Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zodiac-game.info pop up that won't go away


  • This topic is locked This topic is locked
19 replies to this topic

#1 ruipandrade

ruipandrade

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 23 August 2016 - 01:24 PM

Hello everyone,

Been struggling all day with this annoying pop up that opens chrome as sd-steam.info and then redirects to zodiac-game.info. It appears only and at every pc reboot. Tried running everything from malwarebytes to adwcleaner and even reseting my chrome settings and account. Tried following some of the guides already posted here to no sucess thus far.

Any help would be deeply appreciated.

Kind regards,

Rui

 

FRST Data

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by RuiPaulino (administrator) on PC-RUI (23-08-2016 19:15:32)
Running from C:\Users\RuiPaulino\Desktop
Loaded Profiles: RuiPaulino (Available Profiles: RuiPaulino)
Platform: Windows 10 Home Version 1607 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\RuiPaulino\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Users\RuiPaulino\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.0_none_36d3ccc3ddfd1ecb\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174352 2015-11-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-08-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2162864 2016-08-10] (Hola Networks Ltd.) <===== ATTENTION
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2016-08-23] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23892200 2016-08-16] (Dropbox, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [kbdsprt] => [X]
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2857248 2016-08-16] (Valve Corporation)
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\Run: [Akamai NetSession Interface] => C:\Users\RuiPaulino\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\Run: [RuiPaulino] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\RunOnce: [Uninstall C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-08-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-08-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-08-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-23] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-08-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-08-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-08-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-16] (Dropbox, Inc.)
Startup: C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recortes de Ecrã e Iniciador do OneNote 2010.lnk [2015-12-03]
ShortcutTarget: Recortes de Ecrã e Iniciador do OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{153d6ce7-e3c0-4b00-9a77-7931e2522d82}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c9ee2a7a-41c3-4eb2-be41-63257aca1a30}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{c9ee2a7a-41c3-4eb2-be41-63257aca1a30}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-4061365162-1835910497-3583636770-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\RuiPaulino\AppData\Roaming\Mozilla\Firefox\Profiles\2qv5mkfi.default-1401460547172
FF NetworkProxy: "proxy_over_tls", false
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-ptpt.xml [2015-07-08]
FF Extension: Adblock Plus - C:\Users\RuiPaulino\AppData\Roaming\Mozilla\Firefox\Profiles\2qv5mkfi.default-1401460547172\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-08-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-23]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
 
