Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I surf for some minutes, than can't navigate anymore,


  • This topic is locked This topic is locked
22 replies to this topic

#1 ashtorres

ashtorres

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 22 April 2016 - 02:30 PM

Hello

 

I'm with a big problem and by looking for a solution, I came to BleepComputer.

 

Everything was ok until some three days ago. I'm facing the following problem:

 

After some minutes or with two or three tabs opened (no matter if in FF or Chrome), I start to receive ERR_CONNECTION_CLOSED or ERR_CONNECTION_TIMEOUT. My connection was not dead, though, since games through Steam kept working.

 

Prior to open this topic, I tried to fix on my own. I used MalwareBytes, then ADW Cleaner, then SuperAntiSpyware but with no success. By reading some posts I used JRT and Zoek, but both of them got stucked at some point. Now I can ping, but even games through Steam won't connect.

 

Only then I reached "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help", and here I am...

 

Attached is FRST64 logs. I hope someone could help me with this issue, since the problem affects both my work and academic life.

 

Thanks in advance!

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 AM

Posted 24 April 2016 - 08:18 AM

Greetings ashtorres and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this for me.

Right click on FRST64.exe, rename it EnglishFRST64.exe and run another scan. Make sure Addition.txt is checked and post both logs. In addition, please do this.

===================================================

Running Firefox in Browser Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following into the run box and press Enter

firefox --safe-mode

  • Select Start in Safe Mode
  • Please report how Firefox is running
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Firefox results
  • FRST log
  • Addition log
  • RogueKiller log
  • MTB log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 ashtorres

ashtorres
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 26 April 2016 - 09:44 AM

Hello, Gary,
 
First of all, thanks a lot for assisting me. My name is André, pleased to meet you.
 
According to your requests, here are the results:
 
- Using Firefox in Safe Mode. Running normally so far.
 
- FRST log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Ash (administrator) on ARKHAD (25-04-2016 22:26:19)
Running from C:\Users\Ash\Desktop
Loaded Profiles: Ash (Available Profiles: Ash)
Platform: Windows 8.1 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(ArtistScope Pty Ltd) C:\Program Files\Common Files\ArtistScope\CSHelper64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Prey\platform\windows\bin\bash.exe
() C:\Prey\platform\windows\bin\bash.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
() C:\Prey\platform\windows\bin\bash.exe
() C:\Prey\platform\windows\bin\bash.exe
() C:\Prey\platform\windows\bin\bash.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\Ash\Desktop\EnglishFRST64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-01] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23485208 2016-03-30] (Google)
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [Google Update] => C:\Users\Ash\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [Facebook Update] => C:\Users\Ash\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-08-25] (Facebook Inc.)
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [BaiduYunGuanjia] => C:\Users\Ash\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe [4646344 2014-08-21] ()
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [Copy] => C:\Users\Ash\AppData\Roaming\Copy\CopyAgent.exe [15430800 2016-01-29] (Barracuda Networks, Inc.)
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [FlickrUploadr] => "C:\Users\Ash\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [Dropbox Update] => C:\Users\Ash\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-20] (Dropbox, Inc.)
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-04-20] (SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Ash\AppData\Roaming\Copy\CopyAgent.exe [15430800 2016-01-29] (Barracuda Networks, Inc.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ash\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ash\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ash\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ash\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ash\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ash\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Ash\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-05-21] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Ash\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-05-21] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Ash\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-05-21] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Ash\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-05-21] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Ash\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-05-21] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Ash\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-05-21] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Ash\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-05-21] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Ash\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-05-21] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ash\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ash\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ash\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ash\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ash\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ash\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-01-07]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ash\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2016-03-31]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2015-03-12]
ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A20E102F-2C3D-4918-B7D7-34028C23B9EF}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A20E102F-2C3D-4918-B7D7-34028C23B9EF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D6561DB5-8774-4B63-97D7-9DE481FBE625}: [DhcpNameServer] 200.17.60.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-14] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-08-08] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-14] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll [2013-05-14] (Mindjet)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-02] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-02] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} -  No File
Toolbar: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
IE Session Restore: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001 -> is enabled.
DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://download.microsoft.com/download/E/1/8/E18ED994-8005-4377-A7D7-0A8E13025B94/capicom.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\2p0ibw79.default-1412463487085
FF NewTab: about:newtab
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "200.17.60.250"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "200.17.60.250"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "200.17.60.250"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "188.168.82.131"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "188.168.82.131"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "188.168.82.131"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "188.168.82.131"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-14] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-01-07] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Ash\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2014-08-21] (Baidu.com, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-02] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-01-07] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-12-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ash\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-04] (Citrix Online)
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ash\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ash\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: @talk.google.com/O1DPlugin -> C:\Users\Ash\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ash\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: gastecnologia.com.br/sf/bb -> C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-06-10] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: gastecnologia.com.br/sf/gas64 -> C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [No File]
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: gastecnologia.com.br/sf/uni -> C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-11-08] (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-12-23] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-11-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-11-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-11-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-11-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-11-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ash\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ash\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: LastPass - C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\2p0ibw79.default-1412463487085\extensions\support@lastpass.com [2016-03-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-07-26] [not signed]
FF HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: Guardião - Itaú 30 horas - C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-11-08] [not signed]
FF HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found
FF HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-05-08] [not signed]
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Duolingo na Web) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-07-14]
CHR Extension: (Google Docs) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2014-09-14]
CHR Extension: (Google Drive) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (ColorZilla) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-06-25]
CHR Extension: (MEGA) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-04-23]
CHR Extension: (YouTube) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (OneTab) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-04-22]
CHR Extension: (Google Search) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Gmail Off-line) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-09-17]
CHR Extension: (Full Page Screen Capture) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-09-28]
CHR Extension: (Documentos Google off-line) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pin It Button) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-23]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2014-08-31]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-11-15]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-24]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-04-17]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-09-26]
CHR Extension: (KryptoKit Bitcoin Wallet) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhipingoaiddcoalochnbjlkifbpmoj [2015-11-06]
CHR Extension: (Hangouts do Google) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-11]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Evernote Web Clipper) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-04-14]
CHR Extension: (Gmail) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Streak para Gmail) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-03-24]
CHR HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [caimihdmbpgddfpkbochehpehdglpcim] - C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\uni\sf.crx [2013-10-29]
CHR HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations) [File not signed]
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-05-08] (Fork Ltd.) [File not signed]
R2 CSHelper; C:\Program Files\Common Files\ArtistScope\CSHelper64.exe [361552 2014-09-09] (ArtistScope Pty Ltd)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-08] (Realsil Microelectronics Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-24] (IDT, Inc.) [File not signed]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-03-14] (Dell Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-08-06] (Atheros) [File not signed]
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-08-06] (Wondershare)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 CSDriver; C:\Program Files\Common Files\ArtistScope\CSDriver64.sys [61424 2014-09-09] ()
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-07-25] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
S3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-05] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-08] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [540160 2012-07-24] (IDT, Inc.) [File not signed]
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
S3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-04-22] (GAS Tecnologia)
R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-25 22:26 - 2016-04-25 22:27 - 00044478 _____ C:\Users\Ash\Desktop\FRST.txt
2016-04-25 22:22 - 2016-04-25 22:22 - 00002342 _____ C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-04-23 17:52 - 2016-04-23 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2016-04-23 17:52 - 2016-04-23 17:52 - 00000000 ____D C:\Program Files (x86)\WinMerge
2016-04-23 17:51 - 2016-04-23 17:51 - 06433055 _____ (hxxp://winmerge.org ) C:\Users\Ash\Downloads\WinMerge-2.14.0-Setup.exe
2016-04-23 13:49 - 2016-04-23 13:49 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-04-23 13:26 - 2016-04-23 13:26 - 00000000 ____D C:\Users\Ash\Documents\Add-in Express
2016-04-22 16:52 - 2016-04-22 16:52 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-22 14:53 - 2016-04-25 22:26 - 00000000 ____D C:\FRST
2016-04-22 14:53 - 2016-04-22 14:38 - 02375680 _____ (Farbar) C:\Users\Ash\Desktop\EnglishFRST64.exe
2016-04-22 14:09 - 2016-04-22 14:09 - 00000000 ____D C:\zoek
2016-04-22 13:31 - 2016-04-20 21:13 - 03683904 _____ C:\Users\Ash\Desktop\adwcleaner_5.112.exe
2016-04-22 10:36 - 2016-04-21 19:32 - 01610352 _____ (Malwarebytes) C:\Users\Ash\Desktop\JRT.exe
2016-04-22 10:36 - 2016-04-21 19:31 - 01309184 _____ C:\Users\Ash\Desktop\zoek.exe
2016-04-22 10:31 - 2016-04-22 14:11 - 00003360 _____ C:\runcheck.txt
2016-04-22 10:31 - 2016-04-22 14:11 - 00000000 ____D C:\zoek_backup
2016-04-21 16:11 - 2016-04-24 02:00 - 00000520 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9f5ff3c9-fb61-42bf-8fc1-3313b6ce5c99.job
2016-04-21 16:11 - 2016-04-24 00:11 - 00000520 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task fdd0bf46-06d2-456b-83ad-6c4399a1d124.job
2016-04-21 16:11 - 2016-04-21 16:11 - 00003566 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 9f5ff3c9-fb61-42bf-8fc1-3313b6ce5c99
2016-04-21 16:11 - 2016-04-21 16:11 - 00003484 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task fdd0bf46-06d2-456b-83ad-6c4399a1d124
2016-04-21 16:11 - 2016-04-21 16:11 - 00000000 ____D C:\Users\Ash\AppData\Roaming\SUPERAntiSpyware.com
2016-04-21 16:10 - 2016-04-21 16:10 - 00001822 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2016-04-21 16:10 - 2016-04-21 16:10 - 00000000 ____D C:\Users\Todos os Usuários\SUPERAntiSpyware.com
2016-04-21 16:10 - 2016-04-21 16:10 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-04-21 16:10 - 2016-04-21 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-04-21 16:10 - 2016-04-21 16:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-21 16:05 - 2016-04-21 16:08 - 25603784 _____ (SUPERAntiSpyware) C:\Users\Ash\Downloads\SUPERAntiSpywarePro.exe
2016-04-21 16:03 - 2016-04-21 16:11 - 47116504 _____ (Microsoft Corporation) C:\Users\Ash\Downloads\Windows-KB890830-x64-V5.35.exe
2016-04-21 01:59 - 2016-04-22 10:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-20 22:34 - 2016-04-20 22:34 - 00001153 _____ C:\Users\Ash\Desktop\Avast Browser Cleanup.lnk
2016-04-20 22:34 - 2016-04-20 22:34 - 00000000 ____D C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2016-04-20 22:34 - 2016-04-20 22:34 - 00000000 ____D C:\Users\Ash\AppData\Roaming\AVAST Software
2016-04-20 22:21 - 2016-04-22 19:37 - 00000000 ____D C:\AdwCleaner
2016-04-20 02:13 - 2016-04-20 02:13 - 00001133 _____ C:\Users\Ash\Desktop\processing.exe - Atalho.lnk
2016-04-20 02:13 - 2016-04-20 02:13 - 00000000 ____D C:\Users\Ash\Documents\Processing
2016-04-20 02:13 - 2016-04-20 02:13 - 00000000 ____D C:\Users\Ash\AppData\Roaming\Processing
2016-04-20 02:04 - 2016-04-20 02:07 - 51652778 _____ C:\Users\Ash\Downloads\p5-win.zip
2016-04-20 02:03 - 2016-04-20 02:09 - 119146458 _____ C:\Users\Ash\Downloads\processing-3.0.2-windows64.zip
2016-04-16 16:10 - 2016-04-16 16:10 - 00000000 ____D C:\Users\Ash\Desktop\videos antigos mai
2016-04-15 19:59 - 2016-04-15 19:59 - 00000000 ____D C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-15 17:27 - 2016-04-15 17:27 - 00010173 _____ C:\Users\Ash\Desktop\CONTROLE DE VIATURAS.xlsx
2016-04-15 09:33 - 2016-04-15 09:33 - 00303929 _____ C:\Users\Ash\Desktop\Currículo do Sistema de Currículos Lattes (Andre Torres da Silva).pdf
2016-04-07 15:10 - 2016-04-07 15:10 - 00275697 _____ C:\Users\Ash\Desktop\Bitcoin Ecosystem.pdf
2016-04-06 23:14 - 2016-04-06 23:14 - 00550794 _____ C:\Users\Ash\Downloads\font-awesome-4.5.0.zip
2016-04-04 22:45 - 2016-04-04 22:50 - 00000000 ____D C:\Users\Ash\Downloads\Magento-CE-2.0.4-2016-04-01-03-56-20
2016-04-04 22:32 - 2016-04-04 22:39 - 35100228 _____ C:\Users\Ash\Downloads\Magento-CE-2.0.4-2016-04-01-03-56-20.tar.bz2
2016-04-04 14:55 - 2016-04-04 14:59 - 85872720 _____ (OpenBazaar) C:\Users\Ash\Downloads\open bazaar win64.exe
2016-04-02 22:08 - 2016-04-02 22:08 - 00734784 _____ (Oracle Corporation) C:\Users\Ash\Downloads\chromeinstall-8u77.exe
2016-04-02 19:38 - 2016-04-02 19:38 - 05383313 _____ C:\Users\Ash\Documents\BiogasConteudo_extensivo_PT.pdf
2016-03-30 20:25 - 2016-03-30 20:25 - 00000000 ____D C:\Users\Ash\AppData\LocalLow\uTorrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-25 22:22 - 2014-10-23 01:14 - 00003172 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1783320200-1595918824-3239432374-1001
2016-04-25 22:20 - 2013-07-26 22:31 - 00000000 ____D C:\Users\Ash\AppData\Local\Adobe
2016-04-25 22:18 - 2016-03-02 18:24 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-24 03:54 - 2015-08-20 14:49 - 00001036 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001UA.job
2016-04-24 03:35 - 2015-04-27 00:25 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-24 03:16 - 2013-08-02 11:48 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001UA.job
2016-04-24 03:09 - 2013-07-25 22:36 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-24 02:37 - 2013-08-25 14:32 - 00000950 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001UA.job
2016-04-23 21:13 - 2013-07-25 22:37 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1783320200-1595918824-3239432374-1001
2016-04-23 19:31 - 2013-09-10 11:39 - 00000000 ____D C:\Users\Ash\AppData\Roaming\FileZilla
2016-04-23 17:16 - 2013-08-02 11:48 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001Core.job
2016-04-23 15:09 - 2013-07-25 22:36 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-23 14:55 - 2015-05-21 23:56 - 00000000 ____D C:\Users\Ash\AppData\Roaming\Copy
2016-04-23 14:54 - 2015-08-20 14:49 - 00000984 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001Core.job
2016-04-23 14:37 - 2013-08-25 14:32 - 00000928 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001Core.job
2016-04-23 13:27 - 2013-07-25 22:12 - 00000000 ____D C:\Users\Ash\AppData\Local\Packages
2016-04-23 13:11 - 2013-07-31 19:54 - 00000000 __RDO C:\Users\Ash\OneDrive
2016-04-23 13:11 - 2013-07-25 22:42 - 00000000 ___RD C:\Users\Ash\Google Drive
2016-04-22 22:36 - 2014-09-24 10:04 - 01906940 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-22 22:36 - 2014-09-24 09:19 - 00814198 _____ C:\WINDOWS\system32\prfh0416.dat
2016-04-22 22:36 - 2014-09-24 09:19 - 00176140 _____ C:\WINDOWS\system32\prfc0416.dat
2016-04-22 22:36 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-22 22:32 - 2015-07-26 04:34 - 00000091 _____ C:\HaxLogs.txt
2016-04-22 22:32 - 2013-10-29 01:55 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-04-22 22:32 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-22 19:45 - 2014-12-15 14:45 - 00000000 ___RD C:\Users\Ash\Desktop\REVER ITEM POR ITEM
2016-04-22 18:42 - 2016-02-03 15:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-22 16:52 - 2016-02-03 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-22 16:52 - 2016-02-03 15:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-22 15:01 - 2015-11-19 19:37 - 00101080 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2016-04-22 15:01 - 2015-07-28 19:42 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-04-22 15:01 - 2015-07-28 19:42 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-04-22 14:11 - 2014-10-23 00:41 - 00000000 ____D C:\Users\Ash
2016-04-22 14:11 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-04-22 14:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-04-22 13:51 - 2013-08-22 09:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-04-22 10:51 - 2013-07-30 16:58 - 00788480 ___SH C:\Users\Ash\Desktop\Thumbs.db
2016-04-22 10:36 - 2013-12-14 01:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-21 18:37 - 2013-07-27 21:22 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-21 18:33 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-21 18:05 - 2015-09-05 00:42 - 00000000 ____D C:\cgminer
2016-04-21 16:09 - 2015-11-17 11:32 - 00000000 ____D C:\Users\Ash\AppData\Local\ElevatedDiagnostics
2016-04-21 15:04 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-04-21 15:02 - 2013-09-07 22:21 - 00000000 ____D C:\Users\Ash\AppData\Roaming\vlc
2016-04-21 13:29 - 2014-01-31 10:24 - 00000000 ____D C:\Program Files (x86)\SmartCoin
2016-04-20 23:19 - 2013-07-26 00:10 - 00000000 ____D C:\Users\Ash\AppData\Local\CrashDumps
2016-04-20 13:32 - 2016-02-15 19:05 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1
2016-04-20 13:28 - 2016-03-25 15:11 - 00000000 ____D C:\Users\Ash\AppData\Local\slack
2016-04-20 11:13 - 2013-07-25 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-20 02:28 - 2015-10-25 20:01 - 00000000 ____D C:\Users\Ash\AppData\Local\p5
2016-04-20 02:22 - 2015-10-25 19:59 - 00000000 ____D C:\Users\Ash\Downloads\p5-win
2016-04-20 02:13 - 2015-12-11 07:05 - 00000000 ____D C:\Users\Ash\.oracle_jre_usage
2016-04-20 02:10 - 2014-12-15 15:14 - 00000000 ____D C:\Users\Ash\Documents\01 - PESSOAL ANDRE
2016-04-17 23:20 - 2014-11-04 01:43 - 00000000 ____D C:\Users\Ash\Documents\02 - DESENVOLVIMENTO
2016-04-15 19:59 - 2013-07-26 21:11 - 00000000 ____D C:\Users\Ash\AppData\Roaming\Dropbox
2016-04-13 19:45 - 2014-01-05 10:53 - 00453280 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-13 09:17 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 08:56 - 2014-11-03 10:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-13 08:56 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-04-11 20:16 - 2013-07-25 22:38 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-07 14:37 - 2015-04-27 00:25 - 00003790 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-02 22:16 - 2016-03-14 11:28 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-02 22:16 - 2015-07-26 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-04-02 22:16 - 2014-10-23 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-02 22:14 - 2014-10-23 01:21 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-31 21:28 - 2015-09-15 20:20 - 00000000 ____D C:\Users\Ash\AppData\Roaming\.minecraft
2016-03-31 00:01 - 2013-07-25 23:29 - 00000000 ____D C:\Users\Ash\AppData\Roaming\uTorrent
2016-03-30 21:03 - 2015-12-08 12:51 - 00000000 ____D C:\Users\Ash\AppData\Roaming\CyberLink
 
