Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WINDOWS 7 - "STOP: C0000135 The program can't start because %hs is mIssing..."


  • This topic is locked This topic is locked
32 replies to this topic

#1 Buriti

Buriti

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BRAGA - PORTUGAL
  • Local time:04:25 AM

Posted 04 March 2016 - 09:59 AM

Hi

 

I'd like to post here my problem. I've seen the same issue here but as i seen to that the solution could be diferent each other. My notebook is in loop and i tryed all recommendable way from windows repair, restore since a point and so on (I think this happend since last windows update ran). Safe mode its impossible to. I have not installation CD. So bad situation indeed. As i've seen here i ran FRST64.EXE and i got FRST.TXT and search LPK.DLL i got SEARCH.TXT both of them copy past below, I hope that you could help me if you don't mind:

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016

Ran by SYSTEM on MININT-NDBEL7Q (04-03-2016 12:11:38)
Running from G:\
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1699400 2015-12-17] (APN)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2857544 2016-02-15] ()
HKLM-x32\...\Run: [HDD Regenerator] => C:\Program Files (x86)\HDD Regenerator\Shell.exe [90336 2013-05-08] ()
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
HKU\Administrador\...\Run: [Viber] => C:\Users\Irondes2\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\Administrador\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\Administrador\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\Administrador\...\Run: [EpicScale] => 0
HKU\Administrador\...\Run: [BingSvc] => C:\Users\Administrador\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\Administrador\...\Run: [GoogleChromeAutoLaunch_AA1D516EF6240AC19E1773BD9997C981] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-09] (Google Inc.)
HKU\Administrador\...\Policies\system: [LogonHoursAction] 2
HKU\Administrador\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Convidado\...\Run: [Viber] => C:\Users\Irondes2\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\Convidado\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\Convidado\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\Convidado\...\Run: [EpicScale] => 0
HKU\Convidado\...\Run: [BingSvc] => C:\Users\Convidado\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\Convidado\...\Run: [GoogleChromeAutoLaunch_AA1D516EF6240AC19E1773BD9997C981] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-09] (Google Inc.)
HKU\Convidado\...\Run: [AVG-Secure-Search-Update_0116tb] => "C:\ProgramData\Avg_Update_0116tb\AVG-Secure-Search-Update_0116tb.exe" /PROMPT /CMPID=0116tb /mid=cae1f40bfe4847d1b778d1577575fb6a-4bddcff28daaca63085b547dbc60c7e6666242e3
HKU\Convidado\...\Policies\system: [LogonHoursAction] 2
HKU\Convidado\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Irondes\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\Irondes\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\Irondes\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\Irondes\...\Run: [Driver Updater] => "C:\Program Files (x86)\Carambis\Driver Updater\dupdater.exe" -minimized
HKU\Irondes\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Irondes\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\Irondes\...\Run: [Viber] => C:\Users\Irondes\AppData\Local\Viber\Viber.exe [936456 2013-12-02] ()
HKU\Irondes\...\Policies\system: [LogonHoursAction] 2
HKU\Irondes\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Irondes\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Irondes2\...\Run: [Viber] => C:\Users\Irondes2\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\Irondes2\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\Irondes2\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\Irondes2\...\Run: [EpicScale] => 0
HKU\Irondes2\...\Run: [BingSvc] => C:\Users\Irondes2\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-13] (© 2015 Microsoft Corporation)
HKU\Irondes2\...\Run: [GoogleChromeAutoLaunch_AA1D516EF6240AC19E1773BD9997C981] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-09] (Google Inc.)
HKU\Irondes2\...\Policies\system: [LogonHoursAction] 2
HKU\Irondes2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\TEMP\...\Run: [Viber] => C:\Users\Irondes2\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\TEMP\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\TEMP\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\TEMP\...\Run: [EpicScale] => 0
HKU\TEMP\...\Run: [BingSvc] => C:\Users\TEMP\AppData\Local\Microsoft\BingSvc\BingSvc.exe <===== ATTENTION
HKU\TEMP\...\Run: [GoogleChromeAutoLaunch_AA1D516EF6240AC19E1773BD9997C981] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-09] (Google Inc.)
HKU\TEMP\...\Policies\system: [LogonHoursAction] 2
HKU\TEMP\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: c:\progra~4\bitguard\271769~1.27\{c16c1~1\loader.dll => No File
AppInit_DLLs-x32: xC:\PROGRA~4\BitGuard\271769~1.27\{C16C1~1\bitguard.dll => No File
Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEO Cloud.lnk [2014-03-27]
ShortcutTarget: MEO Cloud.lnk -> C:\Program Files\MEOCloud\MEOCloud.exe (MEO)
Startup: C:\Users\Irondes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudPT.lnk [2012-12-18]
ShortcutTarget: CloudPT.lnk -> C:\Program Files (x86)\CloudPT\CloudPT.exe (No File)
Startup: C:\Users\Irondes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEO Cloud.lnk [2013-11-25]
ShortcutTarget: MEO Cloud.lnk -> C:\Program Files\MEOCloud\MEOCloud.exe (MEO)
Startup: C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Juice.lnk [2016-02-15]
ShortcutTarget: Juice.lnk -> C:\Program Files (x86)\Juice\Juice.exe ()
Startup: C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-07]
ShortcutTarget: MEGAsync.lnk ->  (No File)
Startup: C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEO Cloud.lnk [2014-03-17]
ShortcutTarget: MEO Cloud.lnk -> C:\Program Files\MEOCloud\MEOCloud.exe (MEO)
Startup: C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer 9.lnk [2014-04-30]
ShortcutTarget: TeamViewer 9.lnk -> E:\program files\teamviewer\version9\TeamViewer.exe (No File)
GroupPolicyUsers\S-1-5-21-3199600156-3158634051-3669152227-1003\User: Restriction <======= ATTENTION
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2013-07-09] (Apache Software Foundation)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2015-12-17] (APN LLC.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.)
S2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project)
S2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
S2 LVSrvLauncher; C:\Program Files (x86)\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-03-06] (Labtec Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
S2 meo; C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe [141480 2013-10-11] (PT Comunicacoes SA)
S3 meom; C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe [141480 2013-10-11] (PT Comunicacoes SA)
S2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 vToolbarUpdater40.2.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\ToolbarUpdater.exe [1936968 2016-02-15] (AVG Secure Search)
S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-15] ()
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
S4 BitGuard; C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [X]
S2 chromoting; "C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /svc [X]
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /medsvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-07] (AVG Technologies CZ, s.r.o.)
S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-18] (Avid, Inc. All rights reserved.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-03-03] (GAS Tecnologia)
S1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-11-10] (GAS Tecnologia)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
S3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-11-10] (GAS Tecnologia)
S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-12-18] (Avid, Inc. All rights reserved.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-18] (Avid, Inc. All rights reserved.)
S3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
S4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-02-19] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 52BD95CAA9CAE8977FE043E9AD6D2D0E
C:\Windows\System32\DRIVERS\avgdiska.sys FF641C4AD6F27902A7D3CA57BEAA8E80
C:\Windows\System32\DRIVERS\avgidsdrivera.sys 3EE2255BF7CDE034EF3D2977862B01B6
C:\Windows\System32\DRIVERS\avgidsha.sys 9208FEECE7B265529FDF4DAC7F7A1C7C
C:\Windows\System32\DRIVERS\avgldx64.sys D2E83AA008426FC9408272035E50D40B
C:\Windows\System32\DRIVERS\avgloga.sys 6BB3E78DE490503540DD93B9A733794D
C:\Windows\System32\DRIVERS\avgmfx64.sys 19397C0AE6483195D4CF939C7F82A6AF
C:\Windows\System32\DRIVERS\avgrkx64.sys 392339315A0738429B3C9E92A0F8F995
C:\Windows\System32\DRIVERS\avgtdia.sys E78505E4A45999570F380EAA87571239
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\drivers\dalwdm.sys EC4DC5382F53386002F9B74587321EAD
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\diginet.sys CC3B49B032527C7E7DFDAB8946E80E9C
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\gbpddfac64.sys 2C4EBDC89887B46652883224B017516E
C:\Windows\SysWOW64\drivers\gbpddfac64.sys 2C4EBDC89887B46652883224B017516E
C:\Windows\SysWOW64\drivers\gbpkm.sys 8F866DF9A974BFFDCB2001D303BC0695
C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys 6E7E53635127C96B52E0636F36D89D14
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MBX2DFU.sys 1466DDF0F0213592C9854DEE2B147B69
C:\Windows\System32\drivers\mbx2midk.sys DAC8C2266BCF42E5ED41673D96F4FE4B
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl64.sys EE00C544C025958AF50C7B199F3C8595
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr7364.sys 81B8D0C1CE44A7FDBD596B693783950C
C:\Windows\System32\DRIVERS\NETw5s64.sys 39EDE676D17F37AF4573C2B33EC28ACA
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC
C:\Windows\system32\DRIVERS\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\teamviewervpn.sys F5520DBB47C60EE83024B38720ABDA24
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Tpkd.sys 8DD33A57339ADAE34CDB12994ACBC50F
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys F957092C63CD71D85903CA0D8370F473
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vmbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Program Files (x86)\GbPlugin\wsftprp64.sys 9B06D67FEDAABE253A2A68B68F5CBD2A
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Program Files\Diebold\Warsaw\WinDivert64.sys F5FBAC91BCAF0DBD262F4F0B1FFE7C4E
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\wsddfac.sys 7BB7FEA480343902F6AC70284777D82C
C:\Windows\system32\drivers\wsddpp.sys 87CE496249B602827B4FBC00ADEA4E4D
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-26 15:29 - 2016-03-04 12:11 - 00000000 ____D C:\FRST
2016-02-23 20:03 - 2016-02-23 20:03 - 00000000 ____D C:\Temp
2016-02-18 07:37 - 2016-02-18 07:37 - 01651911 _____ C:\Users\Irondes2\Downloads\bios-20100225083938.zip
2016-02-18 06:43 - 2016-02-19 09:04 - 00000000 ____D C:\Program Files (x86)\Camera Assistant Software for Toshiba
2016-02-18 06:41 - 2016-02-18 06:41 - 00000000 ____D C:\Users\Irondes2\Downloads\webcam-20080728120744
2016-02-18 06:37 - 2016-02-18 06:39 - 22255545 _____ C:\Users\Irondes2\Downloads\webcam-20080728120744.zip
2016-02-18 02:23 - 2016-02-18 02:23 - 00000000 ____D C:\Users\Irondes2\Downloads\webcam-20091026094649
2016-02-17 03:54 - 2016-02-17 03:54 - 00000000 ____D C:\Users\Irondes2\Downloads\webcam-en-20090422172230 (1)
2016-02-17 02:56 - 2016-02-17 02:56 - 00003228 _____ C:\Windows\System32\Tasks\{1899EB9A-105D-4946-8A3D-8CAD1C432C74}
2016-02-17 02:29 - 2016-02-17 02:29 - 00000000 ____D C:\Program Files\Lexmark
2016-02-17 02:25 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2016-02-17 02:25 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2016-02-17 02:25 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2016-02-17 02:25 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2016-02-17 02:24 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2016-02-17 02:24 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-17 02:24 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2016-02-17 02:24 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-17 02:24 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2016-02-17 02:24 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-17 02:24 - 2014-05-14 01:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2016-02-17 02:24 - 2014-05-14 01:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-17 02:24 - 2014-05-14 01:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2016-02-17 02:24 - 2014-05-14 01:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-16 06:34 - 2016-02-16 06:34 - 00001042 _____ C:\Users\Public\Desktop\Tracktion 5.lnk
2016-02-16 06:34 - 2016-02-16 06:34 - 00000000 ____D C:\Program Files (x86)\Tracktion 5
2016-02-16 06:08 - 2016-02-16 06:08 - 00001980 _____ C:\Users\Public\Desktop\HDD Regenerator.lnk
2016-02-16 06:03 - 2016-02-16 06:03 - 08318088 _____ (Abstradrome ) C:\Users\Irondes2\Downloads\hr.exe
2016-02-15 14:11 - 2016-02-15 14:12 - 07246712 _____ (Tracktion Software Corp.) C:\Users\Irondes2\Downloads\TracktionInstall_5_4_3_Windows_32Bit (1).exe
2016-02-15 12:23 - 2016-02-15 12:23 - 00000000 ____D C:\Windows\usb-audio.deBehringer2902
2016-02-15 12:14 - 2009-10-30 04:39 - 00460864 _____ (BEHRINGER) C:\Windows\System32\Drivers\BUSB2902.sys
2016-02-15 12:14 - 2009-10-30 04:39 - 00049728 _____ (BEHRINGER) C:\Windows\System32\Drivers\busbwdm.sys
2016-02-15 12:13 - 2016-02-15 12:13 - 01544668 _____ C:\Users\Irondes2\Downloads\BEHRINGER USB DRIVER 2.6.40 - 32 and 64 bit.rar
2016-02-15 11:33 - 2016-02-15 13:07 - 00000000 ____D C:\Program Files (x86)\Podifier V
2016-02-15 11:33 - 2016-02-15 11:33 - 00003308 _____ C:\Windows\System32\Tasks\{5DDEED28-E80B-419D-A7F1-AD44D592FD2B}
2016-02-15 11:33 - 2016-02-15 11:33 - 00000000 __SHD C:\Windows\ftpcache
2016-02-15 11:31 - 2016-02-15 13:06 - 00000000 ____D C:\Program Files (x86)\Juice
2016-02-15 11:31 - 2016-02-15 12:31 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\iPodder
2016-02-15 11:25 - 2016-02-15 11:26 - 00507449 _____ C:\Users\Irondes2\Downloads\ASIO4ALL_2_13_Portuguese (1).exe
2016-02-15 09:14 - 2016-02-15 09:14 - 00000000 ____D C:\Users\Irondes2\Downloads\webcam-en-20090422172230
2016-02-15 09:11 - 2016-02-15 09:11 - 00003228 _____ C:\Windows\System32\Tasks\{4197E7E5-666C-4689-844B-909307FF1FC7}
2016-02-15 09:09 - 2016-02-15 09:11 - 22255939 _____ C:\Users\Irondes2\Downloads\webcam-en-20090422172230.zip
2016-02-15 07:59 - 2016-02-15 08:00 - 00000000 ____D C:\Users\Irondes2\AppData\Local\AVG Web TuneUp
2016-02-15 07:58 - 2016-02-15 08:00 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-02-15 07:58 - 2016-02-15 07:58 - 00000000 ____D C:\ProgramData\AVG Secure Search
2016-02-15 07:58 - 2016-02-15 07:58 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2016-02-15 07:58 - 2016-02-15 07:58 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-15 07:50 - 2016-02-15 07:50 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-15 07:47 - 2016-02-19 02:12 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-02-15 07:46 - 2016-02-15 07:49 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-15 07:44 - 2016-02-15 07:44 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Irondes2\Downloads\AVG_Protection_Free_1064.exe
2016-02-15 07:31 - 2016-02-15 07:31 - 00001198 _____ C:\Users\Irondes2\Desktop\Continuar a Instalação de Windows Loader.lnk
2016-02-15 04:30 - 2016-02-15 04:30 - 00000000 ____D C:\Users\Irondes2\Downloads\ativadores-wim-7
2016-02-15 04:04 - 2016-02-15 04:04 - 00003194 _____ C:\Windows\System32\Tasks\{CDFE6966-8522-4980-8741-CE2559CD06AB}
2016-02-15 04:02 - 2016-02-15 04:02 - 06453393 _____ C:\Users\Irondes2\Downloads\ativadores-wim-7.zip
2016-02-15 03:34 - 2016-02-15 11:24 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\WarThunder
2016-02-15 03:33 - 2016-02-15 03:33 - 00928541 _____ ( ) C:\Users\Irondes2\Downloads\Windows Loader.exe
2016-02-15 03:25 - 2016-02-15 03:25 - 01984272 _____ C:\Users\Irondes2\Downloads\winrar-x64-521pt.exe
2016-02-14 15:40 - 2016-02-15 04:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-14 15:05 - 2016-02-14 15:05 - 00841555 _____ C:\Users\Irondes2\Downloads\BEHRINGER_2902_X64_2.8.40.zip
2016-02-14 13:59 - 2016-02-14 14:14 - 00000000 ____D C:\Windows\System32\MRT
2016-02-14 13:59 - 2016-02-14 13:59 - 146614896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-02-14 13:49 - 2016-02-14 13:49 - 00000000 ____D C:\Windows\System32\SPReview
2016-02-14 13:48 - 2016-02-14 13:48 - 00000000 ____D C:\Windows\System32\EventProviders
2016-02-14 12:01 - 2013-10-27 03:07 - 00000000 ____D C:\Users\Irondes2\Downloads\MBR Regenerator v4.5
2016-02-14 11:59 - 2016-02-14 12:00 - 01046170 _____ C:\Users\Irondes2\Downloads\MBR Regenerator v4.5.rar
2016-02-12 08:54 - 2016-02-18 06:09 - 00000364 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2016-02-12 08:53 - 2016-02-18 02:34 - 00000000 ____D C:\Program Files\DIFX
2016-02-12 08:47 - 2016-02-12 08:51 - 02379054 _____ C:\Users\Irondes2\Downloads\CKF7010_20090908_FW6322_V3022C.zip
2016-02-12 07:50 - 2016-02-18 06:19 - 00000000 ____D C:\Program Files (x86)\DriverToolkit
2016-02-12 07:50 - 2016-02-12 07:50 - 00000000 ____D C:\Users\Irondes2\AppData\Local\DriverToolkit
2016-02-12 07:49 - 2016-02-12 07:50 - 02449376 _____ (Megaify Software ) C:\Users\Irondes2\Downloads\DriverToolkitInstaller.exe
2016-02-12 04:05 - 2016-02-12 04:05 - 00222600 _____ (TOSHIBA Europe GmbH) C:\Users\Irondes2\Downloads\TOSHIBA-193-detector.exe
2016-02-12 03:08 - 2016-02-12 03:08 - 00000652 _____ C:\Users\TEMP\Desktop\Audacity.lnk
2016-02-12 03:08 - 2016-02-12 03:08 - 00000652 _____ C:\Users\Irondes2\Desktop\Audacity.lnk
2016-02-12 03:08 - 2016-02-12 03:08 - 00000652 _____ C:\Users\Convidado\Desktop\Audacity.lnk
2016-02-12 03:08 - 2016-02-12 03:08 - 00000652 _____ C:\Users\Administrador\Desktop\Audacity.lnk
2016-02-12 03:02 - 2016-02-12 03:02 - 01098961 _____ (Igor Pavlov) C:\Users\Irondes2\Downloads\7z1514.exe
2016-02-12 02:42 - 2016-02-12 03:01 - 457776846 _____ C:\Users\Irondes2\Downloads\Win_AllSoftware.zip
2016-02-12 02:18 - 2016-02-15 11:26 - 00000806 _____ C:\Users\Irondes2\Desktop\ASIO4ALL v2 - Manual de Instruções.lnk
2016-02-12 02:16 - 2016-02-12 02:16 - 00507449 _____ C:\Users\Irondes2\Downloads\ASIO4ALL_2_13_Portuguese.exe
2016-02-11 06:23 - 2016-02-20 12:47 - 00000000 ____D C:\Users\Irondes2\Documents\TESTA TRACKTION
2016-02-11 06:09 - 2009-07-13 16:00 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksthunk.sys
2016-02-10 04:26 - 2016-02-10 04:28 - 07246712 _____ (Tracktion Software Corp.) C:\Users\Irondes2\Downloads\TracktionInstall_5_Windows_32Bit_latest (1).exe
2016-02-10 03:32 - 2016-02-20 12:47 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Tracktion 4
2016-02-10 03:03 - 2016-02-10 03:03 - 00153958 _____ C:\Users\Irondes2\Downloads\image2016-02-09-155145.pdf
2016-02-10 02:55 - 2016-02-10 03:09 - 00000000 ____D C:\Users\Irondes2\Documents\MESA MISTURA
2016-02-09 02:44 - 2016-02-09 02:44 - 05717369 _____ C:\Users\Irondes2\Downloads\Cache.mxc3
2016-02-08 13:57 - 2016-02-08 13:57 - 00011403 _____ C:\Users\Irondes2\Downloads\__64-ksthunk.sys6.2.9200.16384.zip
2016-02-08 06:10 - 2016-02-11 04:01 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\AVG
2016-02-08 06:09 - 2016-02-08 06:09 - 00000008 __RSH C:\Users\Convidado\ntuser.pol
2016-02-08 05:59 - 2016-02-08 05:59 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-02-08 05:59 - 2009-06-24 02:43 - 00831488 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2016-02-08 05:59 - 2008-02-04 12:00 - 00000176 _____ C:\Windows\System32\Drivers\RTHDAEQ1.dat
2016-02-08 05:59 - 2008-02-04 12:00 - 00000176 _____ C:\Windows\System32\Drivers\RTHDAEQ0.dat
2016-02-08 05:59 - 2008-01-18 09:45 - 00000852 _____ C:\Windows\System32\Drivers\RTKHDRC1.dat
2016-02-08 05:59 - 2008-01-18 09:45 - 00000852 _____ C:\Windows\System32\Drivers\RTKHDRC0.dat
2016-02-08 05:59 - 2008-01-18 09:45 - 00000520 _____ C:\Windows\System32\Drivers\RTEQEX1.dat
2016-02-08 05:59 - 2008-01-18 09:45 - 00000520 _____ C:\Windows\System32\Drivers\RTEQEX0.dat
2016-02-08 05:40 - 2016-02-08 05:40 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\driveridentifier
2016-02-08 05:19 - 2016-02-08 05:20 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\ViberPC
2016-02-08 05:18 - 2016-02-11 04:01 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\AVG
2016-02-08 04:27 - 2016-02-08 06:02 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-02-08 04:27 - 2016-02-08 05:59 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-02-08 04:27 - 2016-02-08 04:27 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\WinBatch
2016-02-08 04:27 - 2016-02-08 04:27 - 00000000 ____D C:\Program Files\Realtek
2016-02-08 04:27 - 2009-07-28 13:15 - 01356320 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2016-02-08 04:27 - 2009-07-28 13:15 - 00611360 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2016-02-08 04:27 - 2009-07-28 13:15 - 00332320 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2016-02-08 04:27 - 2009-07-28 13:14 - 01603104 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2016-02-08 04:27 - 2009-07-28 13:14 - 01167904 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2016-02-08 04:27 - 2009-07-28 13:14 - 00417824 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2016-02-08 04:27 - 2009-07-28 13:14 - 00149536 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2016-02-08 04:27 - 2009-07-28 13:14 - 00063008 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInst64.dll
2016-02-08 04:27 - 2009-07-28 13:00 - 01966624 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2016-02-08 04:27 - 2009-07-21 14:03 - 00294400 _____ (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2016-02-08 04:27 - 2009-06-24 10:29 - 01604128 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkHDM64.dll
2016-02-08 04:27 - 2009-06-24 10:29 - 01291808 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RHDMEx64.dll
2016-02-08 04:27 - 2009-06-24 10:29 - 00058912 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RHCoInst64.dll
2016-02-08 04:27 - 2009-06-24 10:23 - 00205472 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtHDMIVX.sys
2016-02-08 04:27 - 2009-04-16 02:13 - 00166400 _____ (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2016-02-08 04:27 - 2009-03-31 06:02 - 00108032 _____ (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2016-02-08 04:27 - 2009-03-08 21:32 - 00304640 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2016-02-08 04:27 - 2009-03-08 21:32 - 00304640 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RH3DAA64.dll
2016-02-08 04:27 - 2009-03-08 21:31 - 00304640 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RH3DHT64.dll
2016-02-08 04:27 - 2009-03-08 21:30 - 00304640 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2016-02-08 04:27 - 2008-11-09 03:57 - 00311296 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2016-02-08 04:27 - 2008-04-30 00:48 - 00193536 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2016-02-08 04:27 - 2007-07-25 01:34 - 00150528 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2016-02-08 04:27 - 2007-05-17 03:26 - 00211376 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2016-02-08 04:27 - 2006-12-13 02:30 - 00513536 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2016-02-08 03:27 - 2016-01-18 03:07 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2016-02-08 03:27 - 2016-01-18 03:07 - 00012720 _____ C:\Users\Irondes2\Documents\Driver Whiz-License.txt
2016-02-06 14:41 - 2016-02-06 14:41 - 00000000 ____D C:\Users\Irondes2\Downloads\Windows 7 - USB Audio Codec
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-03 10:18 - 2014-03-02 14:25 - 00000000 ____D C:\users\Irondes2
2016-03-03 10:18 - 2014-03-02 14:11 - 00000000 ____D C:\users\Administrador
2016-03-03 10:18 - 2014-02-09 11:37 - 00000000 ____D C:\users\TEMP
2016-03-03 10:18 - 2011-08-15 11:23 - 00000000 ____D C:\users\Convidado
2016-03-03 10:18 - 2011-08-15 11:12 - 00000000 ____D C:\users\Irondes
2016-03-03 10:18 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-03 10:18 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-03-03 10:18 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-03-03 10:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-03 10:18 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-03-03 10:18 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2016-03-03 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-03-03 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Dism
2016-03-03 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-03 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-03-03 10:17 - 2014-06-28 11:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-03-03 10:17 - 2014-03-17 13:27 - 00000000 ___RD C:\Users\Irondes2\MEOCloud
2016-03-03 10:17 - 2014-03-17 13:26 - 00000000 ____D C:\Users\Irondes2\AppData\Local\MEOCloud
2016-03-03 10:17 - 2011-08-16 10:45 - 00000000 ____D C:\ProgramData\MFAData
2016-03-03 10:17 - 2009-08-15 09:09 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-03-03 10:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-03-03 10:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\MUI
2016-03-03 10:17 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-03 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-03-03 10:12 - 2013-11-25 13:19 - 00000000 ____D C:\ProgramData\Real
2016-03-03 07:37 - 2013-11-23 12:38 - 00817814 _____ C:\Windows\ntbtlog.txt
2016-03-03 02:56 - 2015-11-28 09:26 - 00028888 _____ (GAS Tecnologia) C:\Windows\System32\Drivers\gbpddfac64.sys
2016-02-20 11:28 - 2014-05-05 13:04 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\ViberPC
2016-02-20 11:19 - 2011-08-21 13:11 - 00000000 ____D C:\ProgramData\GbPlugin
2016-02-19 14:17 - 2014-02-15 00:29 - 00000000 ___HD C:\Users\Irondes2\AppData\Local\aO0OSFD7
2016-02-19 10:11 - 2014-04-28 11:21 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 10:06 - 2009-07-13 20:45 - 00016944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-19 10:06 - 2009-07-13 20:45 - 00016944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-19 10:02 - 2013-06-25 13:25 - 00000000 ____D C:\ProgramData\Temp
2016-02-19 10:00 - 2015-11-22 12:49 - 00101080 _____ (GAS Tecnologia) C:\Windows\System32\Drivers\wsddfac.sys
2016-02-19 10:00 - 2014-04-28 11:21 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 10:00 - 2011-08-21 13:11 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-02-19 09:59 - 2013-10-11 12:23 - 00000966 _____ C:\Windows\Tasks\PTCUpdateTaskMachineCore.job
2016-02-19 09:59 - 2013-06-10 13:16 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-02-19 09:59 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-19 09:04 - 2014-11-23 12:58 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-02-19 08:56 - 2014-01-18 12:56 - 00000300 _____ C:\Windows\Tasks\SaveSense.job
2016-02-19 08:56 - 2014-01-18 12:56 - 00000300 _____ C:\Windows\Tasks\Funmoods.job
2016-02-19 08:42 - 2009-08-15 09:10 - 00670084 _____ C:\Windows\System32\prfh0816.dat
2016-02-19 08:42 - 2009-08-15 09:10 - 00130586 _____ C:\Windows\System32\prfc0816.dat
2016-02-19 08:42 - 2009-07-13 21:13 - 01513210 _____ C:\Windows\System32\PerfStringBackup.INI
2016-02-19 08:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2016-02-19 08:32 - 2012-03-30 06:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-19 08:28 - 2013-10-11 12:23 - 00000970 _____ C:\Windows\Tasks\PTCUpdateTaskMachineUA.job
2016-02-19 07:01 - 2013-10-20 05:22 - 00000280 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2016-02-19 04:15 - 2015-02-14 11:09 - 00000000 ____D C:\Program Files (x86)\HDD Regenerator
2016-02-19 01:49 - 2011-08-20 14:11 - 00000000 _____ C:\Users\Convidado\AppData\LocalLow\prvlcl.dat
2016-02-19 01:49 - 2011-08-16 11:53 - 00000000 _____ C:\Users\Irondes\AppData\LocalLow\prvlcl.dat
2016-02-18 06:25 - 2009-07-13 21:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-18 06:08 - 2011-08-15 13:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-18 03:32 - 2013-10-08 12:09 - 00000000 ____D C:\Program Files (x86)\Labtec
2016-02-17 13:19 - 2014-05-05 11:28 - 00000955 _____ C:\Users\Irondes2\SciTE.session
2016-02-17 13:14 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-02-17 06:22 - 2013-10-20 05:22 - 00000288 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2016-02-16 06:04 - 2015-02-14 11:05 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Downloaded Installations
2016-02-15 11:38 - 2014-05-28 10:41 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Digidesign
2016-02-15 07:59 - 2011-08-16 10:57 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2016-02-15 07:51 - 2014-11-29 01:44 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Avg
2016-02-15 07:50 - 2010-12-04 08:55 - 00000000 ___HD C:\$AVG
2016-02-15 07:47 - 2015-11-24 14:29 - 00000000 ____D C:\ProgramData\Avg
2016-02-15 07:47 - 2015-11-22 13:20 - 00000000 ____D C:\Users\Irondes2\AppData\Local\AvgSetupLog
2016-02-15 04:07 - 2012-12-09 14:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-15 03:26 - 2013-10-09 14:12 - 00000000 ____D C:\Program Files\WinRAR
2016-02-15 03:12 - 2014-03-24 14:14 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Skype
2016-02-14 14:35 - 2014-03-24 14:42 - 00000000 ____D C:\Users\Irondes2\AppData\Local\ElevatedDiagnostics
2016-02-14 14:29 - 2014-04-28 11:22 - 00002184 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-14 14:23 - 2009-07-13 20:45 - 00332224 _____ C:\Windows\System32\FNTCACHE.DAT
2016-02-14 14:20 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-02-14 14:20 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-02-14 14:19 - 2009-08-15 09:09 - 00000000 ____D C:\Windows\SysWOW64\pt
2016-02-14 14:19 - 2009-07-13 23:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2016-02-14 14:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-14 14:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-02-14 14:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-14 14:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-02-14 14:19 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-14 14:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-02-14 14:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-02-14 14:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-02-14 14:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2016-02-14 14:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-02-14 14:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2016-02-14 14:19 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-14 14:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Setup
2016-02-14 14:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2016-02-14 14:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\migwiz
2016-02-14 14:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\manifeststore
2016-02-14 14:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2016-02-14 13:58 - 2009-07-13 18:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2016-02-14 13:58 - 2009-07-13 18:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2016-02-14 13:08 - 2016-01-07 15:29 - 00000000 ___RD C:\Users\Irondes2\Documents\MEGA
2016-02-14 08:52 - 2014-05-05 13:05 - 00000000 ____D C:\Users\Irondes2\Documents\ViberDownloads
2016-02-12 06:32 - 2012-03-30 06:37 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-12 06:32 - 2012-03-30 06:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-12 06:32 - 2011-08-15 11:45 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-12 04:15 - 2008-07-02 22:42 - 00000000 ____D C:\Toshiba
2016-02-11 06:29 - 2011-09-25 10:58 - 00000000 ____D C:\ProgramData\Skype
2016-02-11 06:28 - 2014-10-09 13:23 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Skype
2016-02-11 06:28 - 2014-10-09 13:22 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-11 06:28 - 2011-09-25 10:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-11 04:01 - 2016-01-07 15:27 - 00000000 ____D C:\Users\Irondes2\AppData\Local\MEGAsync
2016-02-11 04:01 - 2015-12-28 13:57 - 00000000 ____D C:\Program Files\iTunes
2016-02-11 04:01 - 2014-03-02 14:33 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\uTorrent
2016-02-11 04:01 - 2013-11-25 13:46 - 00000000 ____D C:\ProgramData\Norton
2016-02-11 04:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2016-02-10 08:13 - 2014-11-29 01:44 - 00000000 ____D C:\Users\Convidado\AppData\Local\Avg
2016-02-10 08:13 - 2014-11-29 01:44 - 00000000 ____D C:\Users\Administrador\AppData\Local\Avg
2016-02-08 14:30 - 2013-10-08 13:00 - 00000000 ____D C:\ProgramData\Uniblue
2016-02-08 13:25 - 2011-09-11 11:12 - 00000000 ____D C:\Windows\Minidump
2016-02-08 08:14 - 2013-11-25 13:46 - 00000000 ____D C:\ProgramData\Symantec
2016-02-08 06:10 - 2014-08-21 09:32 - 00000000 ____D C:\Users\Convidado\AppData\Local\Apple Computer
2016-02-08 06:10 - 2014-02-13 14:48 - 00000000 ____D C:\Users\Convidado\AppData\Local\MEOCloud
2016-02-08 06:10 - 2012-07-07 07:36 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\Apple Computer
2016-02-08 05:35 - 2014-03-02 14:15 - 00090416 _____ C:\Users\Administrador\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-08 05:18 - 2014-11-01 12:34 - 00000000 ____D C:\Users\Administrador\AppData\Local\Apple Computer
2016-02-08 05:18 - 2014-03-02 14:14 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\Apple Computer
2016-02-07 11:10 - 2014-03-17 13:27 - 00000000 ___HD C:\Users\Irondes2\MEOCloud-cache
2016-02-03 13:06 - 2014-04-28 11:21 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-03 13:06 - 2014-04-28 11:21 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Files to move or delete:
====================
C:\ProgramData\lsass.exe
 