Chrome: 
=======
CHR HomePage: Profile 2 -> hxxp://www.google.pt/
CHR StartupUrls: Profile 2 -> "hxxp://www.google.com/"
CHR Profile: C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-11]
CHR Extension: (AdBlock) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-29]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-02-12]
CHR Extension: (Ghostery) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-21]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR Profile: C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Apresentações Google) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-23]
CHR Extension: (Google Docs) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-23]
CHR Extension: (Google Drive) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-23]
CHR Extension: (YouTube) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-23]
CHR Extension: (Google Folhas de Cálculo) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-23]
CHR Extension: (Documentos do Google offline) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-23]
CHR Extension: (AdBlock) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-23]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-08-23]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-23]
CHR Extension: (Gmail) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-23] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-08-03] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [5618864 2016-08-10] (Hola Networks Ltd.) <==== ATTENTION
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5618864 2016-08-10] (Hola Networks Ltd.) <==== ATTENTION
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-09] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-23] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-23] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [97680 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_dac0245a363caab4\nvlddmkm.sys [14199352 2016-08-16] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [109432 2015-09-28] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-23 19:15 - 2016-08-23 19:16 - 00030065 _____ C:\Users\RuiPaulino\Desktop\FRST.txt
2016-08-23 19:15 - 2016-08-23 19:15 - 02396672 _____ (Farbar) C:\Users\RuiPaulino\Desktop\FRST64.exe
2016-08-23 18:53 - 2016-08-23 18:53 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk
2016-08-23 18:53 - 2016-08-23 18:53 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Hola
2016-08-23 18:53 - 2016-08-23 18:53 - 00000000 ____D C:\Program Files\Hola
2016-08-23 17:54 - 2016-08-23 17:54 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-08-23 17:54 - 2016-08-23 17:54 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-23 13:55 - 2016-08-23 17:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-23 13:29 - 2016-08-23 13:29 - 00000000 ____D C:\Program Files (x86)\ESET
2016-08-23 12:39 - 2016-08-23 12:39 - 00204765 _____ C:\Users\RuiPaulino\Documents\marcadores_23_08_16.html
2016-08-23 12:10 - 2016-08-23 12:10 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2016-08-23 12:08 - 2016-08-23 13:13 - 00000000 ____D C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-08-23 11:47 - 2016-08-23 19:15 - 00000000 ____D C:\FRST
2016-08-23 10:59 - 2016-08-23 10:59 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-23 10:55 - 2016-08-23 11:40 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\ConnectedDevicesPlatform
2016-08-23 10:55 - 2016-08-23 10:55 - 00000020 ___SH C:\Users\RuiPaulino\ntuser.ini
2016-08-23 05:11 - 2016-08-23 05:07 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-23 05:09 - 2016-08-23 05:09 - 00000000 ____D C:\ProgramData\USOShared
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Os Meus Documentos
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Modelos
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Menu Iniciar
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Documents\Os Meus Vídeos
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Documents\As Minhas Imagens
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Documents\A Minha Música
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Definições Locais
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\AppData\Local\Histórico
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default User\Documents\Os Meus Vídeos
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default User\Documents\As Minhas Imagens
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default User\Documents\A Minha Música
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Histórico
2016-08-23 05:06 - 2016-08-23 11:27 - 00000000 ____D C:\Windows.old
2016-08-23 05:06 - 2016-08-23 05:06 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-23 05:06 - 2016-08-23 05:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-23 05:06 - 2016-08-23 05:06 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-23 05:06 - 2016-08-23 05:06 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-23 05:06 - 2016-08-23 05:06 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-23 05:06 - 2016-08-23 05:06 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-23 05:04 - 2016-08-23 05:06 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-23 05:04 - 2016-08-23 05:06 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-23 05:04 - 2016-08-23 05:04 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-23 05:00 - 2016-08-23 05:00 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-08-23 05:00 - 2016-08-23 05:00 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-23 05:00 - 2016-08-23 05:00 - 00000000 ____D C:\Program Files\MSBuild
2016-08-23 05:00 - 2016-08-23 05:00 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-23 05:00 - 2016-08-23 04:43 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-23 05:00 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-23 05:00 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-23 05:00 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-23 04:59 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-23 04:59 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-23 04:59 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-23 04:55 - 2016-08-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-08-23 04:55 - 2016-08-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-08-23 04:55 - 2016-08-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2016-08-23 04:54 - 2016-08-23 18:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-23 04:54 - 2016-08-23 18:24 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1462658556
2016-08-23 04:54 - 2016-08-23 17:55 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-23 04:54 - 2016-08-23 04:55 - 00003542 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-23 04:54 - 2016-08-23 04:55 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-08-23 04:54 - 2016-08-23 04:55 - 00003444 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-08-23 04:54 - 2016-08-23 04:55 - 00003318 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{061E5B89-19D4-40E5-8527-293E7EF50F40}
2016-08-23 04:54 - 2016-08-23 04:55 - 00003318 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-23 04:54 - 2016-08-23 04:55 - 00003220 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-08-23 04:54 - 2016-08-23 04:55 - 00002880 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4061365162-1835910497-3583636770-1002
2016-08-23 04:54 - 2016-08-23 04:55 - 00002862 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2016-08-23 04:54 - 2016-08-23 04:55 - 00002738 _____ C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64)
2016-08-23 04:54 - 2016-08-23 04:55 - 00002658 _____ C:\WINDOWS\System32\Tasks\Update Checker
2016-08-23 04:54 - 2016-08-23 04:55 - 00002440 _____ C:\WINDOWS\System32\Tasks\avast! Windows 10 Start Menu helper
2016-08-23 04:54 - 2016-08-23 04:55 - 00002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2016-08-23 04:54 - 2016-08-23 04:55 - 00002304 _____ C:\WINDOWS\System32\Tasks\{3D8F7001-E8E7-415A-AB91-7F6C8EBAAF3E}
2016-08-23 04:54 - 2016-08-23 04:55 - 00002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2016-08-23 04:54 - 2016-08-23 04:55 - 00002272 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2016-08-23 04:54 - 2016-08-23 04:55 - 00002250 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2016-08-23 04:54 - 2016-08-23 04:55 - 00002188 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2016-08-23 04:54 - 2016-08-23 04:55 - 00002164 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-08-23 04:54 - 2016-08-23 04:54 - 00002620 _____ C:\WINDOWS\System32\Tasks\RuiPaulino
2016-08-23 04:54 - 2016-08-23 04:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2016-08-23 04:54 - 2016-08-23 04:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-08-23 04:39 - 2016-08-23 04:39 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-23 04:39 - 2016-08-23 04:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-08-23 04:39 - 2016-08-23 04:39 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-08-23 04:39 - 2016-08-23 04:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-08-23 04:39 - 2016-08-23 04:39 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-08-23 04:27 - 2016-08-23 04:43 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-23 04:23 - 2016-08-23 18:37 - 00000000 ____D C:\Users\RuiPaulino
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Os Meus Documentos
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Modelos
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Menu Iniciar
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Documents\Os Meus Vídeos
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Documents\As Minhas Imagens
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Documents\A Minha Música
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Definições Locais
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\AppData\Local\Histórico
2016-08-23 04:17 - 2016-08-23 04:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevGen_01009.Wdf
2016-08-23 04:17 - 2016-08-23 04:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevFan_01009.Wdf
2016-08-23 04:17 - 2016-08-23 04:17 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-08-23 04:17 - 2016-08-23 04:17 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-08-23 04:16 - 2016-08-23 04:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-23 04:16 - 2016-08-23 04:29 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-23 04:16 - 2016-08-23 04:29 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-08-23 04:16 - 2016-08-23 04:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-23 04:16 - 2016-08-23 04:16 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-23 04:16 - 2016-08-23 04:16 - 00000000 ____D C:\Program Files\Realtek
2016-08-23 04:16 - 2016-08-11 13:27 - 06386048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 02468288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 01365048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-23 04:16 - 2016-08-11 13:27 - 00548920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-23 04:16 - 2016-08-09 17:06 - 07255045 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-08-23 04:15 - 2016-08-23 04:28 - 00000000 ____D C:\Program Files\Intel
2016-08-23 04:15 - 2016-08-23 04:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfManager_01009.Wdf
2016-08-23 04:15 - 2016-08-23 04:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevProc_01009.Wdf
2016-08-23 04:15 - 2016-08-23 04:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevDram_01009.Wdf
2016-08-23 04:15 - 2016-08-23 04:15 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-08-23 04:15 - 2016-07-16 12:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-23 04:15 - 2015-10-09 09:22 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-08-23 04:15 - 2015-10-09 09:22 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-08-23 04:12 - 2016-08-23 11:52 - 04966624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-23 04:12 - 2016-08-23 10:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-23 04:12 - 2016-08-23 04:12 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-19 19:06 - 2016-08-23 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-19 13:45 - 2016-08-19 13:45 - 00112745 _____ C:\Users\RuiPaulino\Desktop\Gmail - ANDRADE_RUIMR 30JUL OPO FNC.pdf
2016-08-19 11:28 - 2016-08-19 11:28 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-19 11:28 - 2016-05-04 03:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-08-19 11:28 - 2016-05-04 03:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-08-19 11:28 - 2016-05-04 03:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-08-19 11:28 - 2016-05-04 03:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-08-19 11:26 - 2016-08-19 11:26 - 00000000 ____D C:\temp
2016-08-19 11:22 - 2016-08-16 16:44 - 00047040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-08-19 11:22 - 2016-08-11 15:33 - 34837952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 28236856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 10728856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 10530960 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 09086344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 08644456 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437254.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437254.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 01023544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00961080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00945088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00897592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00803096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00694952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00644648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00584712 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00442816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00413256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00393664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00345936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00040827 _____ C:\WINDOWS\system32\nvinfo.pb
2016-08-19 11:21 - 2016-08-11 15:33 - 40070200 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 35182648 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 10273096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 08681720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 03901520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 03443152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 02914752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 02553912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-08-19 11:21 - 2016-08-11 15:33 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-08-14 12:57 - 2016-08-14 12:57 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\HD Tune Pro
2016-08-13 12:22 - 2016-08-23 11:24 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Wise Disk Cleaner
2016-08-13 12:22 - 2016-08-13 12:26 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Wise Euask
2016-08-13 12:18 - 2016-08-23 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-08-13 12:18 - 2016-08-13 12:18 - 00000000 ____D C:\Program Files\Defraggler
2016-08-13 12:11 - 2016-08-13 12:11 - 00000000 ____D C:\ProgramData\NovaTech Network
2016-08-13 12:08 - 2016-08-23 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
2016-08-13 12:08 - 2016-08-23 04:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskTrix
2016-08-13 12:08 - 2016-08-13 12:08 - 00000000 ____D C:\Program Files (x86)\Wise
2016-08-13 12:08 - 2016-08-13 12:08 - 00000000 ____D C:\Program Files (x86)\DiskTrix
2016-08-13 11:54 - 2016-07-11 03:34 - 01939000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436881.dll
2016-08-13 11:54 - 2016-07-11 03:34 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436881.dll
2016-08-13 11:24 - 2016-08-13 11:24 - 00000000 ____D C:\NVIDIA
2016-08-13 10:39 - 2016-04-14 06:38 - 00113216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-08-13 10:39 - 2016-04-14 06:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-08-13 10:39 - 2016-04-14 06:38 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-08-12 17:11 - 2016-08-12 17:15 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\Introversion
2016-08-05 18:42 - 2016-08-23 04:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2016-08-04 12:26 - 2016-08-23 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-04 12:26 - 2016-08-04 12:26 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-04 12:23 - 2016-08-04 12:23 - 00000000 ____D C:\Program Files\iPod
2016-07-30 23:35 - 2016-08-23 19:00 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-07-30 12:49 - 2016-07-30 12:49 - 00963877 _____ C:\Users\RuiPaulino\Downloads\hora_rios_vera_o_2016_online.pdf
2016-07-29 18:29 - 2016-07-29 18:29 - 00065640 _____ C:\WINDOWS\system32\ASGCoInstaller_x64.dll
2016-07-27 14:11 - 2016-07-28 12:09 - 00014566 ____H C:\Users\RuiPaulino\Desktop\~WRL0004.tmp
2016-07-27 14:11 - 2016-07-27 14:13 - 00013169 ____H C:\Users\RuiPaulino\Desktop\~WRL1637.tmp
2016-07-27 12:22 - 2016-07-27 12:22 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\Bethesda.net Launcher
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-23 19:16 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-23 19:02 - 2014-10-23 18:19 - 00000081 _____ C:\Users\RuiPaulino\AppData\Roaming\sp_data.sys
2016-08-23 19:00 - 2013-09-19 21:29 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-23 18:59 - 2015-07-30 15:19 - 00000000 __SHD C:\Users\RuiPaulino\IntelGraphicsProfiles
2016-08-23 18:57 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-08-23 18:38 - 2016-02-14 13:41 - 00000000 ____D C:\Users\RuiPaulino\AppData\LocalLow\Temp
2016-08-23 18:24 - 2016-05-07 23:02 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-23 18:21 - 2013-09-20 18:26 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\vlc
2016-08-23 17:54 - 2014-05-07 19:57 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-23 17:54 - 2014-01-21 12:31 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-08-23 17:54 - 2013-10-18 14:47 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-08-23 17:54 - 2013-10-18 14:47 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-08-23 17:54 - 2013-10-18 14:47 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-08-23 17:54 - 2013-10-18 14:47 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-08-23 17:54 - 2013-10-18 14:47 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-08-23 17:53 - 2016-05-07 18:48 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-08-23 17:53 - 2013-10-18 14:47 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-08-23 17:52 - 2016-07-17 00:08 - 00419354 _____ C:\WINDOWS\system32\prfh0816.dat
2016-08-23 17:52 - 2016-07-17 00:08 - 00077628 _____ C:\WINDOWS\system32\prfc0816.dat
2016-08-23 17:52 - 2015-07-30 15:07 - 01420980 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-23 17:51 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-08-23 17:35 - 2014-05-31 12:10 - 00000000 ____D C:\AdwCleaner
2016-08-23 13:18 - 2013-10-03 23:15 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\uTorrent
2016-08-23 12:39 - 2014-06-13 12:32 - 00000000 ____D C:\Users\RuiPaulino\Desktop\Jogos
2016-08-23 12:18 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-23 12:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-23 12:15 - 2013-09-19 11:24 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\Packages
2016-08-23 11:53 - 2016-03-09 22:28 - 00000282 __RSH C:\ProgramData\ntuser.pol
2016-08-23 11:03 - 2015-07-30 15:25 - 00002384 _____ C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-23 11:03 - 2015-07-30 15:19 - 00000000 ___RD C:\Users\RuiPaulino\OneDrive
2016-08-23 11:01 - 2014-08-14 23:03 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-08-23 10:55 - 2015-07-30 15:19 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-08-23 10:55 - 2013-09-19 18:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-23 05:11 - 2016-07-16 12:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-23 05:09 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-23 05:08 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-23 05:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-23 05:07 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Windows NT
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-23 05:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-23 05:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-23 05:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-23 05:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-08-23 05:00 - 2016-07-16 12:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-08-23 05:00 - 2016-07-16 12:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-08-23 05:00 - 2016-07-16 12:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-08-23 05:00 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-08-23 04:55 - 2013-10-18 03:02 - 00023220 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-23 04:53 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-23 04:43 - 2016-06-23 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-23 04:43 - 2016-03-13 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-08-23 04:43 - 2016-02-07 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader
2016-08-23 04:43 - 2016-01-13 19:42 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoulseekQt
2016-08-23 04:43 - 2015-12-06 02:46 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-08-23 04:43 - 2015-12-01 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-23 04:43 - 2015-10-30 20:14 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-23 04:43 - 2015-10-14 09:29 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2016-08-23 04:43 - 2015-09-16 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-23 04:43 - 2015-08-27 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-08-23 04:43 - 2015-04-21 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
2016-08-23 04:43 - 2015-01-03 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2016-08-23 04:43 - 2014-09-23 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL
2016-08-23 04:43 - 2014-08-09 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-08-23 04:43 - 2014-07-24 16:36 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-23 04:43 - 2014-04-19 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar
2016-08-23 04:43 - 2013-12-23 12:16 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-08-23 04:43 - 2013-12-08 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-08-23 04:43 - 2013-12-08 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2016-08-23 04:43 - 2013-10-02 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-08-23 04:43 - 2013-10-02 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-08-23 04:43 - 2013-09-19 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-23 04:43 - 2013-09-19 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-23 04:43 - 2013-04-23 17:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-23 04:43 - 2013-04-23 17:13 - 00000000 ____D C:\WINDOWS\ru
2016-08-23 04:43 - 2013-04-23 17:13 - 00000000 ____D C:\WINDOWS\he
2016-08-23 04:43 - 2013-04-23 17:13 - 00000000 ____D C:\WINDOWS\es
2016-08-23 04:43 - 2013-04-23 17:13 - 00000000 ____D C:\WINDOWS\el
2016-08-23 04:43 - 2013-04-23 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-08-23 04:43 - 2012-07-26 10:43 - 00000000 ____D C:\WINDOWS\en-GB
2016-08-23 04:39 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-23 04:39 - 2015-10-30 07:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-08-23 04:32 - 2014-01-26 22:58 - 00000000 ____D C:\WINDOWS\SysWOW64\xlive
2016-08-23 04:32 - 2013-09-20 00:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-23 04:32 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-08-23 04:32 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-08-23 04:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-23 04:29 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-08-23 04:29 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\IME
2016-08-23 04:29 - 2016-03-14 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
2016-08-23 04:29 - 2016-03-14 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2016-08-23 04:29 - 2016-03-09 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helm
2016-08-23 04:29 - 2015-12-03 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-23 04:29 - 2015-08-31 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-08-23 04:29 - 2015-06-29 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2016-08-23 04:29 - 2015-02-03 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games
2016-08-23 04:29 - 2014-08-20 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware
2016-08-23 04:29 - 2014-08-20 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxengo
2016-08-23 04:29 - 2014-06-19 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bojo Software
2016-08-23 04:29 - 2013-09-21 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Line 6
2016-08-23 04:29 - 2013-07-22 13:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD
2016-08-23 04:29 - 2013-07-22 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-23 04:28 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-23 04:28 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-23 04:27 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-23 04:26 - 2013-09-20 09:53 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-23 04:25 - 2014-06-19 18:34 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bojo Software
2016-08-23 04:25 - 2013-12-15 03:03 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Damage
2016-08-23 04:21 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-23 04:18 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-23 04:18 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-23 04:18 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-23 04:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-23 03:30 - 2014-05-24 14:29 - 00001030 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-22 23:14 - 2013-09-19 21:30 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\Last.fm
2016-08-22 23:04 - 2015-08-02 11:59 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-22 12:04 - 2015-08-02 11:59 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-21 23:30 - 2014-05-24 14:29 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-20 19:45 - 2016-02-01 23:36 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\CrashDumps
2016-08-19 19:06 - 2015-08-02 11:59 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-15 11:04 - 2015-12-30 12:12 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\PackageStaging
2016-08-14 13:31 - 2015-12-01 12:49 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-13 10:40 - 2013-12-08 21:37 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\NVIDIA
2016-08-11 12:47 - 2013-10-18 14:47 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.147091602890605
2016-08-11 12:46 - 2013-10-18 14:47 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.147091602778104
2016-08-10 11:27 - 2013-09-20 00:02 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 20:41 - 2014-05-24 14:29 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 20:41 - 2014-05-24 14:29 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 19:16 - 2013-09-28 11:00 - 00000000 ____D C:\Users\RuiPaulino\Documents\My Games
2016-08-07 13:19 - 2016-02-07 00:05 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\FiraxisLive
2016-08-07 13:19 - 2014-01-25 22:38 - 00000000 ____D C:\ProgramData\Steam
2016-08-04 23:40 - 2015-07-08 17:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-04 12:26 - 2015-03-08 22:33 - 00000000 ____D C:\Program Files\iTunes
2016-08-04 12:23 - 2013-09-19 20:05 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-04 12:23 - 2013-09-19 11:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-02 18:16 - 2013-09-19 21:23 - 00001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-07-30 13:09 - 2015-12-01 12:02 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-07-30 13:09 - 2013-07-22 13:39 - 00000000 ____D C:\Program Files\DIFX
2016-07-30 13:08 - 2015-12-01 12:02 - 00000000 ____D C:\ProgramData\SetupTPDriver
2016-07-27 13:24 - 2013-09-21 08:17 - 00017320 _____ C:\Users\RuiPaulino\Documents\Lista de artistas.xlsx
 
