Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by a Trojan Horse today.


  • This topic is locked This topic is locked
21 replies to this topic

#1 huebr123

huebr123

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 18 March 2016 - 12:03 PM

Hello, my name is José Renato. I think i`m infected with a trojan horse. I`m brazilian and im trying my best to write in english. 

Today I downloaded a program in Piratebay and when the the dowload finished, windows defender warned me that the file was dangerous. I executed it anyway, but before starting the instalation I found everything a bit suspicious and closed the instalation (It was too late). When I closed the window windows defender notified me that I was already infected. I closed Utorrent and tried to delete the program, but it didn`t let me.  
 
After that I turned the airplane mode on, scanned my pc, and it found a Trojan Horse. In the sections "quarantined itens" and "All detected Itens" of Windows Defender I selected the option "Remove All" and than restarted my computer. After restart I could delete the infected program but odd things started to happen: (1) instalation windows started to pop in my screen and than flash out, (2) other windows popped up but it was so fast that I couldn`t see what was written on it, (3) two new drive partiotions named "winretools" and "PBR Image" appeared, (4) when I try to open some APPs this massage appears "This App can`t open. Email can`t be opened using the Built-in Administrator account. Sign in with a different account and try again".
 
This is what I could identify so far. I`m going to restar my pc again and se what happens. Thanks for Helping
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by José Renato (administrator) on JOSEPH8 (18-03-2016 13:08:46)
Running from C:\Users\José Renato\Desktop
Loaded Profiles: José Renato (Available Profiles: José Renato)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(svhost) C:\Users\José Renato\AppData\Local\Temp\msconfig.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3955888 2015-09-01] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3775816 2014-02-27] (Dell Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8468184 2015-05-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1945472 2015-11-04] (Banco do Brasil)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{818d5ec7-0acb-47de-9cb4-a68c58b6ccf0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1133689558-2677244858-2839623648-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1133689558-2677244858-2839623648-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1133689558-2677244858-2839623648-1001 -> DefaultScope {985C217E-0D4F-4B1C-BDAD-5A93117F766D} URL = 
SearchScopes: HKU\S-1-5-21-1133689558-2677244858-2839623648-1001 -> {985C217E-0D4F-4B1C-BDAD-5A93117F766D} URL = 
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com.br/","hxxp://www.google.com/","hxxps://mysearch.avg.com?cid={61924EF1-2804-4FAE-9D12-64C963B610CB}&mid=51ec5f78daef47d3afb221328d1de735-b95f494332973c8a847b04572fa66e7bc2bc60f5&lang=pt-br&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-30 11:55:51&v=3.2.0.14&pid=wtu&sg=&sap=hp","hxxps://mysearch.avg.com?cid={61924EF1-2804-4FAE-9D12-64C963B610CB}&mid=51ec5f78daef47d3afb221328d1de735-b95f494332973c8a847b04572fa66e7bc2bc60f5&lang=pt-br&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-30 11:55:51&v=3.2.0.15&pid=wtu&sg=&sap=hp"
CHR Profile: C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-17]
CHR Extension: (Google Drive) - C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-17]
CHR Extension: (YouTube) - C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-17]
CHR Extension: (Google Search) - C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-17]
CHR Extension: (Planilhas do Google) - C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-17]
CHR Extension: (Documentos Google off-line) - C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18]
CHR Extension: (Pink Floyd - The Wall) - C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkeomdjahkcjckfbhpdaflfmiahnaaa [2015-11-17]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-17]
CHR Extension: (Gmail) - C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-18] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [49864 2015-08-24] ()
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [593120 2015-11-04] (GAS Tecnologia)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2020240 2015-01-23] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256688 2015-09-01] (Synaptics Incorporated)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [564144 2015-05-21] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4341424 2016-01-06] (Qualcomm Atheros Communications, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-03-18] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2016-03-18] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-22] (GAS Tecnologia)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [752856 2015-06-24] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-06-24] (Realsil Semiconductor Corporation)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [83968 2013-11-21] (STMicroelectronics)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [67248 2015-09-01] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-22] (GAS Tecnologia LTDA)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-03-18] (GAS Tecnologia)
R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-18 13:08 - 2016-03-18 13:09 - 00017776 _____ C:\Users\José Renato\Desktop\FRST.txt
2016-03-18 13:07 - 2016-03-18 13:08 - 00000000 ____D C:\FRST
2016-03-18 13:06 - 2016-03-18 13:06 - 02374144 _____ (Farbar) C:\Users\José Renato\Desktop\FRST64.exe
2016-03-18 11:05 - 2016-03-18 11:05 - 02832134 _____ C:\WINDOWS\chromebrowser.exe
2016-03-12 21:06 - 2016-03-12 21:06 - 00000000 ____D C:\Users\José Renato\AppData\Roaming\WinRAR
2016-03-12 21:06 - 2016-03-12 21:06 - 00000000 ____D C:\Users\José Renato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-12 21:06 - 2016-03-12 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-12 21:05 - 2016-03-12 21:06 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-03-09 19:12 - 2016-02-24 06:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 19:12 - 2016-02-24 03:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-09 19:12 - 2016-02-24 03:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 19:12 - 2016-02-24 03:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-09 19:12 - 2016-02-24 03:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 19:12 - 2016-02-24 02:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-09 19:12 - 2016-02-24 02:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-09 19:12 - 2016-02-24 02:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 19:11 - 2016-03-01 02:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-09 19:11 - 2016-03-01 02:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-09 19:11 - 2016-02-24 06:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-09 19:11 - 2016-02-24 06:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 19:11 - 2016-02-24 06:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 19:11 - 2016-02-24 06:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 19:11 - 2016-02-24 06:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 19:11 - 2016-02-24 06:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-09 19:11 - 2016-02-24 06:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-09 19:11 - 2016-02-24 05:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 19:11 - 2016-02-24 05:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 19:11 - 2016-02-24 05:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 19:11 - 2016-02-24 05:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-09 19:11 - 2016-02-24 05:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-09 19:11 - 2016-02-24 05:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-09 19:11 - 2016-02-24 05:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-09 19:11 - 2016-02-24 05:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-09 19:11 - 2016-02-24 05:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 19:11 - 2016-02-24 05:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-09 19:11 - 2016-02-24 05:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-09 19:11 - 2016-02-24 05:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 19:11 - 2016-02-24 05:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-09 19:11 - 2016-02-24 05:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-09 19:11 - 2016-02-24 05:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-09 19:11 - 2016-02-24 05:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 19:11 - 2016-02-24 05:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 19:11 - 2016-02-24 05:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-09 19:11 - 2016-02-24 05:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 19:11 - 2016-02-24 05:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 19:11 - 2016-02-24 05:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-09 19:11 - 2016-02-24 04:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-09 19:11 - 2016-02-24 04:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-09 19:11 - 2016-02-24 04:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-09 19:11 - 2016-02-24 04:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-09 19:11 - 2016-02-24 04:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-09 19:11 - 2016-02-24 04:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-09 19:11 - 2016-02-24 04:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-09 19:11 - 2016-02-24 04:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 19:11 - 2016-02-24 04:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-09 19:11 - 2016-02-24 04:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 19:11 - 2016-02-24 04:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 19:11 - 2016-02-24 04:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 19:11 - 2016-02-24 04:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-09 19:11 - 2016-02-24 04:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-09 19:11 - 2016-02-24 04:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 19:11 - 2016-02-24 04:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-09 19:11 - 2016-02-24 04:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-09 19:11 - 2016-02-24 04:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-09 19:11 - 2016-02-24 04:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 19:11 - 2016-02-24 04:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-09 19:11 - 2016-02-24 04:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 19:11 - 2016-02-24 04:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 19:11 - 2016-02-24 04:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-09 19:11 - 2016-02-24 04:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-09 19:11 - 2016-02-24 04:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-09 19:11 - 2016-02-24 04:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-09 19:11 - 2016-02-24 04:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-09 19:11 - 2016-02-24 04:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-09 19:11 - 2016-02-24 04:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-09 19:11 - 2016-02-24 04:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-09 19:11 - 2016-02-24 04:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-09 19:11 - 2016-02-24 04:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 19:11 - 2016-02-24 04:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-09 19:11 - 2016-02-24 04:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-09 19:11 - 2016-02-24 04:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-09 19:11 - 2016-02-24 03:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-09 19:11 - 2016-02-24 03:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-09 19:11 - 2016-02-24 03:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-09 19:11 - 2016-02-24 03:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-09 19:11 - 2016-02-24 03:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-09 19:11 - 2016-02-24 03:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-09 19:11 - 2016-02-24 03:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 19:11 - 2016-02-24 03:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-09 19:11 - 2016-02-24 03:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 19:11 - 2016-02-24 03:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 19:11 - 2016-02-24 03:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-09 19:11 - 2016-02-24 03:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-09 19:11 - 2016-02-24 03:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-09 19:11 - 2016-02-24 03:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-09 19:11 - 2016-02-24 03:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-09 19:11 - 2016-02-24 03:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-09 19:11 - 2016-02-24 03:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-09 19:11 - 2016-02-24 03:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-09 19:11 - 2016-02-24 03:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-09 19:11 - 2016-02-24 03:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-09 19:11 - 2016-02-24 03:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 19:11 - 2016-02-24 03:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 19:11 - 2016-02-24 03:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-09 19:11 - 2016-02-24 03:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-09 19:11 - 2016-02-24 03:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 19:11 - 2016-02-24 03:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-09 19:11 - 2016-02-24 03:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 19:11 - 2016-02-24 03:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-09 19:11 - 2016-02-24 03:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-09 19:11 - 2016-02-24 03:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-09 19:11 - 2016-02-24 03:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 19:11 - 2016-02-24 03:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-09 19:11 - 2016-02-24 03:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-09 19:11 - 2016-02-24 03:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-09 19:11 - 2016-02-24 03:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 19:11 - 2016-02-24 03:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-09 19:11 - 2016-02-24 03:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-09 19:11 - 2016-02-24 03:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 19:11 - 2016-02-24 03:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 19:11 - 2016-02-24 03:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-09 19:11 - 2016-02-24 03:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-09 19:11 - 2016-02-24 03:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-09 19:11 - 2016-02-24 03:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-09 19:11 - 2016-02-24 03:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-09 19:11 - 2016-02-24 03:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-09 19:11 - 2016-02-24 03:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-09 19:11 - 2016-02-24 03:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-09 19:11 - 2016-02-24 03:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-09 19:11 - 2016-02-24 03:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-09 19:11 - 2016-02-24 03:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 19:11 - 2016-02-24 03:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-09 19:11 - 2016-02-24 03:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-09 19:11 - 2016-02-24 03:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-09 19:11 - 2016-02-24 02:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-09 19:11 - 2016-02-24 02:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-09 19:11 - 2016-02-24 02:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-09 19:11 - 2016-02-24 02:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 19:11 - 2016-02-24 02:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 19:11 - 2016-02-24 02:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 19:11 - 2016-02-24 02:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 19:11 - 2016-02-24 02:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 19:11 - 2016-02-24 02:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 19:11 - 2016-02-24 02:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 19:11 - 2016-02-24 01:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 19:11 - 2016-02-24 01:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 19:10 - 2016-02-24 04:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 19:10 - 2016-02-24 04:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-09 19:10 - 2016-02-24 04:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-09 19:10 - 2016-02-24 04:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 19:10 - 2016-02-24 04:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-09 19:10 - 2016-02-24 03:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-09 19:10 - 2016-02-24 03:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 19:10 - 2016-02-24 03:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-09 19:10 - 2016-02-24 03:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 19:10 - 2016-02-24 03:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 19:10 - 2016-02-24 03:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 19:10 - 2016-02-24 03:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-09 19:10 - 2016-02-24 03:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-09 19:10 - 2016-02-24 03:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 19:10 - 2016-02-24 03:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-09 19:10 - 2016-02-24 03:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-09 19:10 - 2016-02-24 03:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-07 11:47 - 2016-03-07 11:47 - 00000000 ____D C:\ProgramData\HP
2016-03-01 15:49 - 2016-02-23 08:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-01 15:49 - 2016-02-23 07:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-01 15:49 - 2016-02-23 07:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-01 15:49 - 2016-02-23 06:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-01 15:49 - 2016-02-23 05:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-01 15:49 - 2016-02-23 05:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-01 15:49 - 2016-02-23 05:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-01 15:49 - 2016-02-23 04:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-01 15:49 - 2016-02-23 04:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-01 15:49 - 2016-02-23 03:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-01 15:49 - 2016-02-23 03:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-01 15:49 - 2016-02-23 03:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-01 15:49 - 2016-02-23 03:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-01 15:49 - 2016-02-23 03:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-01 15:49 - 2016-02-23 03:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-01 15:49 - 2016-02-09 00:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-01 15:49 - 2016-02-09 00:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-01 15:48 - 2016-02-23 08:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 15:48 - 2016-02-23 08:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-01 15:48 - 2016-02-23 07:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-01 15:48 - 2016-02-23 07:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-01 15:48 - 2016-02-23 07:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-01 15:48 - 2016-02-23 07:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-01 15:48 - 2016-02-23 07:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-01 15:48 - 2016-02-23 07:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-01 15:48 - 2016-02-23 07:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-01 15:48 - 2016-02-23 07:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-01 15:48 - 2016-02-23 07:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-01 15:48 - 2016-02-23 07:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-01 15:48 - 2016-02-23 07:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-01 15:48 - 2016-02-23 07:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-01 15:48 - 2016-02-23 07:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-01 15:48 - 2016-02-23 06:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-01 15:48 - 2016-02-23 06:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-01 15:48 - 2016-02-23 06:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-01 15:48 - 2016-02-23 06:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-01 15:48 - 2016-02-23 06:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-01 15:48 - 2016-02-23 06:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-01 15:48 - 2016-02-23 06:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-01 15:48 - 2016-02-23 06:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-01 15:48 - 2016-02-23 06:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-01 15:48 - 2016-02-23 06:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-01 15:48 - 2016-02-23 05:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-01 15:48 - 2016-02-23 05:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-01 15:48 - 2016-02-23 05:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-01 15:48 - 2016-02-23 05:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-01 15:48 - 2016-02-23 05:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-01 15:48 - 2016-02-23 05:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-01 15:48 - 2016-02-23 05:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-01 15:48 - 2016-02-23 05:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-01 15:48 - 2016-02-23 05:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-01 15:48 - 2016-02-23 05:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-01 15:48 - 2016-02-23 05:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-01 15:48 - 2016-02-23 05:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-01 15:48 - 2016-02-23 05:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-01 15:48 - 2016-02-23 05:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-01 15:48 - 2016-02-23 05:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-01 15:48 - 2016-02-23 05:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-01 15:48 - 2016-02-23 05:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-01 15:48 - 2016-02-23 04:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-01 15:48 - 2016-02-23 04:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-01 15:48 - 2016-02-23 04:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-01 15:48 - 2016-02-23 04:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-01 15:48 - 2016-02-23 04:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-01 15:48 - 2016-02-23 04:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-01 15:48 - 2016-02-23 04:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-01 15:48 - 2016-02-23 04:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-01 15:48 - 2016-02-23 04:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-01 15:48 - 2016-02-23 04:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-01 15:48 - 2016-02-23 04:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-01 15:48 - 2016-02-23 03:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-01 15:48 - 2016-02-23 03:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-01 15:48 - 2016-02-23 03:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-01 15:48 - 2016-02-23 03:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-01 15:48 - 2016-02-23 03:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-01 15:48 - 2016-02-23 03:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-01 15:48 - 2016-02-23 03:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-01 15:48 - 2016-02-09 00:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-01 15:47 - 2016-02-23 08:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-01 15:47 - 2016-02-23 08:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-01 15:47 - 2016-02-23 08:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-01 15:47 - 2016-02-23 08:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-01 