 
Some files in TEMP:
====================
C:\Users\Convidado\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Irondes\AppData\Local\Temp\.gbas.dll
C:\Users\Irondes\AppData\Local\Temp\130113_d.exe
C:\Users\Irondes\AppData\Local\Temp\130113_p.exe
C:\Users\Irondes\AppData\Local\Temp\130113_y.exe
C:\Users\Irondes\AppData\Local\Temp\APNStub.exe
C:\Users\Irondes\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe
C:\Users\Irondes\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Irondes\AppData\Local\Temp\DaleSearchTB.exe
C:\Users\Irondes\AppData\Local\Temp\gbplugin_ie_bb_setup.exe
C:\Users\Irondes\AppData\Local\Temp\GURDF94.exe
C:\Users\Irondes\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Irondes\AppData\Local\Temp\MixiYD2.exe
C:\Users\Irondes\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Irondes\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Irondes\AppData\Local\Temp\stubhelper.dll
C:\Users\Irondes\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Irondes\AppData\Local\Temp\utt99DA.tmp.exe
C:\Users\Irondes\AppData\Local\Temp\uttF49F.tmp.exe
C:\Users\Irondes2\AppData\Local\Temp\ICReinstall_Windows Loader.exe
C:\Users\Irondes2\AppData\Local\Temp\_is5041.exe
C:\Users\Irondes2\AppData\Local\Temp\_isA736.exe
C:\Users\Irondes2\AppData\Local\Temp\_isB4BE.exe
C:\Users\Irondes2\AppData\Local\Temp\_isD91F.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
Restore point date: 2016-02-18 02:12
Restore point date: 2016-02-18 02:33
Restore point date: 2016-02-18 02:56
Restore point date: 2016-02-18 03:19
Restore point date: 2016-02-18 03:30
Restore point date: 2016-02-18 06:08
Restore point date: 2016-02-18 06:21
Restore point date: 2016-02-18 06:43
Restore point date: 2016-02-19 08:57
Restore point date: 2016-02-19 10:14
Restore point date: 2016-02-25 14:09
 
==================== Memory info =========================== 
 
Percentage of memory in use: 14%
Total physical RAM: 4093.99 MB
Available physical RAM: 3483.54 MB
Total Virtual: 4092.14 MB
Available Virtual: 3478.53 MB
 
==================== Drives ================================
 
Drive c: (Vista) (Fixed) (Total:186.15 GB) (Free:13.54 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:184.99 GB) (Free:154.05 GB) NTFS
Drive e: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS
Drive g: (USB DISK) (Removable) (Total:14.9 GB) (Free:13.83 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 74371FF3)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=186.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 32A63E4B)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
 
 
LastRegBack: 2016-02-19 08:35
 
==================== End of FRST.txt ============================
 
SEARCH.TXT:
 

Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by SYSTEM (2016-03-04 14:26:47)
Running from G:\
Boot Mode: Recovery
 
================== Search Files: "lpk.dll" =============
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22589_none_abf5b7af710301e2\lpk.dll
[2011-04-15 07:54][2011-02-16 10:45] 0023552 ____A (Microsoft Corporation) 08F5BC2DC64C4D97931A28058F238D80
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22566_none_ac0856a970f57dfb\lpk.dll
[2011-02-12 04:11][2011-01-08 00:51] 0023552 ____A (Microsoft Corporation) 9259B5AD10104BB0847013A70A0A6F32
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22514_none_ac3c65b170cebf98\lpk.dll
[2010-12-14 14:41][2010-10-28 08:17] 0023552 ____A (Microsoft Corporation) 52212E87A6E94FB997728259D836D605
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22412_none_ac3a633770d08fc3\lpk.dll
[2010-06-13 13:45][2010-05-26 09:10] 0023552 ____A (Microsoft Corporation) A58A8CF30FBDB8969C24B0820B0F2976
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22247_none_ac1ef11970e467fb\lpk.dll
[2010-01-13 11:09][2009-10-19 05:48] 0023552 ____A (Microsoft Corporation) 7ABEC59B0338BAA1261190B89B2B90E6
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\lpk.dll
[2009-07-15 06:54][2009-06-15 06:58] 0023552 ____A (Microsoft Corporation) 6B0D35336B0AFED33BA4A42B5ABD3A3A
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18405_none_abbe991c57a81d34\lpk.dll
[2009-07-15 06:54][2009-06-15 06:52] 0023552 ____A (Microsoft Corporation) EB0E02749CE5C488741C9A0ABEAB5DEC
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18371_none_ab6ee69a57e47e48\lpk.dll
[2009-07-15 06:54][2009-06-15 06:52] 0023552 ____A (Microsoft Corporation) EB0E02749CE5C488741C9A0ABEAB5DEC
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18336_none_ab9f27bc57bf8d37\lpk.dll
[2009-07-15 06:54][2009-06-15 06:52] 0023552 ____A (Microsoft Corporation) EB0E02749CE5C488741C9A0ABEAB5DEC
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18262_none_ab7ab4ea57db7e87\lpk.dll
[2009-07-15 06:54][2009-06-15 06:52] 0023552 ____A (Microsoft Corporation) EB0E02749CE5C488741C9A0ABEAB5DEC
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\lpk.dll
[2009-07-15 06:54][2009-06-15 06:52] 0023552 ____A (Microsoft Corporation) EB0E02749CE5C488741C9A0ABEAB5DEC
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\lpk.dll
[2009-07-15 06:54][2009-06-15 06:52] 0023552 ____A (Microsoft Corporation) EB0E02749CE5C488741C9A0ABEAB5DEC
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18005_none_abbe918457a82898\lpk.dll
[2008-01-20 18:24][2008-01-20 18:24] 0023552 ____A (Microsoft Corporation) DD496299B7351E16E602FC4299345A33
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22854_none_aa2ab41973c8da38\lpk.dll
[2011-04-15 07:54][2011-02-16 07:04] 0023552 ____A (Microsoft Corporation) 0F1AF051D2B58411341B70360852AA36
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22830_none_aa3c52c973bc3cfa\lpk.dll
[2011-02-12 04:11][2011-01-07 23:35] 0023552 ____A (Microsoft Corporation) 53B04A1B4BB0C84B063AA7219083FC16
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22787_none_aa0d434d73de7ce9\lpk.dll
[2010-12-14 14:41][2010-10-28 06:37] 0023552 ____A (Microsoft Corporation) 61112C628C7883DD7F63D2DF6C6FF108
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22700_none_aa5cc0a773a3ec00\lpk.dll
[2010-06-13 13:45][2010-05-26 08:20] 0023552 ____A (Microsoft Corporation) 021F8740EFF00B65889FD1AD4C634498
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22544_none_aa357e5373c0c6d2\lpk.dll
[2010-01-13 11:09][2009-10-19 06:09] 0023552 ____A (Microsoft Corporation) 6223ACDEE46548B706EE8E8C51A985B0
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\lpk.dll
[2009-07-15 06:54][2009-06-15 07:22] 0023552 ____A (Microsoft Corporation) F1A7B85B64B75F49B728CF8D41BD2AB0
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18599_none_a97ad5445ac72e97\lpk.dll
[2008-01-20 18:24][2008-01-20 18:24] 0023552 ____A (Microsoft Corporation) DD496299B7351E16E602FC4299345A33
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18579_none_a990751c5ab6f6b5\lpk.dll
[2008-01-20 18:24][2008-01-20 18:24] 0023552 ____A (Microsoft Corporation) DD496299B7351E16E602FC4299345A33
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18547_none_a9aee44c5aa07034\lpk.dll
[2008-01-20 18:24][2008-01-20 18:24] 0023552 ____A (Microsoft Corporation) DD496299B7351E16E602FC4299345A33
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18482_none_a97ea1445ac5641e\lpk.dll
[2008-01-20 18:24][2008-01-20 18:24] 0023552 ____A (Microsoft Corporation) DD496299B7351E16E602FC4299345A33
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\lpk.dll
[2008-01-20 18:24][2008-01-20 18:24] 0023552 ____A (Microsoft Corporation) DD496299B7351E16E602FC4299345A33
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\lpk.dll
[2008-01-20 18:24][2008-01-20 18:24] 0023552 ____A (Microsoft Corporation) DD496299B7351E16E602FC4299345A33
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\lpk.dll
[2008-01-20 18:24][2008-01-20 18:24] 0023552 ____A (Microsoft Corporation) DD496299B7351E16E602FC4299345A33
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21142_none_a84d1555769c394e\lpk.dll
[2010-01-13 11:09][2009-10-19 06:17] 0024064 ____A (Microsoft Corporation) 1C8BB8BB211F8ADB8E51FC2FF5C411D6
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\lpk.dll
[2009-07-15 06:54][2009-06-15 07:04] 0024064 ____A (Microsoft Corporation) 829B85E6DC808A386C9BDF81A0273581
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2\lpk.dll
[2010-01-13 11:09][2009-10-19 06:39] 0024064 ____A (Microsoft Corporation) 7BE32E67440BB5B2205C5402A2FBDE25
 
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\lpk.dll
[2009-07-15 06:54][2009-06-15 07:23] 0024064 ____A (Microsoft Corporation) D78588659CD9CD55F9D242AAC3466F96
 
C:\Windows.old\Windows\System32\lpk.dll
[2009-07-15 06:54][2009-06-15 06:52] 0023552 ____A (Microsoft Corporation) EB0E02749CE5C488741C9A0ABEAB5DEC
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_12360787a598d69a\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21402_none_10f9b8f6c177b3cc\lpk.dll
[2013-10-11 13:52][2012-12-16 08:34] 0025600 ____A (Microsoft Corporation) BF6CDA72E4112DAC01E2ED8911C3FD74
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_10fcda1ac174d7f3\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_10c4c252c19f3c5e\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_109e822ec1bb2dae\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17194_none_1010c9a7a8a147db\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_10305b4da889affa\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_1046f5bda87899fa\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_107034d9a859f788\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_101cb471a89825ee\lpk.dll
[2009-07-13 15:25][2009-07-13 17:11] 0025600 ____A (Microsoft Corporation) 384721EF4024890092625E20CADFAF85
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_082d1b568a83a814\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_07e15d357138149f\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21402_none_06a50ea48d16f1d1\lpk.dll
[2013-10-11 13:52][2012-12-16 09:19] 0041472 ____A (Microsoft Corporation) 838BF2634A38B344B27AC080D76B28C2
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_06a82fc88d1415f8\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_067018008d3e7a63\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_0649d7dc8d5a6bb3\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17194_none_05bc1f55744085e0\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_05dbb0fb7428edff\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_05f24b6b7417d7ff\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_061b8a8773f9358d\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
X:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
X:\Windows\System32\lpk.dll
[2009-07-13 15:38][2009-07-13 17:41] 0041984 ____A (Microsoft Corporation) D202223587518B13D72D68937B7E3F70
 
====== End of Search ======

Edited by Orange Blossom, 04 March 2016 - 10:33 AM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 04 March 2016 - 08:00 PM

Hi Buriti :)

My name is Aura and I'll be assisting you with your issue. Please give me a few hours to review your logs and come up with a reply.

Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 05 March 2016 - 01:56 PM

Hi Buriti :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Can you insert your USB, boot back in the Recovery PE, open the command prompt and enter this command?
sfc /scannow /offbootdit=c:\ /offwindir=c:\
This will launch a SFC scan on your Windows partition, and it should look like this:
UYDKeFJ.png
If you receive an error message when launching the command, please let me know and type down what error message you're getting.

Once the scan completes (even if it stops at a % other than 100%), enter the command below please.
copy C:\Windows\logs\cbs\cbs.log G:\cbs.txt
This will create a file called cbs.txt on your USB. From another computer, try to attach this cbs.txt in your next reply. If you can't, upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Buriti

Buriti
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BRAGA - PORTUGAL
  • Local time:04:25 AM

Posted 07 March 2016 - 07:05 AM

Hi Aura

Thank you for wasting time with subject. The only way to get C:\ prompt is from System Recovery Options. I think there is a mistake in your subscrib. I did sfc /scannow /offbootdir=c:\ /offwindir=c:\ and a get this message:

"Windows Resource Protection could not start the repair service."

 

Thanks



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 07 March 2016 - 02:39 PM

The only way to get C:\ prompt is from System Recovery Options. I think there is a mistake in your subscrib.


The System Recovery Options is the Recovery PE :)
 

I did sfc /scannow /offbootdir=c:\ /offwindir=c:\ and a get this message:
"Windows Resource Protection could not start the repair service."


We'll go at another way then. Download the attached fixlist.txt on a clean computer, and move it on your USB where the FRST64.exe executable is. From there, plug in your USB in your problematic computer, then boot back in the Recovery PE and open the command prompt (I assume that you are able to get back in the Recovery PE and open the command prompt like you did before, if not, let me know and I'll post more detailled instructions).
[attachment=177666:fixlist.txt]
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button.
  • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.
After running the fix with FRST, are you able to boot normally? If not, are you able to boot in any Safe Mode?

Your next reply(ies) should include:
  • Copy/pasted content the fixlog.txt;
  • If after running the FRST fix, you are able to boot your computer normally, and/or in a Safe Mode;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 10 March 2016 - 07:42 AM

Hi Buriti :)

Are you still with me? Can you follow the instructions in my last post please?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Buriti

Buriti
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BRAGA - PORTUGAL
  • Local time:04:25 AM

Posted 10 March 2016 - 10:43 AM

Hi Aura  :clapping:

 

Thank for you post. I'm glad by the result.

Yes I still with you. I'd answered your post I don't know what happened. I'd said that I did what you recommended I got the log file (copy past bellow) then I booted and firstly I just could begin in safe mode. After that I booted again and evethings seems to be ok now.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by SYSTEM (2016-03-09 11:42:37) Run:1
Running from G:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_082d1b568a83a814\lpk.dll C:\Windows\System32\LPK.dll
Replace: C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll C:\Windows\SysWOW64\LPK.dll
*****************
 
"C:\Windows\System32\LPK.dll" => not found
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_082d1b568a83a814\lpk.dll copied successfully to C:\Windows\System32\LPK.dll
"C:\Windows\SysWOW64\LPK.dll" => not found
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll copied successfully to C:\Windows\SysWOW64\LPK.dll
 
==== End of Fixlog 11:42:38 ====

Edited by Buriti, 10 March 2016 - 10:44 AM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 10 March 2016 - 12:29 PM

Glad to see that the fix worked and that you can boot back normally :) Now, I would like you to grab a fresh pair of FRST logs so we can get started on the check-up. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Buriti

Buriti
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BRAGA - PORTUGAL
  • Local time:04:25 AM

Posted 11 March 2016 - 11:01 AM

Hi Aura

 

