambiente de Impressão
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default User\Documents\Minhas Músicas
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default User\Documents\Minhas Imagens
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default User\Documents\Meus Vídeos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Histórico
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Dados de Aplicativos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\ProgramData\Modelos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\ProgramData\Menu Iniciar
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\ProgramData\Documentos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\ProgramData\Dados de Aplicativos
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Program Files\Common Files\Sistema
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Program Files\Arquivos Comuns
2015-06-02 04:22 - 2015-06-02 04:22 - 00000000 _SHDL C:\Arquivos de Programas
2015-06-02 04:21 - 2015-06-02 04:21 - 00022900 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-06-02 04:17 - 2015-06-08 11:21 - 01810248 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-02 04:12 - 2015-04-25 00:12 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-06-02 04:07 - 2015-06-02 04:07 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-02 04:07 - 2015-06-02 04:07 - 00000000 ____D C:\Users\Usuário Padrão\Documents\Visual Studio 2008
2015-06-02 04:07 - 2015-06-02 04:07 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Roaming\Macromedia
2015-06-02 04:07 - 2015-06-02 04:07 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\Microsoft Help
2015-06-02 04:07 - 2015-06-02 04:07 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2015-06-02 04:07 - 2015-06-02 04:07 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-06-02 04:07 - 2015-06-02 04:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-06-02 04:07 - 2015-06-02 04:07 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2015-06-02 04:07 - 2015-06-02 04:07 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-06-02 04:07 - 2015-06-02 04:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-06-02 04:02 - 2015-06-02 04:02 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-06-02 04:00 - 2015-06-14 14:09 - 00000000 ____D C:\Users\marco_000
2015-06-02 04:00 - 2015-06-02 13:14 - 00000000 ___RD C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-02 04:00 - 2015-06-02 04:22 - 00032388 _____ C:\WINDOWS\diagwrn.xml
2015-06-02 04:00 - 2015-06-02 04:22 - 00032388 _____ C:\WINDOWS\diagerr.xml
2015-06-02 04:00 - 2015-06-02 04:09 - 00000000 ___RD C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-02 04:00 - 2015-06-02 04:01 - 00000000 ___RD C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-02 04:00 - 2015-06-02 04:01 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\Modelos
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\Meus Documentos
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\Menu Iniciar
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\Documents\Minhas Músicas
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\Documents\Minhas Imagens
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\Documents\Meus Vídeos
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\Dados de Aplicativos
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\Configurações Locais
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\AppData\Local\Histórico
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\AppData\Local\Dados de Aplicativos
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\Ambiente de Rede
2015-06-02 04:00 - 2015-06-02 04:00 - 00000000 _SHDL C:\Users\marco_000\Ambiente de Impressão
2015-06-02 04:00 - 2015-04-25 00:17 - 00000369 _____ C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-02 04:00 - 2015-04-25 00:17 - 00000369 _____ C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-02 03:57 - 2015-06-02 03:57 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-06-02 03:57 - 2015-06-02 03:57 - 00000000 ____D C:\Program Files\VIA
2015-06-02 03:56 - 2015-06-02 03:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2015-06-02 03:56 - 2015-06-02 03:56 - 00000000 ____D C:\Program Files\Synaptics
2015-06-02 03:53 - 2015-06-05 23:01 - 00000000 ___DC C:\WINDOWS\Panther
2015-06-02 03:53 - 2015-06-02 04:00 - 00000000 __SHD C:\Recovery
2015-06-02 03:50 - 2015-06-05 22:21 - 00000000 ____D C:\Windows.old
2015-06-02 03:50 - 2015-06-02 03:50 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-06-02 03:50 - 2015-06-02 03:50 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-06-02 03:50 - 2015-06-02 03:50 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-02 03:50 - 2015-06-02 03:50 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-02 03:50 - 2015-06-02 03:50 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\jnwmon.dll
2015-06-02 03:49 - 2015-06-02 03:49 - 00381928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-06-02 03:49 - 2015-06-02 03:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-06-02 03:49 - 2015-06-02 03:49 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-06-02 03:48 - 2015-06-02 03:48 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-06-02 03:47 - 2015-06-02 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-06-02 03:47 - 2015-06-02 03:47 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-06-02 03:47 - 2015-06-02 03:47 - 00000000 ____D C:\Program Files\MSBuild
2015-06-02 03:47 - 2015-06-02 03:47 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-06-02 03:47 - 2015-06-02 03:47 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-02 03:47 - 2015-04-24 14:04 - 00778928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-06-02 03:47 - 2015-04-24 14:04 - 00035472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-06-02 03:47 - 2015-04-16 19:22 - 01166512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-06-02 03:47 - 2015-04-16 19:22 - 00035472 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-06-02 03:46 - 2015-06-02 03:46 - 16090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 14434304 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 12925440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 12813824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 07940584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-06-02 03:46 - 2015-06-02 03:46 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 02101760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 01746944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 01524224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 01281024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 01281024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 01065688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00917960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00617384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00517704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00426768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00382336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00212488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-06-02 03:46 - 2015-06-02 03:46 - 00194824 _____ C:\WINDOWS\system32\weretw.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00182464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-06-02 03:46 - 2015-06-02 03:46 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-06-02 03:46 - 2015-06-02 03:46 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-06-02 03:46 - 2015-06-02 03:46 - 00145752 _____ C:\WINDOWS\SysWOW64\weretw.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00140632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-06-02 03:46 - 2015-06-02 03:46 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2015-06-02 03:46 - 2015-06-02 03:46 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00037920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-06-02 03:46 - 2015-06-02 03:46 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-06-02 03:46 - 2015-06-02 03:46 - 00033240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-06-02 03:46 - 2015-06-02 03:46 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2015-06-02 03:29 - 2015-06-02 04:22 - 00000000 ____D C:\RecoveryImage