15:47 - 2016-02-23 08:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-01 15:47 - 2016-02-23 08:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-01 15:47 - 2016-02-23 08:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-01 15:47 - 2016-02-23 07:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-01 15:47 - 2016-02-23 07:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-01 15:47 - 2016-02-23 07:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-01 15:47 - 2016-02-23 07:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-01 15:47 - 2016-02-23 06:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-01 15:47 - 2016-02-23 06:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-01 15:47 - 2016-02-23 06:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-01 15:47 - 2016-02-23 06:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-01 15:47 - 2016-02-23 06:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-01 15:47 - 2016-02-23 06:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-01 15:47 - 2016-02-23 06:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-01 15:47 - 2016-02-23 06:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-01 15:47 - 2016-02-23 06:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-01 15:47 - 2016-02-23 06:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-01 15:47 - 2016-02-23 06:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-01 15:47 - 2016-02-23 06:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-01 15:47 - 2016-02-23 06:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-01 15:47 - 2016-02-23 06:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-01 15:47 - 2016-02-23 06:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-01 15:47 - 2016-02-23 06:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-01 15:47 - 2016-02-23 06:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-01 15:47 - 2016-02-23 05:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-01 15:47 - 2016-02-23 05:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-01 15:47 - 2016-02-23 05:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-01 15:47 - 2016-02-23 05:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-01 15:47 - 2016-02-23 05:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-01 15:47 - 2016-02-23 05:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-01 15:47 - 2016-02-23 05:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-01 15:47 - 2016-02-23 05:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-01 15:47 - 2016-02-23 05:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-01 15:47 - 2016-02-23 05:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-01 15:47 - 2016-02-23 05:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-01 15:47 - 2016-02-23 05:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-01 15:47 - 2016-02-23 05:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-01 15:47 - 2016-02-23 05:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-01 15:47 - 2016-02-23 05:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-01 15:47 - 2016-02-23 05:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-01 15:47 - 2016-02-23 05:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-01 15:47 - 2016-02-23 05:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-01 15:47 - 2016-02-23 05:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-01 15:47 - 2016-02-23 05:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-01 15:47 - 2016-02-23 05:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-01 15:47 - 2016-02-23 05:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-01 15:47 - 2016-02-23 05:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-01 15:47 - 2016-02-23 05:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-01 15:47 - 2016-02-23 05:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-01 15:47 - 2016-02-23 05:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-01 15:47 - 2016-02-23 05:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 15:47 - 2016-02-23 05:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-01 15:47 - 2016-02-23 05:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-01 15:47 - 2016-02-23 05:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-01 15:47 - 2016-02-23 05:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-01 15:47 - 2016-02-23 05:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-01 15:47 - 2016-02-23 05:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-01 15:47 - 2016-02-23 05:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-01 15:47 - 2016-02-23 05:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-01 15:47 - 2016-02-23 05:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-01 15:47 - 2016-02-23 05:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-01 15:47 - 2016-02-23 05:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-01 15:47 - 2016-02-23 04:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-01 15:47 - 2016-02-23 04:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-01 15:47 - 2016-02-23 04:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-01 15:47 - 2016-02-23 04:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-01 15:47 - 2016-02-23 04:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-01 15:47 - 2016-02-23 04:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-01 15:47 - 2016-02-23 04:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-01 15:47 - 2016-02-23 04:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-01 15:47 - 2016-02-23 04:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-01 15:47 - 2016-02-23 04:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-01 15:47 - 2016-02-23 04:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-01 15:47 - 2016-02-23 04:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 15:47 - 2016-02-23 04:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-01 15:47 - 2016-02-23 04:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-01 15:47 - 2016-02-23 04:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-01 15:47 - 2016-02-23 04:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-01 15:47 - 2016-02-23 04:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-01 15:47 - 2016-02-23 04:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-01 15:47 - 2016-02-23 04:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-01 15:47 - 2016-02-23 04:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-01 15:47 - 2016-02-23 04:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-01 15:47 - 2016-02-23 04:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-01 15:47 - 2016-02-23 04:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-01 15:47 - 2016-02-23 03:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-01 15:47 - 2016-02-23 03:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-01 15:47 - 2016-02-23 03:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-01 15:47 - 2016-02-23 03:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-01 15:47 - 2016-02-23 03:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-01 15:47 - 2016-02-23 03:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-01 15:47 - 2016-02-23 03:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-01 15:47 - 2016-02-09 01:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-01 15:47 - 2016-02-09 01:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-01 15:47 - 2016-02-09 00:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-01 15:47 - 2016-02-09 00:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-01 15:47 - 2016-02-09 00:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-02-27 14:07 - 2016-02-27 14:08 - 01473834 _____ C:\Users\José Renato\Downloads\medicina_popular_3a_edicao.pdf
2016-02-25 13:25 - 2016-02-25 13:25 - 00001024 _____ C:\.rnd
2016-02-25 13:24 - 2016-03-18 11:19 - 00101080 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2016-02-25 13:24 - 2016-02-25 13:24 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2016-02-25 13:24 - 2016-02-25 13:24 - 00000000 ___HD C:\Program Files (x86)\Diebold
2016-02-25 13:24 - 2016-02-25 13:24 - 00000000 ____D C:\Program Files\Diebold
2016-02-25 13:24 - 2015-03-18 11:23 - 00103640 ____N (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddpp.sys
2016-02-25 13:23 - 2016-03-18 11:20 - 00028888 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\gbpddfac64.sys
2016-02-25 13:23 - 2016-03-18 11:19 - 00029816 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\gbpddreg64.sys
2016-02-25 13:23 - 2016-02-25 13:23 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2016-02-25 13:22 - 2016-03-18 11:18 - 00000000 ____D C:\ProgramData\GbPlugin
2016-02-25 13:22 - 2016-03-18 11:18 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-02-19 10:15 - 2016-02-19 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-18 13:07 - 2015-11-18 19:10 - 00000000 ____D C:\Users\José Renato\Downloads\Programas
2016-03-18 13:04 - 2015-11-18 19:27 - 00000000 ___RD C:\Users\José Renato\Dropbox
2016-03-18 13:04 - 2015-11-18 19:25 - 00000000 ____D C:\Users\José Renato\AppData\Local\Dropbox
2016-03-18 12:30 - 2015-11-18 19:25 - 00001046 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-18 12:25 - 2015-11-17 19:58 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-18 11:28 - 2015-07-16 20:56 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-03-18 11:20 - 2015-11-21 22:00 - 00000000 __SHD C:\Users\José Renato\IntelGraphicsProfiles
2016-03-18 11:20 - 2015-11-17 19:58 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-18 11:19 - 2015-11-18 19:25 - 00001042 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-18 11:18 - 2015-11-21 21:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-18 11:17 - 2015-10-30 03:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-18 11:07 - 2016-01-02 22:20 - 00000000 ____D C:\Users\José Renato\AppData\Roaming\uTorrent
2016-03-18 00:10 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-17 20:10 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-14 22:27 - 2015-11-17 19:59 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 12:20 - 2015-11-24 09:11 - 00000000 ____D C:\Users\José Renato\Documents\Saúde Integrativa
2016-03-12 21:40 - 2015-11-18 19:22 - 00000000 ____D C:\Users\José Renato\AppData\Roaming\vlc
2016-03-12 19:20 - 2015-11-21 21:49 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-12 19:20 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-11 18:49 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-11 09:14 - 2015-11-24 09:15 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-10 13:18 - 2015-11-21 21:25 - 00206984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-09 23:17 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-09 23:17 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-09 23:17 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-09 23:17 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-09 20:21 - 2015-11-21 15:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 20:13 - 2015-11-21 15:25 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-08 04:12 - 2015-10-30 04:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 04:12 - 2015-10-30 04:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-06 23:02 - 2015-11-18 12:44 - 00000000 ____D C:\Users\José Renato\Documents\Unb
2016-03-05 15:34 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-03 12:43 - 2015-11-17 19:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-03 00:31 - 2015-10-30 06:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-03 00:31 - 2015-10-30 04:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-03 00:31 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-03 00:31 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-03 00:31 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-03 00:31 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-03 00:31 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-03 00:31 - 2015-10-30 03:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-03 00:31 - 2015-10-30 03:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-25 13:27 - 2015-11-17 19:30 - 00000000 ____D C:\Users\José Renato\AppData\Local\VirtualStore
2016-02-23 13:12 - 2016-01-09 10:54 - 00000000 ____D C:\Users\José Renato\AppData\Local\ElevatedDiagnostics
2016-02-19 10:15 - 2015-07-16 21:00 - 00000000 ____D C:\Program Files (x86)\Dropbox
 