==================== Files in the root of some directories =======
 
2014-01-07 11:47 - 2014-01-07 11:47 - 14871552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-01-13 12:37 - 2010-01-15 09:36 - 0075040 _____ () C:\Program Files (x86)\Common Files\SpeechUninstall.exe
2013-07-28 13:51 - 2013-07-28 13:51 - 0000000 _____ () C:\Users\Ash\AppData\Roaming\AbsoluteReminder.xml
2013-09-24 11:47 - 2014-03-15 20:57 - 0000794 _____ () C:\Users\Ash\AppData\Roaming\onecal.xml
2015-07-23 04:17 - 2015-07-23 04:19 - 0000132 _____ () C:\Users\Ash\AppData\Roaming\Preferências do Formato PNG CC da Adobe
2013-10-26 18:31 - 2013-10-26 18:38 - 0004096 _____ () C:\Users\Ash\AppData\Roaming\serverdb.rsd
2013-10-19 18:39 - 2013-10-26 18:43 - 0002326 _____ () C:\Users\Ash\AppData\Roaming\Ultima Mapper Client.xml
2013-10-26 18:30 - 2013-10-26 18:34 - 0000262 _____ () C:\Users\Ash\AppData\Roaming\Ultima Mapper Server.xml
2013-10-29 01:52 - 2014-09-22 04:00 - 0028276 _____ () C:\Users\Ash\AppData\Roaming\unins000.dat
2015-05-08 21:24 - 2015-05-08 21:24 - 0018137 _____ () C:\Users\Ash\AppData\Roaming\unins001.dat
2013-09-04 19:26 - 2013-09-04 19:26 - 0037212 _____ () C:\Users\Ash\AppData\Roaming\Valores Separados por Vírgula.ADR
2015-11-18 14:47 - 2015-11-18 14:47 - 0004874 _____ () C:\Users\Ash\AppData\Roaming\wifi_speakers.dat
2015-04-26 16:53 - 2015-11-25 18:11 - 0000600 _____ () C:\Users\Ash\AppData\Roaming\winscp.rnd
2015-01-20 22:15 - 2015-01-20 22:15 - 0001456 _____ () C:\Users\Ash\AppData\Local\Adobe Salvar para Web 13.0 Prefs
2014-01-30 13:15 - 2014-01-30 13:19 - 0004608 _____ () C:\Users\Ash\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-23 00:14 - 2015-11-03 22:03 - 0000600 _____ () C:\Users\Ash\AppData\Local\PUTTY.RND
2013-08-25 21:56 - 2013-08-25 21:56 - 1104399 _____ () C:\Users\Ash\AppData\Local\RAContactHistory.xml
2016-01-22 18:12 - 2016-01-22 18:12 - 0000017 _____ () C:\Users\Ash\AppData\Local\resmon.resmoncfg
2013-04-18 02:14 - 2013-04-18 02:14 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-04-18 02:10 - 2013-04-18 02:11 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-04-18 02:11 - 2013-04-18 02:12 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-04-18 02:09 - 2013-04-18 02:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-04-18 02:12 - 2013-04-18 02:14 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-22 22:42
 
==================== End of FRST.txt ============================


#4 ashtorres

ashtorres
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 26 April 2016 - 09:48 AM