2015-06-02 03:01 - 2015-06-05 22:58 - 00000000 ____D C:\Program Files\CCleaner
2015-06-02 03:01 - 2015-06-02 04:21 - 00002890 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-06-02 03:01 - 2015-06-02 04:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-02 00:41 - 2015-06-02 13:44 - 00000000 ____D C:\Users\marco_000\Downloads\Life.Is.Strange.Episode.1.XBLA.XBOX360-LiGHTFORCE
2015-06-02 00:13 - 2015-06-02 00:13 - 00000000 ____D C:\Users\marco_000\AppData\Local\Daring_Development_Inc
2015-06-01 23:56 - 2015-06-01 23:56 - 00001039 _____ C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 10 Technical Preview.lnk
2015-06-01 22:40 - 2015-06-06 16:52 - 00003156 _____ C:\WINDOWS\System32\Tasks\sunsoft
2015-06-01 22:40 - 2015-06-06 16:52 - 00003150 _____ C:\WINDOWS\System32\Tasks\catalyst
2015-06-01 22:40 - 2015-06-02 04:20 - 00003246 _____ C:\WINDOWS\System32\Tasks\Origin
2015-06-01 22:40 - 2015-06-01 22:40 - 00000000 ___HD C:\Users\marco_000\AppData\Roaming\Origin
2015-06-01 22:40 - 2015-06-01 22:40 - 00000000 ____D C:\Users\Todos os Usuários\sunsoft
2015-06-01 22:40 - 2015-06-01 22:40 - 00000000 ____D C:\ProgramData\sunsoft
2015-06-01 11:26 - 2015-06-01 11:26 - 00000000 ____D C:\Users\marco_000\AppData\Local\GWX
2015-06-01 00:49 - 2015-06-01 00:49 - 00000000 ____D C:\Users\marco_000\Documents\Electronic Arts
2015-06-01 00:31 - 2015-06-13 22:49 - 00001152 _____ C:\Users\marco_000\Desktop\The Sims 4.lnk
2015-06-01 00:31 - 2015-06-02 04:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-06-01 00:31 - 2015-06-01 00:31 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\The Sims 4
2015-06-01 00:07 - 2015-06-01 00:07 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-05-31 22:07 - 2015-05-31 22:07 - 00000000 ____D C:\Users\Todos os Usuários\Steam
2015-05-31 22:07 - 2015-05-31 22:07 - 00000000 ____D C:\ProgramData\Steam
2015-05-31 21:56 - 2015-05-31 22:00 - 00000000 ____D C:\Users\marco_000\Downloads\Mortal.Kombat.X.Update.v20150425-RELOADED
2015-05-31 20:48 - 2015-05-31 20:50 - 00000000 ____D C:\Users\marco_000\Desktop\Crysis.3.INTERNAL-RELOADED
2015-05-31 02:53 - 2015-05-31 02:53 - 00262144 _____ C:\WINDOWS\AOMEIBCD
2015-05-31 02:47 - 2015-05-31 02:48 - 00000000 ____D C:\Users\marco_000\Downloads\AOMEI Partition Assistant Pro_Server_Technician_Unlimited Edition 5.6.3 Retail
2015-05-31 02:25 - 2015-05-31 03:48 - 00001024 ____H C:\AMTAG.BIN
2015-05-31 00:41 - 2015-05-31 00:42 - 00000000 ____D C:\Users\marco_000\Documents\GTA San Andreas User Files
2015-05-31 00:13 - 2015-06-02 04:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia
2015-05-31 00:13 - 2015-05-31 00:13 - 00000979 _____ C:\Users\Public\Desktop\Tibia.lnk
2015-05-31 00:13 - 2015-05-31 00:13 - 00000000 ____D C:\Program Files (x86)\Tibia
2015-05-28 00:35 - 2015-06-02 04:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5
2015-05-28 00:35 - 2015-05-28 00:35 - 00000000 ____D C:\Program Files (x86)\Corel
2015-05-28 00:20 - 2015-06-13 22:47 - 05326144 _____ C:\Users\marco_000\Desktop\Untitled-1-Recovered.psd
2015-05-27 23:40 - 2015-05-27 23:40 - 00000000 ____D C:\Users\marco_000\Documents\My Palettes
2015-05-27 23:37 - 2015-05-27 23:40 - 00000000 ____D C:\Users\Todos os Usuários\Protexis
2015-05-27 23:37 - 2015-05-27 23:40 - 00000000 ____D C:\ProgramData\Protexis
2015-05-27 23:37 - 2015-05-27 23:37 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\Corel
2015-05-27 23:33 - 2015-05-27 23:40 - 00000000 ____D C:\Users\marco_000\Documents\Corel
2015-05-27 23:33 - 2015-05-27 23:33 - 00000000 ____D C:\Users\marco_000\Documents\Visual Studio 2008
2015-05-27 23:33 - 2015-05-27 23:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2015-05-27 23:33 - 2015-05-27 23:33 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-05-27 23:32 - 2015-05-28 00:37 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2015-05-27 23:32 - 2015-05-28 00:37 - 00000000 ____D C:\ProgramData\Corel
2015-05-27 02:18 - 2015-05-27 02:19 - 05827102 _____ C:\Users\marco_000\Desktop\info beta.psd
2015-05-27 02:17 - 2015-05-27 02:17 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-05-27 01:18 - 2012-04-27 22:17 - 01793672 _____ (Adobe Systems, Incorporated) C:\amtlib.dll
2015-05-27 01:08 - 2015-06-02 04:09 - 00000000 ____D C:\Users\Todos os Usuários\regid.1986-12.com.adobe
2015-05-27 01:08 - 2015-06-02 04:09 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-05-27 01:02 - 2015-05-27 01:02 - 00000000 ____D C:\Users\Todos os Usuários\ALM
2015-05-27 01:02 - 2015-05-27 01:02 - 00000000 ____D C:\ProgramData\ALM
2015-05-27 00:57 - 2015-05-27 00:57 - 00000000 ____D C:\Users\marco_000\Adobe Flash Builder 4.6
2015-05-27 00:52 - 2015-06-02 04:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-05-27 00:52 - 2015-05-27 00:52 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-05-27 00:52 - 2015-05-27 00:52 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-05-27 00:48 - 2015-05-27 00:48 - 00001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2015-05-27 00:47 - 2015-05-27 00:47 - 00000000 ____D C:\Program Files (x86)\My Company Name
2015-05-27 00:47 - 2011-11-03 03:01 - 00056208 _____ (Rovi Corporation) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2015-05-27 00:47 - 2011-10-17 03:00 - 00010224 _____ (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2015-05-27 00:47 - 2011-10-17 03:00 - 00010224 _____ (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2015-05-27 00:45 - 2015-05-27 00:45 - 00001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-05-27 00:41 - 2015-06-02 04:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2015-05-27 00:41 - 2015-05-27 01:07 - 00000000 ____D C:\Program Files\Adobe
2015-05-27 00:40 - 2015-05-27 01:07 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-05-26 21:26 - 2015-06-02 04:01 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
2015-05-26 21:26 - 2015-05-26 21:26 - 00000000 ____D C:\Program Files (x86)\GameVicio
2015-05-26 11:58 - 2015-06-13 22:49 - 00001822 _____ C:\Users\marco_000\Desktop\Witcher.lnk
2015-05-26 11:57 - 2015-05-27 21:45 - 00000000 ____D C:\Users\marco_000\AppData\Local\The Witcher
2015-05-26 11:57 - 2015-05-26 21:51 - 00000000 ____D C:\Users\marco_000\Documents\The Witcher
2015-05-26 11:52 - 2015-05-26 11:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games
2015-05-26 03:31 - 2015-05-26 03:31 - 00312480 _____ C:\WINDOWS\system32\Drivers\atksgt.sys
2015-05-26 03:31 - 2015-05-26 03:31 - 00043168 _____ C:\WINDOWS\system32\Drivers\lirsgt.sys
2015-05-26 03:25 - 2015-05-26 07:25 - 00000000 ____D C:\Users\marco_000\Downloads\[R.G. Mechanics] The Sims 4
2015-05-26 03:16 - 2015-05-26 21:25 - 00000000 ____D C:\Program Files (x86)\The Witcher Enhanced Edition
2015-05-26 03:15 - 2015-05-26 03:29 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2015-05-24 02:15 - 2015-06-02 04:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-05-24 02:14 - 2015-05-24 02:14 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\library_dir
2015-05-24 02:10 - 2015-05-31 01:36 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\Raptr