==================== Files in the root of some directories =======
 
2014-08-25 19:19 - 2014-12-02 21:58 - 0000132 _____ () C:\Users\RuiPaulino\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-10 17:41 - 2016-04-10 17:52 - 0002655 _____ () C:\Users\RuiPaulino\AppData\Roaming\droid4xinstaller.log
2014-10-23 18:21 - 2014-10-23 18:21 - 0000021 _____ () C:\Users\RuiPaulino\AppData\Roaming\my_intel.sys
2015-01-14 14:34 - 2015-03-15 14:32 - 0000132 _____ () C:\Users\RuiPaulino\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2014-10-23 18:19 - 2016-08-23 19:02 - 0000081 _____ () C:\Users\RuiPaulino\AppData\Roaming\sp_data.sys
2014-07-24 16:43 - 2014-07-24 16:43 - 174606558 _____ () C:\Users\RuiPaulino\AppData\Local\ACCCx2_7_1_418.zip.aamdownload
2014-07-24 16:43 - 2014-07-24 16:43 - 0002111 _____ () C:\Users\RuiPaulino\AppData\Local\ACCCx2_7_1_418.zip.aamdownload.aamd
2015-01-11 21:10 - 2015-01-11 21:48 - 0001456 _____ () C:\Users\RuiPaulino\AppData\Local\Adobe Salvar para Web 13.0 Prefs
2015-01-11 19:13 - 2015-01-11 22:16 - 0007168 _____ () C:\Users\RuiPaulino\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-09 20:36 - 2015-09-09 20:36 - 0000792 _____ () C:\Users\RuiPaulino\AppData\Local\recently-used.xbel
2014-08-05 19:47 - 2015-07-01 19:45 - 0007598 _____ () C:\Users\RuiPaulino\AppData\Local\Resmon.ResmonCfg
2015-09-16 09:30 - 2015-09-16 09:30 - 0000000 _____ () C:\Users\RuiPaulino\AppData\Local\{8E80F05B-DE0F-4EDC-8A4A-4502101B4A14}
2015-08-31 13:24 - 2015-08-31 13:24 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-08-23 04:17 - 2016-08-23 04:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-24 23:41 - 2014-02-10 02:51 - 0009685 _____ () C:\ProgramData\hpzinstall.log
2013-04-23 17:10 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-23 17:10 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-23 17:10 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\Program Files\Hola\app\hola.exe
 
 
Some files in TEMP:
====================
C:\Users\RuiPaulino\AppData\Local\Temp\Hola-Setup-x64-1.15.577.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-23 04:12
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 24 August 2016 - 04:03 PM

Hi ruipandrade :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Malwarebytes updated their database today to detect and delete that threat. Please update your database, and run a new scan to see if it'll be detected this time, and post the log here.

0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 ruipandrade

ruipandrade
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 24 August 2016 - 04:14 PM

I actually ran a scan with malwarebytes like an hour ago but I don't have the scan results anymore. It did find one threat. I disabled the startup entry attributed to sd-steam.info using ccleaner and now it vanished from the list at all. Not sure if that was the one threat that malwarebytes removed a while ago. The pop-up did not appear at startup after this.


Edited by ruipandrade, 24 August 2016 - 04:15 PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 24 August 2016 - 04:16 PM

Check in your latest scan logs if you can find the one where it detected the threat, and copy/paste it here.