- Addition Log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Ash (2016-04-25 22:28:46)
Running from C:\Users\Ash\Desktop
Windows 8.1 Single Language (X64) (2014-10-23 05:10:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1783320200-1595918824-3239432374-500 - Administrator - Disabled)
Ash (S-1-5-21-1783320200-1595918824-3239432374-1001 - Administrator - Enabled) => C:\Users\Ash
ashtorres (S-1-5-21-1783320200-1595918824-3239432374-1009 - Limited - Enabled)
Convidado (S-1-5-21-1783320200-1595918824-3239432374-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1783320200-1595918824-3239432374-1008 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
«The Sims 3 Deluxe Edition» (build 9.1) (HKLM-x32\...\«The Sims 3 Deluxe Edition»_is1) (Version:  - R.G. Catalyst)
µTorrent (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
AdExDbManager (HKLM\...\{41266321-E469-44A1-A115-CAA7184BBE30}) (Version: 0.0.5.0 - Autodesk)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.1.0.070 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Advanced Archive Password Recovery (HKLM-x32\...\{6E356EEF-203C-451B-9144-CBF099E3738A}) (Version: 4.54.55.1642 - Elcomsoft Co. Ltd.)
Allegro CL 9.0 Free Express Edition Express (HKLM-x32\...\Allegro CL 9.0 Free Express Edition Express) (Version:  - )
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
ARToolKit for Unity v5.2 (HKLM-x32\...\ARToolKit for Unity_is1) (Version: 5.2 - DAQRI LLC)
Atheros Outlook Addin 2010 (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\D9918D4858F5B722A4667B7989E1983A8FCC0462) (Version: 1.0.0.0 - Microsoft)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Autodesk Fusion 360 (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.1761 - Autodesk, Inc.)
Avast Browser Cleanup (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Avast Browser Cleanup) (Version: 10.4.2233.107 - AVAST Software)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
BBQScreen Client (HKLM-x32\...\BBQScreen Client) (Version:  - )
Benjamins (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Benjamins) (Version: 0.8.6 - Benjamins project)
Bitcoin Core (64-bit) (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Bitcoin Core (64-bit)) (Version: 0.10.0 - Bitcoin Core project)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Caesium versão 1.7.0 (HKLM-x32\...\{88B0F0DE-6937-440D-B5CA-6E69003E55F7}_is1) (Version: 1.7.0 - Matteo Paonessa)
calibre 64bit (HKLM\...\{1428EEEC-F3E9-407A-A60E-2E51CF66ED80}) (Version: 2.20.0 - Kovid Goyal)
Catan (remove only) (HKLM-x32\...\Catan) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Copy (HKLM\...\{580C53DC-DBA8-457B-8766-34C60F754BBD}) (Version: 3.2.1.481 - Barracuda Networks, Inc.)
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}) (Version: 1.2.1.31 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Devcoin (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Devcoin) (Version:  - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10059 (Build 2593) - Speedbit Ltd.)
Dropbox (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
EaseUS Data Recovery Wizard 8.5 (HKLM\...\EaseUS Data Recovery Wizard 8.5_is1) (Version:  - EaseUS)
EaseUS Partition Master 10.2 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
Ethereum (++) (HKLM-x32\...\Ethereum (++) 0.9.40 (Win64)) (Version: 0.9.40 - ethereum.org)
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FAHClient (HKLM-x32\...\FAHClient) (Version: 7.4.4 - Stanford University)
ffdshow [rev 2202] [2008-10-10] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
FileZilla Client 3.16.0 (HKLM-x32\...\FileZilla Client) (Version: 3.16.0 - Tim Kosse)
Flickr Uploadr for Windows (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\FlickrUploadrWindows) (Version: 0.9.96.258 - Flickr)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Franko (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Franko) (Version: 0.8.5.3 - Franko Collective)
Free DVD Creator version 2.0 (HKLM-x32\...\Free DVD Creator (by minidvdsoft)_is1) (Version: 2.0 - www.minidvdsoft.com)
Freemake Video Converter versão 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Git version 2.5.0 (HKLM\...\Git_is1) (Version: 2.5.0 - The Git Development Community)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.1.4 - The GnuPG Project)
Google Books Downloader version 2.5 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.5 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM-x32\...\{B0F1B758-60D6-41F7-93D9-212A448813FE}) (Version: 1.29.1862.0513 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.10.0.1 - )
HyperCam 3 (HKLM-x32\...\HyperCam 3 3.5.1310.24) (Version: 3.5.1310.24 - Solveig Multimedia)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2014) (Version: 1.0 - Receita Federal do Brasil)
IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.0 - Receita Federal do Brasil)
IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2016) (Version: 1.2 - Receita Federal do Brasil)
Jack (HKLM-x32\...\Jack) (Version:  - )
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
Kingo ROOT version 1.4.0.2390 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.4.0.2390 - Kingosoft Technology Ltd.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Litecoin (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Litecoin) (Version: 0.8.5.1 - Litecoin project)
Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Metaio SDK 6.0.2 (HKLM-x32\...\Metaio SDK_is1) (Version: 6.0.2 - Metaio GmbH)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\OneDriveSetup.exe) (Version: 17.3.6386.0412 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{F0DB2786-18C8-4B0D-9DC2-BA58856A2821}) (Version: 2.1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mindjet (HKLM-x32\...\{E19925D8-DE98-4983-A80C-1DC884D07FA3}) (Version: 11.3.305 - Mindjet)
MOARProg (HKLM-x32\...\MOARProg) (Version: v1.1 - Mid-Ohio Area Robotics)
Módulo de Segurança - Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.1.2 - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 pt-BR)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MPLAB X IDE v3.10 (HKLM-x32\...\MPLAB X IDE v3.10 v3.10) (Version: v3.10 - Microchip)
MPLAB XC8 C Compiler (HKLM-x32\...\MPLAB XC8 C Compiler v1.35) (Version: v1.35 - Microchip)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{066D9335-606E-469B-BFAE-77A268F8FE6E}) (Version: 0.12.5 - Joyent, Inc. and other Node contributors)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Pacote de Driver do Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
PC Remote (HKLM-x32\...\{FC6316B8-4881-47F9-A649-606B97A1D114}) (Version: 3.45 - PC Remote)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.266.0 - Tracker Software Products Ltd)
PhotoScissors 2.0 (HKLM\...\{664FCCAE-8187-4EC5-B191-758C040C999C}_is1) (Version:  - teorex)
Photosculpt Textures v2.04 (HKLM-x32\...\Photosculpt Textures v2.04) (Version:  - )
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.6.8 - Vaclav Slavik)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Python 2.7 nltk-3.1 (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\nltk-py2.7) (Version:  - )
Python 2.7.10 (Anaconda 2.3.0 64-bit) (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Python 2.7.10 (Anaconda 2.3.0 64-bit)) (Version: 2.3.0 - Continuum Analytics, Inc.)
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Nome de sua empresa:)
Qualcomm Atheros Ethernet Controller (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.04 - Serpro - Serviço Federal de Processamento de Dados)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Scrivener (HKLM-x32\...\Scrivener 1900) (Version: 1900 - Literature and Latte)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Serviços de Impressão do Bonjour (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.1) (Version: 2.1 - Sparkol)
Sparkol VideoScribe (x32 Version: 2.1 - Sparkol) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spellweaver (HKLM-x32\...\Steam App 429680) (Version:  - Dream Reactor)
Spout version 2.003 (HKLM-x32\...\{EF46C69A-2F88-4234-A789-B22BCABCDF19}_is1) (Version: 2.003 - Leading Edge Pty. Ltd.)
SpreadsheetConverter 8.2.6550.0 (HKLM-x32\...\{6A5CE95E-AAF0-45F2-9F21-4ADFFFA2FECE}) (Version: 8.2.6550.0 - Framtidsforum I&M AB, Sweden)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1218 - SUPERAntiSpyware.com)
Suporte para Aplicativos Apple (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
The Sims™ 3 Diesel Каталог (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Katy Perry Сладкие радости (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims™ 3 В сумерках (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Sims™ 3 Времена года (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Все возрасты (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Городская жизнь Каталог (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 Изысканная спальня Каталог (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Карьера (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
The Sims™ 3 Мир приключений (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.9.10 - Electronic Arts)
The Sims™ 3 Отдых на природе Каталог (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
The Sims™ 3 Питомцы (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Райские острова (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Сверхъестественное (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Скоростной режим Каталог (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.8.1 - Electronic Arts)
The Sims™ 3 Современная роскошь Каталог (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.9.6 - Electronic Arts)
The Sims™ 3 Стильные 70-е, 80-е, 90-е Каталог (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Студенческая жизнь (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 Шоу-бизнес (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Unity (HKLM-x32\...\Unity) (Version: 5.2.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
Video Download Capture versão 4.9.4 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.4 - APOWERSOFT LIMITED)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
Warsaw 1.11.0.42826 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.11.0.42826 - GAS Tecnologia)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{6EBFF223-4B50-48BB-BED5-3DFFED94A14C}) (Version: 1.0.1720.1 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.7.5 (HKLM-x32\...\winscp3_is1) (Version: 5.7.5 - Martin Prikryl)
百度云管家 (HKLM-x32\...\百度云管家) (Version: 4.8.3 - 百度在线网络技术(北京)有限公司)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Ash\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ash\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{81EB9D59-B567-4D17-AA79-5D21A8282F4A}\InprocServer32 -> C:\Users\Ash\AppData\Roaming\SpreadsheetConverter\V8\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\Ash\AppData\Local\Autodesk\webdeploy\production\51ae3010d8055224af1e9b63a324fdb72e555a8b\NPreview10.dll ()
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ash\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C317314-7380-4A1A-9B9F-4B065CA92A09} - System32\Tasks\SUPERAntiSpyware Scheduled Task 9f5ff3c9-fb61-42bf-8fc1-3313b6ce5c99 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {13306AC3-26C5-4EA8-B62F-1EE1F438E253} - \avastBCLS-1-5-21-1783320200-1595918824-3239432374-1001 -> No File <==== ATTENTION
Task: {1D526DF1-BFF0-48D8-AFA1-E03DAF0E6D30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {203EB0AD-4DA4-4AD4-A82B-1DCBEC5AD87D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001Core => C:\Users\Ash\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-20] (Dropbox, Inc.)
Task: {232EFE47-877C-4FA5-99A7-9E0647B407DF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-03-14] (Dell Inc.)
Task: {2452C265-D4C8-4411-998A-39BF7AB7EED6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001UA => C:\Users\Ash\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-20] (Dropbox, Inc.)
Task: {2B334DDC-4B57-4DB3-8B5D-BD97ED584868} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {33B333A1-F2EC-4424-B3DF-B6C7F9D7434C} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {36439216-9635-450A-9825-E8EAA4A49E22} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001Core => C:\Users\Ash\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-25] (Facebook Inc.)