2015-05-24 02:10 - 2015-05-24 02:15 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-24 01:45 - 2015-06-02 11:01 - 01986048 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\ViaMicArrayAPO.dll
2015-05-24 01:45 - 2015-06-02 11:01 - 00876544 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\VIASysFx.dll
2015-05-24 01:45 - 2015-06-02 11:01 - 00689672 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\viahduaa.sys
2015-05-24 01:45 - 2015-06-02 04:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA
2015-05-24 01:45 - 2013-10-31 22:21 - 27646720 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVnA64.dll
2015-05-24 01:45 - 2013-10-31 22:21 - 02103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2015-05-24 01:45 - 2013-10-31 22:21 - 01013504 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2015-05-24 01:45 - 2013-10-31 22:21 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2015-05-24 01:45 - 2013-07-22 03:40 - 00388096 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMWRP64.DLL
2015-05-24 01:45 - 2012-12-11 07:01 - 00070776 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\system32\VtSrdAPO.dll
2015-05-24 01:45 - 2012-12-11 07:00 - 01161336 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\ViaKaraokeApo.dll
2015-05-24 01:45 - 2012-12-11 07:00 - 00248952 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\system32\Dts2APO.dll
2015-05-24 01:45 - 2012-12-11 07:00 - 00123512 _____ (VIA Technologies,Inc.) C:\WINDOWS\system32\ViaKaraokePropPageExt.dll
2015-05-24 01:45 - 2012-12-11 07:00 - 00095352 _____ (VIA Technologies,Inc.) C:\WINDOWS\system32\ViaMicArrayPropPageExt.dll
2015-05-24 01:45 - 2012-12-11 07:00 - 00092280 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Dts2PropPageExt.dll
2015-05-24 01:45 - 2012-12-11 07:00 - 00055416 _____ (TODO: <Company name>) C:\WINDOWS\system32\PropPageExt.dll
2015-05-24 01:45 - 2012-12-11 07:00 - 00027768 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\ViakaraokeSrv.exe
2015-05-24 01:45 - 2012-11-14 23:06 - 00083968 _____ (QSound Labs, Inc.) C:\WINDOWS\system32\nQAPO.dll
2015-05-24 01:45 - 2012-06-28 05:54 - 00086016 _____ (QSound Labs, Inc.) C:\WINDOWS\system32\nQPropPageExt.dll
2015-05-24 01:45 - 2011-12-15 02:16 - 07163744 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEP64H.dll
2015-05-24 01:45 - 2011-12-15 02:16 - 07163744 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEP64A.dll
2015-05-24 01:45 - 2011-12-15 02:16 - 00433504 _____ (Dolby Laboratories) C:\WINDOWS\system32\EED64H.dll
2015-05-24 01:45 - 2011-12-15 02:16 - 00433504 _____ (Dolby Laboratories) C:\WINDOWS\system32\EED64A.dll
2015-05-24 01:45 - 2011-12-15 02:16 - 00137056 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEL64H.dll
2015-05-24 01:45 - 2011-12-15 02:16 - 00137056 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEL64A.dll
2015-05-24 01:45 - 2011-12-15 02:16 - 00120160 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEA64H.dll
2015-05-24 01:45 - 2011-12-15 02:16 - 00120160 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEA64A.dll
2015-05-24 01:45 - 2011-12-15 02:16 - 00075104 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEG64H.dll
2015-05-24 01:45 - 2011-12-15 02:16 - 00075104 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEG64A.dll
2015-05-24 01:45 - 2011-09-27 07:13 - 00879616 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMAPO64.DLL
2015-05-24 01:45 - 2011-09-27 07:13 - 00739328 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\VMAPO32.DLL
2015-05-24 01:45 - 2011-09-27 07:13 - 00619520 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMTHX64.DLL
2015-05-24 01:45 - 2011-09-27 07:13 - 00554496 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\VMTHX32.DLL
2015-05-24 01:45 - 2011-09-27 07:13 - 00057856 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMPPLD64.DLL
2015-05-24 01:45 - 2010-10-26 07:54 - 00053760 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMPPCN64.DLL
2015-05-24 00:59 - 2014-01-21 04:14 - 00000000 ____D C:\Users\marco_000\Downloads\VIA audio driver
2015-05-23 22:04 - 2015-06-02 04:09 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2015-05-23 16:04 - 2015-06-13 22:49 - 00001291 _____ C:\Users\marco_000\Desktop\PakMan 2008.lnk
2015-05-23 16:04 - 2015-06-02 04:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGamePick
2015-05-23 16:04 - 2015-05-23 16:04 - 00000000 ____D C:\Program Files (x86)\FreeGamePick
2015-05-16 16:29 - 2015-05-16 16:29 - 00000000 ____D C:\Program Files\ATI
2015-05-16 16:27 - 2015-06-06 04:48 - 00000000 ____D C:\Program Files\AMD
2015-05-16 00:15 - 2015-06-02 04:21 - 00003196 _____ C:\WINDOWS\System32\Tasks\{0EA62DA0-FC74-44E4-A62F-7CAF16ECA6C3}
2015-05-15 21:55 - 2015-06-14 15:05 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 21:55 - 2015-06-14 14:58 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-15 21:55 - 2015-06-12 11:08 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-15 21:55 - 2015-06-02 04:21 - 00004172 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 21:55 - 2015-06-02 04:20 - 00003936 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 21:55 - 2015-05-15 21:55 - 00000000 ____D C:\Users\marco_000\AppData\Local\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 15:34 - 2015-03-31 22:39 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-14 14:58 - 2015-03-30 15:52 - 00000000 __RDO C:\Users\marco_000\SkyDrive
2015-06-14 14:57 - 2015-04-25 01:08 - 00033172 _____ C:\WINDOWS\system32\NetSetupSvc.log
2015-06-14 14:56 - 2015-04-25 01:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-14 14:56 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-14 14:56 - 2015-04-24 23:39 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-14 14:45 - 2015-03-30 20:39 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-14 14:17 - 2015-04-12 23:53 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2015-06-14 14:17 - 2015-04-12 23:53 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2015-06-14 14:13 - 2015-03-30 21:33 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-06-14 12:18 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-14 12:12 - 2015-03-30 15:51 - 00000000 ____D C:\Users\marco_000\AppData\Local\Packages
2015-06-14 12:02 - 2015-03-30 15:56 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7C51C0A3-064F-4727-B7E8-A027CEA057D6}
2015-06-13 22:49 - 2015-04-20 21:10 - 00001984 _____ C:\Users\marco_000\Desktop\Drakensang Online.lnk
2015-06-13 10:44 - 2015-03-31 12:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-13 10:43 - 2015-03-30 19:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-11 22:12 - 2015-03-31 20:03 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\Skype
2015-06-10 23:52 - 2015-03-30 21:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-10 23:52 - 2015-03-30 21:11 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2015-06-10 23:52 - 2015-03-30 21:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 23:52 - 2013-08-22 10:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-06-10 23:50 - 2015-04-25 00:06 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-10 23:46 - 2015-03-31 06:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 23:43 - 2015-03-31 06:59 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 20:36 - 2015-03-31 22:39 - 00003888 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-09 19:35 - 2015-04-12 01:55 - 00000000 ____D C:\Users\marco_000\AppData\Local\Battle.net
2015-06-08 11:21 - 2015-04-25 06:29 - 00781686 _____ C:\WINDOWS\system32\prfh0416.dat
2015-06-08 11:21 - 2015-04-25 06:29 - 00152728 _____ C:\WINDOWS\system32\prfc0416.dat
2015-06-07 20:05 - 2015-04-12 01:55 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-07 11:55 - 2015-04-02 21:42 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\uTorrent