I ran FRST64.EXE and I did copy paste below both of them logs you asked:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Irondes2 (administrator) on IRONSAX (11-03-2016 14:23:50)
Running from H:\
Loaded Profiles: Irondes2 (Available Profiles: Irondes & Irondes2 & Administrador & Convidado)
Platform: Windows 7 Ultimate (X64) Language: Português (Portugal)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avid, Inc. All rights reserved.) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\ToolbarUpdater.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(© 2015 Microsoft Corporation) C:\Users\Irondes2\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Mega Limited) C:\Users\Irondes2\AppData\Local\MEGAsync\MEGAsync.exe
(MEO) C:\Program Files\MEOCloud\MEOCloud.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(PT) C:\Program Files\MEOCloud\meocloudd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1699400 2015-12-17] (APN)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2857544 2016-02-15] ()
HKLM-x32\...\Run: [HDD Regenerator] => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\...\Run: [EpicScale] => 0
HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\...\Run: [BingSvc] => C:\Users\Irondes2\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-13] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\...\Run: [GoogleChromeAutoLaunch_AA1D516EF6240AC19E1773BD9997C981] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-09] (Google Inc.)
HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-02-14] (Microsoft Corporation)
AppInit_DLLs: c:\progra~4\bitguard\271769~1.27\{c16c1~1\loader.dll => No File
AppInit_DLLs-x32: xC:\PROGRA~4\BitGuard\271769~1.27\{C16C1~1\bitguard.dll => No File
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk [2013-10-10]
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEO Cloud.lnk [2014-03-27]
ShortcutTarget: MEO Cloud.lnk -> C:\Program Files\MEOCloud\MEOCloud.exe (MEO)
Startup: C:\Users\Irondes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudPT.lnk [2012-12-18]
ShortcutTarget: CloudPT.lnk -> C:\Program Files (x86)\CloudPT\CloudPT.exe (No File)
Startup: C:\Users\Irondes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEO Cloud.lnk [2013-11-25]
ShortcutTarget: MEO Cloud.lnk -> C:\Program Files\MEOCloud\MEOCloud.exe (MEO)
Startup: C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Juice.lnk [2016-02-15]
ShortcutTarget: Juice.lnk -> C:\Program Files (x86)\Juice\Juice.exe ()
Startup: C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-07]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Irondes2\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEO Cloud.lnk [2014-03-17]
ShortcutTarget: MEO Cloud.lnk -> C:\Program Files\MEOCloud\MEOCloud.exe (MEO)
Startup: C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer 9.lnk [2014-04-30]
ShortcutTarget: TeamViewer 9.lnk -> E:\program files\teamviewer\version9\TeamViewer.exe (No File)
GroupPolicyUsers\S-1-5-21-3199600156-3158634051-3669152227-1003\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 88.214.178.2 88.214.178.1
Tcpip\..\Interfaces\{4AFDD951-6736-43FC-965B-4357F069BCB5}: [DhcpNameServer] 88.214.178.2 88.214.178.1
Tcpip\..\Interfaces\{5B53476E-D0EC-4A03-B8AD-E67E387B20C8}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={3B624FDF-0670-4FBF-BB9A-C7929E1B20D6}&mid=cae1f40bfe4847d1b778d1577575fb6a-4bddcff28daaca63085b547dbc60c7e6666242e3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116piz&pr=fr&d=2016-02-15 15:58:38&v=4.2.5.441&pid=wtu&sg=&sap=hp
URLSearchHook: HKLM-x32 - uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-3199600156-3158634051-3669152227-1004 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
SearchScopes: HKLM-x32 -> DefaultScope {60D8E6DE-F7D6-4736-B902-97526A27750B} URL = 
SearchScopes: HKU\S-1-5-21-3199600156-3158634051-3669152227-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3B624FDF-0670-4FBF-BB9A-C7929E1B20D6}&mid=cae1f40bfe4847d1b778d1577575fb6a-4bddcff28daaca63085b547dbc60c7e6666242e3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116piz&pr=fr&d=2016-02-15 15:58:38&v=4.2.5.441&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3199600156-3158634051-3669152227-1004 -> {DF474761-9B09-4D05-8002-B89B57146E26} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=pt_EU&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PT&apn_uid=51D874F8-009A-472D-B9EC-9EB426E54A9C&apn_sauid=816900DF-AC0A-4391-9D0D-AA1C697D8EEB
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-05] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-05] (Oracle Corporation)
BHO-x32: No Name -> {0f21b1e5-5afc-43c9-9c66-515046e92ec2} -> No File
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14] (Babylon BHO)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-05] (Oracle Corporation)
BHO-x32: dalesearch Helper Object -> {8F814E51-9FB6-4A8A-B137-D4485C8D6DDA} -> C:\Program Files (x86)\dalesearch\dalesearch\1.8.16.19\bh\dalesearch.dll [2013-03-19] (Montera Technologeis LTD)
BHO-x32: Programa Auxiliar de Início de Sessão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.5.441\AVG Web TuneUp.dll [2016-02-15] (AVG)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-03-31] (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-05] (Oracle Corporation)
BHO-x32: uTorrentBar_PT Toolbar -> {e0301295-ab3e-4af3-979f-3d453c5f9f48} -> C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll [2013-07-09] (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14] (Babylon Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-03-31] (Ask)
Toolbar: HKLM-x32 - dalesearch Toolbar - {81F88FCF-3CB0-4D17-84E1-9A6CEDEE192A} - C:\Program Files (x86)\dalesearch\dalesearch\1.8.16.19\dalesearchTlbr.dll [2013-03-19] (Montera Technologeis LTD)
Toolbar: HKLM-x32 - uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll [2013-07-09] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-3199600156-3158634051-3669152227-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3199600156-3158634051-3669152227-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3199600156-3158634051-3669152227-1004 -> No Name - {E0301295-AB3E-4AF3-979F-3D453C5F9F48} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Irondes2\AppData\Roaming\Mozilla\Firefox\Profiles\k6yglrq0.default-1425509198381
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-12] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.5\\npsitesafety.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-11-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-11-25] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.telecom.pt/PTC Update;version=3 -> C:\Program Files (x86)\PTC\Update\1.3.25.0\npMEOCloudUpdate3.dll [2013-10-11] (PT Comunicacoes SA)
FF Plugin-x32: @tools.telecom.pt/PTC Update;version=9 -> C:\Program Files (x86)\PTC\Update\1.3.25.0\npMEOCloudUpdate3.dll [2013-10-11] (PT Comunicacoes SA)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3199600156-3158634051-3669152227-1004: gastecnologia.com.br/sf/bb -> C:\Users\Irondes2\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-05-15] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3199600156-3158634051-3669152227-1004: gastecnologia.com.br/sf/bb64 -> C:\Users\Irondes2\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-06-04] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3199600156-3158634051-3669152227-1004: gastecnologia.com.br/sf/gas64 -> C:\Users\Irondes2\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [No File]
FF SearchPlugin: C:\Users\Irondes2\AppData\Roaming\Mozilla\Firefox\Profiles\k6yglrq0.default-1425509198381\searchplugins\askcom.xml [2016-01-06]
FF SearchPlugin: C:\Users\Irondes2\AppData\Roaming\Mozilla\Firefox\Profiles\k6yglrq0.default-1425509198381\searchplugins\avg-secure-search.xml [2016-02-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-12-11]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-02-15]
FF Extension: AVG Web TuneUp - C:\Users\Irondes2\AppData\Roaming\Mozilla\Firefox\Profiles\k6yglrq0.default-1425509198381\Extensions\avg@toolbar.xpi [2016-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Irondes2\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Irondes2\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-09-21] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1431860604&z=058eea94432d86773192c54gaz3cdg3b0qdedw7t7t&from=obw&uid=ST500DM002-1BD142_Z6EAZKYM"
CHR Profile: C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-21]
CHR Extension: (Google Drive) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04]
CHR Extension: (MEGA) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-03-11]
CHR Extension: (YouTube) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (AVG Secure Search) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-02-15]
CHR Extension: (Google Search) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Calculator) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2016-01-30]
CHR Extension: (Bing) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-10-17]
CHR Extension: (Toned Ear: Ear Training) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpijngedadhbellbphgchlajchlojnje [2016-01-14]
CHR Extension: (Documentos Google off-line) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (AdBlock) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-11]
CHR Extension: (RealDownloader) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-09-21]
CHR Extension: (Twinoo Brain Training - Test your Brain) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\igippnbkniajgjmfiklnjokigepheabp [2015-03-02]
CHR Extension: (Math Motorway) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdihnhedcafgpbbbbiohamlkbbjlifdb [2015-03-02]
CHR Extension: (Televisão online) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\libolgjejdokaflkfbefhpnhpfkgallp [2015-03-02]
CHR Extension: (Skype) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-29]
CHR Extension: (Ask Search) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-09-21]
CHR Extension: (iLivid) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-09-21]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-25]
CHR Extension: (Piano Virtual) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\oanofegliaibpfkffbpjniogdgmelija [2015-03-02]
CHR Extension: (Links Úteis) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooeniaahogpfjpekbplbgnfmpfacebad [2016-02-15]
CHR Extension: (Gmail) - C:\Users\Irondes2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKLM\...\Chrome\Extension: [aaaajdliedpjcjjjimajfegpmcmkcdca] - C:\ProgramData\AskPartnerNetwork\Toolbar\NDV-V7\CRX\ToolbarCR.crx [2016-01-12]
CHR HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\Irondes2\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [aaaajdliedpjcjjjimajfegpmcmkcdca] - C:\ProgramData\AskPartnerNetwork\Toolbar\NDV-V7\CRX\ToolbarCR.crx [2016-01-12]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Irondes\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2013-03-31]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Irondes\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]
CHR HKLM-x32\...\Chrome\Extension: [mdebcffgnijbblbinknkbefciofebcda] - C:\Users\Irondes\AppData\Local\CRE\mdebcffgnijbblbinknkbefciofebcda.crx [2013-09-04]
CHR HKLM-x32\...\Chrome\Extension: [pialekdjmfmckiccfkgbbgphficjdekh] - C:\Users\Irondes\AppData\Roaming\BabSolution\CR\dalesearch.crx [2013-10-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2013-07-10] (Apache Software Foundation) [File not signed]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2015-12-17] (APN LLC.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.) [File not signed]
S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-12-18] (Avid, Inc. All rights reserved.) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG) [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
S2 LVSrvLauncher; C:\Program Files (x86)\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-03-06] (Labtec Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
S2 meo; C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe [141480 2013-10-11] (PT Comunicacoes SA) [File not signed]
S3 meom; C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe [141480 2013-10-11] (PT Comunicacoes SA) [File not signed]
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-07-09] (PACE Anti-Piracy, Inc.) [File not signed]
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 vToolbarUpdater40.2.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\ToolbarUpdater.exe [1936968 2016-02-15] (AVG Secure Search)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-15] ()
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
S4 BitGuard; C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [X]
S2 chromoting; "C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /svc [X]
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /medsvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-18] (Avid, Inc. All rights reserved.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-03-03] (GAS Tecnologia)
S1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-11-10] (GAS Tecnologia)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-11-10] (GAS Tecnologia)
S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-12-18] (Avid, Inc. All rights reserved.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-18] (Avid, Inc. All rights reserved.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2016-03-11] (SlimWare Utilities, Inc.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-02-19] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-11 11:35 - 2016-03-11 11:35 - 01154672 _____ (SlimWare Utilities, Inc.) C:\Users\Irondes2\Downloads\AVG_Driver_Updater_Setup_15_1.exe
2016-03-11 11:35 - 2016-03-11 11:35 - 00025608 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2016-03-11 11:35 - 2016-03-11 11:35 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2016-03-11 11:35 - 2016-03-11 11:35 - 00000000 ____D C:\Users\Irondes2\AppData\Local\AVG Netherlands BV
2016-03-10 10:56 - 2016-03-10 10:56 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Viber Media S.à r.l
2016-03-09 21:40 - 2016-03-09 21:40 - 00003114 _____ C:\Windows\System32\Tasks\{A5889752-30FD-434A-BA18-96FCE2226308}
2016-03-09 19:42 - 2009-07-14 01:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\LPK.dll
2016-03-09 19:42 - 2009-07-14 01:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
2016-03-09 17:06 - 2016-03-09 17:06 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0.bak
2016-03-09 17:06 - 2016-03-09 17:06 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0.bak
2016-02-26 23:29 - 2016-03-11 14:23 - 00000000 ____D C:\FRST
2016-02-24 04:03 - 2016-03-07 23:08 - 00000000 ____D C:\Temp
2016-02-18 15:37 - 2016-02-18 15:37 - 01651911 _____ C:\Users\Irondes2\Downloads\bios-20100225083938.zip
2016-02-18 14:43 - 2016-02-19 17:04 - 00000000 ____D C:\Program Files (x86)\Camera Assistant Software for Toshiba
2016-02-18 14:41 - 2016-02-18 14:41 - 00000000 ____D C:\Users\Irondes2\Downloads\webcam-20080728120744
2016-02-18 14:37 - 2016-02-18 14:39 - 22255545 _____ C:\Users\Irondes2\Downloads\webcam-20080728120744.zip
2016-02-18 10:23 - 2016-02-18 10:23 - 00000000 ____D C:\Users\Irondes2\Downloads\webcam-20091026094649
2016-02-17 11:54 - 2016-02-17 11:54 - 00000000 ____D C:\Users\Irondes2\Downloads\webcam-en-20090422172230 (1)
2016-02-17 10:56 - 2016-02-17 10:56 - 00003228 _____ C:\Windows\System32\Tasks\{1899EB9A-105D-4946-8A3D-8CAD1C432C74}
2016-02-17 10:29 - 2016-02-17 10:29 - 00000000 ____D C:\Program Files\Lexmark
2016-02-17 10:25 - 2014-05-14 16:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-17 10:25 - 2014-05-14 16:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-17 10:25 - 2014-05-14 16:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-17 10:25 - 2014-05-14 16:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-17 10:24 - 2014-05-14 16:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-17 10:24 - 2014-05-14 16:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-17 10:24 - 2014-05-14 16:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-17 10:24 - 2014-05-14 16:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-17 10:24 - 2014-05-14 16:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-17 10:24 - 2014-05-14 16:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-17 10:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-17 10:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-17 10:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-17 10:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-16 14:34 - 2016-03-11 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracktion 5
2016-02-16 14:34 - 2016-02-16 14:34 - 00001042 _____ C:\Users\Public\Desktop\Tracktion 5.lnk
2016-02-16 14:34 - 2016-02-16 14:34 - 00000000 ____D C:\Program Files (x86)\Tracktion 5
2016-02-16 14:03 - 2016-02-16 14:03 - 08318088 _____ (Abstradrome ) C:\Users\Irondes2\Downloads\hr.exe
2016-02-15 22:11 - 2016-02-15 22:12 - 07246712 _____ (Tracktion Software Corp.) C:\Users\Irondes2\Downloads\TracktionInstall_5_4_3_Windows_32Bit (1).exe
2016-02-15 20:23 - 2016-02-15 20:23 - 00000000 ____D C:\Windows\usb-audio.deBehringer2902
2016-02-15 20:14 - 2009-10-30 12:39 - 00460864 _____ (BEHRINGER) C:\Windows\system32\Drivers\BUSB2902.sys
2016-02-15 20:14 - 2009-10-30 12:39 - 00049728 _____ (BEHRINGER) C:\Windows\system32\Drivers\busbwdm.sys
2016-02-15 20:13 - 2016-02-15 20:13 - 01544668 _____ C:\Users\Irondes2\Downloads\BEHRINGER USB DRIVER 2.6.40 - 32 and 64 bit.rar
2016-02-15 19:34 - 2016-02-15 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PodNova
2016-02-15 19:33 - 2016-02-15 21:07 - 00000000 ____D C:\Program Files (x86)\Podifier V
2016-02-15 19:33 - 2016-02-15 19:33 - 00003308 _____ C:\Windows\System32\Tasks\{5DDEED28-E80B-419D-A7F1-AD44D592FD2B}
2016-02-15 19:33 - 2016-02-15 19:33 - 00000000 __SHD C:\Windows\ftpcache
2016-02-15 19:33 - 2016-02-15 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Podifier V
2016-02-15 19:31 - 2016-02-15 21:06 - 00000000 ____D C:\Program Files (x86)\Juice
2016-02-15 19:31 - 2016-02-15 20:31 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\iPodder
2016-02-15 19:31 - 2016-02-15 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juice
2016-02-15 19:25 - 2016-02-15 19:26 - 00507449 _____ C:\Users\Irondes2\Downloads\ASIO4ALL_2_13_Portuguese (1).exe
2016-02-15 17:14 - 2016-02-15 17:14 - 00000000 ____D C:\Users\Irondes2\Downloads\webcam-en-20090422172230
2016-02-15 17:11 - 2016-02-15 17:11 - 00003228 _____ C:\Windows\System32\Tasks\{4197E7E5-666C-4689-844B-909307FF1FC7}
2016-02-15 17:09 - 2016-02-15 17:11 - 22255939 _____ C:\Users\Irondes2\Downloads\webcam-en-20090422172230.zip
2016-02-15 15:59 - 2016-02-15 16:00 - 00000000 ____D C:\Users\Irondes2\AppData\Local\AVG Web TuneUp
2016-02-15 15:58 - 2016-02-15 16:00 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-02-15 15:58 - 2016-02-15 15:58 - 00000000 ____D C:\ProgramData\AVG Secure Search
2016-02-15 15:58 - 2016-02-15 15:58 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2016-02-15 15:58 - 2016-02-15 15:58 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-15 15:50 - 2016-02-15 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-15 15:50 - 2016-02-15 15:50 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-15 15:47 - 2016-03-11 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-15 15:47 - 2016-02-19 10:12 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-02-15 15:46 - 2016-02-15 15:49 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-15 15:44 - 2016-02-15 15:44 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Irondes2\Downloads\AVG_Protection_Free_1064.exe
2016-02-15 12:30 - 2016-02-15 12:30 - 00000000 ____D C:\Users\Irondes2\Downloads\ativadores-wim-7
2016-02-15 12:04 - 2016-02-15 12:04 - 00003194 _____ C:\Windows\System32\Tasks\{CDFE6966-8522-4980-8741-CE2559CD06AB}
2016-02-15 12:02 - 2016-02-15 12:02 - 06453393 _____ C:\Users\Irondes2\Downloads\ativadores-wim-7.zip
2016-02-15 11:34 - 2016-02-15 19:24 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\WarThunder
2016-02-15 11:26 - 2016-02-15 11:26 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-15 11:26 - 2016-02-15 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-15 11:25 - 2016-02-15 11:25 - 01984272 _____ C:\Users\Irondes2\Downloads\winrar-x64-521pt.exe
2016-02-14 23:40 - 2016-02-15 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-14 23:05 - 2016-02-14 23:05 - 00841555 _____ C:\Users\Irondes2\Downloads\BEHRINGER_2902_X64_2.8.40.zip
2016-02-14 21:59 - 2016-02-14 22:14 - 00000000 ____D C:\Windows\system32\MRT
2016-02-14 21:59 - 2016-02-14 21:59 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-14 21:49 - 2016-02-14 21:49 - 00000000 ____D C:\Windows\system32\SPReview
2016-02-14 21:48 - 2016-02-14 21:48 - 00000000 ____D C:\Windows\system32\EventProviders
2016-02-14 20:01 - 2013-10-27 11:07 - 00000000 ____D C:\Users\Irondes2\Downloads\MBR Regenerator v4.5
2016-02-14 19:59 - 2016-02-14 20:00 - 01046170 _____ C:\Users\Irondes2\Downloads\MBR Regenerator v4.5.rar
2016-02-12 16:54 - 2016-02-18 14:09 - 00000364 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2016-02-12 16:53 - 2016-02-18 10:34 - 00000000 ____D C:\Program Files\DIFX
2016-02-12 16:47 - 2016-02-12 16:51 - 02379054 _____ C:\Users\Irondes2\Downloads\CKF7010_20090908_FW6322_V3022C.zip
2016-02-12 15:50 - 2016-02-18 14:19 - 00000000 ____D C:\Program Files (x86)\DriverToolkit
2016-02-12 15:50 - 2016-02-12 15:50 - 00000000 ____D C:\Users\Irondes2\AppData\Local\DriverToolkit
2016-02-12 15:49 - 2016-02-12 15:50 - 02449376 _____ (Megaify Software ) C:\Users\Irondes2\Downloads\DriverToolkitInstaller.exe
2016-02-12 12:05 - 2016-02-12 12:05 - 00222600 _____ (TOSHIBA Europe GmbH) C:\Users\Irondes2\Downloads\TOSHIBA-193-detector.exe
2016-02-12 11:08 - 2016-02-12 11:08 - 00000652 _____ C:\Users\TEMP\Desktop\Audacity.lnk
2016-02-12 11:08 - 2016-02-12 11:08 - 00000652 _____ C:\Users\Irondes2\Desktop\Audacity.lnk
2016-02-12 11:08 - 2016-02-12 11:08 - 00000652 _____ C:\Users\Convidado\Desktop\Audacity.lnk
2016-02-12 11:08 - 2016-02-12 11:08 - 00000652 _____ C:\Users\Administrador\Desktop\Audacity.lnk
2016-02-12 11:03 - 2016-02-12 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-02-12 11:02 - 2016-02-12 11:02 - 01098961 _____ (Igor Pavlov) C:\Users\Irondes2\Downloads\7z1514.exe
2016-02-12 10:42 - 2016-02-12 11:01 - 457776846 _____ C:\Users\Irondes2\Downloads\Win_AllSoftware.zip
2016-02-12 10:18 - 2016-02-15 19:26 - 00000806 _____ C:\Users\Irondes2\Desktop\ASIO4ALL v2 - Manual de Instruções.lnk
2016-02-12 10:18 - 2016-02-15 19:26 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2016-02-12 10:16 - 2016-02-12 10:16 - 00507449 _____ C:\Users\Irondes2\Downloads\ASIO4ALL_2_13_Portuguese.exe
2016-02-11 14:28 - 2016-02-11 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-11 14:23 - 2016-02-20 20:47 - 00000000 ____D C:\Users\Irondes2\Documents\TESTA TRACKTION
2016-02-11 14:09 - 2009-07-14 00:00 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys
2016-02-10 12:26 - 2016-02-10 12:28 - 07246712 _____ (Tracktion Software Corp.) C:\Users\Irondes2\Downloads\TracktionInstall_5_Windows_32Bit_latest (1).exe
2016-02-10 11:32 - 2016-02-20 20:47 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Tracktion 4
2016-02-10 11:03 - 2016-02-10 11:03 - 00153958 _____ C:\Users\Irondes2\Downloads\image2016-02-09-155145.pdf
2016-02-10 10:55 - 2016-02-10 11:09 - 00000000 ____D C:\Users\Irondes2\Documents\MESA MISTURA
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-11 18:02 - 2015-11-06 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-11 18:02 - 2014-06-28 19:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-03-11 18:02 - 2014-03-02 22:11 - 00000000 ____D C:\Users\Administrador
2016-03-11 18:02 - 2014-02-09 19:37 - 00000000 ____D C:\Users\TEMP
2016-03-11 18:02 - 2011-08-15 19:23 - 00000000 ____D C:\Users\Convidado
2016-03-11 18:02 - 2011-08-15 19:12 - 00000000 ____D C:\Users\Irondes
2016-03-11 18:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2016-03-11 18:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\AppCompat
2016-03-11 18:00 - 2013-11-25 21:19 - 00000000 ____D C:\ProgramData\Real
2016-03-11 14:14 - 2011-08-16 18:45 - 00000000 ____D C:\ProgramData\MFAData
2016-03-11 14:11 - 2014-04-28 19:21 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-11 13:56 - 2014-01-18 20:56 - 00000300 _____ C:\Windows\Tasks\SaveSense.job
2016-03-11 13:56 - 2014-01-18 20:56 - 00000300 _____ C:\Windows\Tasks\Funmoods.job
2016-03-11 13:32 - 2012-03-30 14:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-11 13:28 - 2013-10-11 20:23 - 00000970 _____ C:\Windows\Tasks\PTCUpdateTaskMachineUA.job
2016-03-11 12:28 - 2009-07-14 04:45 - 00005984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-11 12:28 - 2009-07-14 04:45 - 00005984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-11 12:25 - 2009-08-15 17:10 - 00674366 _____ C:\Windows\system32\prfh0816.dat
2016-03-11 12:25 - 2009-08-15 17:10 - 00134676 _____ C:\Windows\system32\prfc0816.dat
2016-03-11 12:25 - 2009-07-14 05:13 - 01530674 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-11 12:25 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-03-11 12:22 - 2014-03-17 21:26 - 00000000 ____D C:\Users\Irondes2\AppData\Local\MEOCloud
2016-03-11 12:20 - 2014-03-17 21:27 - 00000000 ___RD C:\Users\Irondes2\MEOCloud
2016-03-11 12:19 - 2014-04-28 19:21 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-11 12:19 - 2013-10-11 20:23 - 00000966 _____ C:\Windows\Tasks\PTCUpdateTaskMachineCore.job
2016-03-11 12:19 - 2013-06-10 21:16 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-03-11 12:19 - 2011-08-21 21:11 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-03-11 12:19 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-11 12:17 - 2015-11-14 19:54 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Viber
2016-03-11 12:17 - 2015-09-26 20:29 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Package Cache
2016-03-11 10:04 - 2014-03-02 22:25 - 00000000 ____D C:\Users\Irondes2
2016-03-09 21:49 - 2011-08-20 22:11 - 00000000 _____ C:\Users\Convidado\AppData\LocalLow\prvlcl.dat
2016-03-09 21:49 - 2011-08-16 19:53 - 00000000 _____ C:\Users\Irondes\AppData\LocalLow\prvlcl.dat
2016-03-09 21:16 - 2015-12-09 22:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 21:06 - 2014-05-05 21:05 - 00000000 ____D C:\Users\Irondes2\Documents\ViberDownloads
2016-03-09 21:05 - 2016-01-07 23:27 - 00000000 ____D C:\Users\Irondes2\AppData\Local\MEGAsync
2016-03-09 17:24 - 2014-03-17 21:27 - 00000000 ___HD C:\Users\Irondes2\MEOCloud-cache
2016-03-09 17:13 - 2015-02-14 19:09 - 00000000 ____D C:\Program Files (x86)\HDD Regenerator
2016-03-09 11:48 - 2013-11-23 20:38 - 01031270 _____ C:\Windows\ntbtlog.txt
2016-03-03 18:18 - 2009-07-14 07:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-03 18:18 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-03-03 18:18 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-03-03 18:18 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-03 18:18 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-03-03 18:18 - 2009-07-14 03:20 - 00000000 __RSD C:\Windows\Media
2016-03-03 18:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-03-03 18:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Dism
2016-03-03 18:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-03 18:17 - 2009-08-15 17:09 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-03-03 18:17 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-03-03 18:17 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\MUI
2016-03-03 18:17 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-03 10:56 - 2015-11-28 17:26 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-02-20 19:19 - 2011-08-21 21:11 - 00000000 ____D C:\ProgramData\GbPlugin
2016-02-19 22:17 - 2014-02-15 08:29 - 00000000 ___HD C:\Users\Irondes2\AppData\Local\aO0OSFD7
2016-02-19 18:02 - 2013-06-25 21:25 - 00000000 ____D C:\ProgramData\Temp
2016-02-19 18:00 - 2015-11-22 20:49 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-02-19 17:04 - 2014-11-23 20:58 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-02-19 16:39 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-19 15:01 - 2013-10-20 13:22 - 00000280 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2016-02-18 14:25 - 2009-07-14 05:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-18 14:08 - 2011-08-15 21:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-18 11:32 - 2013-10-08 20:09 - 00000000 ____D C:\Program Files (x86)\Labtec
2016-02-17 21:19 - 2014-05-05 19:28 - 00000955 _____ C:\Users\Irondes2\SciTE.session
2016-02-17 21:14 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-02-17 14:22 - 2013-10-20 13:22 - 00000288 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2016-02-16 14:04 - 2015-02-14 19:05 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Downloaded Installations
2016-02-15 19:38 - 2014-05-28 18:41 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Digidesign
2016-02-15 15:59 - 2011-08-16 18:57 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2016-02-15 15:51 - 2014-11-29 09:44 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Avg
2016-02-15 15:50 - 2010-12-04 16:55 - 00000000 ___HD C:\$AVG
2016-02-15 15:47 - 2015-11-24 22:29 - 00000000 ____D C:\ProgramData\Avg
2016-02-15 15:47 - 2015-11-22 21:20 - 00000000 ____D C:\Users\Irondes2\AppData\Local\AvgSetupLog
2016-02-15 12:07 - 2012-12-09 22:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-15 11:26 - 2013-10-09 22:12 - 00000000 ____D C:\Program Files\WinRAR
2016-02-15 11:12 - 2014-03-24 22:14 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Skype
2016-02-14 22:35 - 2014-03-24 22:42 - 00000000 ____D C:\Users\Irondes2\AppData\Local\ElevatedDiagnostics
2016-02-14 22:29 - 2014-04-28 19:22 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-14 22:29 - 2014-04-28 19:22 - 00002184 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-14 22:23 - 2009-07-14 04:45 - 00332224 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-14 22:20 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-02-14 22:20 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-02-14 22:19 - 2009-08-15 17:09 - 00000000 ____D C:\Windows\SysWOW64\pt
2016-02-14 22:19 - 2009-07-14 07:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2016-02-14 22:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-14 22:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-02-14 22:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-14 22:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-02-14 22:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\servicing
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-14 22:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Setup
2016-02-14 22:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\oobe
2016-02-14 22:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-02-14 22:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\manifeststore
2016-02-14 22:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-02-14 21:58 - 2009-07-14 02:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2016-02-14 21:58 - 2009-07-14 02:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2016-02-14 21:08 - 2016-01-07 23:29 - 00000000 ___RD C:\Users\Irondes2\Documents\MEGA
2016-02-12 14:32 - 2012-03-30 14:37 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-12 14:32 - 2012-03-30 14:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-12 14:32 - 2011-08-15 19:45 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-12 12:15 - 2008-07-03 06:42 - 00000000 ____D C:\Toshiba
2016-02-12 11:08 - 2012-07-07 23:19 - 00000652 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-02-11 14:29 - 2011-09-25 18:58 - 00000000 ____D C:\ProgramData\Skype
2016-02-11 14:28 - 2014-10-09 21:23 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Skype
2016-02-11 14:28 - 2014-10-09 21:22 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-11 14:28 - 2011-09-25 18:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-11 12:01 - 2016-02-08 14:10 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\AVG
2016-02-11 12:01 - 2016-02-08 13:18 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\AVG
2016-02-11 12:01 - 2015-12-28 21:57 - 00000000 ____D C:\Program Files\iTunes
2016-02-11 12:01 - 2014-03-02 22:33 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\uTorrent
2016-02-11 12:01 - 2013-11-25 21:46 - 00000000 ____D C:\ProgramData\Norton
2016-02-10 16:13 - 2014-11-29 09:44 - 00000000 ____D C:\Users\Convidado\AppData\Local\Avg
2016-02-10 16:13 - 2014-11-29 09:44 - 00000000 ____D C:\Users\Administrador\AppData\Local\Avg
 
==================== Files in the root of some directories =======
 
2013-06-27 21:39 - 2014-06-24 21:11 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2015-03-04 23:00 - 2015-03-04 23:00 - 0018000 _____ () C:\Users\Irondes2\AppData\Roaming\unins000.dat
2015-03-04 23:00 - 2015-03-04 23:00 - 0815826 _____ () C:\Users\Irondes2\AppData\Roaming\unins000.exe
2012-11-12 22:34 - 2012-11-12 22:34 - 0044544 _____ (Microsoft Corporation) C:\ProgramData\lsass.exe
2013-10-08 20:10 - 2013-10-08 20:10 - 0005033 _____ () C:\ProgramData\mtbjfghn.xbe
 