Task: {3B10FE60-F71D-4124-9630-0CB9A2D9631F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {4ADF5401-1661-4F4D-8B3C-7951E2E101CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001UA => C:\Users\Ash\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {56637CA6-9E93-49E0-8D2F-B2FE41AF6EE0} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {5D2D7FAE-4D42-4498-AC67-380FCCBFF14D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {654EA59F-D616-4036-BA8A-A5BC4A6E5CAA} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {732B059E-1DFC-47E7-8D00-5D7EFB07B4A8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001UA => C:\Users\Ash\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-25] (Facebook Inc.)
Task: {827CB60C-40BB-4281-B5D9-C3406E6F77D8} - System32\Tasks\SUPERAntiSpyware Scheduled Task fdd0bf46-06d2-456b-83ad-6c4399a1d124 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {8393F22C-A9F8-44A2-808F-FA27EC382B95} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: {985B8586-90EE-4D99-9F1D-2D664D05E3D8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {A0B01E43-97E2-4C65-A816-0061FF9066C9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {BD738E14-7C37-4CC8-AA5C-FB47AAE94985} - \avast! BCU UpdateS-1-5-21-1783320200-1595918824-3239432374-1001 -> No File <==== ATTENTION
Task: {DC773D6D-DE16-4905-8E38-6BE13B66B638} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1783320200-1595918824-3239432374-1001 => C:\Users\Ash\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-04-25] (Microsoft Corporation)
Task: {DE454ACD-23E0-4883-9CDD-2A0EB0E913E7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {E4000BFF-6ECA-4E25-8DB0-5AF532A9F8C8} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {EF92E8F2-4A0C-40E0-AF3B-BF72BF02FCF2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001Core => C:\Users\Ash\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F4CCA5BC-E826-4F98-B771-4CD64B795F45} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F7E7E5A8-1774-4314-8061-FCB8710AE1D8} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ashton_1@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {F8009FCA-45CD-496D-B161-5BDE072350E3} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001Core.job => C:\Users\Ash\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001UA.job => C:\Users\Ash\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001Core.job => C:\Users\Ash\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001UA.job => C:\Users\Ash\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001Core.job => C:\Users\Ash\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1783320200-1595918824-3239432374-1001UA.job => C:\Users\Ash\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9f5ff3c9-fb61-42bf-8fc1-3313b6ce5c99.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task fdd0bf46-06d2-456b-83ad-6c4399a1d124.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Ash\Desktop\Anaconda Command Prompt - ipython notebook dream.ipynb.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Users\Ash\Anaconda\Scripts\anaconda.bat"
ShortcutWithArgument: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"
ShortcutWithArgument: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)\Anaconda Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Users\Ash\Anaconda\Scripts\anaconda.bat"
ShortcutWithArgument: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)\Wakari (in the cloud).lnk -> C:\Users\Ash\Anaconda\pythonw.exe () -> -m webbrowser -t "hxxps://www.wakari.io/"
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-04-18 02:12 - 2012-04-24 22:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-05-08 13:29 - 2013-05-08 13:29 - 00567296 _____ () C:\Prey\platform\windows\bin\bash.exe
2016-02-29 06:23 - 2016-02-29 06:23 - 00052912 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-09-26 13:41 - 2014-09-26 13:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\Users\Ash\AppData\Local\MEGAsync\ShellExtX64.dll
2014-08-21 23:32 - 2014-08-21 23:32 - 00253896 _____ () C:\Users\Ash\AppData\Roaming\baidu\BaiduYunGuanjia\YunShellExt64.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-08-08 13:11 - 2012-08-08 13:11 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2015-09-18 18:01 - 2015-09-18 18:01 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\77f9f52ca44a6b9ea5a4544b0346621b\PSIClient.ni.dll
2013-04-18 02:00 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-04-18 02:11 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-02-29 06:23 - 2016-02-29 06:23 - 00048816 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2016-03-26 15:24 - 2016-03-26 15:24 - 01114136 _____ () C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\2p0ibw79.default-1412463487085\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434]
AlternateDataStreams: C:\ProgramData\Temp:4A1628E5 [124]
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [244]
AlternateDataStreams: C:\ProgramData\Temp:98C49AAF [348]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:4A1628E5 [124]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:56E2E879 [244]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:98C49AAF [348]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\bb.com.br -> hxxps://seg.bb.com.br
IE trusted site: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2016-04-22 13:57 - 00000753 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
127.0.0.1       localhost 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Equil Image Printer (BW)"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "EPSON_UD_START"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\StartupApproved\StartupFolder: => "Folding@home.lnk"
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\StartupApproved\Run: => "BaiduYunGuanjia"
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\StartupApproved\Run: => "Copy"
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\StartupApproved\Run: => "FlickrUploadr"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4426A52A-4136-4140-A1FE-0518461604BA}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{EBD0CB0D-26B6-43E1-9479-25F4A3E2F25C}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{A2478CE0-33AD-4090-838C-22419B412450}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{FB6576D3-7D29-4B1B-8F60-47F9B09BBE44}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{62091168-97F6-44AE-A1C0-4240AF2DABAC}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{BFD2DE68-FA33-4946-B72C-0672EA0EB982}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{8690E780-8798-4CA5-9BAC-91200D8A4CC9}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{2AC41539-36CA-4966-8C3C-FD2C1044502F}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{15DC800A-934B-47EE-A0BE-54C335521EA8}] => (Allow) C:\Users\Ash\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9DD4F503-5384-4A48-8A0A-4CF83EE6B073}] => (Allow) C:\Users\Ash\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8C2974F9-6891-4704-A56F-7BC7F9E4A750}] => (Allow) C:\Users\Ash\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{ECA01E6D-C884-476F-A4CE-5E1485CAC5F9}] => (Allow) C:\Users\Ash\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{1F703A68-05B4-4F5B-BB4F-645097CC2873}C:\program files (x86)\phonerlite\phonerlite.exe] => (Allow) C:\program files (x86)\phonerlite\phonerlite.exe
FirewallRules: [TCP Query User{FC4B7C1E-15D7-4F6F-B239-32B3763BFF69}C:\program files (x86)\phonerlite\phonerlite.exe] => (Allow) C:\program files (x86)\phonerlite\phonerlite.exe
FirewallRules: [UDP Query User{9AD454FD-5FD9-42E5-BF28-093314410B3C}C:\program files (x86)\dap\dap.exe] => (Allow) C:\program files (x86)\dap\dap.exe
FirewallRules: [TCP Query User{4AB4025C-306B-4ED7-B3D2-C7101970BB5F}C:\program files (x86)\dap\dap.exe] => (Allow) C:\program files (x86)\dap\dap.exe
FirewallRules: [{6F17678A-AB8A-40B2-A53D-E805E3787006}] => (Allow) C:\Users\Ash\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [UDP Query User{F1AB86AF-AB71-4062-967A-620C74BF4F5A}C:\gog games\shadowrun returns\shadowrun.exe] => (Allow) C:\gog games\shadowrun returns\shadowrun.exe
FirewallRules: [TCP Query User{8BEE25AC-B565-4A64-AFAD-F30D138B5B82}C:\gog games\shadowrun returns\shadowrun.exe] => (Allow) C:\gog games\shadowrun returns\shadowrun.exe
FirewallRules: [UDP Query User{BE977722-474E-4C32-878E-E81221684FB1}C:\gog games\shadowrun returns\shadowrun.exe] => (Allow) C:\gog games\shadowrun returns\shadowrun.exe
FirewallRules: [TCP Query User{0BB2801E-3522-43F9-8A98-829F18CEEF62}C:\gog games\shadowrun returns\shadowrun.exe] => (Allow) C:\gog games\shadowrun returns\shadowrun.exe
FirewallRules: [{DEC95418-B8F3-4E27-A929-9D9FD970D0D9}] => (Allow) LPort=1024
FirewallRules: [{38C0FB45-E8D3-4E57-925B-738B98EB28D2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EC6265B0-5C8F-4B7D-BD71-38B4185AE401}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{25332E51-A6E1-4824-ACB3-82860C6B90E3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{37F3EEC9-0EBA-4530-8B56-B9D2EE73947A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{DBBB32BC-ABB5-4F6F-9672-3CB3881174AE}C:\program files (x86)\smartcoin\smartcoin-qt.exe] => (Allow) C:\program files (x86)\smartcoin\smartcoin-qt.exe
FirewallRules: [TCP Query User{0352FFEB-E8C3-4E21-9C60-9337F84EFF11}C:\program files (x86)\smartcoin\smartcoin-qt.exe] => (Allow) C:\program files (x86)\smartcoin\smartcoin-qt.exe
FirewallRules: [UDP Query User{EF8F9D59-5861-48C9-BBDA-CD0429A9D6A6}C:\program files (x86)\anoncoin\anoncoin-qt.exe] => (Allow) C:\program files (x86)\anoncoin\anoncoin-qt.exe
FirewallRules: [TCP Query User{6EE86C42-BE87-4E70-B475-09A63529EC02}C:\program files (x86)\anoncoin\anoncoin-qt.exe] => (Allow) C:\program files (x86)\anoncoin\anoncoin-qt.exe
FirewallRules: [UDP Query User{C716B08C-23C2-4199-8504-1B9864A70807}C:\program files (x86)\benjamins\benjamins-qt.exe] => (Allow) C:\program files (x86)\benjamins\benjamins-qt.exe
FirewallRules: [TCP Query User{023895B7-7BE6-4676-AC1C-DB359C758580}C:\program files (x86)\benjamins\benjamins-qt.exe] => (Allow) C:\program files (x86)\benjamins\benjamins-qt.exe
FirewallRules: [UDP Query User{ACF5CEC3-FEF2-4511-9504-265F863E0A85}C:\program files (x86)\benjamins\benjamins-qt.exe] => (Allow) C:\program files (x86)\benjamins\benjamins-qt.exe
FirewallRules: [TCP Query User{E7CB61D5-C2E2-4F0F-8D4B-5B1D6AAF1093}C:\program files (x86)\benjamins\benjamins-qt.exe] => (Allow) C:\program files (x86)\benjamins\benjamins-qt.exe
FirewallRules: [UDP Query User{EDEDDB70-2A27-410F-A6EA-CA51C3E594C4}C:\program files (x86)\smartcoin\smartcoin-qt.exe] => (Allow) C:\program files (x86)\smartcoin\smartcoin-qt.exe
FirewallRules: [TCP Query User{D92B266C-1E8F-40B3-B129-3B009AFB7FE9}C:\program files (x86)\smartcoin\smartcoin-qt.exe] => (Allow) C:\program files (x86)\smartcoin\smartcoin-qt.exe
FirewallRules: [UDP Query User{CF398358-8B93-4F25-8767-666CE350E944}C:\program files (x86)\nanotoken\nanotoken-qt.exe] => (Allow) C:\program files (x86)\nanotoken\nanotoken-qt.exe
FirewallRules: [TCP Query User{56CC92C7-9400-44BA-A734-7F5778552326}C:\program files (x86)\nanotoken\nanotoken-qt.exe] => (Allow) C:\program files (x86)\nanotoken\nanotoken-qt.exe
FirewallRules: [UDP Query User{D5798610-3991-4B12-904D-C482E2AB2B9A}C:\program files (x86)\franko\franko-qt.exe] => (Allow) C:\program files (x86)\franko\franko-qt.exe
FirewallRules: [TCP Query User{E5949DD4-17AA-4426-84D8-36D7BA17BA5D}C:\program files (x86)\franko\franko-qt.exe] => (Allow) C:\program files (x86)\franko\franko-qt.exe
FirewallRules: [UDP Query User{C28CA94D-4087-4474-8E2F-D0AE1D8321AE}C:\program files (x86)\captcha sniper\captchasniper.exe] => (Allow) C:\program files (x86)\captcha sniper\captchasniper.exe
FirewallRules: [TCP Query User{E7EF70EE-0F67-42DA-A8C5-01D501AE09CE}C:\program files (x86)\captcha sniper\captchasniper.exe] => (Allow) C:\program files (x86)\captcha sniper\captchasniper.exe
FirewallRules: [UDP Query User{BE7C6A87-B845-4EF8-8404-E377D388B36C}C:\users\ash\videos\btc economy\cubits3-qt\cubits3-qt\cubits3-qt.exe] => (Allow) C:\users\ash\videos\btc economy\cubits3-qt\cubits3-qt\cubits3-qt.exe
FirewallRules: [TCP Query User{BD377E9A-9ADD-42B0-B292-B04F34544CC8}C:\users\ash\videos\btc economy\cubits3-qt\cubits3-qt\cubits3-qt.exe] => (Allow) C:\users\ash\videos\btc economy\cubits3-qt\cubits3-qt\cubits3-qt.exe
FirewallRules: [UDP Query User{DE082942-D8A6-4C48-9810-A0FC0CC35007}C:\program files (x86)\devcoin\devcoin.exe] => (Allow) C:\program files (x86)\devcoin\devcoin.exe
FirewallRules: [TCP Query User{9015A68F-6686-4531-9EA1-90382E943666}C:\program files (x86)\devcoin\devcoin.exe] => (Allow) C:\program files (x86)\devcoin\devcoin.exe
FirewallRules: [UDP Query User{7CE96357-BDEA-416A-AB18-A79ADD7F1CEC}C:\battlecoin\battlecoin-qt.exe] => (Allow) C:\battlecoin\battlecoin-qt.exe
FirewallRules: [TCP Query User{EB463478-CF13-47D4-8A7F-8A615556490C}C:\battlecoin\battlecoin-qt.exe] => (Allow) C:\battlecoin\battlecoin-qt.exe