2015-06-06 21:23 - 2015-04-14 21:05 - 00000000 __SHD C:\Users\marco_000\AppData\Local\EmieUserList
2015-06-06 21:23 - 2015-04-14 21:05 - 00000000 __SHD C:\Users\marco_000\AppData\Local\EmieSiteList
2015-06-06 21:23 - 2015-04-14 21:05 - 00000000 __SHD C:\Users\marco_000\AppData\Local\EmieBrowserModeList
2015-06-06 15:15 - 2015-04-25 00:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-06-06 12:25 - 2015-03-31 01:26 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2015-06-06 12:25 - 2015-03-31 01:26 - 00000000 ____D C:\ProgramData\Adobe
2015-06-06 12:24 - 2015-03-31 22:38 - 00000000 ____D C:\Users\marco_000\AppData\Local\Adobe
2015-06-06 12:24 - 2015-03-30 15:51 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\Adobe
2015-06-06 04:49 - 2015-03-30 16:36 - 00000000 ____D C:\AMD
2015-06-06 04:46 - 2015-03-31 12:19 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-05 23:10 - 2015-04-25 01:07 - 04984184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-05 23:01 - 2015-03-31 12:19 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\TeamViewer
2015-06-04 13:52 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-03 11:38 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-06-03 01:56 - 2015-03-30 13:42 - 00000000 ____D C:\Users\marco_000\Desktop\DotaD
2015-06-02 13:14 - 2015-03-30 19:32 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-02 09:49 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-06-02 09:37 - 2015-04-25 00:36 - 00000000 ___RD C:\WINDOWS\PrintDialog3D
2015-06-02 09:37 - 2015-04-25 00:36 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-06-02 09:37 - 2015-04-25 00:36 - 00000000 ___RD C:\WINDOWS\MtcUvc
2015-06-02 09:37 - 2015-04-25 00:36 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-06-02 09:37 - 2015-04-25 00:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-06-02 09:37 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-06-02 04:22 - 2015-04-25 00:36 - 00000000 ____D C:\Program Files\Windows NT
2015-06-02 04:22 - 2015-04-24 23:39 - 00000000 __RHD C:\Users\Default
2015-06-02 04:21 - 2015-04-25 01:08 - 00002382 _____ C:\WINDOWS\System32\Tasks\SpeechRuntimeTask
2015-06-02 04:21 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\Registration
2015-06-02 04:21 - 2015-03-31 01:14 - 00003800 _____ C:\WINDOWS\System32\Tasks\klcp_update
2015-06-02 04:21 - 2015-03-30 15:58 - 00003710 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4170533712-3209951924-2990677416-1001
2015-06-02 04:17 - 2015-04-25 00:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-06-02 04:09 - 2015-04-25 06:33 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-02 04:09 - 2015-04-24 23:39 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-02 04:09 - 2015-04-17 01:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2015-06-02 04:09 - 2015-04-13 02:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-06-02 04:09 - 2015-04-12 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-06-02 04:09 - 2015-04-12 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-06-02 04:09 - 2015-03-31 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-02 04:09 - 2015-03-31 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-02 04:09 - 2015-03-31 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-06-02 04:09 - 2015-03-31 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-06-02 04:09 - 2015-03-30 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2015-06-02 04:09 - 2015-03-30 22:11 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-06-02 04:09 - 2015-03-30 20:49 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-02 04:09 - 2015-03-30 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-02 04:09 - 2015-03-30 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-02 04:09 - 2015-03-30 16:56 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-06-02 04:07 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Default.migrated
2015-06-02 04:05 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-06-02 04:05 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-06-02 04:05 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-02 04:05 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-06-02 04:05 - 2015-04-03 01:31 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-02 04:05 - 2015-03-31 01:10 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-06-02 04:05 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-06-02 04:05 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-06-02 04:03 - 2015-05-14 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
2015-06-02 04:03 - 2015-04-30 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-06-02 04:03 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-06-02 04:03 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\InputMethod
2015-06-02 04:03 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\appcompat
2015-06-02 04:03 - 2015-04-25 00:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-02 04:03 - 2015-04-25 00:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-02 04:03 - 2015-04-14 23:31 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-06-02 04:03 - 2015-03-30 16:38 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-06-02 04:03 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-06-02 04:03 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-06-02 04:02 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-06-02 04:00 - 2015-04-24 23:39 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-06-02 03:51 - 2015-04-25 00:37 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-06-02 03:50 - 2015-04-25 06:33 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-02 03:49 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\system32\winevt
2015-06-02 03:47 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-06-02 03:47 - 2015-04-25 00:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-06-02 03:47 - 2015-04-25 00:13 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-06-02 03:47 - 2015-04-25 00:13 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-06-02 03:47 - 2015-04-25 00:13 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-06-02 03:47 - 2015-04-25 00:13 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2015-06-02 03:47 - 2015-04-25 00:13 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2015-06-02 03:28 - 2013-08-22 12:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-02 03:24 - 2015-04-25 07:03 - 00000000 ___HD C:\$Windows.~BT
2015-06-02 03:04 - 2015-04-28 02:07 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\DAEMON Tools Lite
2015-06-02 00:13 - 2015-03-30 13:44 - 00000000 ____D C:\Users\marco_000\Desktop\Xbox
2015-06-01 00:31 - 2015-03-30 16:38 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2015-06-01 00:31 - 2015-03-30 16:38 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-31 03:46 - 2015-04-30 02:33 - 00007616 _____ C:\Users\marco_000\AppData\Local\Resmon.ResmonCfg
2015-05-30 21:27 - 2015-04-03 12:21 - 00000000 ____D C:\Users\marco_000\AppData\Local\Spotify
2015-05-30 21:09 - 2015-03-31 01:16 - 00000000 ____D C:\Users\marco_000\AppData\Roaming\Spotify
2015-05-28 00:20 - 2015-03-30 13:42 - 01663944 _____ C:\Users\marco_000\Desktop\Untitled-2.psd
2015-05-27 01:06 - 2015-03-31 01:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-26 03:16 - 2015-03-30 16:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-24 01:45 - 2015-03-30 16:58 - 00000024 _____ C:\WINDOWS\SetupTemp.ini
2015-05-23 22:04 - 2015-04-20 21:07 - 00000000 ____D C:\Program Files (x86)\Drakensang Online
2015-05-18 22:51 - 2015-05-14 10:16 - 00000693 _____ C:\Users\Public\Desktop\Play Claw.lnk