Since you already ran Malwarebytes, I would like to see your previous Scan log. Open Malwarebytes and go under the History tab. From there, click on Application logs in the left pane.
ySPxAut.png
Click on the most recent (usually at the top) Scan log to open it. From there, click on the Export button and select the first option, Copy to Clipboard
gK0lXt3.png
Paste the content of your clipboard in your next reply.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 ruipandrade

ruipandrade
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 24 August 2016 - 04:27 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 24/08/2016
Scan Time: 20:20
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.08.24.11
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: RuiPaulino
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359183
Time Elapsed: 29 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUP.Optional.StartPage.USACVAR, HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|RuiPaulino, explorer.exe http://sd-steam.info, Quarantined, [40ab4509a2f85ed81beb518570946e92]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 24 August 2016 - 04:31 PM

Alright so it detected it but it might have not detected the task. Let's get new FRST logs.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 ruipandrade

ruipandrade
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 24 August 2016 - 04:41 PM

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by RuiPaulino (administrator) on PC-RUI (24-08-2016 22:35:27)
Running from C:\Users\RuiPaulino\Desktop
Loaded Profiles: RuiPaulino (Available Profiles: RuiPaulino)
Platform: Windows 10 Home Version 1607 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\RuiPaulino\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Users\RuiPaulino\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174352 2015-11-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-08-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2016-08-23] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-24] (Dropbox, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [kbdsprt] => [X]
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\Run: [Akamai NetSession Interface] => C:\Users\RuiPaulino\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\RunOnce: [Uninstall C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-08-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-08-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-08-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-23] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-08-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-08-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-08-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.)
Startup: C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recortes de Ecrã e Iniciador do OneNote 2010.lnk [2015-12-03]
ShortcutTarget: Recortes de Ecrã e Iniciador do OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{153d6ce7-e3c0-4b00-9a77-7931e2522d82}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c9ee2a7a-41c3-4eb2-be41-63257aca1a30}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{c9ee2a7a-41c3-4eb2-be41-63257aca1a30}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-4061365162-1835910497-3583636770-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\RuiPaulino\AppData\Roaming\Mozilla\Firefox\Profiles\2qv5mkfi.default-1401460547172
FF NetworkProxy: "proxy_over_tls", false
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-ptpt.xml [2015-07-08]
FF Extension: Adblock Plus - C:\Users\RuiPaulino\AppData\Roaming\Mozilla\Firefox\Profiles\2qv5mkfi.default-1401460547172\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-08-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-23]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
 