==================== Files in the root of some directories =======
 
2015-11-21 21:30 - 2015-11-21 21:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\José Renato\AppData\Local\Temp\7za.exe
C:\Users\José Renato\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\José Renato\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmbxapx.dll
C:\Users\José Renato\AppData\Local\Temp\GoogleEarthProWin.exe
C:\Users\José Renato\AppData\Local\Temp\MediaPlayer__3137_il379812.exe
C:\Users\José Renato\AppData\Local\Temp\mesox.exe
C:\Users\José Renato\AppData\Local\Temp\msconfig.exe
C:\Users\José Renato\AppData\Local\Temp\setdd.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-11 18:49
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by José Renato (2016-03-18 13:10:16)
Running from C:\Users\José Renato\Desktop
Windows 10 Home Version 1511 (X64) (2015-11-22 00:55:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1133689558-2677244858-2839623648-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1133689558-2677244858-2839623648-503 - Limited - Disabled)
Guest (S-1-5-21-1133689558-2677244858-2839623648-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1133689558-2677244858-2839623648-1003 - Limited - Enabled)
José Renato (S-1-5-21-1133689558-2677244858-2839623648-1001 - Administrator - Enabled) => C:\Users\José Renato

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1133689558-2677244858-2839623648-1001\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Ajuda e Suporte da Dell (Version: 2.0.366.0 - Dell Inc.) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{AE5E3C86-2633-4DAF-A7F4-C43D1E738BAE}) (Version: 3.1.3300.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Maxx Audio Installer (x64) (Version: 2.6.6168.1 - Waves Audio Ltd.) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.328 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.21 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.94 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0052 - ST Microelectronics)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warsaw 1.11.0.42826 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.11.0.42826 - GAS Tecnologia)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1133689558-2677244858-2839623648-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\José Renato\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1133689558-2677244858-2839623648-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0066FFD1-6FA7-48CC-A632-431CA6983C90} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {088A6C84-334C-4DA3-9A6F-D961A5CC477C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0B131A7C-5E74-4E51-918D-2235E817892C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0C75B6D5-DCA9-4FFF-9531-B6DA10244DC0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1005C965-166F-4C18-BB4A-82E095A7007A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
Task: {11A4006C-05AF-4A0C-A1AF-F021C15DBA7D} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-28] (Realtek Semiconductor)
Task: {17020C88-5FE7-4C9F-8329-47B642CFB7C1} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {27444CB8-ECFB-4B70-8C9D-5F9A12AB93FF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-18] (Dropbox, Inc.)
Task: {32283816-0097-48AF-B911-0C246C921BA3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {36E701E0-704B-464F-9392-4558A56381F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3EFA7768-42F2-4E52-A607-8B350A576063} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3F59BF48-6108-478E-888B-BBA78B22EFC3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {4DB91B9C-8E7B-438E-A1E4-84834889FADA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-18] (Dropbox, Inc.)
Task: {4FC6550F-9AB6-4E46-8FA5-622054EA6BFF} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {580D0C70-AE5F-4494-A944-48E7B30FE26F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
Task: {8C634A98-772C-4405-93AA-21F24A86341E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {94428E22-793F-45B4-9078-97484257F02E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {95EA5A70-6D26-4A4B-B985-FBCC1F2841AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {98EB5AF7-BBCE-4F1E-B726-034AFAEAAD94} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-17] (Google Inc.)
Task: {9AF93BE8-2AA1-4737-B48E-C4F61B5A24E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A41FC324-E122-4785-826D-53018FB59128} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B49486C0-8E98-487B-995E-D1C64AAEC99A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C1A0393D-1508-4FCF-A980-6DC31F8FF33E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-01] (Synaptics Incorporated)
Task: {D926FE14-E195-44E2-85CE-116AFB023144} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {DBF5E476-555E-4810-8060-D75C84FCEDB8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E222922B-454B-44B6-84C0-883B93F2AC3A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EE921776-327F-4A06-AF30-62B27F93D146} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\WINDOWS\TEMP\DeleteFolderTask.exe [2015-12-20] ()
Task: {F378AE4F-9643-46FF-9D57-F02712F65994} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-12-29] (PC-Doctor, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => EI cmd c sc start Dell Help Support WORKGROUP JOSEPH8