==================== Files in the root of some directories =======

2015-04-12 23:53 - 2015-04-12 23:53 - 0018606 _____ () C:\Users\marco_000\AppData\Roaming\unins000.dat
2015-04-12 23:53 - 2015-04-12 23:53 - 0811218 _____ () C:\Users\marco_000\AppData\Roaming\unins000.exe
2015-04-20 16:13 - 2015-04-20 16:13 - 0017872 _____ () C:\Users\marco_000\AppData\Roaming\unins001.dat
2015-04-20 16:13 - 2015-04-20 16:13 - 0730322 _____ () C:\Users\marco_000\AppData\Roaming\unins001.exe
2015-04-30 02:33 - 2015-05-31 03:46 - 0007616 _____ () C:\Users\marco_000\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\marco_000\AppData\Roaming\Origin\update.vbe
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job


Some files in TEMP:
====================
C:\Users\marco_000\AppData\Local\Temp\ccc.exe
C:\Users\marco_000\AppData\Local\Temp\update.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-12 12:13

==================== End of log ============================
 
ADDITION
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by marco_000 at 2015-06-14 15:10:30
Running from C:\Users\marco_000\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4170533712-3209951924-2990677416-500 - Administrator - Disabled)
Convidado (S-1-5-21-4170533712-3209951924-2990677416-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-4170533712-3209951924-2990677416-503 - Limited - Disabled)
marco_000 (S-1-5-21-4170533712-3209951924-2990677416-1001 - Administrator - Enabled) => C:\Users\marco_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Claw (HKLM-x32\...\{328B1011-42CE-4D10-A4DF-78CC7A883657}) (Version:  - )
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version:  - )
f.lux (HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\Flux) (Version:  - )
GBBD Caixa Economica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - )
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
K-Lite Codec Pack 11.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.5 - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Magic 2015 (HKLM-x32\...\Steam App 255420) (Version:  - Stainless Games)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Módulo de Proteção - Banco Santander (Brasil) S.A. (HKLM-x32\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: 3.12.1.2 - )
Mortal Kombat X (HKLM-x32\...\Mortal Kombat X_is1) (Version: 1.0.2 - )
Mortal Kombat X Update v20150602 (HKLM-x32\...\TW9ydGFsS29tYmF0WA==_is1) (Version: 1 - )
Mozilla Firefox 39.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pt-BR)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
PakMan 2008 (HKLM-x32\...\PakMan 2008_is1) (Version:  - FreeGamePick)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup - Mortal Kombat X © Warner Bros. Interactive Entertainment ... (HKLM-x32\...\Setup - Mortal Kombat X © Warner Bros. Interactive Entertainment ...) (Version: ... - Warner Bros.)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
The Sims 4 (HKLM-x32\...\The Sims 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.78 - CipSoft GmbH)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
VIA Gerenciador de dispositivo de plataforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0001}\InprocServer32 -> C:\Users\marco_000\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\marco_000\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0001}\InprocServer32 -> C:\Users\marco_000\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\marco_000\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\marco_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

06-06-2015 04:50:17 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
10-06-2015 23:39:52 Windows Update
14-06-2015 14:05:26 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
14-06-2015 14:05:53 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0665D2AA-C24F-48DA-B70B-1018662DC582} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
Task: {0BE35EE7-CF54-4523-855D-D9B8F6F50CB3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Update_RebootDialog => C:\WINDOWS\system32\MusNotification.exe [2015-04-25] (Microsoft Corporation)
Task: {0C6017AE-1DB5-4D47-9E17-B1C14D8C0DA4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MARCOS-marco_000 Marcos => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {0D5D31D8-D666-48BF-8C50-17008A6F69D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {14EA5EA7-DC01-4EED-A559-1A68082A089F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\Windows\system32\usoclient.exe [2015-04-25] (Microsoft Corporation)
Task: {18E15108-AB5D-4BF4-89A7-E23D96ECB6BB} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
Task: {1B453B2C-6727-40DB-B891-E635D9C44BCD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle No Task File <==== ATTENTION
Task: {1D4D0CF3-8052-4A0D-9E7C-19340F3CE458} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-04-25] (Microsoft Corporation)
Task: {1F090C00-8CD0-43C7-927E-7499FEA827AF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2015-04-25] (Microsoft Corporation)
Task: {1F766274-67B7-49C5-BFD5-97A15FDCD55D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {249FCD9F-C437-4B90-84D1-E79371D27F2E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4170533712-3209951924-2990677416-1001
Task: {2667185F-15CF-4B29-8A0C-EA9770FACCA4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Update_Reboot => C:\WINDOWS\system32\MusNotification.exe [2015-04-25] (Microsoft Corporation)
Task: {28A3880A-8173-4F19-B0AB-3A79B2E2775B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2CC1BF8C-CADC-4D3A-8817-2BFEF7F2525A} - System32\Tasks\sunsoft => c:\programdata\sunsoft\sunsoft.exe <==== ATTENTION
Task: {3372E547-3C55-4B4C-BC32-FED32EF5CEBD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\Windows\system32\usoclient.exe [2015-04-25] (Microsoft Corporation)
Task: {369C35D9-EE2F-4AD6-BDC6-7CDA930F687D} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-03-24] ()
Task: {3D0DE39F-3425-4AA9-ABD6-A5C69D967C0D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2015-04-25] (Microsoft Corporation)
Task: {3EE07FC3-0EE9-4172-88C4-50D13B2C763E} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\HypervisorFlightingTask
Task: {4C373C33-5B24-44E5-A35F-781C07E60292} - System32\Tasks\{0EA62DA0-FC74-44E4-A62F-7CAF16ECA6C3} => Firefox.exe http://ui.skype.com/ui/0/7.4.0.102/pt/abandoninstall?page=tsProgressBar
Task: {55932C01-117A-4591-89F6-651825B21D40} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
Task: {5E5FA58F-D29E-4935-AF9B-F969FB263D9E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
Task: {61F52CA4-AE43-4ADB-9F55-EE6681979D17} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
Task: {63A76DA8-FE79-444D-876D-F634AA4DC068} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {6C4CCD2A-224C-4B80-B23D-0C079B9E26C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-15] (Google Inc.)
Task: {7013D956-D379-4440-8CFC-D8A7D5F67DBD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {7065C992-DC59-4526-87A6-9E81CE17BF24} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_WnfDisplay => C:\windows\system32\MusNotification.exe [2015-04-25] (Microsoft Corporation)
Task: {71568F34-D9D9-4DCF-B16E-D0E7E686F507} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {72F56A2F-899A-43D3-B2F5-94C5EFE307F8} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-04-25] (Microsoft Corporation)
Task: {7307DC12-B7B5-4F31-A55F-E006BD32863E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-15] (Google Inc.)
Task: {82B68E5D-FE3D-468C-868E-C10A19D8DE0F} - System32\Tasks\SpeechRuntimeTask => C:\Windows\system32\speech_onecore\common\SpeechRuntime.exe [2015-04-25] (Microsoft Corporation)
Task: {84275B37-0405-4E07-BF27-713CCB996448} - \Microsoft\Windows\Setup\GWXTriggers\Logon No Task File <==== ATTENTION
Task: {85309F05-13F8-48CC-9316-1ACAE6128D5B} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
Task: {87B36780-A210-47EE-AE35-5B7BA65E0E1E} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
Task: {8EB36CCC-E381-4808-983A-4E426507085B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_RebootDisplay => C:\windows\system32\MusNotification.exe [2015-04-25] (Microsoft Corporation)
Task: {8FF4024B-0FD6-4237-9D79-D081D5BBC08F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2015-04-25] (Microsoft Corporation)
Task: {945BD0E7-A136-4661-BB75-6230CE303E1E} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{5f188bda-df3e-f24e-5f18-88bdadf32f6b}\setup_product_27839.exe <==== ATTENTION
Task: {AA82C409-384D-41B7-BDF3-895BFD8533DE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B4EBE053-5C1A-4804-A8F6-F7ED87155C46} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {B99288F4-48E8-4346-973F-16E0A60DCF70} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
Task: {BB202239-7D3D-4E7C-B0DE-720DE219D5AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {BE70B822-584C-4AA1-9A4A-C8C9C2CF75F9} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
Task: {C930CCDA-692A-4C46-B09C-E51F33BFB798} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2015-04-25] (Microsoft Corporation)
Task: {CBB9856A-0F14-47C0-828B-15C769CF1467} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-04-25] (Microsoft Corporation)
Task: {CE4ECD20-967E-4CFB-A818-294539D8B855} - System32\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} => C:\Program Files (x86)\CalendarTool\1.3.1.9718\InstallHelper.exe
Task: {D4FBCB18-1691-4A5B-8458-15C54D218609} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {DCA13A11-D481-461D-A203-6734CB1476E5} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-04-25] (Microsoft Corporation)
Task: {DD2AFC60-8BB1-44FB-8EA1-40B0FE8F412E} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\marco_000\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-14] ()
Task: {DE3A96B5-92D1-4FA7-954E-5425CBE85D57} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Update_RebootToast => C:\WINDOWS\system32\MusNotification.exe [2015-04-25] (Microsoft Corporation)
Task: {E367E84C-7C39-4380-BFAE-79F03370F221} - System32\Tasks\catalyst => c:\programdata\sunsoft\ccc.exe
Task: {E3D13D83-810C-49FF-9E9C-45D3F2C69833} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2015-04-25] (Microsoft Corporation)
Task: {EA3CFCE4-6750-4B62-B6AF-237F3A9E8B95} - System32\Tasks\Origin => C:\Users\marco_000\AppData\Roaming\Origin\update.vbe [2015-06-06] () <==== ATTENTION
Task: {EA447579-53AE-4BA7-9359-FB7EE8462376} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {EAC4A6E0-7043-4C4B-8076-FE24446437E0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\Windows\system32\MusNotification.exe [2015-04-25] (Microsoft Corporation)
Task: {F6D40E60-C987-49D3-9551-2D18F637208E} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-04-25] (Microsoft Corporation)
Task: {FAF8C5E1-116B-4DC2-A74D-0FAF958D5447} - System32\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD} => C:\Program Files (x86)\CalendarTool\1.3.1.9718\InstallHelper.exe
Task: {FB64AB47-950B-4268-A05B-F05BBAC1D0CD} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{5f188bda-df3e-f24e-5f18-88bdadf32f6b}\setup_product_27839.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\marco_000\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exeœ-RunCheckUpdate C:\Users\marco_000\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-25 00:15 - 2015-04-25 00:15 - 02211792 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-04-25 00:13 - 2015-04-25 00:13 - 00379904 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-04-25 00:15 - 2015-04-25 00:15 - 02211792 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-04-25 00:15 - 2015-04-25 00:15 - 02211792 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-25 00:13 - 2015-04-25 00:13 - 01894400 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.ActionCenter.dll
2015-04-25 00:13 - 2015-04-25 00:13 - 06630400 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll
2015-04-25 00:13 - 2015-04-25 00:13 - 01019392 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\JumpViewUI.dll
2015-04-25 00:15 - 2015-04-25 00:15 - 02211792 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-04-25 00:13 - 2015-04-25 00:13 - 00579072 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\BatteryFlyoutExperience.dll
2015-04-25 00:13 - 2015-04-25 00:13 - 00461824 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ClockFlyoutExperience.dll
2015-04-25 00:13 - 2015-04-25 00:13 - 02473984 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\DevicesFlowUI.dll
2015-04-25 00:13 - 2015-04-25 00:13 - 00457216 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-04-25 00:13 - 2015-04-25 00:13 - 01222656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\NetworkUX.dll
2015-04-25 00:13 - 2015-04-25 00:13 - 00313344 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-04-25 00:13 - 2015-04-25 00:13 - 00842752 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickConnectUI.dll
2015-05-24 01:45 - 2012-11-14 04:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-05-24 01:45 - 2012-11-14 04:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-06-14 14:59 - 2015-06-14 14:59 - 01591808 _____ () C:\Windows\Temp\lsass.exe
2015-06-14 14:59 - 2015-06-14 14:59 - 01563136 _____ () C:\Windows\Temp\svchost.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\marco_000\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreUIRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreUIRegistrar => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\santander.com.br -> www.santander.com.br
IE trusted site: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\santanderempresarial.com.br -> www.santanderempresarial.com.br
IE trusted site: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\santandernet.com.br -> www.santandernet.com.br
IE trusted site: HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\santandernetibe.com.br -> www.santandernetibe.com.br