Chrome: 
=======
CHR HomePage: Profile 2 -> hxxp://www.google.pt/
CHR StartupUrls: Profile 2 -> "hxxp://www.google.com/"
CHR Profile: C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-11]
CHR Extension: (AdBlock) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-29]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-02-12]
CHR Extension: (Ghostery) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-21]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR Profile: C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Apresentações Google) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-23]
CHR Extension: (Google Docs) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-23]
CHR Extension: (Google Drive) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-23]
CHR Extension: (YouTube) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-23]
CHR Extension: (Google Folhas de Cálculo) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-23]
CHR Extension: (Documentos do Google offline) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-23]
CHR Extension: (AdBlock) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-08-23]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-23]
CHR Extension: (Gmail) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-23] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-08-03] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-09] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-23] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-23] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [97680 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_dac0245a363caab4\nvlddmkm.sys [14199352 2016-08-16] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-08-23] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-24 22:35 - 2016-08-24 22:35 - 00029476 _____ C:\Users\RuiPaulino\Desktop\FRST.txt
2016-08-24 22:24 - 2016-08-24 22:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-24 22:24 - 2016-08-24 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-24 22:24 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-24 22:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-24 22:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-24 18:31 - 2016-08-24 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-24 12:10 - 2016-08-24 12:10 - 00000000 ____D C:\Users\RuiPaulino\Documents\SkidRow
2016-08-24 12:10 - 2016-08-24 12:10 - 00000000 ____D C:\Users\RuiPaulino\Documents\Paradox Interactive
2016-08-24 12:01 - 2016-08-24 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
2016-08-23 21:48 - 2016-08-24 22:35 - 00073478 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-08-23 21:48 - 2016-08-23 21:49 - 00007586 _____ C:\WINDOWS\ZAM.krnl.trace
2016-08-23 19:15 - 2016-08-23 19:15 - 02396672 _____ (Farbar) C:\Users\RuiPaulino\Desktop\FRST64.exe
2016-08-23 18:53 - 2016-08-23 19:33 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Hola
2016-08-23 18:53 - 2016-08-23 18:53 - 00000000 ____D C:\Program Files\Hola
2016-08-23 17:54 - 2016-08-23 17:54 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-08-23 17:54 - 2016-08-23 17:54 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-23 13:55 - 2016-08-24 22:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-23 13:29 - 2016-08-23 13:29 - 00000000 ____D C:\Program Files (x86)\ESET
2016-08-23 12:39 - 2016-08-23 12:39 - 00204765 _____ C:\Users\RuiPaulino\Documents\marcadores_23_08_16.html
2016-08-23 12:10 - 2016-08-23 12:10 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2016-08-23 12:08 - 2016-08-23 13:13 - 00000000 ____D C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-08-23 11:47 - 2016-08-24 22:35 - 00000000 ____D C:\FRST
2016-08-23 10:59 - 2016-08-23 10:59 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-23 10:55 - 2016-08-23 11:40 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\ConnectedDevicesPlatform
2016-08-23 10:55 - 2016-08-23 10:55 - 00000020 ___SH C:\Users\RuiPaulino\ntuser.ini
2016-08-23 05:11 - 2016-08-23 05:07 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-23 05:09 - 2016-08-23 05:09 - 00000000 ____D C:\ProgramData\USOShared
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Os Meus Documentos
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Modelos
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Menu Iniciar
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Documents\Os Meus Vídeos
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Documents\As Minhas Imagens
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Documents\A Minha Música
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\Definições Locais
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default\AppData\Local\Histórico
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default User\Documents\Os Meus Vídeos
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default User\Documents\As Minhas Imagens
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default User\Documents\A Minha Música
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-08-23 05:07 - 2016-08-23 05:07 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Histórico
2016-08-23 05:06 - 2016-08-23 11:27 - 00000000 ____D C:\Windows.old
2016-08-23 05:06 - 2016-08-23 05:06 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-23 05:06 - 2016-08-23 05:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-23 05:06 - 2016-08-23 05:06 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-23 05:06 - 2016-08-23 05:06 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-23 05:06 - 2016-08-23 05:06 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-23 05:06 - 2016-08-23 05:06 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-23 05:06 - 2016-08-23 05:06 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-23 05:04 - 2016-08-23 05:06 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-23 05:04 - 2016-08-23 05:06 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-23 05:04 - 2016-08-23 05:04 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-23 05:00 - 2016-08-23 05:00 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-08-23 05:00 - 2016-08-23 05:00 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-23 05:00 - 2016-08-23 05:00 - 00000000 ____D C:\Program Files\MSBuild
2016-08-23 05:00 - 2016-08-23 05:00 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-23 05:00 - 2016-08-23 04:43 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-23 05:00 - 2016-05-25 12:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-23 05:00 - 2016-05-25 12:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-23 05:00 - 2016-05-25 12:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-23 04:59 - 2016-05-25 15:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-23 04:59 - 2016-05-25 15:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-23 04:59 - 2016-05-25 15:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-23 04:55 - 2016-08-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-08-23 04:55 - 2016-08-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-08-23 04:55 - 2016-08-23 04:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2016-08-23 04:54 - 2016-08-24 22:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-23 04:54 - 2016-08-23 18:24 - 00004010 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1462658556
2016-08-23 04:54 - 2016-08-23 17:55 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-23 04:54 - 2016-08-23 04:55 - 00003542 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-23 04:54 - 2016-08-23 04:55 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-08-23 04:54 - 2016-08-23 04:55 - 00003444 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-08-23 04:54 - 2016-08-23 04:55 - 00003318 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{061E5B89-19D4-40E5-8527-293E7EF50F40}
2016-08-23 04:54 - 2016-08-23 04:55 - 00003318 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-23 04:54 - 2016-08-23 04:55 - 00003220 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-08-23 04:54 - 2016-08-23 04:55 - 00002880 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4061365162-1835910497-3583636770-1002
2016-08-23 04:54 - 2016-08-23 04:55 - 00002862 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2016-08-23 04:54 - 2016-08-23 04:55 - 00002738 _____ C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64)
2016-08-23 04:54 - 2016-08-23 04:55 - 00002658 _____ C:\WINDOWS\System32\Tasks\Update Checker
2016-08-23 04:54 - 2016-08-23 04:55 - 00002440 _____ C:\WINDOWS\System32\Tasks\avast! Windows 10 Start Menu helper
2016-08-23 04:54 - 2016-08-23 04:55 - 00002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2016-08-23 04:54 - 2016-08-23 04:55 - 00002304 _____ C:\WINDOWS\System32\Tasks\{3D8F7001-E8E7-415A-AB91-7F6C8EBAAF3E}
2016-08-23 04:54 - 2016-08-23 04:55 - 00002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2016-08-23 04:54 - 2016-08-23 04:55 - 00002272 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2016-08-23 04:54 - 2016-08-23 04:55 - 00002250 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2016-08-23 04:54 - 2016-08-23 04:55 - 00002188 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2016-08-23 04:54 - 2016-08-23 04:55 - 00002164 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-08-23 04:54 - 2016-08-23 04:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2016-08-23 04:54 - 2016-08-23 04:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-08-23 04:39 - 2016-08-23 04:39 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-23 04:39 - 2016-08-23 04:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-08-23 04:39 - 2016-08-23 04:39 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-08-23 04:39 - 2016-08-23 04:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-08-23 04:39 - 2016-08-23 04:39 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-08-23 04:27 - 2016-08-23 04:43 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-23 04:23 - 2016-08-24 22:20 - 00000000 ____D C:\Users\RuiPaulino
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Os Meus Documentos
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Modelos
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Menu Iniciar
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Documents\Os Meus Vídeos
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Documents\As Minhas Imagens
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Documents\A Minha Música
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\Definições Locais
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-08-23 04:23 - 2016-08-23 04:23 - 00000000 _SHDL C:\Users\RuiPaulino\AppData\Local\Histórico
2016-08-23 04:17 - 2016-08-23 04:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevGen_01009.Wdf
2016-08-23 04:17 - 2016-08-23 04:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevFan_01009.Wdf
2016-08-23 04:17 - 2016-08-23 04:17 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-08-23 04:17 - 2016-08-23 04:17 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-08-23 04:16 - 2016-08-23 04:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-23 04:16 - 2016-08-23 04:29 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-23 04:16 - 2016-08-23 04:29 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-08-23 04:16 - 2016-08-23 04:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-23 04:16 - 2016-08-23 04:16 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-23 04:16 - 2016-08-23 04:16 - 00000000 ____D C:\Program Files\Realtek
2016-08-23 04:16 - 2016-08-11 13:27 - 06386048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 02468288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 01365048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-23 04:16 - 2016-08-11 13:27 - 00548920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-23 04:16 - 2016-08-09 17:06 - 07255045 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-08-23 04:15 - 2016-08-23 04:28 - 00000000 ____D C:\Program Files\Intel
2016-08-23 04:15 - 2016-08-23 04:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfManager_01009.Wdf
2016-08-23 04:15 - 2016-08-23 04:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevProc_01009.Wdf
2016-08-23 04:15 - 2016-08-23 04:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevDram_01009.Wdf
2016-08-23 04:15 - 2016-08-23 04:15 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-08-23 04:15 - 2016-07-16 12:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-23 04:15 - 2015-10-09 09:22 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-08-23 04:15 - 2015-10-09 09:22 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-08-23 04:12 - 2016-08-24 20:51 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-23 04:12 - 2016-08-23 11:52 - 04966624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-23 04:12 - 2016-08-23 04:12 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-19 11:28 - 2016-08-19 11:28 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-19 11:28 - 2016-05-04 03:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-08-19 11:28 - 2016-05-04 03:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-08-19 11:28 - 2016-05-04 03:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-08-19 11:28 - 2016-05-04 03:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-08-19 11:26 - 2016-08-19 11:26 - 00000000 ____D C:\temp
2016-08-19 11:22 - 2016-08-16 16:44 - 00047040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-08-19 11:22 - 2016-08-11 15:33 - 34837952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 28236856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 10728856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 10530960 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 09086344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 08644456 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437254.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437254.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 01023544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00961080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00945088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00897592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00803096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00694952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00644648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00584712 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00442816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00413256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00393664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00345936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-08-19 11:22 - 2016-08-11 15:33 - 00040827 _____ C:\WINDOWS\system32\nvinfo.pb
2016-08-19 11:21 - 2016-08-11 15:33 - 40070200 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 35182648 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 10273096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 08681720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 03901520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 03443152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 02914752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 02553912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-08-19 11:21 - 2016-08-11 15:33 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-08-19 11:21 - 2016-08-11 15:33 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-08-14 12:57 - 2016-08-14 12:57 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\HD Tune Pro
2016-08-13 12:22 - 2016-08-24 11:36 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Wise Disk Cleaner
2016-08-13 12:22 - 2016-08-13 12:26 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Wise Euask
2016-08-13 12:18 - 2016-08-23 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-08-13 12:18 - 2016-08-13 12:18 - 00000000 ____D C:\Program Files\Defraggler
2016-08-13 12:11 - 2016-08-13 12:11 - 00000000 ____D C:\ProgramData\NovaTech Network
2016-08-13 12:08 - 2016-08-23 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
2016-08-13 12:08 - 2016-08-23 04:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskTrix
2016-08-13 12:08 - 2016-08-13 12:08 - 00000000 ____D C:\Program Files (x86)\Wise
2016-08-13 12:08 - 2016-08-13 12:08 - 00000000 ____D C:\Program Files (x86)\DiskTrix
2016-08-13 11:54 - 2016-07-11 03:34 - 01939000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436881.dll
2016-08-13 11:54 - 2016-07-11 03:34 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436881.dll
2016-08-13 11:24 - 2016-08-13 11:24 - 00000000 ____D C:\NVIDIA
2016-08-13 10:39 - 2016-04-14 06:38 - 00113216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-08-13 10:39 - 2016-04-14 06:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-08-13 10:39 - 2016-04-14 06:38 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-08-12 17:11 - 2016-08-12 17:15 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\Introversion
2016-08-05 18:42 - 2016-08-23 04:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2016-08-04 12:26 - 2016-08-23 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-04 12:26 - 2016-08-04 12:26 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-04 12:23 - 2016-08-04 12:23 - 00000000 ____D C:\Program Files\iPod
2016-07-30 23:35 - 2016-08-24 22:23 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-07-30 12:49 - 2016-07-30 12:49 - 00963877 _____ C:\Users\RuiPaulino\Downloads\hora_rios_vera_o_2016_online.pdf
2016-07-29 18:29 - 2016-07-29 18:29 - 00065640 _____ C:\WINDOWS\system32\ASGCoInstaller_x64.dll
2016-07-27 14:11 - 2016-07-28 12:09 - 00014566 ____H C:\Users\RuiPaulino\Desktop\~WRL0004.tmp
2016-07-27 14:11 - 2016-07-27 14:13 - 00013169 ____H C:\Users\RuiPaulino\Desktop\~WRL1637.tmp
2016-07-27 12:22 - 2016-07-27 12:22 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\Bethesda.net Launcher
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-24 22:23 - 2014-10-23 18:19 - 00000081 _____ C:\Users\RuiPaulino\AppData\Roaming\sp_data.sys
2016-08-24 22:23 - 2013-09-19 21:29 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-24 22:22 - 2015-07-30 15:19 - 00000000 __SHD C:\Users\RuiPaulino\IntelGraphicsProfiles
2016-08-24 22:20 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-08-24 22:12 - 2013-09-19 21:30 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\Last.fm
2016-08-24 21:13 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-24 20:54 - 2015-09-28 11:14 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-08-24 18:31 - 2015-08-02 11:59 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-24 15:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-24 15:22 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-08-24 15:20 - 2013-09-20 18:26 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\vlc
2016-08-24 12:06 - 2014-06-13 12:32 - 00000000 ____D C:\Users\RuiPaulino\Desktop\Jogos
2016-08-24 11:05 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-24 10:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-23 21:48 - 2015-09-28 11:14 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-08-23 18:38 - 2016-02-14 13:41 - 00000000 ____D C:\Users\RuiPaulino\AppData\LocalLow\Temp
2016-08-23 18:24 - 2016-05-07 23:02 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-23 17:54 - 2014-05-07 19:57 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-23 17:54 - 2014-01-21 12:31 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-08-23 17:54 - 2013-10-18 14:47 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-08-23 17:54 - 2013-10-18 14:47 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-08-23 17:54 - 2013-10-18 14:47 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-08-23 17:54 - 2013-10-18 14:47 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-08-23 17:54 - 2013-10-18 14:47 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-08-23 17:53 - 2016-05-07 18:48 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-08-23 17:53 - 2013-10-18 14:47 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-08-23 17:52 - 2016-07-17 00:08 - 00419354 _____ C:\WINDOWS\system32\prfh0816.dat
2016-08-23 17:52 - 2016-07-17 00:08 - 00077628 _____ C:\WINDOWS\system32\prfc0816.dat
2016-08-23 17:52 - 2015-07-30 15:07 - 01420980 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-23 17:35 - 2014-05-31 12:10 - 00000000 ____D C:\AdwCleaner
2016-08-23 13:18 - 2013-10-03 23:15 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\uTorrent
2016-08-23 12:15 - 2013-09-19 11:24 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\Packages
2016-08-23 11:53 - 2016-03-09 22:28 - 00000282 __RSH C:\ProgramData\ntuser.pol
2016-08-23 11:03 - 2015-07-30 15:25 - 00002384 _____ C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-23 11:03 - 2015-07-30 15:19 - 00000000 ___RD C:\Users\RuiPaulino\OneDrive
2016-08-23 11:01 - 2014-08-14 23:03 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-08-23 10:55 - 2015-07-30 15:19 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-08-23 10:55 - 2013-09-19 18:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-23 05:11 - 2016-07-16 12:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-23 05:09 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-23 05:08 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-23 05:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-23 05:07 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Windows NT
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-23 05:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-23 05:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-23 05:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-23 05:03 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-23 05:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-08-23 05:00 - 2016-07-16 12:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-08-23 05:00 - 2016-07-16 12:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-08-23 05:00 - 2016-07-16 12:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-08-23 05:00 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-08-23 05:00 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-08-23 04:55 - 2013-10-18 03:02 - 00023220 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-23 04:53 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-23 04:43 - 2016-06-23 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-23 04:43 - 2016-03-13 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-08-23 04:43 - 2016-02-07 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader
2016-08-23 04:43 - 2016-01-13 19:42 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoulseekQt
2016-08-23 04:43 - 2015-12-06 02:46 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-08-23 04:43 - 2015-12-01 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-23 04:43 - 2015-10-30 20:14 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-23 04:43 - 2015-10-14 09:29 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2016-08-23 04:43 - 2015-09-16 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-23 04:43 - 2015-08-27 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-08-23 04:43 - 2015-04-21 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
2016-08-23 04:43 - 2015-01-03 13:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2016-08-23 04:43 - 2014-09-23 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL
2016-08-23 04:43 - 2014-08-09 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-08-23 04:43 - 2014-07-24 16:36 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-23 04:43 - 2014-04-19 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar
2016-08-23 04:43 - 2013-12-23 12:16 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-08-23 04:43 - 2013-12-08 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-08-23 04:43 - 2013-12-08 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2016-08-23 04:43 - 2013-10-02 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-08-23 04:43 - 2013-10-02 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-08-23 04:43 - 2013-09-19 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-23 04:43 - 2013-09-19 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-23 04:43 - 2013-04-23 17:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-23 04:43 - 2013-04-23 17:13 - 00000000 ____D C:\WINDOWS\ru
2016-08-23 04:43 - 2013-04-23 17:13 - 00000000 ____D C:\WINDOWS\he
2016-08-23 04:43 - 2013-04-23 17:13 - 00000000 ____D C:\WINDOWS\es
2016-08-23 04:43 - 2013-04-23 17:13 - 00000000 ____D C:\WINDOWS\el
2016-08-23 04:43 - 2013-04-23 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-08-23 04:43 - 2012-07-26 10:43 - 00000000 ____D C:\WINDOWS\en-GB
2016-08-23 04:39 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-23 04:39 - 2015-10-30 07:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-08-23 04:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-08-23 04:32 - 2014-01-26 22:58 - 00000000 ____D C:\WINDOWS\SysWOW64\xlive
2016-08-23 04:32 - 2013-09-20 00:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-23 04:32 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-08-23 04:32 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-08-23 04:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-23 04:29 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\InputMethod
2016-08-23 04:29 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\IME
2016-08-23 04:29 - 2016-03-14 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
2016-08-23 04:29 - 2016-03-14 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2016-08-23 04:29 - 2016-03-09 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helm
2016-08-23 04:29 - 2015-12-03 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-23 04:29 - 2015-08-31 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-08-23 04:29 - 2015-06-29 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2016-08-23 04:29 - 2015-02-03 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games
2016-08-23 04:29 - 2014-08-20 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware
2016-08-23 04:29 - 2014-08-20 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxengo
2016-08-23 04:29 - 2014-06-19 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bojo Software
2016-08-23 04:29 - 2013-09-21 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Line 6
2016-08-23 04:29 - 2013-07-22 13:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD
2016-08-23 04:29 - 2013-07-22 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-23 04:28 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-08-23 04:28 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-23 04:27 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-23 04:26 - 2013-09-20 09:53 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-23 04:25 - 2014-06-19 18:34 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bojo Software
2016-08-23 04:25 - 2013-12-15 03:03 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Damage
2016-08-23 04:21 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-23 04:18 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-23 04:18 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-23 04:18 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-23 04:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-23 03:30 - 2014-05-24 14:29 - 00001030 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-22 23:04 - 2015-08-02 11:59 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-22 12:04 - 2015-08-02 11:59 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-21 23:30 - 2014-05-24 14:29 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-20 19:45 - 2016-02-01 23:36 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\CrashDumps
2016-08-15 11:04 - 2015-12-30 12:12 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\PackageStaging
2016-08-14 13:31 - 2015-12-01 12:49 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-13 10:40 - 2013-12-08 21:37 - 00000000 ____D C:\Users\RuiPaulino\AppData\Local\NVIDIA
2016-08-11 12:47 - 2013-10-18 14:47 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.147091602890605
2016-08-11 12:46 - 2013-10-18 14:47 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.147091602778104
2016-08-10 11:27 - 2013-09-20 00:02 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 20:41 - 2014-05-24 14:29 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 20:41 - 2014-05-24 14:29 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 19:16 - 2013-09-28 11:00 - 00000000 ____D C:\Users\RuiPaulino\Documents\My Games
2016-08-07 13:19 - 2016-02-07 00:05 - 00000000 ____D C:\Users\RuiPaulino\AppData\Roaming\FiraxisLive
2016-08-07 13:19 - 2014-01-25 22:38 - 00000000 ____D C:\ProgramData\Steam
2016-08-04 23:40 - 2015-07-08 17:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-04 12:26 - 2015-03-08 22:33 - 00000000 ____D C:\Program Files\iTunes
2016-08-04 12:23 - 2013-09-19 20:05 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-04 12:23 - 2013-09-19 11:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-02 18:16 - 2013-09-19 21:23 - 00001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-07-30 13:09 - 2015-12-01 12:02 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-07-30 13:09 - 2013-07-22 13:39 - 00000000 ____D C:\Program Files\DIFX
2016-07-30 13:08 - 2015-12-01 12:02 - 00000000 ____D C:\ProgramData\SetupTPDriver
2016-07-27 13:24 - 2013-09-21 08:17 - 00017320 _____ C:\Users\RuiPaulino\Documents\Lista de artistas.xlsx
 