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 04:17 - 2015-10-30 04:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-01 15:48 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 15:48 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-11 18:16 - 2016-02-11 18:20 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 08:03 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 15:47 - 2016-02-23 05:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-11 18:39 - 2016-01-04 22:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-11 18:39 - 2016-01-04 22:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-11 18:39 - 2016-01-16 02:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-11 18:39 - 2016-01-16 02:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-24 15:32 - 2015-08-24 15:32 - 00049864 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2016-02-11 18:16 - 2016-02-11 18:20 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-07-16 20:58 - 2015-01-27 12:26 - 01905904 ____N () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2015-07-16 20:58 - 2012-11-26 00:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-07-16 20:56 - 2014-02-18 16:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2016-03-14 22:26 - 2016-03-07 23:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-14 22:26 - 2016-03-07 23:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2015-12-18 11:33 - 2016-01-12 15:44 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-02-19 10:15 - 2016-01-12 15:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2015-12-18 11:33 - 2016-01-12 15:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-18 11:33 - 2016-01-12 15:44 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-18 11:33 - 2016-01-12 15:44 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-18 11:33 - 2016-02-16 15:39 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-18 11:33 - 2016-01-12 15:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2015-12-18 11:33 - 2016-01-12 15:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-18 11:33 - 2016-02-16 15:39 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-18 11:33 - 2016-01-12 15:44 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-02-19 10:15 - 2016-02-16 15:38 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-18 11:33 - 2016-01-12 15:45 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-02-19 10:15 - 2016-02-16 15:38 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-02-19 10:15 - 2016-02-16 15:38 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-18 11:33 - 2016-02-16 15:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-18 11:33 - 2016-02-16 15:39 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-19 10:15 - 2016-02-16 15:39 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-18 11:33 - 2016-01-12 15:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-18 11:33 - 2016-01-12 15:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-18 11:33 - 2016-01-12 15:47 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-18 11:33 - 2016-01-12 15:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-19 10:15 - 2016-02-16 15:39 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-18 11:33 - 2016-01-12 15:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-18 11:33 - 2016-01-12 15:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-18 11:33 - 2016-01-12 15:47 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-18 11:33 - 2016-01-12 15:47 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-18 11:33 - 2016-01-12 15:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-18 11:33 - 2016-01-12 15:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-19 10:15 - 2016-02-16 15:39 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-18 11:33 - 2016-01-12 15:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-18 11:33 - 2016-01-12 15:47 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-02-19 10:15 - 2016-02-16 15:38 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-02-19 10:15 - 2016-02-16 15:39 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-02-19 10:15 - 2016-01-12 15:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-02-19 10:15 - 2016-02-16 15:39 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-02-19 10:15 - 2015-11-04 21:04 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2015-12-18 11:33 - 2016-02-16 15:39 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-18 11:33 - 2016-01-12 15:44 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2015-12-18 11:33 - 2016-01-12 15:44 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-02-19 10:15 - 2016-01-12 15:45 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2015-12-18 11:33 - 2016-02-16 15:39 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-19 10:15 - 2016-02-16 15:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-19 10:15 - 2016-02-16 15:39 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-19 10:15 - 2016-02-16 15:39 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-19 10:15 - 2016-02-16 15:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-02-19 10:15 - 2016-02-16 15:38 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-18 11:33 - 2016-01-12 15:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-19 10:15 - 2016-02-16 15:39 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-02-19 10:15 - 2016-02-16 15:39 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2015-12-18 11:33 - 2016-02-16 15:39 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-18 11:33 - 2016-01-12 15:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2015-12-18 11:33 - 2016-02-16 15:39 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-18 11:33 - 2016-02-16 15:39 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-18 11:33 - 2016-02-16 15:39 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2015-12-18 11:33 - 2016-02-16 15:39 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2015-12-18 11:33 - 2016-02-16 15:39 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2015-12-18 11:33 - 2016-02-16 15:39 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-02-19 10:15 - 2016-02-16 15:39 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-02-19 10:15 - 2016-02-16 15:39 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-02-19 10:15 - 2016-01-12 15:49 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-02-19 10:15 - 2016-01-12 15:49 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2015-12-18 11:33 - 2016-02-16 15:39 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\WINDOWS\System32:3626CAFE_Bb.gbp [2]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1254]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1133689558-2677244858-2839623648-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-1133689558-2677244858-2839623648-1001\...\bb.com.br -> aapj.bb.com.br

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1133689558-2677244858-2839623648-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\José Renato\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\tama_river_in_the_musashi_province.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "DropboxOEM"
HKU\S-1-5-21-1133689558-2677244858-2839623648-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3837043D-0D94-4508-A778-74C665978E3A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E4853335-0F00-4978-94EC-52936546BDBC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{061BE7B9-2A35-47AB-A21F-6A185A948FD8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{1DA9FDBC-A55E-4FE6-9D9D-06B2730CB252}C:\users\josé renato\downloads\juegos\downloader_diablo2_enus.exe] => (Allow) C:\users\josé renato\downloads\juegos\downloader_diablo2_enus.exe
FirewallRules: [UDP Query User{944FC7D4-AECD-4DC6-B028-B9890B827061}C:\users\josé renato\downloads\juegos\downloader_diablo2_enus.exe] => (Allow) C:\users\josé renato\downloads\juegos\downloader_diablo2_enus.exe
FirewallRules: [TCP Query User{CF4A5BCB-3F03-4A6C-B861-48127A91E12E}C:\users\josé renato\downloads\juegos\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\josé renato\downloads\juegos\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [UDP Query User{993E1A0B-4270-44F5-8410-1B59B2880EC8}C:\users\josé renato\downloads\juegos\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\josé renato\downloads\juegos\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [TCP Query User{B9F7F325-F8BC-4FEF-9E0F-D3B81BEE48EF}C:\program files\diablo 2\diablo ii\game.exe] => (Allow) C:\program files\diablo 2\diablo ii\game.exe
FirewallRules: [UDP Query User{4B92DBA8-02A2-439B-99FD-B8FA00546403}C:\program files\diablo 2\diablo ii\game.exe] => (Allow) C:\program files\diablo 2\diablo ii\game.exe
FirewallRules: [{7A2AF2C0-FA8C-4F12-ABAE-4891230690D2}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{885329EB-18CA-44F5-8E47-CD292E02BC9B}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{B7851A2A-62C7-463F-AE40-FC41201B2D46}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5E278454-6AB0-4706-82BC-DB9C2DE29974}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A856DFD7-E1ED-48C1-9D95-1A3D5D00F1C0}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AFF093D2-0C52-4777-88D7-8520DB242C89}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E534C594-5574-42F4-B596-ACEF4FDE87CF}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{929796B3-0770-4DD1-805A-A1AC638CD49E}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D6E24509-A92B-400C-BFAC-4864236861E7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{18C9A874-00EF-4931-8B13-14BFAFEB0FF0}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{E1DA7690-0F62-4EA1-8DA7-EC1382E17268}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-03-2016 20:11:30 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2016 01:01:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH8)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/18/2016 01:01:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH8)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/18/2016 01:01:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH8)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/18/2016 01:01:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH8)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/18/2016 01:01:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH8)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/18/2016 01:01:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH8)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/18/2016 01:01:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH8)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/18/2016 01:01:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH8)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/18/2016 01:01:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH8)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/18/2016 12:44:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPH8)
Description: Activation of app 4DF9E0F8.Netflix_mcm4njqhnhss8!Netflix.App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (03/18/2016 12:33:36 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume82

Error: (03/18/2016 12:16:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/18/2016 12:01:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/18/2016 11:25:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/18/2016 11:21:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Foundation Services service failed to start due to the following error:
%%1053

Error: (03/18/2016 11:21:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Foundation Services service to connect.

Error: (03/18/2016 11:18:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
%%1275

Error: (03/18/2016 11:17:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_10097de6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/18/2016 11:17:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_10097de6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/18/2016 11:17:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_10097de6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-03-11 19:40:16.577
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-10 13:18:59.130
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-03 12:42:44.537
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-24 10:53:43.706
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-12 23:56:01.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-12 18:15:35.212
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-11 16:22:22.296
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-30 20:13:09.117
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-30 11:55:34.956
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-20 09:42:03.514
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 64%
Total physical RAM: 3979.2 MB
Available physical RAM: 1402.48 MB
Total Virtual: 5195.2 MB
Available Virtual: 2589.3 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.47 GB) (Free:396.26 GB) NTFS
Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:7.43 GB) (Free:0.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 446C6173)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 18 March 2016 - 03:32 PM.


BC AdBot (Login to Remove)

 


#2 huebr123

huebr123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 18 March 2016 - 12:16 PM

Maybe is woth to mention that the name of the program that infected my computer was "google earth pro". I do not know exactly the name of the file becouse I deleted it from my pc and it is been already deleted from piratebay website.