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\marco_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: Service KMSELDI => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe"
HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-4170533712-3209951924-2990677416-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [UDP Query User{10B7D4EE-5911-4A30-84ED-13661861CEE3}C:\windows\syswow64\ftp.exe] => (Block) C:\windows\syswow64\ftp.exe
FirewallRules: [TCP Query User{1EFF4366-BCD6-44DD-BD51-4659899BEDD7}C:\windows\syswow64\ftp.exe] => (Block) C:\windows\syswow64\ftp.exe
FirewallRules: [{A93221CA-12B5-4028-B881-2B1D9951E579}] => (Allow) LPort=7935
FirewallRules: [{AB9B2905-B442-4CE0-B220-557D70AE0927}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{1B859C3A-B6A8-4305-8885-627E2812BD08}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{9D3D8A12-7186-47EE-AFC7-7ABF5396A4DE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{574D93DC-8A4D-471D-BD19-5D501BF1DF9B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{4F611619-21CC-47C6-BB1E-7F824B4B6C78}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A9FD555F-904F-4158-9279-E3A7996B8CCB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{5CC8EBCA-65F9-47A6-89B6-960BC23A827D}] => (Allow) LPort=1688
FirewallRules: [UDP Query User{2AFD1E63-EE77-4689-8841-26256C9DC999}C:\program files (x86)\neverwinter_pt\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_pt\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{1E4AACB8-DF33-4FBC-B415-999FD7C75B11}C:\program files (x86)\neverwinter_pt\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_pt\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{45C7749C-3F9F-4AC9-88CB-C139193C2BE1}C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{25D13140-7EAA-4E4E-9644-6F1605C540D1}C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe
FirewallRules: [{725E0556-F08B-449B-AE38-69EB1BA012F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{ECD04259-3466-4044-B45C-B124C6608961}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\dota.exe
FirewallRules: [{9FE98927-CFE9-45D7-BAF2-BAF6905EF421}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{86AECD47-EAB7-4EBE-948F-3269642DCE2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{3321B508-99F0-4C29-9158-B4C66A8DC815}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2015\DotP_D15.exe
FirewallRules: [{737BAA36-2891-4B8D-AF06-B28A847EBB04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2015\DotP_D15.exe
FirewallRules: [{F6D33988-F1F2-4816-BA0A-A013DA4FDCAD}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{4825CEFF-365D-4A84-8A16-E330389E5227}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{74727397-A66B-4DB0-BC7C-4205F5FCF872}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{01D3A6C7-FBB3-443A-A272-887798A61AAB}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [UDP Query User{EAA399DB-780A-4DB4-A090-5089FD3B27A1}C:\users\marco_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marco_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{94C55B92-B0C1-476A-A319-76CA22444FA0}C:\users\marco_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marco_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{42A30646-BD98-486E-996E-84571E0A6859}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8B3CC983-4488-41CF-B560-BE96C106570B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{72749387-9F3B-4D54-97AC-69866DF5FE67}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [TCP Query User{77F8CF59-DB33-4B7C-A8CD-44E190B349EF}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe
FirewallRules: [{405BAB9E-8143-49C1-B8AB-CA8770EA2AEB}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{8869B9DD-2E9B-46FA-9D0F-D29750B8E24E}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{FC30062E-EBAD-4CF9-B0E9-195ADA484FC0}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{575B5B80-4ED3-4DE2-8BC1-1219F35F5A34}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{F83E479A-DE35-4E36-81EC-D7C6163401EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms NA\Launcher.exe
FirewallRules: [{80C224B5-F17A-4439-AA2D-1F289A5D5DF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Ghost Recon Phantoms NA\Launcher.exe
FirewallRules: [{571CCD0A-506F-403D-89FD-AC56F44D8751}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{C65C4E56-1B64-4F0C-A3A7-FD79E35EE05D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{9E7A24CA-3412-4D6A-ACD6-08F3521E10D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{9DCEDE81-5404-4612-B5BC-C7911AB7EF20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{4752E7BE-0467-42C0-B10C-11B27ADAB6E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9B084896-A244-454E-A3D5-78AC4830A81B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{33354643-D16B-42E5-B676-FBE5EF2EF915}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6307ABAA-BDA2-43D3-887B-629A81931E7D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{838C0527-2A2C-465B-A4EC-A7831FD214EE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8E824E2C-7A76-423F-BB57-42DFB4F73471}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4E28F773-BF5B-453F-8A0D-5F3809804FCC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{20535B76-A687-4318-B329-DC5FA60AF474}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B54E6399-D405-4836-8556-45369700DF88}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{204661A9-6F5F-4C22-9887-FB8C8C8A8DC8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7536AB93-4262-4D49-AD56-FC8219B7E027}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C0A3863D-18BE-40D7-841C-C9ED74034B41}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{070D8A6D-9DCC-448E-90C4-59702A10F633}] => (Allow) C:\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{5A0F925F-B033-493D-89EB-AF56B5062443}] => (Allow) C:\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{D54CD74A-F169-4313-9061-3137EAD2DDB7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{10F82A98-8C20-41D9-92FE-740D125CA34D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D214A0D4-71C5-4F50-8933-40D029ABD96D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9AE17D6E-CB02-4E30-9BCB-F294861BFBB5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AFE63C93-77EB-4312-91F1-89AB0A5ED39B}] => (Allow) C:\Program Files (x86)\OBS\OBS.exe
FirewallRules: [{FB42FD7D-AF77-4B2A-9095-6044C8466487}] => (Allow) C:\Program Files (x86)\OBS\OBS.exe
FirewallRules: [{34126469-A712-4E86-9E70-4DA014DB1A78}] => (Allow) C:\Program Files (x86)\OBS\OBS.exe
FirewallRules: [{29C363E8-39CF-4F1D-9B6B-C73915A23E98}] => (Allow) C:\Program Files (x86)\OBS\OBS.exe