FirewallRules: [UDP Query User{3E607D80-AE1A-4455-BB3D-6C10F25E2EFE}C:\crypto\casinocoin\casinocoin-qt.exe] => (Allow) C:\crypto\casinocoin\casinocoin-qt.exe
FirewallRules: [TCP Query User{59DA4F23-444E-43D3-A814-46F4FCD234C3}C:\crypto\casinocoin\casinocoin-qt.exe] => (Allow) C:\crypto\casinocoin\casinocoin-qt.exe
FirewallRules: [UDP Query User{944108D6-80C6-43B2-97BA-84951EFB97FB}C:\users\ash\videos\btc economy\casinocoin-1.0.0.4\casinocoin-1.0.0.4\casinocoin-qt.exe] => (Allow) C:\users\ash\videos\btc economy\casinocoin-1.0.0.4\casinocoin-1.0.0.4\casinocoin-qt.exe
FirewallRules: [TCP Query User{B91FEE7F-FAFF-45BE-AF30-5A8CF1E184DA}C:\users\ash\videos\btc economy\casinocoin-1.0.0.4\casinocoin-1.0.0.4\casinocoin-qt.exe] => (Allow) C:\users\ash\videos\btc economy\casinocoin-1.0.0.4\casinocoin-1.0.0.4\casinocoin-qt.exe
FirewallRules: [UDP Query User{9290A19E-C2DF-4C05-9875-246C8DB15BB2}C:\users\ash\downloads\dogecoin-qt-v13-win\dogecoin-qt.exe] => (Allow) C:\users\ash\downloads\dogecoin-qt-v13-win\dogecoin-qt.exe
FirewallRules: [TCP Query User{E97EE669-9FF0-43AA-AF4B-18A83EDC1F5A}C:\users\ash\downloads\dogecoin-qt-v13-win\dogecoin-qt.exe] => (Allow) C:\users\ash\downloads\dogecoin-qt-v13-win\dogecoin-qt.exe
FirewallRules: [UDP Query User{0D118890-0C8E-4E2B-AA01-646AC6539C5B}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{3F1DCEC9-23A2-44EA-B1EB-892B87EDDD59}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{B7EDB88C-8D81-498C-8D22-88F3A7B26A0D}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{76F27434-9D06-45E2-8503-806BD7A68A3F}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{0A6658C3-B2B5-476E-8EDB-8E3490AF2B4F}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{CD3C3FF5-5217-40C9-924E-D62835772BC7}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [{C7F9C8D2-C3E5-49EF-A428-8DF14B46E021}] => (Allow) C:\Users\Ash\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{FA9193D3-AEBC-4B4B-A730-D5A5243B5800}] => (Allow) C:\Users\Ash\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [UDP Query User{6E663653-87DB-4269-9F2A-3F362E20FFCF}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [TCP Query User{D8D076F5-0BE2-4975-A32F-67E6347EF586}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [{364ADC44-B3C7-4EEA-B0CB-5BDFCDD8B7CC}] => (Allow) C:\Users\Ash\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{487F476E-1CBA-484B-A5C5-085195ABF81C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D13B9E9B-7E9E-4CE3-ACC1-5C82C37BBDD7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{55F189CC-CD8C-4D02-86E3-919DF42A93B6}] => (Allow) C:\Users\Ash\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{209E12D0-E69F-463C-8929-572E493AFC55}] => (Allow) C:\Users\Ash\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{7971E771-E9A3-4D10-8363-21913C1FC01D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2CFC6629-6A88-437D-B770-B97BAAFA5BF9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2605EFB7-8A48-4C66-BF7C-1EE5CDDD4FF1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6331329E-5FC7-4816-9CBE-807E3B7837E8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{FC78B923-14AE-4845-9C95-8580FD4DFA43}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E619B4A6-516E-4F73-B0F9-2ECCB99834A2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B7C707A8-0072-4FFA-9BDF-E5EB4ACD89C2}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C36C5314-F650-463E-9B37-256A3897EE83}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [UDP Query User{1D4B5C17-247A-4D9D-B82B-A696A2FD4263}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{4AEA9B2C-198E-448E-975F-AA84AF630806}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{7262E19D-B1B7-4704-BCBE-8BB0CD53F88A}] => (Allow) C:\Users\Ash\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1302B37A-52AB-479F-98CC-7F3968947455}] => (Allow) C:\Users\Ash\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{93D5597D-6FE8-4CF4-8480-E8ADC00230CE}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [TCP Query User{0D17D532-7D02-4E90-A5EF-73AE6CA2BC07}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [UDP Query User{20E86B3D-68A7-427E-AC76-015C69CC6C9B}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [TCP Query User{40DF779E-6350-418A-B527-89397BF25AEF}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [TCP Query User{43608DD0-94B2-4F77-8F59-55309D9633D3}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [UDP Query User{3A3D35C8-000B-4A74-BA75-5F3299ABCD74}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [TCP Query User{5D49E504-38AE-4ED7-A0E2-D76D65E4BD50}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [UDP Query User{DE539FED-C774-4F53-AF3D-6F3DEEE45357}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Allow) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [{D78B5283-5571-4738-B4AA-1405595D363B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C265058C-8E10-4807-9549-7BBDE6BD0087}] => (Allow) LPort=2869
FirewallRules: [{DF4572E5-CBE8-4E7E-8011-07CD12D0FEAC}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{A0D99912-7113-4E63-944B-875B5C92B62D}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{E6321FF7-D740-45C6-982A-781E2B00F2D5}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{E67E62AD-8956-4CE7-A8D1-903019DC614E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{32595DB5-9B40-4F00-A72E-BB8C1CD09CD7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86AF5516-C000-4040-9383-217BE7E13213}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E6A0C61-D41A-414D-B537-BC5DAB760EB3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E82CCAC5-2BD7-4CB2-BA35-3C53C84DDF3D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{D851621E-7215-48DE-8D56-4AC6C1352029}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{6D256B33-9725-468C-AD84-2E0E7BCFD796}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{E5803C8E-3C6D-4D67-ADC1-49299AB51056}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{E817204B-D2D8-434C-B39B-C5B7EBE15780}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{90D0D214-D5D0-4BB1-8FB3-58815CBF6150}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{2025AB06-77F4-45D4-9F71-B2ED2CBA77CF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{B8D2F65B-03FB-48F5-824D-F40A4EEB4277}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{E65B809F-E9AD-4330-B6B0-FFE4D765C264}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{2FCDE749-5F5A-4CDC-96E9-7A433AA3996F}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{AA9BB3AC-4F4F-4241-AA81-C0B4302A67A9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{DD9294F6-85F1-4B58-BA98-5EF7CE174ADF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{C6C8DFEC-0CE7-48C0-A9B1-4A44AA466DA8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{8D89E314-4CBA-4720-9D52-460DC902F7FD}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [TCP Query User{5719599F-3F9B-4B2F-B713-3D115BC390AF}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{5D65B62E-E63E-4504-B292-1C128A6C40F9}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{45C82224-9280-4D0A-902F-B837CE1F0579}C:\users\ash\onedrive\criptonauta\wallets\blade\blade-qt.exe] => (Allow) C:\users\ash\onedrive\criptonauta\wallets\blade\blade-qt.exe
FirewallRules: [UDP Query User{EA8F7173-124E-43E4-B7D7-EDC55D07D321}C:\users\ash\onedrive\criptonauta\wallets\blade\blade-qt.exe] => (Allow) C:\users\ash\onedrive\criptonauta\wallets\blade\blade-qt.exe
FirewallRules: [TCP Query User{9D0060AE-9FD3-4765-A106-ABDC3CB2E63F}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe
FirewallRules: [UDP Query User{D1D3A668-606D-4A02-B59E-4FB76DE805BE}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe
FirewallRules: [TCP Query User{1E968992-312C-4BBF-9452-8052B35D4831}C:\program files (x86)\augur\core\core.exe] => (Allow) C:\program files (x86)\augur\core\core.exe
FirewallRules: [UDP Query User{11F99A19-1C50-4061-9529-4B660DDEEE45}C:\program files (x86)\augur\core\core.exe] => (Allow) C:\program files (x86)\augur\core\core.exe
FirewallRules: [{E9C7BC23-1ADE-4DE7-B81E-03D9F515D05B}] => (Block) C:\program files (x86)\augur\core\core.exe
FirewallRules: [{92D5E8FB-9A34-426F-A353-C02EF41974F2}] => (Block) C:\program files (x86)\augur\core\core.exe
FirewallRules: [TCP Query User{2859C05C-B6E8-4622-812C-EA9392A63AFA}C:\program files (x86)\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe
FirewallRules: [UDP Query User{5822F9D4-A188-4CEA-BCE4-2B426F4AA580}C:\program files (x86)\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe
FirewallRules: [{D025F1BD-18A1-4E0A-87B8-0B1BBF935A13}] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe
FirewallRules: [{3B5A8681-8242-4231-84DB-80F291D047EB}] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe
FirewallRules: [{136525EE-8C02-4CF2-9A18-AF37BB37491B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C5D2DF10-E748-4E5A-81A0-C68BEC5D0F81}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{519C4F18-53F9-4AA0-B41B-1DF06EDC777E}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{D52AB880-1791-47DF-B738-95C99F1B7059}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{E72D4357-534A-453A-9866-B76A01B5FA09}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{2C9235E8-F3A2-41C4-994E-12149EC711C9}] => (Allow) C:\Users\Ash\AppData\Roaming\Copy\CopyAgent.exe
FirewallRules: [TCP Query User{7BC6A915-4749-4B9A-875F-03EA0450E852}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{50836E7E-BC9C-45EE-9BDF-4E7BC7D6D2F9}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{29EB579A-FFC5-4F60-9ADE-3043E2869741}C:\program files (x86)\bbqscreen client\bbqscreenclient2.exe] => (Allow) C:\program files (x86)\bbqscreen client\bbqscreenclient2.exe
FirewallRules: [UDP Query User{EDD7C510-9290-4B36-A4C4-16B30C4C8B3A}C:\program files (x86)\bbqscreen client\bbqscreenclient2.exe] => (Allow) C:\program files (x86)\bbqscreen client\bbqscreenclient2.exe
FirewallRules: [TCP Query User{C0B01CB0-AA31-449C-8444-7C321AF23B77}C:\users\ash\appdata\roaming\copy\copyagent.exe] => (Allow) C:\users\ash\appdata\roaming\copy\copyagent.exe
FirewallRules: [UDP Query User{FBCB2719-BBDF-40A1-8F8C-D4BFAF43926E}C:\users\ash\appdata\roaming\copy\copyagent.exe] => (Allow) C:\users\ash\appdata\roaming\copy\copyagent.exe
FirewallRules: [TCP Query User{38A203D7-6118-4A4B-8BB4-E071E5411B20}C:\users\ash\appdata\local\temp\rar$exa0.337\geth.exe] => (Allow) C:\users\ash\appdata\local\temp\rar$exa0.337\geth.exe
FirewallRules: [UDP Query User{6CFFB959-FF67-4A4C-919F-2371170D0102}C:\users\ash\appdata\local\temp\rar$exa0.337\geth.exe] => (Allow) C:\users\ash\appdata\local\temp\rar$exa0.337\geth.exe
FirewallRules: [{EB3A82FF-F5E2-4023-8C5B-E0B11E55DA75}] => (Block) C:\users\ash\appdata\local\temp\rar$exa0.337\geth.exe
FirewallRules: [{6DC775B1-4F7F-46F0-9A5B-4F06973ADA11}] => (Block) C:\users\ash\appdata\local\temp\rar$exa0.337\geth.exe
FirewallRules: [TCP Query User{4A9881A5-D88D-48D9-9F08-883911DF00E0}C:\users\ash\desktop\geth.exe] => (Allow) C:\users\ash\desktop\geth.exe
FirewallRules: [UDP Query User{213391ED-B722-4D3D-B9AC-7DF56AF8EA66}C:\users\ash\desktop\geth.exe] => (Allow) C:\users\ash\desktop\geth.exe
FirewallRules: [{8FAC9948-D7AA-4CA0-8333-FB29B537E334}] => (Block) C:\users\ash\desktop\geth.exe
FirewallRules: [{5E293FD2-8DEF-4134-A05B-64F9648A7745}] => (Block) C:\users\ash\desktop\geth.exe
FirewallRules: [{B1D36591-0F89-4E4F-BA03-F74AF1FCB700}] => (Allow) C:\Users\Ash\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{4920BFD9-9776-450A-8679-10301D002581}] => (Allow) C:\Users\Ash\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [TCP Query User{50DEA7F1-0454-43C9-9431-1AA6A35E87D1}C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt\vpt7_01_win\vpt7.exe] => (Allow) C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt\vpt7_01_win\vpt7.exe
FirewallRules: [UDP Query User{8BC844DC-C3F4-4171-BEDB-67B84D708C97}C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt\vpt7_01_win\vpt7.exe] => (Allow) C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt\vpt7_01_win\vpt7.exe
FirewallRules: [{74C24C4A-1CE4-410B-B6C8-8C1AABB03DE9}] => (Block) C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt\vpt7_01_win\vpt7.exe
FirewallRules: [{D1D8FDFB-49C1-4970-9F67-A10C3B5DAC86}] => (Block) C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt\vpt7_01_win\vpt7.exe
FirewallRules: [TCP Query User{176524E9-D181-48AD-89F5-A0BDC35F7648}C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt7_02_win\vpt7.exe] => (Allow) C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt7_02_win\vpt7.exe
FirewallRules: [UDP Query User{29114D2B-BCE3-499E-BFD4-EC7C921AD1F1}C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt7_02_win\vpt7.exe] => (Allow) C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt7_02_win\vpt7.exe