==================== Files in the root of some directories =======
 
2014-08-25 19:19 - 2014-12-02 21:58 - 0000132 _____ () C:\Users\RuiPaulino\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-10 17:41 - 2016-04-10 17:52 - 0002655 _____ () C:\Users\RuiPaulino\AppData\Roaming\droid4xinstaller.log
2014-10-23 18:21 - 2014-10-23 18:21 - 0000021 _____ () C:\Users\RuiPaulino\AppData\Roaming\my_intel.sys
2015-01-14 14:34 - 2015-03-15 14:32 - 0000132 _____ () C:\Users\RuiPaulino\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2014-10-23 18:19 - 2016-08-24 22:23 - 0000081 _____ () C:\Users\RuiPaulino\AppData\Roaming\sp_data.sys
2014-07-24 16:43 - 2014-07-24 16:43 - 174606558 _____ () C:\Users\RuiPaulino\AppData\Local\ACCCx2_7_1_418.zip.aamdownload
2014-07-24 16:43 - 2014-07-24 16:43 - 0002111 _____ () C:\Users\RuiPaulino\AppData\Local\ACCCx2_7_1_418.zip.aamdownload.aamd
2015-01-11 21:10 - 2015-01-11 21:48 - 0001456 _____ () C:\Users\RuiPaulino\AppData\Local\Adobe Salvar para Web 13.0 Prefs
2015-01-11 19:13 - 2015-01-11 22:16 - 0007168 _____ () C:\Users\RuiPaulino\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-09 20:36 - 2015-09-09 20:36 - 0000792 _____ () C:\Users\RuiPaulino\AppData\Local\recently-used.xbel
2014-08-05 19:47 - 2015-07-01 19:45 - 0007598 _____ () C:\Users\RuiPaulino\AppData\Local\Resmon.ResmonCfg
2015-09-16 09:30 - 2015-09-16 09:30 - 0000000 _____ () C:\Users\RuiPaulino\AppData\Local\{8E80F05B-DE0F-4EDC-8A4A-4502101B4A14}
2015-08-31 13:24 - 2015-08-31 13:24 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-08-23 04:17 - 2016-08-23 04:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-24 23:41 - 2014-02-10 02:51 - 0009685 _____ () C:\ProgramData\hpzinstall.log
2013-04-23 17:10 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-23 17:10 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-23 17:10 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Some files in TEMP:
====================
C:\Users\RuiPaulino\AppData\Local\Temp\Hola-Setup-x64-1.15.577.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-23 04:12
 

 