Files to move or delete:
====================
C:\ProgramData\lsass.exe
 
 
Some files in TEMP:
====================
C:\Users\Convidado\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Irondes\AppData\Local\Temp\.gbas.dll
C:\Users\Irondes\AppData\Local\Temp\130113_d.exe
C:\Users\Irondes\AppData\Local\Temp\130113_p.exe
C:\Users\Irondes\AppData\Local\Temp\130113_y.exe
C:\Users\Irondes\AppData\Local\Temp\APNStub.exe
C:\Users\Irondes\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe
C:\Users\Irondes\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Irondes\AppData\Local\Temp\DaleSearchTB.exe
C:\Users\Irondes\AppData\Local\Temp\gbplugin_ie_bb_setup.exe
C:\Users\Irondes\AppData\Local\Temp\GURDF94.exe
C:\Users\Irondes\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Irondes\AppData\Local\Temp\MixiYD2.exe
C:\Users\Irondes\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Irondes\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Irondes\AppData\Local\Temp\stubhelper.dll
C:\Users\Irondes\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Irondes\AppData\Local\Temp\utt99DA.tmp.exe
C:\Users\Irondes\AppData\Local\Temp\uttF49F.tmp.exe
C:\Users\Irondes2\AppData\Local\Temp\ICReinstall_Windows Loader.exe
C:\Users\Irondes2\AppData\Local\Temp\_is5041.exe
C:\Users\Irondes2\AppData\Local\Temp\_isA736.exe
C:\Users\Irondes2\AppData\Local\Temp\_isB4BE.exe
C:\Users\Irondes2\AppData\Local\Temp\_isD91F.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-10 09:45
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Irondes2 (2016-03-11 14:24:18)
Running from H:\
Windows 7 Ultimate (X64) (2011-08-15 19:12:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-3199600156-3158634051-3669152227-500 - Administrator - Enabled) => C:\Users\Administrador
Convidado (S-1-5-21-3199600156-3158634051-3669152227-501 - Limited - Enabled) => C:\Users\Convidado
E1251AB0E5C545A48652 (S-1-5-21-3199600156-3158634051-3669152227-1003 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3199600156-3158634051-3669152227-1006 - Limited - Enabled)
Irondes (S-1-5-21-3199600156-3158634051-3669152227-1000 - Administrator - Enabled) => C:\Users\TEMP
Irondes2 (S-1-5-21-3199600156-3158634051-3669152227-1004 - Administrator - Enabled) => C:\Users\Irondes2
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Apache HTTP Server 2.2.25 (HKLM-x32\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.25 - Apache Software Foundation)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Ask Toolbar (HKLM-x32\...\{4E44562D-5637-006A-76A7-A758B70C2600}) (Version: 12.38.0.3453 - APN, LLC) <==== ATTENTION
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.23.0 - Ask.com) <==== ATTENTION
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
AutoIt v3.3.8.0 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
AVG (HKLM\...\AvgZen) (Version: 1.41.1.56922 - AVG Technologies)
AVG (Version: 16.41.7442 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4540 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.5.441 - AVG Technologies)
AVG Zen (Version: 1.41.29 - AVG Technologies) Hidden
Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version:  - ) <==== ATTENTION
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
Band-in-a-Box 2011 (Build 313) (HKLM-x32\...\BB_is1) (Version:  - PG Music Inc.)
Band-in-a-Box Server (HKLM-x32\...\BBServer_is1) (Version:  - PG Music Inc.)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version:  - )
BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - MediaTechSoft Inc.) <==== ATTENTION
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon RAW Codec (HKLM-x32\...\Canon RAW Codec) (Version: 1.8.0.68 - Canon Inc.)
Chrome Remote Desktop Host (HKLM-x32\...\{EBFF2EA1-3944-4CA2-89FA-8B70C0058DD3}) (Version: 49.0.2623.40 - Google Inc.)
Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
CoyoteWT 1.0 (HKLM-x32\...\CoyoteWT_is1) (Version:  - Coyote Electronics Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DaleSearch Chrome Toolbar (HKLM-x32\...\DaleSearch Chrome Toolbar) (Version:  - DaleSearch) <==== ATTENTION
dalesearch toolbar   (HKLM-x32\...\dalesearch) (Version: 1.8.16.19 - dalesearch) <==== ATTENTION
Digidesign Audio Drivers 8.0.3 (HKLM-x32\...\{9F1D8E17-2AE6-4608-901D-42146D7D9C68}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.)
Digidesign ElevenRack Driver 1.0.8 (x64) (HKLM\...\{DFE96CF0-A611-40C4-AE24-2E4C21E3FF3E}) (Version: 1.0.8 - Digidesign)
Digidesign Pro Tools Creative Collection 8.0.3 (HKLM-x32\...\{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.)
Digidesign Pro Tools LE 8.0.3 (HKLM-x32\...\{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.)
DriverIdentifier 4.2.6 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
Encore 5 (HKLM-x32\...\{5A06BC95-C59E-438D-AA8D-A97690AD628C}) (Version: 1.0.0 - GVOX)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{AF37F9DE-0726-439E-BC10-43D9195394D0}) (Version: 2.1.26.0 - MAGIX AG)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Free DigiRack Plug-Ins 8.0.3 (HKLM-x32\...\{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.)
Funmoods (HKLM-x32\...\funmoods) (Version:  - Funmoods) <==== ATTENTION
Fwink (HKLM-x32\...\{F432F2AE-F463-4491-A5FE-844849992F6E}) (Version: 1.0.96 - Chris Lundie)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.12 - PACE Anti-Piracy)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
K-Lite Codec Pack 8.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.1.0 - )
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.)
License Support (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.) Hidden
MAGIX Photo Manager 8 (HKLM-x32\...\MAGIX Photo Manager 8 UK) (Version: 6.0.1.504 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR UK) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Video easy SCV Edition 1.0.2.2 (PT) (HKLM-x32\...\MAGIX Video easy SCV Edition PT) (Version: 1.0.2.2 - MAGIX AG)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
MEOCloud (HKLM\...\{DBBE1DF3-F7F0-4068-B283-D48A3F369BF1}) (Version: 0.1.214.64 - PT Comunicações S.A.)
MEOCloud Update Helper (x32 Version: 1.3.25.0 - PT Comunicacoes SA) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Módulo de Segurança -  Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.0.2 - )
Mozilla Firefox 44.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 pt-BR)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
mufin player (HKLM-x32\...\mufin player UK) (Version: 1.0.0.99 - MAGIX AG)
Music Box (HKLM-x32\...\{C625BA4B-AB4F-436F-9761-D000D1B1F35A}) (Version: 2.0.14 - PT Comunicacoes, SA)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Pacote de drivers Logitech Webcam Software (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
PG Music DirectX Plugins 2.0.0.0 (HKLM-x32\...\PG_DX_Plugins_is1) (Version:  - PG Music Inc.)
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM-x32\...\{E7FF8CF8-C9E1-4D4C-938E-1392C2EDBD7A}) (Version: 2.8.00001 - Polar Electro Oy)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SaveSense (remove only) (HKLM-x32\...\SaveSense) (Version: 5.3.0.5 - SaveSense) <==== ATTENTION
SciTE4AutoIt3 12/29/2011 (HKLM-x32\...\SciTE4AutoIt3) (Version: 12/29/2011 - Jos van der Zande)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Suporte para Aplicações Apple (32-bits) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Suporte para Aplicações Apple (64-bits) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - Nome da empresa:)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tracktion 5 (HKLM-x32\...\Tracktion 5) (Version: 5.0.10.0 - Tracktion Software Corp.)
uTorrentBar_PT Toolbar (HKLM-x32\...\uTorrentBar_PT Toolbar) (Version: 6.14.0.28 - uTorrentBar_PT) <==== ATTENTION
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{5B0E60DB-7741-412F-88B3-E6975D30D019}) (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}) (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warsaw 1.11.0.42826 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.11.0.42826 - GAS Tecnologia)
Windows Driver Package - Sonix (ST50220) USB  (05/30/2008 1.0.0.4) (HKLM\...\077C2AFF5C7A2D6012E8654704C81C60FE4CA0AE) (Version: 05/30/2008 1.0.0.4 - Sonix)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
YTD Video Downloader 3.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - GreenTree Applications SRL) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3199600156-3158634051-3669152227-1004_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Irondes2\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3199600156-3158634051-3669152227-1004_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Irondes2\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3199600156-3158634051-3669152227-1004_Classes\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F}\InprocServer32 -> C:\Program Files\MEOCloud\MEOCloudShell.dll (MEO)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15835BD5-D2EF-4EF0-B23D-55CA96DA1368} - System32\Tasks\{A5889752-30FD-434A-BA18-96FCE2226308} => pcalua.exe -a C:\Toshiba\Drivers\DVD\setup.exe -d C:\Toshiba\Drivers\DVD
Task: {17384805-48F1-40AF-8E61-81A469452ACB} - System32\Tasks\{1899EB9A-105D-4946-8A3D-8CAD1C432C74} => pcalua.exe -a C:\Users\Irondes2\AppData\Local\Temp\Temp2_webcam-en-20090422172230.zip\Chicony-Camera-Assistant-Software\setup.exe
Task: {1A4D2681-B7E8-46BA-9852-7F0D2FE36603} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3199600156-3158634051-3669152227-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {22852D0A-6189-4154-9CB2-DA2FEFF6F810} - System32\Tasks\SaveSense => C:\Users\Irondes\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2DAD62BE-4B1D-49A8-B246-6C2DA1982C32} - System32\Tasks\Funmoods => C:\Users\Irondes\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3EC8CCA9-4721-40CC-AA27-4CCD980C20C3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION
Task: {3FF27C63-2549-4FD2-8B3A-54DE9CF17BDA} - System32\Tasks\{B9EA7621-7F20-469A-B98F-4238272885B1} => Firefox.exe 
Task: {441DF420-F311-42A0-AE4C-1BA100EA87D8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {48496FD0-7307-4E4E-9004-B85A2B379CD3} - System32\Tasks\{4197E7E5-666C-4689-844B-909307FF1FC7} => pcalua.exe -a C:\Users\Irondes2\AppData\Local\Temp\Temp1_webcam-en-20090422172230.zip\Chicony-Camera-Assistant-Software\setup.exe
Task: {54BA0AE9-7F05-4C8C-A2C1-7C29433B8370} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3199600156-3158634051-3669152227-1000UA => C:\Users\Irondes\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {5A83D092-1059-422D-B5B0-6006FB3A5AA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-20] (Google Inc.)
Task: {6BDAA488-6647-4686-AB8F-2B70EA8385C3} - System32\Tasks\{CDFE6966-8522-4980-8741-CE2559CD06AB} => pcalua.exe -a "C:\Users\Irondes2\AppData\Local\Temp\Temp1_ativadores-wim-7.zip\ativadores-wim-7\7Loader 1.3.exe"
Task: {6DB24FBE-7E88-4FC0-8380-EB3F6C002247} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {899B4C00-5D8E-49F3-A1FF-64CF217CFEB7} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {91F8476E-7CB8-4E98-B75D-5D808821AEFF} - System32\Tasks\PTCUpdateTaskMachineCore => C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe [2013-10-11] (PT Comunicacoes SA)
Task: {997E3B55-EA5F-462A-9D37-F0F42650C094} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {9B70C37D-34EE-4074-9225-2234733C8AD8} - System32\Tasks\{20B3E120-88B1-46FA-A518-0D363D5FF306} => pcalua.exe -a C:\Users\Irondes\Downloads\webcam1051enu(3).exe -d C:\Users\Irondes\Downloads
Task: {A967C4D7-1B5E-4F86-91E2-248C24365058} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3199600156-3158634051-3669152227-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AC2F22EB-101A-4648-8221-C8BE15EE5C79} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B296A14D-40FF-44C7-8F58-58A408068526} - System32\Tasks\{6D191214-56DC-4365-9C30-26DACAC72BA9} => pcalua.exe -a "C:\Program Files (x86)\Labtec\WebCamWebInstall\Setup.exe" -d "C:\Program Files (x86)\Labtec\WebCamWebInstall"
Task: {B482D79B-D7DC-49C4-B573-B4C8C6037E82} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{13311516-36C6-46BC-AF8B-7ECD6A145312}.exe
Task: {B524DD97-A8A2-4A5A-865F-2070429932F2} - System32\Tasks\Program Manager => C:\Program Files (x86)\Common Files\ProgramManager\ProgramManager.exe
Task: {BC742104-3DD3-4F68-8DEF-8E64D246C20C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12] (Adobe Systems Incorporated)
Task: {BDA6A36C-42F4-4A42-AFED-76E14D0436D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3199600156-3158634051-3669152227-1000Core => C:\Users\Irondes\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {C4D583B6-3AFC-4773-85AC-9082E586E726} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Irondes\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {C5FE7AB6-739F-4B87-9604-8B46D48249C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {CC07C815-7BD5-43E1-AAB2-64F116E640BA} - System32\Tasks\{C8407D46-4560-4C9C-9245-2A9D10F59D53} => pcalua.exe -a C:\Users\Irondes\AUTOIT\autoit-v3-setup.exe -d C:\Users\Irondes\Desktop
Task: {D3D0FBE1-C7E5-423A-884C-89A6B38B4F36} - System32\Tasks\PTCUpdateTaskMachineUA => C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe [2013-10-11] (PT Comunicacoes SA)
Task: {D66639C8-CDE8-4BEE-8B88-A3BB0B3F32EA} - System32\Tasks\{4C2901DC-FC50-4E5D-8404-6E073A394FEB} => pcalua.exe -a "C:\Program Files (x86)\Labtec\WebCamWebInstall\Setup\Setup.exe" -d "C:\Program Files (x86)\Labtec\WebCamWebInstall\Setup"
Task: {D83B22FD-40D1-4B3C-B436-A304C47034C6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3199600156-3158634051-3669152227-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D9E2BCF8-919D-4590-8294-23DFD8CB4D79} - System32\Tasks\{5DDEED28-E80B-419D-A7F1-AD44D592FD2B} => pcalua.exe -a "C:\Users\Irondes2\AppData\Local\Temp\Temp1_Win_AllSoftware.zip\Win_All Audio Software\Podcast\PodNova\PodNova-2.2-Win32-Setup\PodNova-2.2-Win32-Setup.exe"
Task: {E76DC202-B3C3-40F5-B1C6-D844A578FE59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-20] (Google Inc.)
Task: {E8BEE576-5F11-4E8A-AE73-7401DF445F31} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3199600156-3158634051-3669152227-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E91BE3FF-D097-407E-8F90-B34B21B83361} - System32\Tasks\{654E24DA-BD2A-4316-B4DF-50F6D81B752A} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/pp/abandoninstall?page=tsMain
Task: {E9DDB18C-EAC7-4AD0-82A3-B778FD94DD7A} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{13311516-36C6-46BC-AF8B-7ECD6A145312}.exe <==== ATTENTION
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\Funmoods.job => C:\Users\Irondes\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3199600156-3158634051-3669152227-1000Core.job => C:\Users\Irondes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3199600156-3158634051-3669152227-1000UA.job => C:\Users\Irondes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PTCUpdateTaskMachineCore.job => C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe
Task: C:\Windows\Tasks\PTCUpdateTaskMachineUA.job => C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\Irondes\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Irondes2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy?click_id=752006fcc3c14e7860472b3dadae93d6e7bfdec3
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-02-15 15:58 - 2016-02-15 15:57 - 01205832 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-12 15:20 - 2012-12-12 15:20 - 00419536 _____ () C:\Program Files (x86)\Polar\Daemon\polard.exe
2014-05-01 14:13 - 2014-05-01 14:13 - 00470016 _____ () C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX64.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2016-02-15 15:58 - 2016-02-15 15:57 - 00192584 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\loggingserver.exe
2016-02-15 15:58 - 2016-02-15 15:57 - 02857544 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2012-12-12 15:20 - 2012-12-12 15:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
2016-02-15 15:58 - 2016-02-15 15:57 - 00533576 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\log4cplusU.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-05-01 14:15 - 2014-05-01 14:15 - 00463360 _____ () C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX32.dll
2016-01-30 18:17 - 2016-01-30 18:17 - 00143872 _____ () C:\Users\Irondes2\AppData\Local\MEGAsync\libuv.dll
2015-11-04 11:40 - 2015-11-04 11:40 - 00052224 _____ () C:\Users\Irondes2\AppData\Local\MEGAsync\cares.dll
2016-02-15 15:46 - 2016-02-15 15:45 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-02-10 21:13 - 2016-02-09 11:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-10 21:13 - 2016-02-09 11:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Windows\System32:99F5F30A_Bb.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1254]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434]
AlternateDataStreams: C:\ProgramData\Microsoft:OSWCE9DwtmGH6d42iT2 [2316]
AlternateDataStreams: C:\ProgramData\Microsoft:tCbj1b31pJBEwvhoUvAC [2530]
AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68 [354]
AlternateDataStreams: C:\ProgramData\Temp:B755D674 [134]
AlternateDataStreams: C:\Users\Convidado\Cookies:R0YEjHjrryZtVdFiKbmWdwd [2174]
AlternateDataStreams: C:\Users\Convidado\Definições locais:d4HK6S73TX5qhnrRbhYkK2xJSi [2216]
AlternateDataStreams: C:\Users\Convidado\Definições locais:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2024]
AlternateDataStreams: C:\Users\Convidado\AppData\Local:d4HK6S73TX5qhnrRbhYkK2xJSi [2216]
AlternateDataStreams: C:\Users\Convidado\AppData\Local:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2024]
AlternateDataStreams: C:\Users\Convidado\AppData\Local\aO0OSFD7:m3pqxTICAiUnMBeh6bblkbF [2070]
AlternateDataStreams: C:\Users\Convidado\AppData\Local\Application Data:d4HK6S73TX5qhnrRbhYkK2xJSi [2216]
AlternateDataStreams: C:\Users\Convidado\AppData\Local\Application Data:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2024]
AlternateDataStreams: C:\Users\Convidado\AppData\Local\Temp:VkpCdV0WqmUN0el0jatN3s [2224]
AlternateDataStreams: C:\Users\Irondes\Cookies:R0YEjHjrryZtVdFiKbmWdwd [2464]
AlternateDataStreams: C:\Users\Irondes\Definições locais:d4HK6S73TX5qhnrRbhYkK2xJSi [2030]
AlternateDataStreams: C:\Users\Irondes\Definições locais:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2520]
AlternateDataStreams: C:\Users\Irondes\AppData\Local:d4HK6S73TX5qhnrRbhYkK2xJSi [2030]
AlternateDataStreams: C:\Users\Irondes\AppData\Local:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2520]
AlternateDataStreams: C:\Users\Irondes\AppData\Local\aO0OSFD7:m3pqxTICAiUnMBeh6bblkbF [1948]
AlternateDataStreams: C:\Users\Irondes\AppData\Local\Application Data:d4HK6S73TX5qhnrRbhYkK2xJSi [2030]
AlternateDataStreams: C:\Users\Irondes\AppData\Local\Application Data:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2520]
AlternateDataStreams: C:\Users\Irondes\AppData\Local\Temp:VkpCdV0WqmUN0el0jatN3s [1976]
AlternateDataStreams: C:\Users\Irondes2\Cookies:R0YEjHjrryZtVdFiKbmWdwd [2136]
AlternateDataStreams: C:\Users\Irondes2\Definições locais:d4HK6S73TX5qhnrRbhYkK2xJSi [518]
AlternateDataStreams: C:\Users\Irondes2\Definições locais:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2406]
AlternateDataStreams: C:\Users\Irondes2\AppData\Local:d4HK6S73TX5qhnrRbhYkK2xJSi [518]
AlternateDataStreams: C:\Users\Irondes2\AppData\Local:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2406]
AlternateDataStreams: C:\Users\Irondes2\AppData\Local\aO0OSFD7:m3pqxTICAiUnMBeh6bblkbF [1794]
AlternateDataStreams: C:\Users\Irondes2\AppData\Local\Application Data:d4HK6S73TX5qhnrRbhYkK2xJSi [518]
AlternateDataStreams: C:\Users\Irondes2\AppData\Local\Application Data:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2406]
AlternateDataStreams: C:\Users\Irondes2\AppData\Local\Temp:VkpCdV0WqmUN0el0jatN3s [2022]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\...\bb.com.br -> hxxps://seg.bb.com.br
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2016-02-14 20:04 - 00000858 ____N C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3199600156-3158634051-3669152227-1004\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 88.214.178.2 - 88.214.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D35F991C-9366-4AF0-A647-556122069FEE}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{71452CDA-2CB9-47DE-B550-10B01B0BD696}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{170B6A6F-A6AF-4132-B511-78DF7B29C31E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1FCE1267-C83C-4FCB-A5BE-A828C35BC1E4}] => (Allow) LPort=2869
FirewallRules: [{D18BF4C4-12A9-43DC-9DFB-8038252D2C59}] => (Allow) LPort=1900
FirewallRules: [{12FF74B7-FD88-4B91-9E10-BF5E8BDB4095}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D05565DF-322F-4BDD-BD06-30AC88FACCC7}] => (Allow) C:\bb\BBHelper\BandinaBoxServer.exe
FirewallRules: [{8222A93D-9CF2-4099-B7A4-078345B9538B}] => (Allow) C:\bb\BBHelper\BandinaBoxServer.exe
FirewallRules: [{52AD8C6B-2B48-40B2-A229-B98F53F9A640}] => (Allow) LPort=48113
FirewallRules: [{902D99CE-1844-45F3-9E28-4DA4FE216F07}] => (Allow) LPort=48114
FirewallRules: [{E53A1B41-22C3-430E-A873-3C80B08F72A4}] => (Allow) C:\Program Files\ma-config.com\MaConfigAgent.exe
FirewallRules: [{A020D3F5-4CE0-4A74-B69C-0C2054C763EC}] => (Allow) C:\Program Files\ma-config.com\MaConfigAgent.exe
FirewallRules: [{CDB48C05-4DF6-4B19-98ED-628C47FA27DD}] => (Allow) C:\Users\Irondes\AppData\Local\Viber\Viber.exe
FirewallRules: [{B0E1B758-DBA1-4EF4-862B-3225DE43C6F3}] => (Allow) C:\Users\Irondes2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{99C6EB1F-732B-4920-A49F-714FE026B0F5}] => (Allow) C:\Users\Irondes2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6DF2EB0-0A6B-4D03-9442-8B976A1F52E6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{34581718-B580-45A9-9D30-2A14EF1FC1E6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{818810B5-5D8F-4D0D-B94A-17AA47E3C6A2}] => (Allow) C:\Users\Irondes2\AppData\Local\Viber\Viber.exe
FirewallRules: [{2C3F0642-543C-4EF0-A577-990988E5AD7C}] => (Allow) C:\Users\Irondes2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F61FC8F3-9119-4391-81B5-03F7ACC0229F}] => (Allow) C:\Users\Irondes2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8F13F2A3-6CEC-4DE8-8E4D-BF17D0E675B8}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
FirewallRules: [{4A35CFC0-E9C9-4B07-870A-C4CD7C4C40A4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DA08E37B-6B29-47DB-B3F9-48103FFF061C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79D81FF5-200C-4F98-ABB2-7C0EA1A3006F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3BB16B28-4AF4-4454-9526-9563E567CC2E}C:\program files\java\jdk1.8.0_45\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\jmc.exe
FirewallRules: [UDP Query User{1D44F08B-75CC-42BC-8662-88B5184BE3AF}C:\program files\java\jdk1.8.0_45\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\jmc.exe
FirewallRules: [{42D5A3D2-D908-4DBF-98F6-8C048CAB8882}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{FB8DE8E2-E0A9-4851-A923-1F110DFF93D4}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
FirewallRules: [{B8BC70B5-FCBD-4E11-B03D-3CE13C5AFEB8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{544FD838-1585-40F6-BB71-80529C383A72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{564454D5-4D3B-4237-87A2-C60EDBA14F35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6613ED4A-5B67-40DB-B6DF-FB8F85291D57}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{49BB948C-8B57-42CE-AD9D-5E0929A3C152}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97D60A55-BF1D-4545-8A25-151FF072E911}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5DDBEE9B-B620-4D17-B888-254BE1579EC1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{3D8AB08A-9B57-40F3-8942-0A687C930882}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{5592DC02-2367-4E64-AE45-983DA299AEAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{4411426F-296C-4BE5-854D-D29317984B6E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{81F0BE8F-9FF3-42B5-B587-C6853400B9BD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{785ADBFE-8D7A-4B65-B680-D218490FC04B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{0ACA7A3D-88CF-40C0-AE39-A9852E63BC8C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{89227631-DD2A-4262-B358-1A5345AB791F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{7E3DDDE4-74DD-4EC0-93F6-93E137178E4E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{671565B3-0C6E-496F-BC90-3820C8528062}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
18-02-2016 09:51:28 Configurado Camera Assistant Software for Toshiba
18-02-2016 10:11:49 Removido Camera Assistant Software for Toshiba
18-02-2016 10:32:55 Instalado Camera Assistant Software for Toshiba
18-02-2016 10:56:11 Removido Camera Assistant Software for Toshiba
18-02-2016 11:18:30 Installed Labtec WebCam
18-02-2016 11:30:43 Removed Labtec WebCam
18-02-2016 14:08:10 Instalado Camera Assistant Software for Toshiba
18-02-2016 14:20:43 Removido Camera Assistant Software for Toshiba
18-02-2016 14:42:43 Instalado Camera Assistant Software for Toshiba
19-02-2016 16:57:11 Windows Update
19-02-2016 18:13:09 Windows Update
09-03-2016 17:11:32 Removed HDD Regenerator.
09-03-2016 21:11:45 Cópia de Segurança do Windows
09-03-2016 21:43:10 Installed DirectX
11-03-2016 11:40:40 Removed AVG Driver Updater
 
==================== Faulty Device Manager Devices =============
 
Name: Dispositivo de sistema base
Description: Dispositivo de sistema base
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Dispositivo de sistema base
Description: Dispositivo de sistema base
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Dispositivo de sistema base
Description: Dispositivo de sistema base
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/11/2016 12:19:16 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (03/11/2016 12:11:15 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (03/11/2016 11:40:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópia sombra de volumes: Erro inesperado ao chamar a rotina ConvertStringSidToSid(S-1-5-21-3199600156-3158634051-3669152227-1000.bak). hr = 0x80070539, A estrutura do ID de segurança é inválida.
.
 