FirewallRules: [TCP Query User{DE324A1D-EF21-481E-81AA-4B004FC103EF}C:\users\ash\documents\01 - pessoal andre\mapping projection\heavym-0.94.6-beta-windows-updated\heavym-0.94.6-beta-windows-updated\heavym_projection\heavym_projection.exe] => (Allow) C:\users\ash\documents\01 - pessoal andre\mapping projection\heavym-0.94.6-beta-windows-updated\heavym-0.94.6-beta-windows-updated\heavym_projection\heavym_projection.exe
FirewallRules: [UDP Query User{C17AF06A-79A5-4C3E-82C2-E0DB7D0D0AFC}C:\users\ash\documents\01 - pessoal andre\mapping projection\heavym-0.94.6-beta-windows-updated\heavym-0.94.6-beta-windows-updated\heavym_projection\heavym_projection.exe] => (Allow) C:\users\ash\documents\01 - pessoal andre\mapping projection\heavym-0.94.6-beta-windows-updated\heavym-0.94.6-beta-windows-updated\heavym_projection\heavym_projection.exe
FirewallRules: [TCP Query User{E879DBAC-44F8-4BD1-95D1-26C9E8874CE7}C:\users\ash\documents\01 - pessoal andre\mapping projection\heavym-0.94.6-beta-windows-updated\heavym-0.94.6-beta-windows-updated\heavym.exe] => (Allow) C:\users\ash\documents\01 - pessoal andre\mapping projection\heavym-0.94.6-beta-windows-updated\heavym-0.94.6-beta-windows-updated\heavym.exe
FirewallRules: [UDP Query User{0CBD8971-3D8E-4CC2-B8E0-FCCBB596E85A}C:\users\ash\documents\01 - pessoal andre\mapping projection\heavym-0.94.6-beta-windows-updated\heavym-0.94.6-beta-windows-updated\heavym.exe] => (Allow) C:\users\ash\documents\01 - pessoal andre\mapping projection\heavym-0.94.6-beta-windows-updated\heavym-0.94.6-beta-windows-updated\heavym.exe
FirewallRules: [{D50A59F7-D195-4AC0-9EF3-AC45D8278861}] => (Block) C:\users\ash\documents\01 - pessoal andre\mapping projection\heavym-0.94.6-beta-windows-updated\heavym-0.94.6-beta-windows-updated\heavym_projection\heavym_projection.exe
FirewallRules: [{35BA5E58-ADF3-48B9-ACE0-35586C333E35}] => (Block) C:\users\ash\documents\01 - pessoal andre\mapping projection\heavym-0.94.6-beta-windows-updated\heavym-0.94.6-beta-windows-updated\heavym_projection\heavym_projection.exe
FirewallRules: [{0680B8D7-DFF6-46FC-959C-DD8827810B4E}] => (Block) C:\users\ash\documents\01 - pessoal andre\mapping projection\heavym-0.94.6-beta-windows-updated\heavym-0.94.6-beta-windows-updated\heavym.exe
FirewallRules: [{FA9C2EA3-C394-47E5-808F-F2F9B07D50B5}] => (Block) C:\users\ash\documents\01 - pessoal andre\mapping projection\heavym-0.94.6-beta-windows-updated\heavym-0.94.6-beta-windows-updated\heavym.exe
FirewallRules: [TCP Query User{D4101FF2-793A-4F04-BA9E-264B165CBE45}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{EC169524-F89E-4BA8-AC29-501730AF2582}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{3C424CE5-9E9D-4A13-A2BD-4370361AE0E8}] => (Block) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{A03A6214-4376-4C64-92DF-CF6AAA558A65}] => (Block) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{446D38A4-5A8F-4146-9801-0414B86DC546}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{34937058-2EFE-4281-8369-6CCB16CDE682}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [{6358E9C2-9720-49A5-A84C-F0C07151717D}] => (Block) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [{857E352F-3678-488D-B079-93D28A61703C}] => (Block) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{635A7736-2DB9-4B09-9E38-FEF663B37826}C:\program files\ethereum (++) 0.9.40\release\alethzero.exe] => (Allow) C:\program files\ethereum (++) 0.9.40\release\alethzero.exe
FirewallRules: [UDP Query User{4C5447AF-0444-41E0-B4BA-04BC112B2E24}C:\program files\ethereum (++) 0.9.40\release\alethzero.exe] => (Allow) C:\program files\ethereum (++) 0.9.40\release\alethzero.exe
FirewallRules: [{C21B4F07-BD39-41CE-B6A2-82F3D73E7565}] => (Block) C:\program files\ethereum (++) 0.9.40\release\alethzero.exe
FirewallRules: [{8D164E4B-9365-42BD-AA9F-87122324E1D7}] => (Block) C:\program files\ethereum (++) 0.9.40\release\alethzero.exe
FirewallRules: [TCP Query User{7C21231F-9FD0-4B83-A4C5-BA8E65D1F6B3}C:\programdata\chocolatey\lib\geth-stable\tools\geth.exe] => (Allow) C:\programdata\chocolatey\lib\geth-stable\tools\geth.exe
FirewallRules: [UDP Query User{8C82065C-C8EA-4156-AFA8-801FF9F67919}C:\programdata\chocolatey\lib\geth-stable\tools\geth.exe] => (Allow) C:\programdata\chocolatey\lib\geth-stable\tools\geth.exe
FirewallRules: [{15EA9BCE-3533-44F6-9C0E-8CB7094C2C9D}] => (Block) C:\programdata\chocolatey\lib\geth-stable\tools\geth.exe
FirewallRules: [{71897064-7A0C-4D8C-A358-155B030E754C}] => (Block) C:\programdata\chocolatey\lib\geth-stable\tools\geth.exe
FirewallRules: [TCP Query User{1C067319-3F52-44DF-8132-D9ADA30A8B2C}C:\users\ash\downloads\blade.exe] => (Block) C:\users\ash\downloads\blade.exe
FirewallRules: [UDP Query User{B41B2624-C1FD-4CF4-98E1-CE8CB568F9C8}C:\users\ash\downloads\blade.exe] => (Block) C:\users\ash\downloads\blade.exe
FirewallRules: [TCP Query User{34C07FE4-2BB1-41FF-B112-C508F094C086}C:\users\ash\onedrive\criptonauta\wallets\blade\blade.exe] => (Allow) C:\users\ash\onedrive\criptonauta\wallets\blade\blade.exe
FirewallRules: [UDP Query User{E81E1CCD-4366-46B9-A651-F3126FAD8838}C:\users\ash\onedrive\criptonauta\wallets\blade\blade.exe] => (Allow) C:\users\ash\onedrive\criptonauta\wallets\blade\blade.exe
FirewallRules: [TCP Query User{BDCFEC71-CA20-4CCE-B308-3375B4A25F7F}C:\program files\gamecredits\gamecredits-qt.exe] => (Allow) C:\program files\gamecredits\gamecredits-qt.exe
FirewallRules: [UDP Query User{2240A9DC-2943-45F1-9F73-43796A3AF94A}C:\program files\gamecredits\gamecredits-qt.exe] => (Allow) C:\program files\gamecredits\gamecredits-qt.exe
FirewallRules: [TCP Query User{92A4D1A3-784A-4C0C-846D-5081EDC7EA9A}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{A1D2C217-4A15-4214-B852-56A90FEE3599}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{99946E7C-A29B-4263-AA23-A6D977D7FAC5}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{5E3CC05D-7495-4580-8521-C1944341F7CB}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{00C3F993-511B-4051-A9D0-1CF423742680}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{7F0127F3-14A7-42A7-8ABE-23F3F99588E5}] => (Allow) C:\PROGRA~1\Unity\Editor\Unity.exe
FirewallRules: [TCP Query User{FA9322D5-1023-40FF-9993-35C8880CB18B}C:\users\ash\downloads\p5-win\p5.exe] => (Allow) C:\users\ash\downloads\p5-win\p5.exe
FirewallRules: [UDP Query User{C5C467FE-7381-4584-9C4E-76F571F1650A}C:\users\ash\downloads\p5-win\p5.exe] => (Allow) C:\users\ash\downloads\p5-win\p5.exe
FirewallRules: [{148EBE95-5264-41A4-8752-14BF07339E4A}] => (Block) C:\users\ash\downloads\p5-win\p5.exe
FirewallRules: [{F4FF3745-29D0-4306-8030-5A42FA86B54E}] => (Block) C:\users\ash\downloads\p5-win\p5.exe
FirewallRules: [TCP Query User{039E05A5-2FFB-4DBF-A517-8344FF148092}C:\program files (x86)\wifi speaker\wirelesssound.exe] => (Allow) C:\program files (x86)\wifi speaker\wirelesssound.exe
FirewallRules: [UDP Query User{67518B83-FE5F-4161-B907-AB25794E8FC6}C:\program files (x86)\wifi speaker\wirelesssound.exe] => (Allow) C:\program files (x86)\wifi speaker\wirelesssound.exe
FirewallRules: [{083094F4-4805-484B-82B5-6F0A7F85A1F6}] => (Block) C:\program files (x86)\wifi speaker\wirelesssound.exe
FirewallRules: [{3CFC3303-0349-4AAC-8209-3811309B932B}] => (Block) C:\program files (x86)\wifi speaker\wirelesssound.exe
FirewallRules: [TCP Query User{18961E0B-17D4-493E-8799-0C47401D0F22}C:\program files (x86)\soundwire server\soundwireserver.exe] => (Allow) C:\program files (x86)\soundwire server\soundwireserver.exe
FirewallRules: [UDP Query User{8FDEE2D0-DA48-4ED3-BD6D-CD7FBE188DD7}C:\program files (x86)\soundwire server\soundwireserver.exe] => (Allow) C:\program files (x86)\soundwire server\soundwireserver.exe
FirewallRules: [TCP Query User{077D89E5-56AC-4B73-9D81-DB9813815BEC}C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt7_01_win\vpt7_01_win\vpt7.exe] => (Allow) C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt7_01_win\vpt7_01_win\vpt7.exe
FirewallRules: [UDP Query User{23EBFA35-2022-4FC9-9EE4-A7F4FD91B4AC}C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt7_01_win\vpt7_01_win\vpt7.exe] => (Allow) C:\users\ash\documents\01 - pessoal andre\mapping projection\vpt7_01_win\vpt7_01_win\vpt7.exe
FirewallRules: [TCP Query User{D1BD4139-B9D6-47A4-B74A-E45C44C58E12}C:\program files (x86)\arkaos grandvj 1.6.5\grandvj.exe] => (Allow) C:\program files (x86)\arkaos grandvj 1.6.5\grandvj.exe
FirewallRules: [UDP Query User{2F7A5843-CD89-4C2B-A44F-36D5A0E92EE2}C:\program files (x86)\arkaos grandvj 1.6.5\grandvj.exe] => (Allow) C:\program files (x86)\arkaos grandvj 1.6.5\grandvj.exe
FirewallRules: [{5270E29E-47A1-4EA5-B006-B9F43CFA537E}] => (Block) C:\program files (x86)\arkaos grandvj 1.6.5\grandvj.exe
FirewallRules: [{B685FE5A-E0D1-4827-AB14-B732B5668F9F}] => (Block) C:\program files (x86)\arkaos grandvj 1.6.5\grandvj.exe
FirewallRules: [{512BE2E2-4455-4E2A-B6AB-67E4905AC2E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{35166E65-D450-4FE2-85D5-A0D22862F48F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3998BE95-3ECC-4505-8C65-3D78268B1DC3}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{FDEE0979-96E9-44F6-AE73-87E976303D8D}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{8B0235A9-89BC-4CCF-B35C-4C8361D29ADA}C:\program files (x86)\ultimate control\ucontrol.exe] => (Allow) C:\program files (x86)\ultimate control\ucontrol.exe
FirewallRules: [UDP Query User{DA23658F-82C2-481C-8667-0DC74B3CC039}C:\program files (x86)\ultimate control\ucontrol.exe] => (Allow) C:\program files (x86)\ultimate control\ucontrol.exe
FirewallRules: [TCP Query User{0096AA98-86C3-413B-AB14-14B618493926}C:\users\ash\appdata\roaming\spreadsheetconverter\v8\bundler\node.exe] => (Allow) C:\users\ash\appdata\roaming\spreadsheetconverter\v8\bundler\node.exe
FirewallRules: [UDP Query User{49BF290D-89BB-4766-9E93-0649B1B7EF7F}C:\users\ash\appdata\roaming\spreadsheetconverter\v8\bundler\node.exe] => (Allow) C:\users\ash\appdata\roaming\spreadsheetconverter\v8\bundler\node.exe
FirewallRules: [{1FE2FE59-D872-4428-A002-378A804C78A1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CF3B6CD0-7210-4CA4-9110-D78E03FB2C12}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E6073E92-3129-4771-8439-371EF8F9BBEF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DC6A3874-7E4C-47C4-A8B8-A2C8C34366BA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{D57CF0AC-CD63-48D3-85E8-D8598A588665}C:\program files (x86)\steam\steamapps\common\medusa's labyrinth\medusa\binaries\win64\medusa-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\medusa's labyrinth\medusa\binaries\win64\medusa-win64-shipping.exe
FirewallRules: [UDP Query User{C0A3D622-518A-4203-984F-A274A9D82874}C:\program files (x86)\steam\steamapps\common\medusa's labyrinth\medusa\binaries\win64\medusa-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\medusa's labyrinth\medusa\binaries\win64\medusa-win64-shipping.exe
FirewallRules: [{BDD3B5E1-B3D8-439C-8ADF-ABBAF7B99BE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spellweaver\Spellweaver.exe
FirewallRules: [{EA441FBF-26D4-48DD-9B43-3FFD2F02A686}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spellweaver\Spellweaver.exe
FirewallRules: [TCP Query User{43D1F923-BA8B-4124-964C-DF76AFDB4FF7}C:\users\ash\downloads\adobetool.exe] => (Allow) C:\users\ash\downloads\adobetool.exe
FirewallRules: [UDP Query User{51CD70BB-8FB2-45BF-8FBF-FA8EF715B3EF}C:\users\ash\downloads\adobetool.exe] => (Allow) C:\users\ash\downloads\adobetool.exe
FirewallRules: [{AFFC36EB-79A2-4746-9635-71F4A55DD65E}] => (Block) C:\users\ash\downloads\adobetool.exe
FirewallRules: [{3AE06748-F5C6-44FD-B72C-B2C38BCFED14}] => (Block) C:\users\ash\downloads\adobetool.exe
FirewallRules: [TCP Query User{5702FD81-3D43-4304-A5A8-FC5C82C962DE}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{ADC03C22-8114-45D3-80B8-252437C79BC3}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{C11A6E6F-F1B7-4BC4-BF75-C70B3B8CE889}] => (Block) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{27B61905-5E46-44F6-99BB-108BA0373928}] => (Block) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{3A85A0F6-8999-41D2-9E6F-504280DAA379}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
21-04-2016 16:08:41 Installed Microsoft Solution - 9b031690-b440-4d72-bc2f-38d46d281914
21-04-2016 19:34:22 JRT Pre-Junkware Removal
22-04-2016 11:09:34 zoek.exe restore point
22-04-2016 22:10:24 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/25/2016 10:28:01 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (04/23/2016 12:27:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARKHAD)
Description: Falha na ativação do aplicativo microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
 