==================== End of FRST.txt ============================
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by RuiPaulino (24-08-2016 22:36:06)
Running from C:\Users\RuiPaulino\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-23 04:07:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-4061365162-1835910497-3583636770-500 - Administrator - Disabled)
Convidado (S-1-5-21-4061365162-1835910497-3583636770-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-4061365162-1835910497-3583636770-503 - Limited - Disabled)
RuiPaulino (S-1-5-21-4061365162-1835910497-3583636770-1002 - Administrator - Enabled) => C:\Users\RuiPaulino
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Ableton Live 9 Suite (HKLM\...\{7597F2DC-003A-476E-9281-774AB112B7BE}) (Version: 9.0.0.0 - Ableton)
Actualizações da NVIDIA 2.11.4.0 (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe DNG Codec (HKLM-x32\...\Adobe DNG Codec) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alien Isolation / RePack by Baracuda (HKLM-x32\...\Alien Isolation_is1) (Version: 1.0 - )
Ansel (Version: 372.54 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Consolas Font Family (HKLM-x32\...\{6AE22174-4FFA-4572-B692-31F0C386ED38}) (Version: 1.00.0000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
Europa Universalis IV Mare Nostrum (HKLM-x32\...\Europa Universalis IV Mare Nostrum_is1) (Version:  - )
Football Manager 2016 (HKLM-x32\...\Steam App 378120) (Version:  - SEGA)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Helm (HKLM\...\{C7487390-8819-4089-88BD-2B5DA80D3284}) (Version: 0.6.0.0 - Matt Tytel)
HP Photosmart Plus B210 series Software básico do dispositivo (HKLM\...\{94FBB6A6-B166-41C2-9397-BDE940DA8FFF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.7.1084 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Portuguese/Português (HKLM-x32\...\Office14.OMUI.pt-pt) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 pt-PT) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pt-PT)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA Controlador gráfico 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA O controlador de HD Audio 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA O software do sistema PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenSSL 0.9.8l Light (32-bit) (HKLM-x32\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
Pacote de controladores do Windows - ASUS (ATP) Mouse  (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
Painel de controlo da NVIDIA 372.54 (Version: 372.54 - NVIDIA Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photosmart and Deskjet Drivers 14.0 Rel. A (HKLM\...\{F58E1340-3FD5-40B8-A07C-4893CFC29749}) (Version: 14.0 - HP)
PSP 2Meters (HKLM-x32\...\PSP 2Meters) (Version: 2.1.0 - PSPaudioware.com) <==== ATTENTION
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0816-0000-0000000FF1CE}_Office14.OMUI.pt-pt_{95604CB2-E3F3-40FD-B90D-2DB0F144F4A2}) (Version:  - Microsoft)
SF_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.103 - Skype Technologies S.A.)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suporte para Aplicações Apple (32-bits) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Suporte para Aplicações Apple (64-bits) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Total War - SHOGUN 2 (HKLM-x32\...\Total War - SHOGUN 2_is1) (Version:  - )
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
TT-Dynamic-Range 1.1 (HKLM-x32\...\TT-Dynamic-Range 1.1) (Version:  - )
TuxGuitar (HKLM-x32\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voxengo Boogex (HKLM\...\Voxengo Boogex_is1) (Version: 2.1 - Voxengo)
Voxengo Elephant (HKLM\...\Voxengo Elephant_is1) (Version: 4.1 - Voxengo)
Voxengo SPAN Plus (HKLM\...\Voxengo SPAN Plus_is1) (Version: 1.1 - Voxengo)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
Wise Disk Cleaner 9.27 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.27 - WiseCleaner.com, Inc.)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4061365162-1835910497-3583636770-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4061365162-1835910497-3583636770-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DD2EAB7-68C9-44D5-8B0B-004A7E3F9BE0} - \WPD\SqmUpload_S-1-5-21-4061365162-1835910497-3583636770-1002 -> No File <==== ATTENTION
Task: {10ED60E5-8535-43A5-B30D-6E40EF3AAD70} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {156C9526-8F8F-415C-B118-914752DE9EB6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {15A26032-84D2-4264-AABC-ACD1B0580BA5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {378FBA25-E194-405E-AD4E-92C412D1D45A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {43068EB4-D949-44A9-972D-B2E5B8AEAE1B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-23] (AVAST Software)
Task: {46F1F3C6-DD71-4E52-9528-A904CD44FB81} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {4A824FD5-FB5B-4438-915B-F9F8E11E252E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4B9C8731-10E5-4CC4-888F-7EFFF6B5A62F} - System32\Tasks\{3D8F7001-E8E7-415A-AB91-7F6C8EBAAF3E} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=-9
Task: {4CEC0673-FF4D-4D26-9C74-38BDA5070DEB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {508FDD4E-7AE7-4A80-8B85-56949D717134} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {53C22CEB-1E09-4FE2-A7C4-C8661E8A8722} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4061365162-1835910497-3583636770-1002 -> No File <==== ATTENTION
Task: {549BDC47-FADD-4FD3-AA55-ADDDFD4A70AF} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {5835073A-8C41-4C17-8234-5B57779D7ABA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-11-10] (Realtek Semiconductor)
Task: {6563AF5D-FE1C-4BFA-91A9-4E65375751CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {73F803DB-FD31-4C58-AE34-460C2B611C9C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7FC56CE1-3452-4D29-8592-15DA2A856532} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {881DBF7B-5C88-4A0F-8106-CEB2EADF0A9C} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
Task: {8AEBA49D-D969-4D23-82BC-84DA522FBFCD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A4FFF33C-809F-4275-9426-EF3D6F677E8F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AC1DAAEF-16FD-42F5-802D-E3E152F99A03} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B5AD772B-0C1B-431A-A554-62759A0E1E58} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B6431843-2B98-4489-AF89-114C7C64BF19} - System32\Tasks\avast! Windows 10 Start Menu helper => c:\program files\avast software\avast\asww10mon.exe
Task: {B68B0D3F-334B-4808-954E-D34FBC2C8914} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {C50AF77F-5BD0-4594-B76D-FEB6E8865CFE} - System32\Tasks\SafeZone scheduled Autoupdate 1462658556 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {C5A34A22-7942-4241-82E4-318C317C46A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C99DF3F4-25FF-40AB-992B-73DB725E86D6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-02] (Dropbox, Inc.)
Task: {CD5A9688-56C6-4D26-9AE4-9C1EE01138E3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D25D1C6A-496F-4141-BA5F-7FC6A8E00451} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {DDA9A8C1-7994-424D-8585-0E3130C2F55C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {E244998A-61D7-4E58-8347-67B397C091E6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E546876D-F212-40DC-8018-9CC31AFABA71} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E886BEC3-88E7-4650-94DB-217F94858A5F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-02] (Dropbox, Inc.)
Task: {E98B5106-4FCF-4578-8193-5D219BF124B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Iniciador de Aplicações do Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Iniciador de Aplicações do Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-08-23 04:16 - 2016-08-11 13:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-23 00:15 - 2016-06-14 21:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-01-27 12:19 - 2016-06-14 21:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-08-13 10:39 - 2016-06-14 21:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-23 00:15 - 2016-06-14 21:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-08-13 10:39 - 2016-06-14 21:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-08-13 10:39 - 2016-06-14 21:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-08-13 10:39 - 2016-06-14 21:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-27 12:20 - 2016-06-14 21:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-23 11:02 - 2016-08-23 11:02 - 00959168 _____ () C:\Users\RuiPaulino\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-07-16 12:42 - 2016-07-16 12:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2016-08-13 10:39 - 2016-06-14 21:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-08-13 10:39 - 2016-06-14 21:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-23 05:06 - 2016-08-23 05:06 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-23 12:16 - 2016-08-23 12:17 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-08-23 12:16 - 2016-08-23 12:17 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-08-23 12:16 - 2016-08-23 12:17 - 35290624 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-08-23 17:54 - 2016-08-23 17:54 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-24 14:51 - 2016-08-24 14:51 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16082400\algo.dll
2016-08-23 17:54 - 2016-08-23 17:54 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-06-03 20:01 - 2014-06-03 20:01 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-06-03 20:01 - 2014-06-03 20:01 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-06-03 20:01 - 2014-06-03 20:01 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 20:01 - 2014-06-03 20:01 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2015-06-30 14:13 - 2016-06-14 21:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-08-21 14:18 - 2016-08-09 00:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-25 22:35 - 2015-07-01 23:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-24 11:33 - 2016-08-23 20:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 10:44 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 10:44 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 10:44 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 10:44 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 10:44 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-25 22:35 - 2015-07-01 23:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-25 22:35 - 2015-07-01 23:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2013-09-06 12:55 - 2016-08-23 20:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-10 10:55 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-06-26 11:56 - 2016-06-26 11:56 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-08-07 11:31 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-08-24 18:30 - 2016-07-12 03:07 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-08-24 18:30 - 2016-07-12 03:07 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-08-24 18:30 - 2016-07-12 03:07 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-08-24 18:30 - 2016-07-12 03:07 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-08-24 18:30 - 2016-07-12 03:07 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-08-24 18:30 - 2016-07-12 03:07 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-08-24 18:30 - 2016-07-12 03:07 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-24 18:30 - 2016-07-12 03:07 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-08-24 18:30 - 2016-07-12 03:07 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-08-24 18:30 - 2016-07-12 03:09 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-08-24 18:30 - 2016-07-12 03:07 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-24 18:30 - 2016-07-12 03:08 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-08-24 18:30 - 2016-08-24 00:17 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-08-24 18:30 - 2016-08-24 00:02 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-08-24 18:30 - 2016-08-24 00:17 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-08-24 18:30 - 2016-08-24 00:17 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-24 18:30 - 2016-07-12 03:07 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 03929392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 01972016 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-08-24 18:30 - 2016-07-12 03:09 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00168248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-08-24 18:30 - 2016-08-24 00:17 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-08-08 20:41 - 2016-08-03 01:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 20:41 - 2016-08-03 01:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2013-07-22 13:38 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\line6.net -> line6.net
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-01-02 18:45 - 2014-08-09 14:32 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\RuiPaulino\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bruegel-hunters-in-the-snow.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\StartupApproved\StartupFolder: => "Recortes de Ecrã e Iniciador do OneNote 2010.lnk"
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\StartupApproved\Run: => "RuiPaulino"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{43E55E72-0ECA-420C-B5F1-6246EB8362A4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3D7F5DAD-7098-4D9B-8A33-B0BC0557595F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{837445F7-A9D5-45F2-8D36-E3DADD28BFB2}D:\games\total war - shogun 2\shogun2.exe] => (Block) D:\games\total war - shogun 2\shogun2.exe
FirewallRules: [TCP Query User{111222E1-C5DD-4731-8ECD-EB12A9141214}D:\games\total war - shogun 2\shogun2.exe] => (Block) D:\games\total war - shogun 2\shogun2.exe
FirewallRules: [TCP Query User{BABE76A5-5EEC-43EA-BAC6-372582257C1F}C:\users\ruipaulino\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Block) C:\users\ruipaulino\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [{0BD0244F-27F1-49AD-B308-10F763458243}] => (Block) D:\Outros\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [{FD1F2EB1-DE0B-4C15-9D93-69D7B5148B22}] => (Block) D:\Outros\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
FirewallRules: [UDP Query User{0B97638E-19DD-4CAA-BE54-018AA5E92CC9}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{E3D84C31-4676-4D91-9537-07E35608A930}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{EBA228A2-9886-49BC-B19D-0E24608B2B47}] => (Allow) C:\Users\RuiPaulino\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{58B72932-D074-49D6-9290-7E356E7596DE}] => (Allow) C:\Users\RuiPaulino\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{FB251348-A7B2-4551-8659-41AC2BCA0F27}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2016\fm.exe
FirewallRules: [{CFCE51D7-A16B-494C-9F40-C84CDA8B9CEB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2016\fm.exe
FirewallRules: [{E93C265E-C7CF-41E1-AE0F-84ACF4387CD0}] => (Allow) C:\Users\RuiPaulino\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9155B20B-B0DC-4C83-88C1-CB15DAA2B16A}] => (Allow) C:\Users\RuiPaulino\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6FCE91EE-450E-462E-B2F9-B8904CAE3876}] => (Allow) C:\Users\RuiPaulino\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{99B1C0E9-3F12-4403-8C5C-4BFAEAC4BC4F}] => (Allow) C:\Users\RuiPaulino\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F94CFD6-32F8-46D7-9D25-8D691404B9B6}] => (Allow) C:\Users\RuiPaulino\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{04331E0B-1C4A-40A9-86AC-66CA5AF1CAE5}] => (Allow) C:\Users\RuiPaulino\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1AED0913-F914-416F-8A33-42564531A455}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A657AF48-D77B-44F0-9074-0A40E710FECD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{A344AEFB-7B64-44A7-8E61-EDDED284D9D3}D:\games\alien isolation\ai.exe] => (Block) D:\games\alien isolation\ai.exe
FirewallRules: [TCP Query User{D5500C61-ADF0-40CB-AADE-B28138F49807}D:\games\alien isolation\ai.exe] => (Block) D:\games\alien isolation\ai.exe
FirewallRules: [{4EF98E54-6225-44E7-BD72-AC11AD5CB6A7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B8E55394-3C34-4A26-BC2F-E723FECA2C3E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{55DC7209-F5AC-4F7C-8C32-E5D8F5A4A5E7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{30074194-AEB2-4668-BE64-C4AC5CDECF9C}C:\users\ruipaulino\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ruipaulino\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{A0334476-CFA7-439A-BF5C-9D7A610C9C07}C:\users\ruipaulino\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\ruipaulino\appdata\local\akamai\netsession_win.exe
FirewallRules: [{D138452C-C8D7-4F95-95D9-6CE1C1202E00}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F59C7C7A-A92A-4C42-8E22-0E68120C8C04}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{90F0B06C-F4FB-4BC0-92C4-C0EADB15952F}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{DD0B8353-E4CA-4D83-B482-95B0B24BB62C}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{6A9AA3FE-3178-4DFF-B424-EB993C3157D1}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [TCP Query User{6E46B5D6-D680-48A0-9870-CAECF9B225B4}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{A081FA30-8F1F-426C-B752-91C94F5AB847}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7120257C-BAC6-477B-AC8C-D4BF68E38448}] => (Allow) LPort=2869
FirewallRules: [{C941D5B2-560B-472A-B159-4DA34CBDFDC6}] => (Allow) LPort=1900
FirewallRules: [{E94637E7-ECFD-4F98-B0C8-2BCD23B75711}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{32D41150-6788-4E64-BF6E-9E980AF1E64B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{92D86578-18DE-481F-AA4A-1EADE36F9217}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C530F083-27CB-418C-B866-654303E429F2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{290D0BA3-0707-4684-9915-091EA18C830B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{473006B3-2DA2-4032-852E-3B79128B0787}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3FA1881C-0280-4293-9F03-39184AC6E6FE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{847874EA-E6AF-4263-91F9-84469E5419E9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{EFA09378-B4FA-4105-B6EB-5A5540767A3F}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [UDP Query User{B66DB90F-8069-49FC-A311-89E87195BB48}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{CFDE2FBC-8662-4D83-B2A5-D83D2B0534FB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{20E982ED-BA67-4DDC-AD21-A432FE4794E2}] => (Allow) C:\Users\RuiPaulino\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC13D0C1-5A6B-4EC4-AA41-41215EC95E9E}] => (Allow) C:\Users\RuiPaulino\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{36B3C13A-50C6-4A08-8263-1ACE8C9C8E5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5A5A2704-47A8-4E21-A166-79388A9825EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{56C1F1ED-C741-4A31-ADB6-E8A63C2CE699}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1E4AA9A3-005E-4A3D-811B-FDCC211DF6B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{89E531D7-BAB2-46F9-AC5E-3810FE0EEE07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3DF639D7-1E96-4A0C-9822-1DE57D392468}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{E516DDF8-3C31-422A-A5C7-C39BFF629BB6}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{763AF995-9D0E-45C0-97C6-62F4DB0D9BDA}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{351C5B7A-C98C-4349-8AAD-D0A71C9E41D3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA076419-6468-43B1-A7EC-98B8DDA31C00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{90294AC0-1593-4EB2-9972-692907651056}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE04417E-C0A7-4BF4-9D03-E88E805F6F1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8556FACA-5ED7-4ED6-B478-AFDD7784A3E5}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
23-08-2016 12:08:53 Installed SpyHunter
 