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 18 March 2016 - 03:43 PM

Greetings Jose and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
C:\Users\José Renato\AppData\Local\Temp\msconfig.exe
SearchScopes: HKU\S-1-5-21-1133689558-2677244858-2839623648-1001 -> DefaultScope {985C217E-0D4F-4B1C-BDAD-5A93117F766D} URL = 
SearchScopes: HKU\S-1-5-21-1133689558-2677244858-2839623648-1001 -> {985C217E-0D4F-4B1C-BDAD-5A93117F766D} URL = 
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
2016-03-18 11:05 - 2016-03-18 11:05 - 02832134 _____ C:\WINDOWS\chromebrowser.exe
C:\WINDOWS\chromebrowser.exe
C:\Users\José Renato\AppData\Local\Temp\7za.exe
C:\Users\José Renato\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\José Renato\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmbxapx.dll
C:\Users\José Renato\AppData\Local\Temp\GoogleEarthProWin.exe
C:\Users\José Renato\AppData\Local\Temp\MediaPlayer__3137_il379812.exe
C:\Users\José Renato\AppData\Local\Temp\mesox.exe
C:\Users\José Renato\AppData\Local\Temp\msconfig.exe
C:\Users\José Renato\AppData\Local\Temp\setdd.exe
Task: {088A6C84-334C-4DA3-9A6F-D961A5CC477C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0B131A7C-5E74-4E51-918D-2235E817892C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0C75B6D5-DCA9-4FFF-9531-B6DA10244DC0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {32283816-0097-48AF-B911-0C246C921BA3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {36E701E0-704B-464F-9392-4558A56381F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3EFA7768-42F2-4E52-A607-8B350A576063} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {95EA5A70-6D26-4A4B-B985-FBCC1F2841AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9AF93BE8-2AA1-4737-B48E-C4F61B5A24E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A41FC324-E122-4785-826D-53018FB59128} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DBF5E476-555E-4810-8060-D75C84FCEDB8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E222922B-454B-44B6-84C0-883B93F2AC3A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EE921776-327F-4A06-AF30-62B27F93D146} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\WINDOWS\TEMP\DeleteFolderTask.exe [2015-12-20] ()
C:\WINDOWS\TEMP\DeleteFolderTask.exe
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\WINDOWS\System32:3626CAFE_Bb.gbp [2]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1254]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434]
FirewallRules: [{B7851A2A-62C7-463F-AE40-FC41201B2D46}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5E278454-6AB0-4706-82BC-DB9C2DE29974}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A856DFD7-E1ED-48C1-9D95-1A3D5D00F1C0}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AFF093D2-0C52-4777-88D7-8520DB242C89}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E534C594-5574-42F4-B596-ACEF4FDE87CF}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{929796B3-0770-4DD1-805A-A1AC638CD49E}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program, this may take some time
  • Click on 2. Scan
  • Click Yes to detecting Potentially Unwanted Programs
  • Click Malware Scan
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste or attach the report to your reply
  • Close the program then click Close
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Emsisoft report
  • System Summary Information
  • Update on computer behavior

Edited by Oh My!, 18 March 2016 - 03:44 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 huebr123

huebr123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 18 March 2016 - 05:38 PM

Hi Gary !  first of all I want to thank you for the help. 

 

I've done everything you asked. We might have a problem, the Emsisoft Emergency Kit report was generated in portuguese but if you need I can re-scan and send you a new report (It selected portugues automatically, but i've already changed the language).

 

The computer still behaving the same way. Is kind of working ok, but I still shows the odd things: (1) I cannot open any APP becouse it says "cannot open app using Build-in administrator account", (2) The two drive partitions still there and a new drive partition named "ESP" appeared, (3) I`m not able to change or do anything in my account setting

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by José Renato (2016-03-18 17:52:00) Run:1
Running from C:\Users\José Renato\Desktop
Loaded Profiles: José Renato (Available Profiles: José Renato)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\José Renato\AppData\Local\Temp\msconfig.exe
SearchScopes: HKU\S-1-5-21-1133689558-2677244858-2839623648-1001 -> DefaultScope {985C217E-0D4F-4B1C-BDAD-5A93117F766D} URL = 
SearchScopes: HKU\S-1-5-21-1133689558-2677244858-2839623648-1001 -> {985C217E-0D4F-4B1C-BDAD-5A93117F766D} URL = 
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
2016-03-18 11:05 - 2016-03-18 11:05 - 02832134 _____ C:\WINDOWS\chromebrowser.exe
C:\WINDOWS\chromebrowser.exe
C:\Users\José Renato\AppData\Local\Temp\7za.exe
C:\Users\José Renato\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\José Renato\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmbxapx.dll
C:\Users\José Renato\AppData\Local\Temp\GoogleEarthProWin.exe
C:\Users\José Renato\AppData\Local\Temp\MediaPlayer__3137_il379812.exe
C:\Users\José Renato\AppData\Local\Temp\mesox.exe
C:\Users\José Renato\AppData\Local\Temp\msconfig.exe
C:\Users\José Renato\AppData\Local\Temp\setdd.exe
Task: {088A6C84-334C-4DA3-9A6F-D961A5CC477C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0B131A7C-5E74-4E51-918D-2235E817892C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0C75B6D5-DCA9-4FFF-9531-B6DA10244DC0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {32283816-0097-48AF-B911-0C246C921BA3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {36E701E0-704B-464F-9392-4558A56381F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3EFA7768-42F2-4E52-A607-8B350A576063} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {95EA5A70-6D26-4A4B-B985-FBCC1F2841AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9AF93BE8-2AA1-4737-B48E-C4F61B5A24E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A41FC324-E122-4785-826D-53018FB59128} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DBF5E476-555E-4810-8060-D75C84FCEDB8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E222922B-454B-44B6-84C0-883B93F2AC3A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EE921776-327F-4A06-AF30-62B27F93D146} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\WINDOWS\TEMP\DeleteFolderTask.exe [2015-12-20] ()
C:\WINDOWS\TEMP\DeleteFolderTask.exe
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\WINDOWS\System32:3626CAFE_Bb.gbp [2]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1254]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434]
FirewallRules: [{B7851A2A-62C7-463F-AE40-FC41201B2D46}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5E278454-6AB0-4706-82BC-DB9C2DE29974}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A856DFD7-E1ED-48C1-9D95-1A3D5D00F1C0}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AFF093D2-0C52-4777-88D7-8520DB242C89}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E534C594-5574-42F4-B596-ACEF4FDE87CF}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{929796B3-0770-4DD1-805A-A1AC638CD49E}] => (Allow) C:\Users\José Renato\AppData\Roaming\uTorrent\uTorrent.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\José Renato\AppData\Local\Temp\msconfig.exe => moved successfully
HKU\S-1-5-21-1133689558-2677244858-2839623648-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1133689558-2677244858-2839623648-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{985C217E-0D4F-4B1C-BDAD-5A93117F766D}" => key removed successfully
HKCR\CLSID\{985C217E-0D4F-4B1C-BDAD-5A93117F766D} => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
C:\WINDOWS\chromebrowser.exe => moved successfully
"C:\WINDOWS\chromebrowser.exe" => not found.
C:\Users\José Renato\AppData\Local\Temp\7za.exe => moved successfully
C:\Users\José Renato\AppData\Local\Temp\CodecFixDivx.exe => moved successfully
C:\Users\José Renato\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmbxapx.dll => moved successfully
C:\Users\José Renato\AppData\Local\Temp\GoogleEarthProWin.exe => moved successfully
C:\Users\José Renato\AppData\Local\Temp\MediaPlayer__3137_il379812.exe => moved successfully
C:\Users\José Renato\AppData\Local\Temp\mesox.exe => moved successfully
"C:\Users\José Renato\AppData\Local\Temp\msconfig.exe" => not found.
C:\Users\José Renato\AppData\Local\Temp\setdd.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{088A6C84-334C-4DA3-9A6F-D961A5CC477C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088A6C84-334C-4DA3-9A6F-D961A5CC477C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B131A7C-5E74-4E51-918D-2235E817892C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B131A7C-5E74-4E51-918D-2235E817892C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C75B6D5-DCA9-4FFF-9531-B6DA10244DC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C75B6D5-DCA9-4FFF-9531-B6DA10244DC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32283816-0097-48AF-B911-0C246C921BA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32283816-0097-48AF-B911-0C246C921BA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36E701E0-704B-464F-9392-4558A56381F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36E701E0-704B-464F-9392-4558A56381F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EFA7768-42F2-4E52-A607-8B350A576063}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EFA7768-42F2-4E52-A607-8B350A576063}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95EA5A70-6D26-4A4B-B985-FBCC1F2841AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95EA5A70-6D26-4A4B-B985-FBCC1F2841AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AF93BE8-2AA1-4737-B48E-C4F61B5A24E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AF93BE8-2AA1-4737-B48E-C4F61B5A24E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A41FC324-E122-4785-826D-53018FB59128}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A41FC324-E122-4785-826D-53018FB59128}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBF5E476-555E-4810-8060-D75C84FCEDB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBF5E476-555E-4810-8060-D75C84FCEDB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E222922B-454B-44B6-84C0-883B93F2AC3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E222922B-454B-44B6-84C0-883B93F2AC3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE921776-327F-4A06-AF30-62B27F93D146}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE921776-327F-4A06-AF30-62B27F93D146}" => key removed successfully
C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337" => key removed successfully
C:\WINDOWS\TEMP\DeleteFolderTask.exe => moved successfully
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removed successfully.
C:\WINDOWS\System32 => ":3626CAFE_Bb.gbp" ADS removed successfully.
C:\WINDOWS\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removed successfully.
C:\WINDOWS\system32\Drivers\gbpddreg64.sys => ":X5ZN8aGvT4" ADS removed successfully.
C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7851A2A-62C7-463F-AE40-FC41201B2D46} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E278454-6AB0-4706-82BC-DB9C2DE29974} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A856DFD7-E1ED-48C1-9D95-1A3D5D00F1C0} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AFF093D2-0C52-4777-88D7-8520DB242C89} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E534C594-5574-42F4-B596-ACEF4FDE87CF} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{929796B3-0770-4DD1-805A-A1AC638CD49E} => value not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 3 while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::8d4f:5908:4e28:c18b%7
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:2078:11cc:404f:c368
   Link-local IPv6 Address . . . . . : fe80::2078:11cc:404f:c368%4
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 3 while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::8d4f:5908:4e28:c18b%7
   IPv4 Address. . . . . . . . . . . : 192.168.1.105
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Tunnel adapter isatap.{818D5EC7-0ACB-47DE-9CB4-A68C58B6CCF0}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1887:3878:3f57:fe96
   Link-local IPv6 Address . . . . . : fe80::1887:3878:3f57:fe96%4
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 