Error: (04/23/2016 12:20:24 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (04/22/2016 11:15:35 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: O volume \\?\Volume{a7af91bc-6719-46bf-8a88-2f9335684849}\ não foi otimizado porque houve um erro: Parâmetro incorreto. (0x80070057)
 
Error: (04/22/2016 11:15:35 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: O volume WINRETOOLS não foi otimizado porque houve um erro: Parâmetro incorreto. (0x80070057)
 
Error: (04/22/2016 10:03:26 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: O volume \\?\Volume{a7af91bc-6719-46bf-8a88-2f9335684849}\ não foi otimizado porque houve um erro: Parâmetro incorreto. (0x80070057)
 
Error: (04/22/2016 10:03:25 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: O volume WINRETOOLS não foi otimizado porque houve um erro: Parâmetro incorreto. (0x80070057)
 
Error: (04/22/2016 06:00:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: O volume \\?\Volume{a7af91bc-6719-46bf-8a88-2f9335684849}\ não foi otimizado porque houve um erro: Parâmetro incorreto. (0x80070057)
 
Error: (04/22/2016 06:00:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: O volume WINRETOOLS não foi otimizado porque houve um erro: Parâmetro incorreto. (0x80070057)
 
Error: (04/22/2016 01:57:45 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = C:\WINDOWS\system32\wbem\wmiprvse.exe; Descrição = zoek.exe restore point; Erro = 0x8007043c).
 
 
System errors:
=============
Error: (04/23/2016 01:11:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
%%2
 
Error: (04/23/2016 02:50:30 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
 
Error: (04/23/2016 02:49:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
%%2
 
Error: (04/23/2016 12:41:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
%%2
 
Error: (04/23/2016 12:27:38 AM) (Source: DCOM) (EventID: 10010) (User: ARKHAD)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (04/23/2016 12:11:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
%%2
 
Error: (04/22/2016 10:43:00 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: AUTORIDADE NT)
Description: 0x8000002a42\SystemRoot\System32\Config\RegBack\SYSTEM
 
Error: (04/22/2016 10:32:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
%%2
 
Error: (04/22/2016 10:32:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
%%2
 
Error: (04/22/2016 10:32:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2016-04-23 19:26:09.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-23 19:26:08.115
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-23 19:25:20.890
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-23 19:25:19.840
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-23 17:52:02.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-23 17:52:01.581
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-23 17:08:15.384
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-23 17:08:14.657
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-23 17:07:48.611
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-23 17:07:47.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3227U CPU @ 1.90GHz
Percentage of memory in use: 86%
Total physical RAM: 3962.51 MB
Available physical RAM: 546.42 MB
Total Virtual: 8570.51 MB
Available Virtual: 4684.44 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:446.73 GB) (Free:75.03 GB) NTFS
Drive d: (DATA) (Fixed) (Total:7.98 GB) (Free:7.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 771B8820)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: BBF12B2D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

- ROGUEKILLER REPORT
 
RogueKiller V12.1.4.0 [Apr 25 2016] (Free) por Adlice Software
 
Sistema Operacional : Windows 8.1 (6.3.9600) 64 bits version
Iniciou : Modo normal
Usuário : Ash [Administrador]
Started from : C:\Users\Ash\Desktop\RogueKiller.exe
Modo : Escanear -- Data : 04/26/2016 00:06:28
 
¤¤¤ Processos : 0 ¤¤¤
 
¤¤¤ Registro : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1783320200-1595918824-3239432374-
 
1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/ 
 
 -> Encontrado
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1783320200-1595918824-3239432374-
 
1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/ 
 
 -> Encontrado
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1783320200-1595918824-3239432374-
 
1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : 
 
http://dell13.msn.com  -> Encontrado
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1783320200-1595918824-3239432374-
 
1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : 
 
http://dell13.msn.com  -> Encontrado
 
¤¤¤ Tarefas : 0 ¤¤¤
 
¤¤¤ Arquivos : 0 ¤¤¤
 
¤¤¤ Arquivos de hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Não carregado [0xc000036b]) ¤¤¤
 
¤¤¤ Navegadores : 3 ¤¤¤
[PUM.Proxy][FIREFX:Config] 2p0ibw79.default-1412463487085 : user_pref
 
("network.proxy.http", "188.168.82.131"); -> Encontrado
[PUM.Proxy][FIREFX:Config] 2p0ibw79.default-1412463487085 : user_pref
 
("network.proxy.http_port", 3128); -> Encontrado
[PUM.Proxy][FIREFX:Config] 2p0ibw79.default-1412463487085 : user_pref
 
("network.proxy.type", 4); -> Encontrado
 
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0:  ST500LT012-9WS1 +++++
--- User ---
[MBR] 07a8696a86e02f95392f509b9cd7d770
[BSP] f58a2fdc224a32643f3b49359b3ca02e : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 
 
MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 
 
MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 490 
 
MB
4 - Basic data partition | Offset (sectors): 2373632 | Size: 457447 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 939225088 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 940146688 | 
 
Size: 9682 MB
7 - Basic data partition | Offset (sectors): 959975424 | Size: 8197 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
+++++ PhysicalDrive1:  MZMPC032HBCD-00 +++++
--- User ---
[MBR] 30a5385d910995033f0edb4adf8dfadf
[BSP] 85a1d49a4359f6990ff537a2b7245dff : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2048 | Size: 32 MB
1 - Basic data partition | Offset (sectors): 67584 | Size: 8176 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!
 
 
===========================================================
 
 
MTB Log
MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Ash (administrator) on 26-04-2016 at 10:35:49
Running from "C:\Users\Ash\Desktop"
Microsoft Windows 8.1 Single Language  (X64)
Model: Inspiron 5423 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Configura��o de IP do Windows
 
Libera��o do Cache do DNS Resolver bem-sucedida.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.backup.ftp", "200.17.60.250"
"network.proxy.backup.ftp_port", 3128
"network.proxy.backup.socks", "200.17.60.250"
"network.proxy.backup.socks_port", 3128
"network.proxy.backup.ssl", "200.17.60.250"
"network.proxy.backup.ssl_port", 3128
"network.proxy.ftp", "188.168.82.131"
"network.proxy.ftp_port", 3128
"network.proxy.http", "188.168.82.131"
"network.proxy.http_port", 3128
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "188.168.82.131"
"network.proxy.socks_port", 3128
"network.proxy.ssl", "188.168.82.131"
"network.proxy.ssl_port", 3128
"network.proxy.type", 4
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1       localhost 
========================= IP Configuration: ================================
 
Dell Wireless 1703 802.11b|g|n (2.4GHz) = Wi-Fi (Connected)
TAP-Windows Adapter V9 = Conexão Local (Hardware not present)
Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)
 
 
# ----------------------------------
# Configura‡Æo de IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# Final da configura‡Æo IPv4
 
 
 
Configura‡Æo de IP do Windows
 
   Nome do host. . . . . . . . . . . . . . . . : Arkhad
   Sufixo DNS prim rio . . . . . . . . . . . . : 
   Tipo de n¢. . . . . . . . . . . . . . . . . : h¡brido
   Roteamento de IP ativado. . . . . . . . . . : nÆo
   Proxy WINS ativado. . . . . . . . . . . . . : nÆo
   Lista de pesquisa de sufixo DNS . . . . . . : domain.name
 
Adaptador de Rede sem Fio ConexÆo Local* 3:
 
   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . : 
   Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador Virtual Direto Wi-Fi da Microsoft
   Endere‡o F¡sico . . . . . . . . . . . . . . : 16-B7-E2-D5-FD-61
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura‡Æo Autom tica Habilitada. . . . . : Sim
 
Adaptador de Rede sem Fio ConexÆo Local* 4:
 
   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . : 
   Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador Virtual de Rede Hospedada da Microsoft
   Endere‡o F¡sico . . . . . . . . . . . . . . : 56-B7-E2-D5-FD-61
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura‡Æo Autom tica Habilitada. . . . . : Sim
 
Adaptador de Rede sem Fio Wi-Fi:
 
   Sufixo DNS espec¡fico de conexÆo. . . . . . : domain.name
   Descri‡Æo . . . . . . . . . . . . . . . . . : Dell Wireless 1703 802.11b|g|n (2.4GHz)
   Endere‡o F¡sico . . . . . . . . . . . . . . : F4-B7-E2-D5-FD-61
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura‡Æo Autom tica Habilitada. . . . . : Sim
   Endere‡o IPv6 . . . . . . . . . . : 2804:d59:2708:3200:f16b:c867:ef73:8bb5(Preferencial) 
   Endere‡o IPv6 . . . . . . . . . . : fd0b:d9d8:9e3d:0:f16b:c867:ef73:8bb5(Preferencial) 
   Endere‡o IPv6 Tempor rio. . . . . . . . : 2804:d59:2708:3200:399b:14b6:5b64:e389(Preferencial) 
   Endere‡o IPv6 Tempor rio. . . . . . . . : fd0b:d9d8:9e3d:0:bdc6:6634:9aaf:e4fc(Preterido) 
   Endere‡o IPv6 de link local . . . . . . . . : fe80::f16b:c867:ef73:8bb5%4(Preferencial) 
   Endere‡o IPv4. . . . . . . .  . . . . . . . : 192.168.1.5(Preferencial) 
   M scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
   ConcessÆo Obtida. . . . . . . . . . . . . . : segunda-feira, 25 de abril de 2016 22:17:43
   ConcessÆo Expira. . . . . . . . . . . . . . : ter‡a-feira, 26 de abril de 2016 11:17:43
   Gateway PadrÆo. . . . . . . . . . . . . . . : fe80::8229:94ff:fe2d:1a8b%4
                                                 192.168.1.1
   Servidor DHCP . . . . . . . . . . . . . . . : 192.168.1.1
   IAID de DHCPv6. . . . . . . . . . . . . . . : 267696098
   DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-19-01-3E-F7-F4-B7-E2-D5-FD-61
   Servidores DNS. . . . . . . . . . . . . . . : 8.8.8.8
                                                 8.8.4.4
   NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado
 
Adaptador Ethernet Ethernet:
 
   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . : ufmt.iL
   Descri‡Æo . . . . . . . . . . . . . . . . . : Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)
   Endere‡o F¡sico . . . . . . . . . . . . . . : 78-45-C4-C0-F7-A2
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura‡Æo Autom tica Habilitada. . . . . : Sim
 
Adaptador de t£nel isatap.domain.name:
 
   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . : domain.name
   Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP
   Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : Sim
Servidor:  google-public-dns-a.google.com
Address:  8.8.8.8
 
DNS request timed out.
    timeout was 2 seconds.
Nome:    google.com
Addresses:  2800:3f0:4001:802::200e
 216.58.202.14
 