 
Operação:
   Evento OnIdentify
   A Recolher Dados de Escritor
 
Contexto:
   Contexto de Execução: Shadow Copy Optimization Writer
   ID de Classe de Escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nome de Escritor: Shadow Copy Optimization Writer
   ID de Instância de Escritor: {1640f217-6852-4f45-a9ae-baec9778b469}
 
Error: (03/11/2016 11:19:34 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (03/11/2016 10:46:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha ao gerar o contexto de activação para "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Não foi possível localizar a Assemblagem Dependente rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0".
Utilize sxstrace.exe para obter um diagnóstico detalhado.
 
Error: (03/11/2016 10:10:20 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (03/11/2016 10:04:53 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (03/10/2016 01:46:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: winsat.exe, versão: 6.1.7601.17514, carimbo de data/hora: 0x4ce798fc
Nome do módulo com falha: msmpeg2vdec.dll, versão: 6.1.7140.0, carimbo de data/hora: 0x4a5bdff2
Código de excepção: 0xc0000005
Desvio de falha: 0x000000000009f337
ID do processo com falha: 0x598
Data/hora de início da aplicação com falha: 0xwinsat.exe0
Caminho da aplicação com falha: winsat.exe1
Caminho do módulo com falha: winsat.exe2
ID do Relatório: winsat.exe3
 
Error: (03/10/2016 10:10:58 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (03/10/2016 09:49:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha ao gerar o contexto de activação para "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Não foi possível localizar a Assemblagem Dependente rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0".
Utilize sxstrace.exe para obter um diagnóstico detalhado.
 
 
System errors:
=============
Error: (03/11/2016 12:23:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Gbpddreg svc falhou o arranque devido ao seguinte erro: 
%%2
 
Error: (03/11/2016 12:23:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Warsaw File Access svc falhou o arranque devido ao seguinte erro: 
%%647
 
Error: (03/11/2016 12:23:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Warsaw File Access svc falhou o arranque devido ao seguinte erro: 
%%647
 
Error: (03/11/2016 12:21:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço SaveSenseLive Service (savesenselive) falhou o arranque devido ao seguinte erro: 
%%2
 
Error: (03/11/2016 12:20:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Gbpddreg svc falhou o arranque devido ao seguinte erro: 
%%2
 
Error: (03/11/2016 12:19:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Warsaw File Access svc falhou o arranque devido ao seguinte erro: 
%%647
 
Error: (03/11/2016 12:19:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falhou o carregamento dos seguintes controladores de início de arranque ou de início do sistema: 
gbpddfac
gbpddreg
wsddfac
 
Error: (03/11/2016 12:19:02 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (03/11/2016 12:19:02 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (03/11/2016 12:16:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Gbpddreg svc falhou o arranque devido ao seguinte erro: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2016-02-16 09:37:50.784
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-16 09:37:50.738
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-15 18:49:47.458
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-15 18:49:47.375
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-15 18:48:29.517
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-15 18:48:29.517
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-15 15:51:54.869
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-15 15:51:54.868
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-14 17:26:24.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-14 17:26:24.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T9550 @ 2.66GHz
Percentage of memory in use: 47%
Total physical RAM: 4093.99 MB
Available physical RAM: 2156.49 MB
Total Virtual: 8186.17 MB
Available Virtual: 6195.44 MB
 
==================== Drives ================================
 
Drive c: (Vista) (Fixed) (Total:186.15 GB) (Free:45.39 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:184.99 GB) (Free:155.72 GB) NTFS
Drive h: (USB DISK) (Removable) (Total:14.9 GB) (Free:13.83 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 74371FF3)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=186.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 32A63E4B)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
 
==================== End of Addition.txt ============================


#10 Buriti

Buriti
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BRAGA - PORTUGAL
  • Local time:04:25 AM

Posted 11 March 2016 - 11:15 AM

Hi Aura

 

I'd like to know what was the PC problem, if you don't mind? Were it missing drives lpk.dll and it was copyed from one folder to another ? What FRST does properly? 

 

Thanks



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 12 March 2016 - 10:09 AM

Thank you for the logs. These show way more than the ones you can get from the RecoveryPE.

I'd like to know what was the PC problem, if you don't mind? Were it missing drives lpk.dll and it was copyed from one folder to another ? What FRST does properly?


The issue was lpk.dll missing, and I used FRST to replace the missing copies in the System32 and SysWOW64 folders using their copies from the Windows Component Store (WinSxS).

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.
  • Ask Toolbar (by APN, LCC) - PUP;
  • Ask Toolbar (by Ask.com) - PUP;
  • AVG Web TuneUp - PUP;
  • Babylon toolbar on IE - PUP/Adware;
  • BabylonObjectInstaller - PUP/Adware;
  • BitGuard - Adware;
  • DaleSearch Chrome Toolbar - Adware;
  • dalesearch toolbar - Adware;
  • DriverIdentifier 4.2.6 - PUP/Useless program;
  • Funmoods - Adware;
  • McAfee Security Scan Plus - Useless;
  • SaveSense (remove only) - Adware;
  • uTorrentBar_PT Toolbar - Adware;
  • YTD Video Downloader 3.9 - Adware;
If you have an issue when uninstalling a program, please let me know.

warning.gifOutdated Programs Warning!

I noticed that you have outdated vulnerable programs installed on your system. I'll ask you to uninstall them since keeping outdated software installed on a system puts it more at risk of being infected. Otherwise, you can update them right now, and make sure that their outdated version is uninstalled after. We will reinstall these programs at the end of the clean-up if you decide to uninstall them now, and need them after.
  • Adobe Shockwave Player 11.6 - Outdated and vulnerable;
  • Adobe SVG Viewer 3.0 - Discontinued, not needed anymore since modern web browsers can render SVG files;
  • Java 8 Update 66 (64-bit) - Outdated and vulnerable;
  • Java 8 Update 66 - Outdated and vulnerable;
  • Java SE Development Kit 8 Update 45 (64-bit) - Outdated and vulnerable;
If you have an issue when uninstalling a program, please let me know.

Once done, follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;
[attachment=177879:fixlist.txt]

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;
Your next reply(ies) should contain:
  • If you were able to uninstall every programs listed above or not;
  • Copy/pasted content of the FRST fixlog.txt log;
  • Copy/pasted content of FRST.txt;
  • Copy/pasted content of Addition.txt;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Buriti

Buriti
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BRAGA - PORTUGAL
  • Local time:04:25 AM

Posted 13 March 2016 - 04:58 PM

Hi Aura

 

Thank you for your 'spending time' around this issue. I uninstalled every programs in your list, except uTorrentBar_PT Toolbar - Adware. In panel control when I click uninstal but nothing happens. Could you say me why? Only after that I'll run the FRST like you said.

 

Thank you

Buriti



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 14 March 2016 - 07:57 AM

It's possible that the uninstaller for this program is broke (damaged or corrupt), hence why it's not launching properly. You don't have to worry, as we'll end up removing it in the end anyway, even if its by deleting all its files, folders and Registry entries via other tools :)

You can proceed with the FRST fix.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Buriti

Buriti
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BRAGA - PORTUGAL
  • Local time:04:25 AM

Posted 15 March 2016 - 04:56 AM

Hi Aura

 

I'm sending below these attaches files: FRST.TXT, ADDITION.TXT and FIXLOG.TXT:

 

 

FRST.TXT========================================

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Administrador (administrator) on IRONSAX (15-03-2016 09:44:07)
Running from H:\
Loaded Profiles: Administrador (Available Profiles: Irondes & Irondes2 & Administrador & Convidado)
Platform: Windows 7 Ultimate (X64) Language: Português (Portugal)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avid, Inc. All rights reserved.) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apache Software Foundation) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HDD Regenerator] => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
HKU\S-1-5-21-3199600156-3158634051-3669152227-500\...\Run: [Viber] => "C:\Users\Irondes2\AppData\Local\Viber\Viber.exe" StartMinimized
HKU\S-1-5-21-3199600156-3158634051-3669152227-500\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3199600156-3158634051-3669152227-500\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3199600156-3158634051-3669152227-500\...\Run: [EpicScale] => 0
HKU\S-1-5-21-3199600156-3158634051-3669152227-500\...\Run: [BingSvc] => C:\Users\Administrador\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\S-1-5-21-3199600156-3158634051-3669152227-500\...\Run: [GoogleChromeAutoLaunch_AA1D516EF6240AC19E1773BD9997C981] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-08] (Google Inc.)
HKU\S-1-5-21-3199600156-3158634051-3669152227-500\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3199600156-3158634051-3669152227-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-02-14] (Microsoft Corporation)
AppInit_DLLs: c:\progra~4\bitguard\271769~1.27\{c16c1~1\loader.dll => No File
AppInit_DLLs-x32: xC:\PROGRA~4\BitGuard\271769~1.27\{C16C1~1\bitguard.dll => No File
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk [2013-10-10]
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEO Cloud.lnk [2014-03-27]
ShortcutTarget: MEO Cloud.lnk -> C:\Program Files\MEOCloud\MEOCloud.exe (MEO)
Startup: C:\Users\Irondes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudPT.lnk [2012-12-18]
ShortcutTarget: CloudPT.lnk -> C:\Program Files (x86)\CloudPT\CloudPT.exe (No File)
Startup: C:\Users\Irondes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEO Cloud.lnk [2013-11-25]
ShortcutTarget: MEO Cloud.lnk -> C:\Program Files\MEOCloud\MEOCloud.exe (MEO)
Startup: C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Juice.lnk [2016-02-15]
ShortcutTarget: Juice.lnk -> C:\Program Files (x86)\Juice\Juice.exe ()
Startup: C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-07]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Administrador\AppData\Local\MEGAsync\MEGAsync.exe (No File)
Startup: C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEO Cloud.lnk [2014-03-17]
ShortcutTarget: MEO Cloud.lnk -> C:\Program Files\MEOCloud\MEOCloud.exe (MEO)
Startup: C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer 9.lnk [2014-04-30]
ShortcutTarget: TeamViewer 9.lnk -> E:\program files\teamviewer\version9\TeamViewer.exe (No File)
GroupPolicyUsers\S-1-5-21-3199600156-3158634051-3669152227-1003\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 88.214.178.2 88.214.178.1
Tcpip\..\Interfaces\{4AFDD951-6736-43FC-965B-4357F069BCB5}: [DhcpNameServer] 88.214.178.2 88.214.178.1
Tcpip\..\Interfaces\{5B53476E-D0EC-4A03-B8AD-E67E387B20C8}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
URLSearchHook: HKLM-x32 - uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-3199600156-3158634051-3669152227-500 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
SearchScopes: HKLM-x32 -> DefaultScope {60D8E6DE-F7D6-4736-B902-97526A27750B} URL = 
SearchScopes: HKU\S-1-5-21-3199600156-3158634051-3669152227-500 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={DC24D000-7249-4E8F-8CAF-40E002461C68}&mid=cae1f40bfe4847d1b778d1577575fb6a-4bddcff28daaca63085b547dbc60c7e6666242e3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116wt&pr=pr&d=2016-01-06 18:37:57&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3199600156-3158634051-3669152227-500 -> {DF474761-9B09-4D05-8002-B89B57146E26} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=pt_EU&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PT&apn_uid=51D874F8-009A-472D-B9EC-9EB426E54A9C&apn_sauid=816900DF-AC0A-4391-9D0D-AA1C697D8EEB
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {0f21b1e5-5afc-43c9-9c66-515046e92ec2} -> No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Programa Auxiliar de Início de Sessão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO-x32: uTorrentBar_PT Toolbar -> {e0301295-ab3e-4af3-979f-3d453c5f9f48} -> C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll [2013-07-09] (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll [2013-07-09] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-3199600156-3158634051-3669152227-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3199600156-3158634051-3669152227-500 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3199600156-3158634051-3669152227-500 -> No Name - {E0301295-AB3E-4AF3-979F-3D453C5F9F48} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\m6sgnqpi.default
FF Homepage: hxxp://www.search.ask.com/?tpid=NDV-V7&o=APN10975&pf=V7&trgb=FF&p2=%5EB2X%5EYYYYYY%5EZH%5EPT&gct=hp&apn_ptnrs=%5EB2X&apn_dtid=%5EYYYYYY%5EZH%5EPT&apn_dbr=ff_24.0&apn_uid=8879B280-4F0C-441A-B645-9C7BD6840F1C&itbv=12.5.1.1299&doi=2013-10-08&psv=&pt=tb
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-11-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-11-25] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.telecom.pt/PTC Update;version=3 -> C:\Program Files (x86)\PTC\Update\1.3.25.0\npMEOCloudUpdate3.dll [2013-10-11] (PT Comunicacoes SA)
FF Plugin-x32: @tools.telecom.pt/PTC Update;version=9 -> C:\Program Files (x86)\PTC\Update\1.3.25.0\npMEOCloudUpdate3.dll [2013-10-11] (PT Comunicacoes SA)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\m6sgnqpi.default\searchplugins\ask-search.xml [2015-03-04]
FF SearchPlugin: C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\m6sgnqpi.default\searchplugins\askcom.xml [2016-02-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-12-11]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR Profile: C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Apresentações Google) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-14]
CHR Extension: (Google Docs) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-14]
CHR Extension: (Google Drive) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-14]
CHR Extension: (YouTube) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-14]
CHR Extension: (Google Search) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-14]
CHR Extension: (Google Folhas de Cálculo) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-14]
CHR Extension: (Documentos do Google offline) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (RealDownloader) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-10-12]
CHR Extension: (Skype) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-14]
CHR Extension: (uTorrentBar_PT) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda [2016-03-14] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT2851643&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-14]
CHR Extension: (Gmail) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-14]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]
CHR HKLM-x32\...\Chrome\Extension: [mdebcffgnijbblbinknkbefciofebcda] - C:\Users\Irondes\AppData\Local\CRE\mdebcffgnijbblbinknkbefciofebcda.crx [2013-09-04]
CHR HKLM-x32\...\Chrome\Extension: [pialekdjmfmckiccfkgbbgphficjdekh] - C:\Users\Irondes\AppData\Roaming\BabSolution\CR\dalesearch.crx [2013-10-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2013-07-10] (Apache Software Foundation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-12-18] (Avid, Inc. All rights reserved.) [File not signed]
S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-12-18] (Avid, Inc. All rights reserved.) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG) [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
S2 LVSrvLauncher; C:\Program Files (x86)\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-03-06] (Labtec Inc.)
S2 meo; C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe [141480 2013-10-11] (PT Comunicacoes SA) [File not signed]
S3 meom; C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe [141480 2013-10-11] (PT Comunicacoes SA) [File not signed]
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-07-09] (PACE Anti-Piracy, Inc.) [File not signed]
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
S4 BitGuard; C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [X]
S2 chromoting; "C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /svc [X]
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe /medsvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 dalwdmservice; C:\Windows\System32\drivers\dalwdm.sys [139792 2009-12-18] (Avid, Inc. All rights reserved.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-03-03] (GAS Tecnologia)
S1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-11-10] (GAS Tecnologia)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-11-10] (GAS Tecnologia)
S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-12-18] (Avid, Inc. All rights reserved.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-12-18] (Avid, Inc. All rights reserved.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [25608 2016-03-15] (SlimWare Utilities, Inc.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-02-19] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-14 14:32 - 2016-03-14 14:32 - 00000000 ____D C:\Users\Administrador\AppData\Local\ElevatedDiagnostics
2016-03-13 22:39 - 2016-03-13 22:39 - 00062330 _____ C:\Users\Irondes2\Downloads\I Tabelinha para improvisação.pdf
2016-03-11 11:36 - 2016-03-15 09:41 - 00000472 _____ C:\Windows\Tasks\AVG Driver Updater Startup.job
2016-03-11 11:36 - 2016-03-15 08:47 - 00002904 _____ C:\Windows\System32\Tasks\AVG Driver Updater Startup
2016-03-11 11:36 - 2016-03-12 20:56 - 00000526 _____ C:\Windows\Tasks\AVG Driver Updater Scan.job
2016-03-11 11:36 - 2016-03-11 11:36 - 00003402 _____ C:\Windows\System32\Tasks\AVG Driver Updater Scan
2016-03-11 11:35 - 2016-03-15 08:46 - 00025608 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2016-03-11 11:35 - 2016-03-13 04:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Driver Updater
2016-03-11 11:35 - 2016-03-13 04:53 - 00000000 ____D C:\Program Files (x86)\AVG Driver Updater
2016-03-11 11:35 - 2016-03-11 11:35 - 01154672 _____ (SlimWare Utilities, Inc.) C:\Users\Irondes2\Downloads\AVG_Driver_Updater_Setup_15_1.exe
2016-03-11 11:35 - 2016-03-11 11:35 - 00002497 _____ C:\Users\Public\Desktop\AVG Driver Updater.lnk
2016-03-11 11:35 - 2016-03-11 11:35 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2016-03-11 11:35 - 2016-03-11 11:35 - 00000000 ____D C:\Users\Irondes2\AppData\Local\AVG Netherlands BV
2016-03-10 10:56 - 2016-03-10 10:56 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Viber Media S.à r.l
2016-03-09 21:40 - 2016-03-09 21:40 - 00003114 _____ C:\Windows\System32\Tasks\{A5889752-30FD-434A-BA18-96FCE2226308}
2016-03-09 19:42 - 2009-07-14 01:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\LPK.dll
2016-03-09 19:42 - 2009-07-14 01:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
2016-03-09 17:06 - 2016-03-09 17:06 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0.bak
2016-03-09 17:06 - 2016-03-09 17:06 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0.bak
2016-02-26 23:29 - 2016-03-15 09:44 - 00000000 ____D C:\FRST
2016-02-24 04:03 - 2016-03-07 23:08 - 00000000 ____D C:\Temp
2016-02-18 15:37 - 2016-02-18 15:37 - 01651911 _____ C:\Users\Irondes2\Downloads\bios-20100225083938.zip
2016-02-18 14:43 - 2016-02-19 17:04 - 00000000 ____D C:\Program Files (x86)\Camera Assistant Software for Toshiba
2016-02-18 14:41 - 2016-02-18 14:41 - 00000000 ____D C:\Users\Irondes2\Downloads\webcam-20080728120744
2016-02-18 14:37 - 2016-02-18 14:39 - 22255545 _____ C:\Users\Irondes2\Downloads\webcam-20080728120744.zip
2016-02-18 10:23 - 2016-02-18 10:23 - 00000000 ____D C:\Users\Irondes2\Downloads\webcam-20091026094649
2016-02-17 11:54 - 2016-02-17 11:54 - 00000000 ____D C:\Users\Irondes2\Downloads\webcam-en-20090422172230 (1)
2016-02-17 10:56 - 2016-02-17 10:56 - 00003228 _____ C:\Windows\System32\Tasks\{1899EB9A-105D-4946-8A3D-8CAD1C432C74}
2016-02-17 10:29 - 2016-02-17 10:29 - 00000000 ____D C:\Program Files\Lexmark
2016-02-17 10:25 - 2014-05-14 16:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-17 10:25 - 2014-05-14 16:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-17 10:25 - 2014-05-14 16:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-17 10:25 - 2014-05-14 16:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-17 10:24 - 2014-05-14 16:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-17 10:24 - 2014-05-14 16:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-17 10:24 - 2014-05-14 16:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-17 10:24 - 2014-05-14 16:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-17 10:24 - 2014-05-14 16:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-17 10:24 - 2014-05-14 16:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-17 10:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-17 10:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-17 10:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-17 10:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-16 14:34 - 2016-03-11 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracktion 5
2016-02-16 14:34 - 2016-02-16 14:34 - 00001042 _____ C:\Users\Public\Desktop\Tracktion 5.lnk
2016-02-16 14:34 - 2016-02-16 14:34 - 00000000 ____D C:\Program Files (x86)\Tracktion 5
2016-02-16 14:03 - 2016-02-16 14:03 - 08318088 _____ (Abstradrome ) C:\Users\Irondes2\Downloads\hr.exe
2016-02-15 22:11 - 2016-02-15 22:12 - 07246712 _____ (Tracktion Software Corp.) C:\Users\Irondes2\Downloads\TracktionInstall_5_4_3_Windows_32Bit (1).exe
2016-02-15 20:23 - 2016-02-15 20:23 - 00000000 ____D C:\Windows\usb-audio.deBehringer2902
2016-02-15 20:14 - 2009-10-30 12:39 - 00460864 _____ (BEHRINGER) C:\Windows\system32\Drivers\BUSB2902.sys
2016-02-15 20:14 - 2009-10-30 12:39 - 00049728 _____ (BEHRINGER) C:\Windows\system32\Drivers\busbwdm.sys
2016-02-15 20:13 - 2016-02-15 20:13 - 01544668 _____ C:\Users\Irondes2\Downloads\BEHRINGER USB DRIVER 2.6.40 - 32 and 64 bit.rar
2016-02-15 19:34 - 2016-02-15 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PodNova
2016-02-15 19:33 - 2016-02-15 21:07 - 00000000 ____D C:\Program Files (x86)\Podifier V
2016-02-15 19:33 - 2016-02-15 19:33 - 00003308 _____ C:\Windows\System32\Tasks\{5DDEED28-E80B-419D-A7F1-AD44D592FD2B}
2016-02-15 19:33 - 2016-02-15 19:33 - 00000000 __SHD C:\Windows\ftpcache
2016-02-15 19:33 - 2016-02-15 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Podifier V
2016-02-15 19:31 - 2016-02-15 21:06 - 00000000 ____D C:\Program Files (x86)\Juice
2016-02-15 19:31 - 2016-02-15 20:31 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\iPodder
2016-02-15 19:31 - 2016-02-15 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juice
2016-02-15 19:25 - 2016-02-15 19:26 - 00507449 _____ C:\Users\Irondes2\Downloads\ASIO4ALL_2_13_Portuguese (1).exe
2016-02-15 17:14 - 2016-02-15 17:14 - 00000000 ____D C:\Users\Irondes2\Downloads\webcam-en-20090422172230
2016-02-15 17:11 - 2016-02-15 17:11 - 00003228 _____ C:\Windows\System32\Tasks\{4197E7E5-666C-4689-844B-909307FF1FC7}
2016-02-15 17:09 - 2016-02-15 17:11 - 22255939 _____ C:\Users\Irondes2\Downloads\webcam-en-20090422172230.zip
2016-02-15 15:58 - 2016-03-12 23:06 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-15 15:50 - 2016-02-15 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-15 15:50 - 2016-02-15 15:50 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-15 15:47 - 2016-03-11 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-15 15:47 - 2016-02-19 10:12 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-02-15 15:46 - 2016-02-15 15:49 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-15 15:44 - 2016-02-15 15:44 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Irondes2\Downloads\AVG_Protection_Free_1064.exe
2016-02-15 12:30 - 2016-02-15 12:30 - 00000000 ____D C:\Users\Irondes2\Downloads\ativadores-wim-7
2016-02-15 12:04 - 2016-02-15 12:04 - 00003194 _____ C:\Windows\System32\Tasks\{CDFE6966-8522-4980-8741-CE2559CD06AB}
2016-02-15 12:02 - 2016-02-15 12:02 - 06453393 _____ C:\Users\Irondes2\Downloads\ativadores-wim-7.zip
2016-02-15 11:34 - 2016-02-15 19:24 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\WarThunder
2016-02-15 11:26 - 2016-02-15 11:26 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-15 11:26 - 2016-02-15 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-15 11:25 - 2016-02-15 11:25 - 01984272 _____ C:\Users\Irondes2\Downloads\winrar-x64-521pt.exe
2016-02-14 23:40 - 2016-02-15 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-14 23:05 - 2016-02-14 23:05 - 00841555 _____ C:\Users\Irondes2\Downloads\BEHRINGER_2902_X64_2.8.40.zip
2016-02-14 21:59 - 2016-02-14 22:14 - 00000000 ____D C:\Windows\system32\MRT
2016-02-14 21:59 - 2016-02-14 21:59 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-14 21:49 - 2016-02-14 21:49 - 00000000 ____D C:\Windows\system32\SPReview
2016-02-14 21:48 - 2016-02-14 21:48 - 00000000 ____D C:\Windows\system32\EventProviders
2016-02-14 20:01 - 2013-10-27 11:07 - 00000000 ____D C:\Users\Irondes2\Downloads\MBR Regenerator v4.5
2016-02-14 19:59 - 2016-02-14 20:00 - 01046170 _____ C:\Users\Irondes2\Downloads\MBR Regenerator v4.5.rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-15 09:41 - 2014-04-28 19:21 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-15 09:41 - 2013-10-11 20:23 - 00000966 _____ C:\Windows\Tasks\PTCUpdateTaskMachineCore.job
2016-03-15 09:41 - 2013-06-10 21:16 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-03-15 09:32 - 2012-03-30 14:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-15 09:28 - 2013-10-11 20:23 - 00000970 _____ C:\Windows\Tasks\PTCUpdateTaskMachineUA.job
2016-03-15 09:19 - 2014-04-28 19:22 - 00002196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 09:19 - 2014-04-28 19:22 - 00002184 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-15 09:19 - 2014-04-28 19:21 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 08:56 - 2014-01-18 20:56 - 00000300 _____ C:\Windows\Tasks\SaveSense.job
2016-03-15 08:56 - 2014-01-18 20:56 - 00000300 _____ C:\Windows\Tasks\Funmoods.job
2016-03-15 08:53 - 2009-07-14 04:45 - 00005984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-15 08:53 - 2009-07-14 04:45 - 00005984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-15 08:48 - 2014-03-17 21:26 - 00000000 ____D C:\Users\Irondes2\AppData\Local\MEOCloud
2016-03-15 08:47 - 2014-03-17 21:27 - 00000000 ___RD C:\Users\Irondes2\MEOCloud
2016-03-15 08:45 - 2011-08-21 21:11 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-03-15 08:44 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-14 21:02 - 2009-08-15 17:10 - 00674366 _____ C:\Windows\system32\prfh0816.dat
2016-03-14 21:02 - 2009-08-15 17:10 - 00134676 _____ C:\Windows\system32\prfc0816.dat
2016-03-14 21:02 - 2009-07-14 05:13 - 01530674 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-14 21:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-03-14 20:49 - 2011-08-16 18:45 - 00000000 ____D C:\ProgramData\MFAData
2016-03-14 15:01 - 2013-10-20 13:22 - 00000280 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2016-03-14 12:19 - 2011-08-20 22:11 - 00000000 _____ C:\Users\Convidado\AppData\LocalLow\prvlcl.dat
2016-03-14 12:19 - 2011-08-16 19:53 - 00000000 _____ C:\Users\Irondes\AppData\LocalLow\prvlcl.dat
2016-03-14 12:04 - 2014-07-26 16:36 - 00000000 ____D C:\Users\Administrador\AppData\Local\Google
2016-03-14 11:16 - 2009-07-14 04:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-13 20:20 - 2011-08-16 18:57 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2016-03-13 04:54 - 2014-03-02 22:11 - 00000000 ____D C:\Users\Administrador
2016-03-13 04:54 - 2014-02-09 19:37 - 00000000 ____D C:\Users\TEMP
2016-03-13 04:54 - 2011-08-15 19:23 - 00000000 ____D C:\Users\Convidado
2016-03-13 04:54 - 2011-08-15 19:12 - 00000000 ____D C:\Users\Irondes
2016-03-13 04:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2016-03-13 04:52 - 2013-11-25 21:19 - 00000000 ____D C:\ProgramData\Real
2016-03-12 23:02 - 2013-10-09 22:00 - 00000000 ____D C:\Windows\system32\appmgmt
2016-03-12 22:59 - 2012-03-09 22:22 - 00000000 ____D C:\Program Files\Java
2016-03-12 22:58 - 2015-06-02 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-03-12 22:58 - 2012-04-26 20:03 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-12 22:54 - 2012-10-20 20:23 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2016-03-12 22:32 - 2012-03-30 14:37 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-12 22:32 - 2012-03-30 14:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-12 22:32 - 2011-08-15 19:45 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-12 21:06 - 2015-11-14 19:54 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Viber
2016-03-12 20:56 - 2014-03-02 22:25 - 00000000 ____D C:\Users\Irondes2
2016-03-11 18:02 - 2015-11-06 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-11 18:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\AppCompat
2016-03-09 21:16 - 2015-12-09 22:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 21:06 - 2014-05-05 21:05 - 00000000 ____D C:\Users\Irondes2\Documents\ViberDownloads
2016-03-09 21:05 - 2016-01-07 23:27 - 00000000 ____D C:\Users\Irondes2\AppData\Local\MEGAsync
2016-03-09 17:24 - 2014-03-17 21:27 - 00000000 ___HD C:\Users\Irondes2\MEOCloud-cache
2016-03-09 17:13 - 2015-02-14 19:09 - 00000000 ____D C:\Program Files (x86)\HDD Regenerator
2016-03-09 11:48 - 2013-11-23 20:38 - 01031270 _____ C:\Windows\ntbtlog.txt
2016-03-03 18:18 - 2009-07-14 07:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-03 18:18 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-03-03 18:18 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-03-03 18:18 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-03 18:18 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-03-03 18:18 - 2009-07-14 03:20 - 00000000 __RSD C:\Windows\Media
2016-03-03 18:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-03-03 18:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Dism
2016-03-03 18:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-03 18:17 - 2009-08-15 17:09 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-03-03 18:17 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-03-03 18:17 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\MUI
2016-03-03 18:17 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-03 10:56 - 2015-11-28 17:26 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-02-20 20:47 - 2016-02-11 14:23 - 00000000 ____D C:\Users\Irondes2\Documents\TESTA TRACKTION
2016-02-20 20:47 - 2016-02-10 11:32 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Tracktion 4
2016-02-20 19:19 - 2011-08-21 21:11 - 00000000 ____D C:\ProgramData\GbPlugin
2016-02-19 22:17 - 2014-02-15 08:29 - 00000000 ___HD C:\Users\Irondes2\AppData\Local\aO0OSFD7
2016-02-19 18:02 - 2013-06-25 21:25 - 00000000 ____D C:\ProgramData\Temp
2016-02-19 18:00 - 2015-11-22 20:49 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-02-19 17:04 - 2014-11-23 20:58 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-02-19 16:39 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-18 14:25 - 2009-07-14 05:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-18 14:19 - 2016-02-12 15:50 - 00000000 ____D C:\Program Files (x86)\DriverToolkit
2016-02-18 14:09 - 2016-02-12 16:54 - 00000364 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2016-02-18 14:08 - 2011-08-15 21:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-18 11:32 - 2013-10-08 20:09 - 00000000 ____D C:\Program Files (x86)\Labtec
2016-02-18 10:34 - 2016-02-12 16:53 - 00000000 ____D C:\Program Files\DIFX
2016-02-17 21:19 - 2014-05-05 19:28 - 00000955 _____ C:\Users\Irondes2\SciTE.session
2016-02-17 21:14 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-02-17 14:22 - 2013-10-20 13:22 - 00000288 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2016-02-16 14:04 - 2015-02-14 19:05 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Downloaded Installations
2016-02-15 19:38 - 2014-05-28 18:41 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Digidesign
2016-02-15 19:26 - 2016-02-12 10:18 - 00000806 _____ C:\Users\Irondes2\Desktop\ASIO4ALL v2 - Manual de Instruções.lnk
2016-02-15 19:26 - 2016-02-12 10:18 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2016-02-15 15:51 - 2014-11-29 09:44 - 00000000 ____D C:\Users\Irondes2\AppData\Local\Avg
2016-02-15 15:50 - 2010-12-04 16:55 - 00000000 ___HD C:\$AVG
2016-02-15 15:47 - 2015-11-24 22:29 - 00000000 ____D C:\ProgramData\Avg
2016-02-15 15:47 - 2015-11-22 21:20 - 00000000 ____D C:\Users\Irondes2\AppData\Local\AvgSetupLog
2016-02-15 12:07 - 2012-12-09 22:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-15 11:26 - 2013-10-09 22:12 - 00000000 ____D C:\Program Files\WinRAR
2016-02-15 11:12 - 2014-03-24 22:14 - 00000000 ____D C:\Users\Irondes2\AppData\Roaming\Skype
2016-02-14 22:35 - 2014-03-24 22:42 - 00000000 ____D C:\Users\Irondes2\AppData\Local\ElevatedDiagnostics
2016-02-14 22:23 - 2009-07-14 04:45 - 00332224 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-14 22:20 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-02-14 22:20 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-02-14 22:19 - 2009-08-15 17:09 - 00000000 ____D C:\Windows\SysWOW64\pt
2016-02-14 22:19 - 2009-07-14 07:46 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2016-02-14 22:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-14 22:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-02-14 22:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-14 22:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-02-14 22:19 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\servicing
2016-02-14 22:19 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-14 22:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Setup
2016-02-14 22:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\oobe
2016-02-14 22:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-02-14 22:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\manifeststore
2016-02-14 22:18 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-02-14 21:58 - 2009-07-14 02:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2016-02-14 21:58 - 2009-07-14 02:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2016-02-14 21:08 - 2016-01-07 23:29 - 00000000 ___RD C:\Users\Irondes2\Documents\MEGA
 