==== End of Fixlog 17:52:17 ====

 

 
 
 
 
# AdwCleaner v5.102 - Logfile created 18/03/2016 at 18:03:12
# Updated 13/03/2016 by Xplode
# Database : 2016-03-18.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : José Renato - JOSEPH8
# Running from : C:\Users\José Renato\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : br.ask.com
[-] [C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ratemyserver.net
[-] [C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : utorrent.softonic.com.br
[-] [C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : kmplayer.en.softonic.com
[-] [C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : free-youtube-download.softonic.com.br
[-] [C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.avg.com
[-] [C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : vlc-media-player.softonic.com.br
[-] [C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : vlc-media-player-nightly-64bit.softonic.com.br
[-] [C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxps://mysearch.avg.com?cid={61924EF1-2804-4FAE-9D12-64C963B610CB}&mid=51ec5f78daef47d3afb221328d1de735-b95f494332973c8a847b04572fa66e7bc2bc60f5&lang=pt-br&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-30 11:55:51&v=3.2.0.14&pid=wtu&sg=&sap=hp
[-] [C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxps://mysearch.avg.com?cid={61924EF1-2804-4FAE-9D12-64C963B610CB}&mid=51ec5f78daef47d3afb221328d1de735-b95f494332973c8a847b04572fa66e7bc2bc60f5&lang=pt-br&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-30 11:55:51&v=3.2.0.15&pid=wtu&sg=&sap=hp
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2513 bytes] - [18/03/2016 18:03:12]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2556 bytes] - [18/03/2016 18:00:25]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2699 bytes] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64 
Ran by Jos‚ Renato (Administrator) on 18/03/2016 at 18:12:29,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/03/2016 at 18:52:00,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Emsisoft Anti-Malware Free - Versão 11.0
Última atualização 18/03/2016 19:03:59
User account: JOSEPH8\José Renato
 
Configuração do exame:
 
Tipo de exame: Malware Scan
arquivos: Rootkits, Memória, Rastros, Files
 
Detect PUPs: Ligado
Análise de arquivos: Desligado
Análise de ADS: Ligado
Extensão de arquivo: Desligado
Caching avançado: Ligado
Acesso direto ao disco: Desligado
 
Início do exame: 18/03/2016 19:04:54
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINDIVERT1.1 detectados: Application.AdShell (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINDIVERT1.1 detectados: Application.AdShell (A)
C:\Users\José Renato\AppData\Local\Temp\HYD7A5D.tmp.1451784035\HTA\3rdparty\OCComSDK.dll detectados: Application.InstallAd (A)
 
Analisados: 81584
Achado 3
 
Fim do exame: 18/03/2016 19:10:24
Duração do exame: 0:05:30
 
C:\Users\José Renato\AppData\Local\Temp\HYD7A5D.tmp.1451784035\HTA\3rdparty\OCComSDK.dll Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINDIVERT1.1 Application.AdShell (A)
 
Em quarentena 2
 

Attached Files


Edited by huebr123, 18 March 2016 - 06:26 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 18 March 2016 - 08:04 PM

Greetings,

Did Emsisoft find or delete anything?

Please do this.

===================================================

Exporting a Registry Key From the Run Box

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following into the Run box and press Enter

regedit /e "%userprofile%\desktop\look.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI"

  • A look.txt document will be placed on your desktop
  • Copy and past the contents in your reply
===================================================

Modifying Security Policy Settings

-------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type secpol.msc and hit Enter
  • Click the arrow next to Local Policies to expand the category
  • Left click Security Options
  • On the right side locate User Account Control: Admin Approval Mode for the Built-in Adminsitrator
  • If the setting shows Disabled double click the entry, select Enabled, the press OK
===================================================

ListParts by Farbar for 64 bit Systems

--------------------
  • Please download ListParts64.exe (for 64 bit systems), or and save it to your desktop
  • Double click the icon to launch the program
  • Select Run
  • Select Scan
  • Select OK and wait for a Result - Notepad document to open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft?
  • Registry export information
  • Did you have to enable the security policy?
  • ListParts report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 huebr123

huebr123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 18 March 2016 - 09:03 PM

Hi ! 

 

1- Emsisoft found 3 itens (but it only listed 2, It seems that odd...), I send them to quarantine as told to do.