 
Disparando google.com [216.58.202.46] com 32 bytes de dados:
Resposta de 216.58.202.46: bytes=32 tempo=73ms TTL=55
Resposta de 216.58.202.46: bytes=32 tempo=401ms TTL=55
 
Estat¡sticas do Ping para 216.58.202.46:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n£mero redondo de vezes em milissegundos:
    M¡nimo = 73ms, M ximo = 401ms, M‚dia = 237ms
Servidor:  google-public-dns-a.google.com
Address:  8.8.8.8
 
DNS request timed out.
    timeout was 2 seconds.
Nome:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Disparando yahoo.com [98.138.253.109] com 32 bytes de dados:
Resposta de 98.138.253.109: bytes=32 tempo=245ms TTL=47
Resposta de 98.138.253.109: bytes=32 tempo=742ms TTL=47
 
Estat¡sticas do Ping para 98.138.253.109:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n£mero redondo de vezes em milissegundos:
    M¡nimo = 245ms, M ximo = 742ms, M‚dia = 493ms
 
Disparando 127.0.0.1 com 32 bytes de dados:
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
 
Estat¡sticas do Ping para 127.0.0.1:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n£mero redondo de vezes em milissegundos:
    M¡nimo = 0ms, M ximo = 0ms, M‚dia = 0ms
===========================================================================
Lista de interfaces
  7...16 b7 e2 d5 fd 61 ......Adaptador Virtual Direto Wi-Fi da Microsoft
  6...56 b7 e2 d5 fd 61 ......Adaptador Virtual de Rede Hospedada da Microsoft
  4...f4 b7 e2 d5 fd 61 ......Dell Wireless 1703 802.11b|g|n (2.4GHz)
  3...78 45 c4 c0 f7 a2 ......Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP
===========================================================================
 
Tabela de rotas IPv4
===========================================================================
Rotas ativas:
Endere‡o de rede          M scara   Ender. gateway       Interface   Custo
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.5     25
        127.0.0.0        255.0.0.0      No v¡nculo         127.0.0.1    306
        127.0.0.1  255.255.255.255      No v¡nculo         127.0.0.1    306
  127.255.255.255  255.255.255.255      No v¡nculo         127.0.0.1    306
      192.168.1.0    255.255.255.0      No v¡nculo       192.168.1.5    281
      192.168.1.5  255.255.255.255      No v¡nculo       192.168.1.5    281
    192.168.1.255  255.255.255.255      No v¡nculo       192.168.1.5    281
        224.0.0.0        240.0.0.0      No v¡nculo         127.0.0.1    306
        224.0.0.0        240.0.0.0      No v¡nculo       192.168.1.5    281
  255.255.255.255  255.255.255.255      No v¡nculo         127.0.0.1    306
  255.255.255.255  255.255.255.255      No v¡nculo       192.168.1.5    281
===========================================================================
Rotas persistentes:
  Nenhuma
 
Tabela de rotas IPv6
===========================================================================
Rotas ativas:
 Se destino de rede de m‚trica      Gateway
  4    281 ::/0                     fe80::8229:94ff:fe2d:1a8b
  1    306 ::1/128                  No v¡nculo
  4    281 2804:d59:2708:3200::/64  No v¡nculo
  4    281 2804:d59:2708:3200:399b:14b6:5b64:e389/128
                                    No v¡nculo
  4    281 2804:d59:2708:3200:f16b:c867:ef73:8bb5/128
                                    No v¡nculo
  4    281 fd0b:d9d8:9e3d::/64      No v¡nculo
  4    281 fd0b:d9d8:9e3d:0:bdc6:6634:9aaf:e4fc/128
                                    No v¡nculo
  4    281 fd0b:d9d8:9e3d:0:f16b:c867:ef73:8bb5/128
                                    No v¡nculo
  4    281 fe80::/64                No v¡nculo
  4    281 fe80::f16b:c867:ef73:8bb5/128
                                    No v¡nculo
  1    306 ff00::/8                 No v¡nculo
  4    281 ff00::/8                 No v¡nculo
===========================================================================
Rotas persistentes:
  Nenhuma
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
**** End of log ****


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 AM

Posted 26 April 2016 - 07:41 PM

Greetings Andre.

Thank you for the information. Were you able to test Firefox in Safe Mode after following the instructions I posted earlier?

Are you aware of Bitcoin related entries on your computer?

You have very little free memory space which can degrade your system performance.

Percentage of memory in use: 86%


Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [AdobeBridge] => [X]
Toolbar: HKLM-x32 - No Name - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} -  No File
Toolbar: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF NetworkProxy: "ftp", "188.168.82.131"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "188.168.82.131"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "188.168.82.131"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "188.168.82.131"
FF NetworkProxy: "ssl_port", 3128
"network.proxy.type", 4
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ash\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: gastecnologia.com.br/sf/gas64 -> C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [No File]
FF HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
2013-04-18 02:14 - 2013-04-18 02:14 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-04-18 02:10 - 2013-04-18 02:11 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-04-18 02:11 - 2013-04-18 02:12 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-04-18 02:09 - 2013-04-18 02:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-04-18 02:12 - 2013-04-18 02:14 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {13306AC3-26C5-4EA8-B62F-1EE1F438E253} - \avastBCLS-1-5-21-1783320200-1595918824-3239432374-1001
Task: {BD738E14-7C37-4CC8-AA5C-FB47AAE94985} - \avast! BCU UpdateS-1-5-21-1783320200-1595918824-3239432374-1001
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434]
AlternateDataStreams: C:\ProgramData\Temp:4A1628E5 [124]
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [244]
AlternateDataStreams: C:\ProgramData\Temp:98C49AAF [348]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:4A1628E5 [124]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:56E2E879 [244]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:98C49AAF [348]
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Response to questions
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 ashtorres

ashtorres
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 27 April 2016 - 10:22 AM

Hello Gary, and thanks again for your help.
 
- Yes, with Firefox in safe mode, I could navigate and didn't have connection problems while using it.
 
- P2P (uTorrent): Yes, I've been thinking about not using it anymore and your comments just reinforced this decision
 
- Bitcoin related: Yes, I've made cpu mining some time ago, although it's not in use anymore. There are also some old wallets, that will be moved.
 
- After running FRST with the fixit.txt and the reboot, I received a message that OneDrive cannot sync anymore.
 
- Performance: Right now memory @ 73%
 
 
 
======= FRST LOG ===========
 
Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Ash (2016-04-27 11:05:56) Run:2
Running from C:\Users\Ash\Desktop
Loaded Profiles: Ash (Available Profiles: Ash)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Run: [AdobeBridge] => [X]
Toolbar: HKLM-x32 - No Name - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} -  No File
Toolbar: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF NetworkProxy: "ftp", "188.168.82.131"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "188.168.82.131"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "188.168.82.131"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "188.168.82.131"
FF NetworkProxy: "ssl_port", 3128
"network.proxy.type", 4
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ash\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-1783320200-1595918824-3239432374-1001: gastecnologia.com.br/sf/gas64 -> C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [No File]
FF HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
2013-04-18 02:14 - 2013-04-18 02:14 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-04-18 02:10 - 2013-04-18 02:11 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-04-18 02:11 - 2013-04-18 02:12 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-04-18 02:09 - 2013-04-18 02:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-04-18 02:12 - 2013-04-18 02:14 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ash\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {13306AC3-26C5-4EA8-B62F-1EE1F438E253} - \avastBCLS-1-5-21-1783320200-1595918824-3239432374-1001
Task: {BD738E14-7C37-4CC8-AA5C-FB47AAE94985} - \avast! BCU UpdateS-1-5-21-1783320200-1595918824-3239432374-1001
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434]
AlternateDataStreams: C:\ProgramData\Temp:4A1628E5 [124]
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [244]
AlternateDataStreams: C:\ProgramData\Temp:98C49AAF [348]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:4A1628E5 [124]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:56E2E879 [244]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:98C49AAF [348]
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1DBAB667-A486-421e-AFE4-CF07DD0088E5} => value not found.
HKCR\Wow6432Node\CLSID\{1DBAB667-A486-421e-AFE4-CF07DD0088E5} => key not found. 
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value not found.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
FF NetworkProxy: "ftp", "188.168.82.131" => not found
FF NetworkProxy: "ftp_port", 3128 => not found
FF NetworkProxy: "http", "188.168.82.131" => not found
FF NetworkProxy: "http_port", 3128 => not found
FF NetworkProxy: "share_proxy_settings", true => not found
FF NetworkProxy: "socks", "188.168.82.131" => not found
FF NetworkProxy: "socks_port", 3128 => not found
FF NetworkProxy: "ssl", "188.168.82.131" => not found
FF NetworkProxy: "ssl_port", 3128 => not found
"network.proxy.type", 4 => Error: No automatic fix found for this entry.
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => key not found. 
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => key not found. 
C:\Users\Ash\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\Software\MozillaPlugins\gastecnologia.com.br/sf/gas64 => key not found. 
C:\Users\Ash\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll => not found.
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001\Software\Mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} => value not found.
Mobizen plugin => service not found.
BTATH_LWFLT => service not found.
gbpddfac => service not found.
gbpddreg => service not found.
VBoxNetFlt => service not found.
"C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log" => not found.
"C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log" => not found.
"C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log" => not found.
"C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log" => not found.
"C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log" => not found.
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key not found. 
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key not found. 
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found. 
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found. 
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found. 
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key not found. 
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key not found. 
HKU\S-1-5-21-1783320200-1595918824-3239432374-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13306AC3-26C5-4EA8-B62F-1EE1F438E253}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13306AC3-26C5-4EA8-B62F-1EE1F438E253}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD738E14-7C37-4CC8-AA5C-FB47AAE94985}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD738E14-7C37-4CC8-AA5C-FB47AAE94985}" => key removed successfully
C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removed successfully.
C:\ProgramData\Temp => ":4A1628E5" ADS removed successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\ProgramData\Temp => ":98C49AAF" ADS removed successfully.
C:\Users\Public\DRM => ":احتضان" ADS removed successfully.
"C:\Users\Todos os Usuários\Temp" => ":4A1628E5" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":56E2E879" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":98C49AAF" ADS not found.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:06:59 ====


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 AM

Posted 27 April 2016 - 10:52 AM

Thanks for the information.

Please do this.

Locate and attach the C:\FRST\Quarantine folder in your reply.

Test Firefox after launching it normally and let me know how it behaves.

Did you run the Fixlist twice?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 ashtorres

ashtorres
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 27 April 2016 - 11:35 AM

Hello Gary,

 

I'm now using Firefox in normal mode and am able to navigate :)

 

 

Did you run the Fixlist twice?

 

Yes. The first time it crashed then I ran it a second time, with success. When opening this page for replying, it took a little bit to load (the part with the long log)

 

I'm having trouble to upload files individually, I receive the message Upload Skipped (No file was selected for upload) even with the files already selected. I attached a .zip instead. Original files are in c:\FRST\Quarantine\C\ProgramData

 

Best regards

 

 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 AM

Posted 27 April 2016 - 12:07 PM

Hi Andre,

That makes sense, it looked like the fix got interrupted somehow.

Please upload the following file here.

C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\2p0ibw79.default-1412463487085\prefs.js
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 ashtorres

ashtorres
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 27 April 2016 - 12:18 PM

Hi Gary,

 

I've uploaded the file.

 

Thanks again



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 AM

Posted 27 April 2016 - 12:22 PM

Got it, thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 AM

Posted 27 April 2016 - 12:46 PM

Let's do this first.

===================================================

Modifying Firefox Configuration Settings

--------------------
  • Launch Firefox
  • In the address bar type about:config and hit Enter
  • Click I'll be careful, I promise!
  • Scroll down to network.proxy.share_proxy_settings
  • Right click on the entry, then select Toggle, then confirm the setting changes from false to true
  • Scroll down to network.proxy.type
  • Right click on the entry, select Modify, set the number to 4, then click OK
  • Close Firefox
  • Reboot your computer and check for the OneDrive error
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 ashtorres

ashtorres
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 27 April 2016 - 01:39 PM

Hello Gary

 

Done. Still cannot connect to OneDrive



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:32 AM

Posted 27 April 2016 - 03:33 PM

OK,

Run the OneDrive Troubleshooter.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 ashtorres

ashtorres
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 AM

Posted 27 April 2016 - 03:46 PM

OneDrive is back to work, sync working again :)
Re-synchronizing all files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users