==================== Faulty Device Manager Devices =============

Name: Volume genérico
Description: Volume genérico
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Dispositivo de Entrada USB
Description: Dispositivo de Entrada USB
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Dispositivos padrão do sistema)
Service: HidUsb
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Headphone (VIA HD Audio)
Description: Ponto de Extremidade de Áudio
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Proxy de serviço de streaming Microsoft
Description: Proxy de serviço de streaming Microsoft
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: MSKSSRV
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Volume genérico
Description: Volume genérico
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Samsung M3 Portable USB Device
Description: Unidade de disco
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Unidades de disco padrão)
Service: disk
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: SAMSUNG Mobile USB Composite Device
Description: SAMSUNG Mobile USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: SAMSUNG Electronics Co., Ltd.
Service: dg_ssudbus
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Microsoft Virtual DVD-ROM
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Unidades de CD-ROM padrão)
Service: cdrom
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Microsoft Virtual DVD-ROM
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Unidades de CD-ROM padrão)
Service: cdrom
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Microsoft Virtual DVD-ROM
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Unidades de CD-ROM padrão)
Service: cdrom
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: SAMSUNG Mobile USB Modem
Description: SAMSUNG Mobile USB Modem
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: SAMSUNG Electronics Co., Ltd.
Service: Modem
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Cópia de sombra de volume genérica
Description: Cópia de sombra de volume genérica
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Cópia de sombra de volume genérica
Description: Cópia de sombra de volume genérica
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Cópia de sombra de volume genérica
Description: Cópia de sombra de volume genérica
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Monitor Genérico PnP
Description: Monitor Genérico PnP
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Tipos de monitor padrão)
Service: monitor
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Monitor Genérico PnP
Description: Monitor Genérico PnP
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Tipos de monitor padrão)
Service: monitor
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: SPDIF Interface (TX1) (VIA HD Audio(Win8.1))
Description: Ponto de Extremidade de Áudio
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Monitor Genérico não PnP
Description: Monitor Genérico não PnP
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Tipos de monitor padrão)
Service: monitor
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Volume genérico
Description: Volume genérico
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Monitor Genérico PnP
Description: Monitor Genérico PnP
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Tipos de monitor padrão)
Service: monitor
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Dispositivo USB Desconhecido (Falha na Solicitação de Descritor de Dispositivo)
Description: Dispositivo USB Desconhecido (Falha na Solicitação de Descritor de Dispositivo)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: WD Elements 1023 USB Device
Description: Unidade de disco
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Unidades de disco padrão)
Service: disk
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Conversor em T entre Coletores de streaming Microsoft
Description: Conversor em T entre Coletores de streaming Microsoft
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: MSTEE
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Dispositivo de Entrada USB
Description: Dispositivo de Entrada USB
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Dispositivos padrão do sistema)
Service: HidUsb
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: GAMEZ
Description: Elements 1023   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: WD      
Service: WUDFWpdFs
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Drivers de Áudio Confiáveis da Microsoft
Description: Drivers de Áudio Confiáveis da Microsoft
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: drmkaud
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Dispositivos padrão do sistema)
Service:
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: SAMSUNG Android ADB Interface
Description: SAMSUNG Android ADB Interface
Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b5128}
Manufacturer: SAMSUNG Electronics Co., Ltd.
Service: WinUSB
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Alto-falantes (VIA HD Audio(Win8.1))
Description: Ponto de Extremidade de Áudio
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: GT-I9505
Description: GT-I9505
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: samsung
Service: WUDFWpdMtp
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Dispositivos padrão do sistema)
Service:
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Proxy de gerenciador de qualidade de streaming Microsoft
Description: Proxy de gerenciador de qualidade de streaming Microsoft
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: MSPQM
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: 1 - SyncMaster (AMD High Definition Audio Device)
Description: Ponto de Extremidade de Áudio
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Volume genérico
Description: Volume genérico
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Volume genérico
Description: Volume genérico
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: D:\
Description: M3 Portable
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Samsung
Service: WUDFWpdFs
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Controlador de Loopback de VHD da Microsoft
Description: Controlador de Loopback de VHD da Microsoft
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vhdmp
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Volume genérico
Description: Volume genérico
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Samsung M3 Portable USB Device
Description: Unidade de disco
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Unidades de disco padrão)
Service: disk
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: SAMSUNG
Description: M3 Portable
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Samsung
Service: WUDFWpdFs
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Proxy do relógio de streaming Microsoft
Description: Proxy do relógio de streaming Microsoft
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: MSPCLOCK
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Microfone (VIA HD Audio(Win8.1))
Description: Ponto de Extremidade de Áudio
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.