==================== Files in the root of some directories =======
 
2013-06-27 21:39 - 2014-06-24 21:11 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-11-12 22:34 - 2012-11-12 22:34 - 0044544 _____ (Microsoft Corporation) C:\ProgramData\lsass.exe
2013-10-08 20:10 - 2013-10-08 20:10 - 0005033 _____ () C:\ProgramData\mtbjfghn.xbe
 
Files to move or delete:
====================
C:\ProgramData\lsass.exe
 
 
Some files in TEMP:
====================
C:\Users\Convidado\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Irondes\AppData\Local\Temp\.gbas.dll
C:\Users\Irondes\AppData\Local\Temp\130113_d.exe
C:\Users\Irondes\AppData\Local\Temp\130113_p.exe
C:\Users\Irondes\AppData\Local\Temp\130113_y.exe
C:\Users\Irondes\AppData\Local\Temp\APNStub.exe
C:\Users\Irondes\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.53841.exe
C:\Users\Irondes\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Irondes\AppData\Local\Temp\DaleSearchTB.exe
C:\Users\Irondes\AppData\Local\Temp\gbplugin_ie_bb_setup.exe
C:\Users\Irondes\AppData\Local\Temp\GURDF94.exe
C:\Users\Irondes\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Irondes\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Irondes\AppData\Local\Temp\MixiYD2.exe
C:\Users\Irondes\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Irondes\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Irondes\AppData\Local\Temp\stubhelper.dll
C:\Users\Irondes\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Irondes\AppData\Local\Temp\utt99DA.tmp.exe
C:\Users\Irondes\AppData\Local\Temp\uttF49F.tmp.exe
C:\Users\Irondes2\AppData\Local\Temp\ICReinstall_Windows Loader.exe
C:\Users\Irondes2\AppData\Local\Temp\uninst1.exe
C:\Users\Irondes2\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Irondes2\AppData\Local\Temp\_is5041.exe
C:\Users\Irondes2\AppData\Local\Temp\_isA736.exe
C:\Users\Irondes2\AppData\Local\Temp\_isB4BE.exe
C:\Users\Irondes2\AppData\Local\Temp\_isD91F.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-10 09:45
 