 

2 - When I type "secpol.msc" it says "windows cannot finde secpol.msc"

 

 

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_BITMAP"=dword:00000002
"CF_DIB"=dword:00000008
"CF_DIBV5"=dword:00000011
"CF_OEMTEXT"=dword:00000007
"CF_PALETTE"=dword:00000009
"CF_TEXT"=dword:00000001
"CF_UNICODETEXT"=dword:0000000d
 
 
ListParts by Farbar Version: 31-07-2014
Ran by José Renato (administrator) on 18-03-2016 at 22:54:33
WIN_81 (X64)
Running From: C:\Users\José Renato\Desktop
Language: English (United States)
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 61%
Total physical RAM: 3979.2 MB
Available physical RAM: 1526.74 MB
Total Pagefile: 5195.2 MB
Available Pagefile: 2424.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.86 MB
 
======================= Partitions =========================
 
1 Drive c: (OS) (Fixed) (Total:456.47 GB) (Free:403.81 GB) NTFS
2 Drive d: (ESP) (Fixed) (Total:0.48 GB) (Free:0.44 GB) FAT32
3 Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS
4 Drive x: (PBR Image) (Fixed) (Total:7.43 GB) (Free:0.73 GB) NTFS
 
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B        *
 
Partitions of Disk 0:
===============
 
 
Disk ID: {667FEE9E-2DD9-4292-94E0-988797B77968}
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    System (partition with boot components)             500 MB  1024 KB
  Partition 2    OEM                 40 MB   501 MB
  Partition 3    Reserved           128 MB   541 MB
  Partition 4    Recovery           750 MB   669 MB
  Partition 5    Primary            456 GB  1419 MB
  Partition 6    Recovery           489 MB   457 GB
  Partition 7    Recovery          7605 MB   458 GB
 
======================================================================================================
 
Disk: 0
Partition 1
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         ESP          FAT32  Partition    500 MB  Healthy    System (partition with boot components)  
 
======================================================================================================
 
Disk: 0
Partition 2
Type    : 796badd3-6bbf-4d9f-b631-466eb71a4965
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 0
Partition 3
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000
 
There is no volume associated with this partition.
 
======================================================================================================
 
Disk: 0
Partition 4
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         WINRETOOLS   NTFS   Partition    750 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 5
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 0     C   OS           NTFS   Partition    456 GB  Healthy    Boot    
 
======================================================================================================
 
Disk: 0
Partition 6
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3                      NTFS   Partition    489 MB  Healthy    Hidden  
 
======================================================================================================
 
Disk: 0
Partition 7
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4         PBR Image    NTFS   Partition   7605 MB  Healthy    Hidden  
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: 446C6173
 
Partition : GPT Partition Type
 
****** End Of Log ****** 

Edited by huebr123, 18 March 2016 - 09:05 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 18 March 2016 - 09:26 PM

Can you confirm your Operating System is Windows 10 Home Basic?

Please do this.

===================================================

Reverting to Previous System Restore Point - Windows 10

--------------------
  • Click the Windows Key + S at the same time
  • Type Recovery then Select Recovery Control Panel
  • Click Open System Restore
  • Select the Restore Point dated 09-03-2016 20:11:30 Windows Update
  • Click Next, then Finish
  • Allow the process to complete and your computer will reboot
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Home Basic?
  • System Restore succeed?
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 huebr123

huebr123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 19 March 2016 - 09:59 AM

I Searched in "About your PC"  and it says only "WIndows 10 home" version 1511. It says nothing about Basic.

 

I couldnt do the restore, it only gives me two options (I will send a print)

 

The system still the same, runs kind of ok but it wont allow me to acess certain things

 

 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 19 March 2016 - 02:04 PM

Thank you, please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
LastRegBack: 2016-03-11 18:49
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 huebr123

huebr123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 19 March 2016 - 04:05 PM

Hi, the pc still working the same way.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by José Renato (2016-03-19 18:02:27) Run:2
Running from C:\Users\José Renato\Desktop
Loaded Profiles: José Renato (Available Profiles: José Renato)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
LastRegBack: 2016-03-11 18:49
*****************
 
LastRegBack: 2016-03-11 18:49 => Error: The restore operation should be done in the recovery mode.
 
==== End of Fixlog 18:02:27 ====


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 19 March 2016 - 04:16 PM

Sorry, that was my error. Please run it this way.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive.
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format then check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2016-03-11 18:49
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below. Step #1 is to boot into the System Recovery Options and Step #2 is running Farbar's Recover Scan Tool
----------

Step #1 - Entering System Recovery Options

Option #1 (Windows7/Vista)

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #2 (Windows 7/Vista)

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Step #2 - Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.
  • Reboot your computer into Normal Mode and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 huebr123

huebr123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 20 March 2016 - 12:21 PM

Hi Gary.

 

The apps that I wasn`t able to access are now working (I just had to reinstall them). The message saying that I was logged in the  Build-in administrator account does not appear anymore. Also the odd hard drive partitions are gone. Now I`m able to acess my account settings again. Everything seems normal. I just dont know if the trojan still here

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by SYSTEM (2016-03-20 14:11:29) Run:3
Running from d:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
LastRegBack: 2016-03-11 18:49
*****************
 
DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up
 
==== End of Fixlog 14:11:35 ====

Edited by huebr123, 20 March 2016 - 12:48 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 20 March 2016 - 03:22 PM

Great,

Let's do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 huebr123

huebr123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 20 March 2016 - 05:44 PM

Hi Gary ! Every thing seems ok with the system. Running well. 

 

Edit: I restarted the computer and for some reason google crome wont work(I will attach a print)

 

Edit2: I entered windows defender and found an Iten in quarantine. Is this a threat? The Iten description is

 
 
Category: Software Bundler
 
Description: This program may install other potentially unwanted software.
 
Recommended action: Remove this software immediately.
 
Items:
file:C:\FRST\Quarantine\C\Users\José Renato\AppData\Local\Temp\MediaPlayer__3137_il379812.exe.xBAD

 

 

 
 
 
C:\FRST\Quarantine\C\Users\José Renato\AppData\Local\Temp\CodecFixDivx.exe.xBAD a variant of Win32/IStartSurf.H potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Users\José Renato\AppData\Local\Temp\setdd.exe.xBAD Win32/TrojanDownloader.IndigoRose.AI trojan cleaned by deleting
C:\Users\José Renato\AppData\Local\Temp\HYD438E.tmp.1458333666\HTA\install.1458333666.zip a variant of Win32/OpenCandy.A potentially unsafe application deleted
C:\Users\José Renato\AppData\Local\Temp\HYD438E.tmp.1458333666\HTA\3rdparty\OCSetupHlp.dll a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\José Renato\AppData\Local\Temp\HYD7A5D.tmp.1451784035\HTA\install.1451784035.zip a variant of Win32/OpenCandy.G potentially unsafe application deleted
C:\Users\José Renato\AppData\Local\Temp\HYDEEC6.tmp.1458333644\HTA\install.1458333644.zip a variant of Win32/OpenCandy.A potentially unsafe application deleted
C:\Users\José Renato\AppData\Local\Temp\HYDEEC6.tmp.1458333644\HTA\3rdparty\OCSetupHlp.dll a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
 

 
 
 
 
 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome (48.0.2564.116) 
 Google Chrome (49.0.2623.87) 
````````Process Check: objlist.exe by Laurent````````
 Windows Defender MSMpEng.exe 
 Windows Defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 

Attached Files


Edited by huebr123, 20 March 2016 - 06:16 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 AM

Posted 20 March 2016 - 07:21 PM

Greetings,

Yes, that item should be removed.

The easiest way to handle the Chrome issue is to reinstall it over top of your existing Chrome, meaning you don't delete the existing chrome. Altough your bookmarks should not be affected I would like to back them up anyway.

Please do this.
  • Click Start, type cmd, then press the Shift, Ctrl, + Enter keys at the same time
  • An Administrator Command Prompt window should open
  • Type copy /y "C:\Users\José Renato\AppData\Local\Google\Chrome\User Data\Default\bookmarks" %userprofile%\desktop then hit Enter
  • You should be notified (1) file copied
  • Download and install Google Chrome offline installer
Let me know how that goes.

Edited by Oh My!, 20 March 2016 - 07:22 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users