Name: Conversor em T entre Coletores de streaming Microsoft
Description: Conversor em T entre Coletores de streaming Microsoft
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: MSTEE
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2015 03:03:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa searchui.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle Segurança e Manutenção.

ID do Processo: 52c

Hora de Início: 01d0a6cba6f3c7db

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.4.120_x64__8wekyb3d8bbwe\searchui.exe

ID do Relatório: 72b0c433-12bf-11e5-82c1-94de806776ce

Nome completo do pacote com falha: Microsoft.Cortana_1.4.4.120_x64__8wekyb3d8bbwe

ID do aplicativo relativo ao pacote com falha: CortanaUI

Error: (06/14/2015 02:52:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: dota.exe, versão: 0.0.0.0, carimbo de data/hora: 0x55601047
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0647ad50
ID do processo com falha: 0xd74
Hora de início do aplicativo com falha: 0xdota.exe0
Caminho do aplicativo com falha: dota.exe1
Caminho do módulo com falha: dota.exe2
ID do Relatório: dota.exe3
Nome completo do pacote com falha: dota.exe4
ID do aplicativo relativo ao pacote com falha: dota.exe5

Error: (06/14/2015 02:08:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Falha na ativação do aplicativo Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI com o erro: -2147023584. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (06/14/2015 02:08:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Falha na ativação do aplicativo Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI com o erro: -2147023584. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (06/14/2015 02:08:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Falha na ativação do aplicativo Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI com o erro: -2147023584. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (06/14/2015 02:08:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Falha na ativação do aplicativo Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI com o erro: -2147023584. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (06/14/2015 02:08:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Falha na ativação do aplicativo Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI com o erro: -2147023584. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (06/14/2015 02:08:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Falha na ativação do aplicativo Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI com o erro: -2147023584. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (06/14/2015 02:08:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Falha na ativação do aplicativo Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI com o erro: -2147023584. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (06/14/2015 02:08:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa SystemSettings.exe versão 10.0.10074.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle Segurança e Manutenção.

ID do Processo: f70

Hora de Início: 01d0a6c4713ed02a

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

ID do Relatório: b6155d9b-12b7-11e5-82be-94de806776ce

Nome completo do pacote com falha: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

ID do aplicativo relativo ao pacote com falha: microsoft.windows.immersivecontrolpanel


System errors:
=============
Error: (06/14/2015 02:56:57 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: AUTORIDADE NT)
Description: O serviço de log de eventos encontrou um erro ao inicializar recursos de publicação para o canal Microsoft-RMS-MSIPC/Debug. Se o tipo de canal for Analítico ou Depurar, isso poderá significar que também ocorreu um erro ao serem inicializados recursos de log.

Error: (06/14/2015 02:56:57 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: AUTORIDADE NT)
Description: O serviço de log de eventos encontrou um erro ao inicializar recursos de publicação para o canal DebugChannel. Se o tipo de canal for Analítico ou Depurar, isso poderá significar que também ocorreu um erro ao serem inicializados recursos de log.

Error: (06/14/2015 02:56:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Acesso a Dados de Usuário_Session1 foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (06/14/2015 02:56:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Armazenamento de Dados de Usuário_Session1 foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (06/14/2015 02:56:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Dados de Contato_Session1 foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (06/14/2015 02:56:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Host de Sincronização_Session1 foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (06/14/2015 02:40:43 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: AUTORIDADE NT)
Description: O serviço de log de eventos encontrou um erro ao inicializar recursos de publicação para o canal Microsoft-RMS-MSIPC/Debug. Se o tipo de canal for Analítico ou Depurar, isso poderá significar que também ocorreu um erro ao serem inicializados recursos de log.

Error: (06/14/2015 02:40:43 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: AUTORIDADE NT)
Description: O serviço de log de eventos encontrou um erro ao inicializar recursos de publicação para o canal DebugChannel. Se o tipo de canal for Analítico ou Depurar, isso poderá significar que também ocorreu um erro ao serem inicializados recursos de log.

Error: (06/14/2015 02:40:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Acesso a Dados de Usuário_Session1 foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (06/14/2015 02:40:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Armazenamento de Dados de Usuário_Session1 foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).


Microsoft Office:
=========================
Error: (06/14/2015 03:03:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: searchui.exe0.0.0.052c01d0a6cba6f3c7db4294967295C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.4.120_x64__8wekyb3d8bbwe\searchui.exe72b0c433-12bf-11e5-82c1-94de806776ceMicrosoft.Cortana_1.4.4.120_x64__8wekyb3d8bbweCortanaUI

Error: (06/14/2015 02:52:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dota.exe0.0.0.055601047unknown0.0.0.000000000c00000050647ad50d7401d0a6c9e805e0b7C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exeunknown7048a4d4-5586-4992-a3df-7e45914084c2

Error: (06/14/2015 02:08:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI-2147023584

Error: (06/14/2015 02:08:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI-2147023584

Error: (06/14/2015 02:08:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI-2147023584

Error: (06/14/2015 02:08:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI-2147023584

Error: (06/14/2015 02:08:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI-2147023584

Error: (06/14/2015 02:08:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI-2147023584

Error: (06/14/2015 02:08:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARCOS)
Description: Microsoft.Cortana_8wekyb3d8bbwe!CortanaUI-2147023584

Error: (06/14/2015 02:08:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemSettings.exe10.0.10074.0f7001d0a6c4713ed02a4294967295C:\Windows\ImmersiveControlPanel\SystemSettings.exeb6155d9b-12b7-11e5-82be-94de806776cewindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel


CodeIntegrity Errors:
===================================
  Date: 2015-06-13 15:09:25.919
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-12 23:27:08.190
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-11 23:55:58.448
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-11 17:00:57.354
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-10 23:41:23.568
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-10 10:24:11.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-10 01:24:23.327
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-09 19:49:42.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-07 17:22:56.804
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-07 14:04:33.936
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 8153.4 MB
Available physical RAM: 6297.09 MB
Total Pagefile: 9433.4 MB
Available Pagefile: 6796.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:602.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5B7586B3)

Partition: GPT Partition Type.

==================== End of log ============================
 
tHx!!

Edited by s3ng1r, 14 June 2015 - 04:06 PM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:37 PM

Posted 16 June 2015 - 12:06 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

I'll reply later today with a fix.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 s3ng1r

s3ng1r
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 16 June 2015 - 12:20 AM

Thank you for your attention friend
But I could not wait, just using eset tool that resolved the infection,
actually the pc was running a script C: \ Users \ marco_000 \ AppData \ Roaming \ Origin \ update.vbe that mining bitcoins

thank you for your attention again and
I apologize for not having waited

hugs


Edited by s3ng1r, 16 June 2015 - 12:20 AM.


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:37 PM

Posted 16 June 2015 - 12:27 AM

No worries. Please post fresh logs from FRST to check for leftovers.

Make sure that Addition.txt is checked before you press the Scan button and then post both logs in your next reply.

I'll catch you later today.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:37 PM

Posted 18 June 2015 - 03:09 AM

Hi,

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.
Thank you for your understanding! :)


Regards,
Georgi


cXfZ4wS.png


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:37 PM

Posted 21 June 2015 - 12:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users