==================== End of FRST.txt ============================
 
ADDITION.TXT==================================================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Administrador (2016-03-15 09:44:53)
Running from H:\
Windows 7 Ultimate (X64) (2011-08-15 19:12:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-3199600156-3158634051-3669152227-500 - Administrator - Enabled) => C:\Users\Administrador
Convidado (S-1-5-21-3199600156-3158634051-3669152227-501 - Limited - Enabled) => C:\Users\Convidado
E1251AB0E5C545A48652 (S-1-5-21-3199600156-3158634051-3669152227-1003 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3199600156-3158634051-3669152227-1006 - Limited - Enabled)
Irondes (S-1-5-21-3199600156-3158634051-3669152227-1000 - Administrator - Enabled) => C:\Users\TEMP
Irondes2 (S-1-5-21-3199600156-3158634051-3669152227-1004 - Administrator - Enabled) => C:\Users\Irondes2
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3199600156-3158634051-3669152227-500\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Apache HTTP Server 2.2.25 (HKLM-x32\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.25 - Apache Software Foundation)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
AutoIt v3.3.8.0 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
AVG (HKLM\...\AvgZen) (Version: 1.41.1.56922 - AVG Technologies)
AVG (Version: 16.41.7442 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4542 - AVG Technologies) Hidden
AVG Driver Updater (HKLM-x32\...\{BB3024E3-E647-45BD-9A6D-8E39818F9F81}) (Version: 2.2.1 - AVG Netherlands B.V)
AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies)
AVG Zen (Version: 1.41.29 - AVG Technologies) Hidden
Band-in-a-Box 2011 (Build 313) (HKLM-x32\...\BB_is1) (Version:  - PG Music Inc.)
Band-in-a-Box Server (HKLM-x32\...\BBServer_is1) (Version:  - PG Music Inc.)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon RAW Codec (HKLM-x32\...\Canon RAW Codec) (Version: 1.8.0.68 - Canon Inc.)
Chrome Remote Desktop Host (HKLM-x32\...\{EBFF2EA1-3944-4CA2-89FA-8B70C0058DD3}) (Version: 49.0.2623.40 - Google Inc.)
Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
CoyoteWT 1.0 (HKLM-x32\...\CoyoteWT_is1) (Version:  - Coyote Electronics Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digidesign Audio Drivers 8.0.3 (HKLM-x32\...\{9F1D8E17-2AE6-4608-901D-42146D7D9C68}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.)
Digidesign ElevenRack Driver 1.0.8 (x64) (HKLM\...\{DFE96CF0-A611-40C4-AE24-2E4C21E3FF3E}) (Version: 1.0.8 - Digidesign)
Digidesign Pro Tools Creative Collection 8.0.3 (HKLM-x32\...\{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.)
Digidesign Pro Tools LE 8.0.3 (HKLM-x32\...\{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.)
Encore 5 (HKLM-x32\...\{5A06BC95-C59E-438D-AA8D-A97690AD628C}) (Version: 1.0.0 - GVOX)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{AF37F9DE-0726-439E-BC10-43D9195394D0}) (Version: 2.1.26.0 - MAGIX AG)
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Free DigiRack Plug-Ins 8.0.3 (HKLM-x32\...\{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.)
Fwink (HKLM-x32\...\{F432F2AE-F463-4491-A5FE-844849992F6E}) (Version: 1.0.96 - Chris Lundie)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guitar Pro 5.0 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.12 - PACE Anti-Piracy)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
K-Lite Codec Pack 8.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.1.0 - )
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.)
License Support (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.) Hidden
MAGIX Photo Manager 8 (HKLM-x32\...\MAGIX Photo Manager 8 UK) (Version: 6.0.1.504 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR UK) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Video easy SCV Edition 1.0.2.2 (PT) (HKLM-x32\...\MAGIX Video easy SCV Edition PT) (Version: 1.0.2.2 - MAGIX AG)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
MEOCloud (HKLM\...\{DBBE1DF3-F7F0-4068-B283-D48A3F369BF1}) (Version: 0.1.214.64 - PT Comunicações S.A.)
MEOCloud Update Helper (x32 Version: 1.3.25.0 - PT Comunicacoes SA) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Módulo de Segurança -  Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.0.2 - )
Mozilla Firefox 44.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 pt-BR)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
mufin player (HKLM-x32\...\mufin player UK) (Version: 1.0.0.99 - MAGIX AG)
Music Box (HKLM-x32\...\{C625BA4B-AB4F-436F-9761-D000D1B1F35A}) (Version: 2.0.14 - PT Comunicacoes, SA)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Pacote de drivers Logitech Webcam Software (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
PG Music DirectX Plugins 2.0.0.0 (HKLM-x32\...\PG_DX_Plugins_is1) (Version:  - PG Music Inc.)
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM-x32\...\{E7FF8CF8-C9E1-4D4C-938E-1392C2EDBD7A}) (Version: 2.8.00001 - Polar Electro Oy)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SciTE4AutoIt3 12/29/2011 (HKLM-x32\...\SciTE4AutoIt3) (Version: 12/29/2011 - Jos van der Zande)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Suporte para Aplicações Apple (32-bits) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Suporte para Aplicações Apple (64-bits) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - Nome da empresa:)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tracktion 5 (HKLM-x32\...\Tracktion 5) (Version: 5.0.10.0 - Tracktion Software Corp.)
uTorrentBar_PT Toolbar (HKLM-x32\...\uTorrentBar_PT Toolbar) (Version: 6.14.0.28 - uTorrentBar_PT) <==== ATTENTION
Viber (HKU\S-1-5-21-3199600156-3158634051-3669152227-500\...\{e577cb09-2068-44fb-8eed-cfcc1617b010}) (Version: 5.3.0.1884 - Viber Media Inc.)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{5B0E60DB-7741-412F-88B3-E6975D30D019}) (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}) (Version: 1.1.0.0929 - PACE Anti-Piracy, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warsaw 1.11.0.42826 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.11.0.42826 - GAS Tecnologia)
Windows Driver Package - Sonix (ST50220) USB  (05/30/2008 1.0.0.4) (HKLM\...\077C2AFF5C7A2D6012E8654704C81C60FE4CA0AE) (Version: 05/30/2008 1.0.0.4 - Sonix)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15835BD5-D2EF-4EF0-B23D-55CA96DA1368} - System32\Tasks\{A5889752-30FD-434A-BA18-96FCE2226308} => pcalua.exe -a C:\Toshiba\Drivers\DVD\setup.exe -d C:\Toshiba\Drivers\DVD
Task: {17384805-48F1-40AF-8E61-81A469452ACB} - System32\Tasks\{1899EB9A-105D-4946-8A3D-8CAD1C432C74} => pcalua.exe -a C:\Users\Irondes2\AppData\Local\Temp\Temp2_webcam-en-20090422172230.zip\Chicony-Camera-Assistant-Software\setup.exe
Task: {1A4D2681-B7E8-46BA-9852-7F0D2FE36603} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3199600156-3158634051-3669152227-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {22852D0A-6189-4154-9CB2-DA2FEFF6F810} - System32\Tasks\SaveSense => C:\Users\Irondes\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2DAD62BE-4B1D-49A8-B246-6C2DA1982C32} - System32\Tasks\Funmoods => C:\Users\Irondes\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3807CDD7-1F0F-4A11-849B-C37B1C66839F} - System32\Tasks\AVG Driver Updater Scan => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe [2015-07-27] (AVG Netherlands B.V)
Task: {3FF27C63-2549-4FD2-8B3A-54DE9CF17BDA} - System32\Tasks\{B9EA7621-7F20-469A-B98F-4238272885B1} => Firefox.exe 
Task: {441DF420-F311-42A0-AE4C-1BA100EA87D8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {48496FD0-7307-4E4E-9004-B85A2B379CD3} - System32\Tasks\{4197E7E5-666C-4689-844B-909307FF1FC7} => pcalua.exe -a C:\Users\Irondes2\AppData\Local\Temp\Temp1_webcam-en-20090422172230.zip\Chicony-Camera-Assistant-Software\setup.exe
Task: {4990ABD3-8983-402A-970F-CA647D057908} - System32\Tasks\AVG Driver Updater Startup => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe [2015-07-27] (AVG Netherlands B.V)
Task: {54BA0AE9-7F05-4C8C-A2C1-7C29433B8370} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3199600156-3158634051-3669152227-1000UA => C:\Users\Irondes\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {5A83D092-1059-422D-B5B0-6006FB3A5AA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-20] (Google Inc.)
Task: {6BDAA488-6647-4686-AB8F-2B70EA8385C3} - System32\Tasks\{CDFE6966-8522-4980-8741-CE2559CD06AB} => pcalua.exe -a "C:\Users\Irondes2\AppData\Local\Temp\Temp1_ativadores-wim-7.zip\ativadores-wim-7\7Loader 1.3.exe"
Task: {6DB24FBE-7E88-4FC0-8380-EB3F6C002247} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {899B4C00-5D8E-49F3-A1FF-64CF217CFEB7} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {91F8476E-7CB8-4E98-B75D-5D808821AEFF} - System32\Tasks\PTCUpdateTaskMachineCore => C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe [2013-10-11] (PT Comunicacoes SA)
Task: {997E3B55-EA5F-462A-9D37-F0F42650C094} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {9B70C37D-34EE-4074-9225-2234733C8AD8} - System32\Tasks\{20B3E120-88B1-46FA-A518-0D363D5FF306} => pcalua.exe -a C:\Users\Irondes\Downloads\webcam1051enu(3).exe -d C:\Users\Irondes\Downloads
Task: {A967C4D7-1B5E-4F86-91E2-248C24365058} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3199600156-3158634051-3669152227-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AC2F22EB-101A-4648-8221-C8BE15EE5C79} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B296A14D-40FF-44C7-8F58-58A408068526} - System32\Tasks\{6D191214-56DC-4365-9C30-26DACAC72BA9} => pcalua.exe -a "C:\Program Files (x86)\Labtec\WebCamWebInstall\Setup.exe" -d "C:\Program Files (x86)\Labtec\WebCamWebInstall"
Task: {B482D79B-D7DC-49C4-B573-B4C8C6037E82} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{13311516-36C6-46BC-AF8B-7ECD6A145312}.exe
Task: {B524DD97-A8A2-4A5A-865F-2070429932F2} - System32\Tasks\Program Manager => C:\Program Files (x86)\Common Files\ProgramManager\ProgramManager.exe
Task: {BC742104-3DD3-4F68-8DEF-8E64D246C20C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-12] (Adobe Systems Incorporated)
Task: {BDA6A36C-42F4-4A42-AFED-76E14D0436D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3199600156-3158634051-3669152227-1000Core => C:\Users\Irondes\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {C4D583B6-3AFC-4773-85AC-9082E586E726} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Irondes\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {C5FE7AB6-739F-4B87-9604-8B46D48249C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {CC07C815-7BD5-43E1-AAB2-64F116E640BA} - System32\Tasks\{C8407D46-4560-4C9C-9245-2A9D10F59D53} => pcalua.exe -a C:\Users\Irondes\AUTOIT\autoit-v3-setup.exe -d C:\Users\Irondes\Desktop
Task: {D3D0FBE1-C7E5-423A-884C-89A6B38B4F36} - System32\Tasks\PTCUpdateTaskMachineUA => C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe [2013-10-11] (PT Comunicacoes SA)
Task: {D66639C8-CDE8-4BEE-8B88-A3BB0B3F32EA} - System32\Tasks\{4C2901DC-FC50-4E5D-8404-6E073A394FEB} => pcalua.exe -a "C:\Program Files (x86)\Labtec\WebCamWebInstall\Setup\Setup.exe" -d "C:\Program Files (x86)\Labtec\WebCamWebInstall\Setup"
Task: {D83B22FD-40D1-4B3C-B436-A304C47034C6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3199600156-3158634051-3669152227-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D9E2BCF8-919D-4590-8294-23DFD8CB4D79} - System32\Tasks\{5DDEED28-E80B-419D-A7F1-AD44D592FD2B} => pcalua.exe -a "C:\Users\Irondes2\AppData\Local\Temp\Temp1_Win_AllSoftware.zip\Win_All Audio Software\Podcast\PodNova\PodNova-2.2-Win32-Setup\PodNova-2.2-Win32-Setup.exe"
Task: {E76DC202-B3C3-40F5-B1C6-D844A578FE59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-20] (Google Inc.)
Task: {E8BEE576-5F11-4E8A-AE73-7401DF445F31} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3199600156-3158634051-3669152227-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E91BE3FF-D097-407E-8F90-B34B21B83361} - System32\Tasks\{654E24DA-BD2A-4316-B4DF-50F6D81B752A} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/pp/abandoninstall?page=tsMain
Task: {E9DDB18C-EAC7-4AD0-82A3-B778FD94DD7A} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG Driver Updater Scan.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\Windows\Tasks\AVG Driver Updater Startup.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{13311516-36C6-46BC-AF8B-7ECD6A145312}.exe <==== ATTENTION
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\Funmoods.job => C:\Users\Irondes\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3199600156-3158634051-3669152227-1000Core.job => C:\Users\Irondes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3199600156-3158634051-3669152227-1000UA.job => C:\Users\Irondes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PTCUpdateTaskMachineCore.job => C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe
Task: C:\Windows\Tasks\PTCUpdateTaskMachineUA.job => C:\Program Files (x86)\PTC\Update\MEOCloudUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\Irondes\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-12 15:20 - 2012-12-12 15:20 - 00419536 _____ () C:\Program Files (x86)\Polar\Daemon\polard.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-05-01 14:13 - 2014-05-01 14:13 - 00470016 _____ () C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX64.dll
2012-12-12 15:20 - 2012-12-12 15:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-05-01 14:15 - 2014-05-01 14:15 - 00463360 _____ () C:\Users\Irondes2\AppData\Local\MEGAsync\ShellExtX32.dll
2016-02-15 15:46 - 2016-02-15 15:45 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Windows\System32:99F5F30A_Bb.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1254]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434]
AlternateDataStreams: C:\ProgramData\Microsoft:OSWCE9DwtmGH6d42iT2 [2316]
AlternateDataStreams: C:\ProgramData\Microsoft:tCbj1b31pJBEwvhoUvAC [2530]
AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68 [354]
AlternateDataStreams: C:\ProgramData\Temp:B755D674 [134]
AlternateDataStreams: C:\Users\Convidado\Cookies:R0YEjHjrryZtVdFiKbmWdwd [2174]
AlternateDataStreams: C:\Users\Convidado\Definições locais:d4HK6S73TX5qhnrRbhYkK2xJSi [2216]
AlternateDataStreams: C:\Users\Convidado\Definições locais:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2024]
AlternateDataStreams: C:\Users\Convidado\AppData\Local:d4HK6S73TX5qhnrRbhYkK2xJSi [2216]
AlternateDataStreams: C:\Users\Convidado\AppData\Local:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2024]
AlternateDataStreams: C:\Users\Convidado\AppData\Local\aO0OSFD7:m3pqxTICAiUnMBeh6bblkbF [2070]
AlternateDataStreams: C:\Users\Convidado\AppData\Local\Application Data:d4HK6S73TX5qhnrRbhYkK2xJSi [2216]
AlternateDataStreams: C:\Users\Convidado\AppData\Local\Application Data:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2024]
AlternateDataStreams: C:\Users\Convidado\AppData\Local\Temp:VkpCdV0WqmUN0el0jatN3s [2224]
AlternateDataStreams: C:\Users\Irondes\Cookies:R0YEjHjrryZtVdFiKbmWdwd [2464]
AlternateDataStreams: C:\Users\Irondes\Definições locais:d4HK6S73TX5qhnrRbhYkK2xJSi [2030]
AlternateDataStreams: C:\Users\Irondes\Definições locais:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2520]
AlternateDataStreams: C:\Users\Irondes\AppData\Local:d4HK6S73TX5qhnrRbhYkK2xJSi [2030]
AlternateDataStreams: C:\Users\Irondes\AppData\Local:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2520]
AlternateDataStreams: C:\Users\Irondes\AppData\Local\aO0OSFD7:m3pqxTICAiUnMBeh6bblkbF [1948]
AlternateDataStreams: C:\Users\Irondes\AppData\Local\Application Data:d4HK6S73TX5qhnrRbhYkK2xJSi [2030]
AlternateDataStreams: C:\Users\Irondes\AppData\Local\Application Data:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2520]
AlternateDataStreams: C:\Users\Irondes\AppData\Local\Temp:VkpCdV0WqmUN0el0jatN3s [1976]
AlternateDataStreams: C:\Users\Irondes2\Cookies:R0YEjHjrryZtVdFiKbmWdwd [2136]
AlternateDataStreams: C:\Users\Irondes2\Definições locais:d4HK6S73TX5qhnrRbhYkK2xJSi [518]
AlternateDataStreams: C:\Users\Irondes2\Definições locais:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2406]
AlternateDataStreams: C:\Users\Irondes2\AppData\Local:d4HK6S73TX5qhnrRbhYkK2xJSi [518]
AlternateDataStreams: C:\Users\Irondes2\AppData\Local:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2406]
AlternateDataStreams: C:\Users\Irondes2\AppData\Local\aO0OSFD7:m3pqxTICAiUnMBeh6bblkbF [1794]
AlternateDataStreams: C:\Users\Irondes2\AppData\Local\Application Data:d4HK6S73TX5qhnrRbhYkK2xJSi [518]
AlternateDataStreams: C:\Users\Irondes2\AppData\Local\Application Data:wc4zYg2zl7xSjrdTvRgq6WYQuNcoZe [2406]
AlternateDataStreams: C:\Users\Irondes2\AppData\Local\Temp:VkpCdV0WqmUN0el0jatN3s [2022]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3199600156-3158634051-3669152227-500\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-3199600156-3158634051-3669152227-500\...\bb.com.br -> hxxps://seg.bb.com.br
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2016-03-12 23:12 - 00000830 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3199600156-3158634051-3669152227-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 88.214.178.2 - 88.214.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D35F991C-9366-4AF0-A647-556122069FEE}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{71452CDA-2CB9-47DE-B550-10B01B0BD696}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{170B6A6F-A6AF-4132-B511-78DF7B29C31E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1FCE1267-C83C-4FCB-A5BE-A828C35BC1E4}] => (Allow) LPort=2869
FirewallRules: [{D18BF4C4-12A9-43DC-9DFB-8038252D2C59}] => (Allow) LPort=1900
FirewallRules: [{12FF74B7-FD88-4B91-9E10-BF5E8BDB4095}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D05565DF-322F-4BDD-BD06-30AC88FACCC7}] => (Allow) C:\bb\BBHelper\BandinaBoxServer.exe
FirewallRules: [{8222A93D-9CF2-4099-B7A4-078345B9538B}] => (Allow) C:\bb\BBHelper\BandinaBoxServer.exe
FirewallRules: [{52AD8C6B-2B48-40B2-A229-B98F53F9A640}] => (Allow) LPort=48113
FirewallRules: [{902D99CE-1844-45F3-9E28-4DA4FE216F07}] => (Allow) LPort=48114
FirewallRules: [{E53A1B41-22C3-430E-A873-3C80B08F72A4}] => (Allow) C:\Program Files\ma-config.com\MaConfigAgent.exe
FirewallRules: [{A020D3F5-4CE0-4A74-B69C-0C2054C763EC}] => (Allow) C:\Program Files\ma-config.com\MaConfigAgent.exe
FirewallRules: [{CDB48C05-4DF6-4B19-98ED-628C47FA27DD}] => (Allow) C:\Users\Irondes\AppData\Local\Viber\Viber.exe
FirewallRules: [{B0E1B758-DBA1-4EF4-862B-3225DE43C6F3}] => (Allow) C:\Users\Irondes2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{99C6EB1F-732B-4920-A49F-714FE026B0F5}] => (Allow) C:\Users\Irondes2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6DF2EB0-0A6B-4D03-9442-8B976A1F52E6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{34581718-B580-45A9-9D30-2A14EF1FC1E6}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{818810B5-5D8F-4D0D-B94A-17AA47E3C6A2}] => (Allow) C:\Users\Irondes2\AppData\Local\Viber\Viber.exe
FirewallRules: [{2C3F0642-543C-4EF0-A577-990988E5AD7C}] => (Allow) C:\Users\Irondes2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F61FC8F3-9119-4391-81B5-03F7ACC0229F}] => (Allow) C:\Users\Irondes2\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8F13F2A3-6CEC-4DE8-8E4D-BF17D0E675B8}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
FirewallRules: [{4A35CFC0-E9C9-4B07-870A-C4CD7C4C40A4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DA08E37B-6B29-47DB-B3F9-48103FFF061C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79D81FF5-200C-4F98-ABB2-7C0EA1A3006F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3BB16B28-4AF4-4454-9526-9563E567CC2E}C:\program files\java\jdk1.8.0_45\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\jmc.exe
FirewallRules: [UDP Query User{1D44F08B-75CC-42BC-8662-88B5184BE3AF}C:\program files\java\jdk1.8.0_45\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\jmc.exe
FirewallRules: [{42D5A3D2-D908-4DBF-98F6-8C048CAB8882}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{FB8DE8E2-E0A9-4851-A923-1F110DFF93D4}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
FirewallRules: [{B8BC70B5-FCBD-4E11-B03D-3CE13C5AFEB8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{544FD838-1585-40F6-BB71-80529C383A72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{564454D5-4D3B-4237-87A2-C60EDBA14F35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6613ED4A-5B67-40DB-B6DF-FB8F85291D57}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{49BB948C-8B57-42CE-AD9D-5E0929A3C152}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97D60A55-BF1D-4545-8A25-151FF072E911}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5DDBEE9B-B620-4D17-B888-254BE1579EC1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{3D8AB08A-9B57-40F3-8942-0A687C930882}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{5592DC02-2367-4E64-AE45-983DA299AEAB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{4411426F-296C-4BE5-854D-D29317984B6E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{81F0BE8F-9FF3-42B5-B587-C6853400B9BD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{785ADBFE-8D7A-4B65-B680-D218490FC04B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{0ACA7A3D-88CF-40C0-AE39-A9852E63BC8C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{89227631-DD2A-4262-B358-1A5345AB791F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{7E3DDDE4-74DD-4EC0-93F6-93E137178E4E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2EB5AAE3-ECBF-4D5F-B91C-4EFCEB70D33B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
09-03-2016 17:11:32 Removed HDD Regenerator.
09-03-2016 21:11:45 Cópia de Segurança do Windows
09-03-2016 21:43:10 Installed DirectX
11-03-2016 11:40:40 Removed AVG Driver Updater
12-03-2016 22:56:21 Removed Java 8 Update 66 (64-bit)
12-03-2016 22:57:37 Removed Java 8 Update 66
12-03-2016 22:58:50 Removed Java SE Development Kit 8 Update 45 (64-bit)
12-03-2016 23:08:18 Removed BabylonObjectInstaller
 
==================== Faulty Device Manager Devices =============
 
Name: Dispositivo de sistema base
Description: Dispositivo de sistema base
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Dispositivo de sistema base
Description: Dispositivo de sistema base
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Dispositivo de sistema base
Description: Dispositivo de sistema base
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/15/2016 09:12:38 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha ao gerar o contexto de activação para "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Não foi possível localizar a Assemblagem Dependente rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0".
Utilize sxstrace.exe para obter um diagnóstico detalhado.
 
Error: (03/15/2016 08:44:58 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (03/14/2016 09:20:56 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: IronSax)
Description: O Windows não consegue iniciar sessão para o utilizador, porque não é possível carregar o perfil. Verifique se está ligado à rede ou se a rede está a funcionar correctamente. 
 
 DETALHE - Acesso negado.
 
Error: (03/14/2016 09:19:50 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: IronSax)
Description: O Windows não consegue iniciar sessão para o utilizador, porque não é possível carregar o perfil. Verifique se está ligado à rede ou se a rede está a funcionar correctamente. 
 
 DETALHE - Acesso negado.
 
Error: (03/14/2016 08:49:10 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (03/14/2016 08:42:13 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (03/14/2016 04:31:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha ao gerar o contexto de activação para "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Não foi possível localizar a Assemblagem Dependente rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0".
Utilize sxstrace.exe para obter um diagnóstico detalhado.
 
Error: (03/14/2016 02:28:09 PM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName     .
 
Error: (03/14/2016 12:13:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: winsat.exe, versão: 6.1.7601.17514, carimbo de data/hora: 0x4ce798fc
Nome do módulo com falha: msmpeg2vdec.dll, versão: 6.1.7140.0, carimbo de data/hora: 0x4a5bdff2
Código de excepção: 0xc0000005
Desvio de falha: 0x000000000009f337
ID do processo com falha: 0x15c8
Data/hora de início da aplicação com falha: 0xwinsat.exe0
Caminho da aplicação com falha: winsat.exe1
Caminho do módulo com falha: winsat.exe2
ID do Relatório: winsat.exe3
 
Error: (03/14/2016 11:16:39 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (4144) WindowsMail0: A cópia de segurança parou porque foi interrompida pelo cliente ou a ligação ao cliente falhou.
 
 
System errors:
=============
Error: (03/15/2016 09:41:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Gbpddreg svc falhou o arranque devido ao seguinte erro: 
%%2
 
Error: (03/15/2016 09:41:27 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (03/15/2016 08:48:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Gbpddreg svc falhou o arranque devido ao seguinte erro: 
%%2
 
Error: (03/15/2016 08:48:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Warsaw File Access svc falhou o arranque devido ao seguinte erro: 
%%647
 
Error: (03/15/2016 08:48:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Warsaw File Access svc falhou o arranque devido ao seguinte erro: 
%%647
 
Error: (03/15/2016 08:47:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço SaveSenseLive Service (savesenselive) falhou o arranque devido ao seguinte erro: 
%%2
 
Error: (03/15/2016 08:46:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Gbpddreg svc falhou o arranque devido ao seguinte erro: 
%%2
 
Error: (03/15/2016 08:45:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Warsaw File Access svc falhou o arranque devido ao seguinte erro: 
%%647
 
Error: (03/15/2016 08:45:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falhou o carregamento dos seguintes controladores de início de arranque ou de início do sistema: 
gbpddfac
gbpddreg
wsddfac
 
Error: (03/15/2016 08:44:30 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
 
CodeIntegrity:
===================================
  Date: 2016-02-16 09:37:50.784
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-16 09:37:50.738
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-15 18:49:47.458
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-15 18:49:47.375
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-15 18:48:29.517
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-15 18:48:29.517
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-15 15:51:54.869
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-15 15:51:54.868
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-14 17:26:24.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-02-14 17:26:24.715
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T9550 @ 2.66GHz
Percentage of memory in use: 38%
Total physical RAM: 4093.99 MB
Available physical RAM: 2511.6 MB
Total Virtual: 8186.17 MB
Available Virtual: 6534.14 MB
 
==================== Drives ================================
 
Drive c: (Vista) (Fixed) (Total:186.15 GB) (Free:39.5 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:184.99 GB) (Free:155.72 GB) NTFS
Drive h: (USB DISK) (Removable) (Total:14.9 GB) (Free:13.83 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 74371FF3)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=186.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 32A63E4B)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
 
FIXLOG.TXT======================================================

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Administrador (2016-03-15 09:42:42) Run:2
Running from H:\
Loaded Profiles: Administrador (Available Profiles: Irondes & Irondes2 & Administrador & Convidado)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_082d1b568a83a814\lpk.dll C:\Windows\System32\LPK.dll
Replace: C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll C:\Windows\SysWOW64\LPK.dll
*****************
 
C:\Windows\System32\LPK.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_082d1b568a83a814\lpk.dll copied successfully to C:\Windows\System32\LPK.dll
C:\Windows\SysWOW64\LPK.dll => moved successfully
C:\Windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll copied successfully to C:\Windows\SysWOW64\LPK.dll
 
==== End of Fixlog 09:42:42 ====


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 15 March 2016 - 11:18 AM

It looks to me like you ran the old fix I provided (when you were in the RecoveryPE) instead of the new one. I see that you're running FRST from your USB Flash Drive as well. Please delete FRST64.exe, fixlog.txt and fixlist.txt from your USB Flash Drive and run FRST from your Desktop from now on. It'll be way easier that way. Now, follow the instructions for FRST (for both the fix and the new scan) again in the post below.

http://www.bleepingcomputer.com/forums/t/607099/windows-7-stop-c0000135-the-program-cant-start-because-hs-is-missing/#entry3955522

Make sure to download the attached fixlist.txt, and move it on your Desktop, where you'll put FRST64.exe.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users