==================== Faulty Device Manager Devices =============
 
Name: HL-DT-ST DVDRAM GU71N
Description: Unidade de CD-ROM
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Unidades de CD-ROM padrão)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2016 06:12:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC-RUI)
Description: A ativação da aplicação Microsoft.Windows.Photos_8wekyb3d8bbwe!App falhou com o erro: -2144927142. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais.
 
Error: (08/23/2016 08:32:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC-RUI)
Description: A ativação da aplicação Microsoft.Windows.Photos_8wekyb3d8bbwe!App falhou com o erro: -2147023170. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais.
 
Error: (08/23/2016 07:53:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa Shogun2.exe versão 1.1.0.0 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo de Segurança e Manutenção.
 
ID do Processo: 16b4
 
Hora de Início: 01d1fd6f9513a1b4
 
Hora de Cessação: 4294967295
 
Caminho da Aplicação: D:\Games\Total War - SHOGUN 2\Shogun2.exe
 
ID do Relatório: dc7ebbb6-6962-11e6-bf47-ac220b153c4a
 
Nome completo do pacote com falha: 
 
ID da aplicação relativa ao pacote com falha:
 
Error: (08/23/2016 07:10:11 PM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}
 
Error: (08/23/2016 07:10:11 PM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}
 
Error: (08/23/2016 05:51:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa mmc.exe versão 10.0.14393.0 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo de Segurança e Manutenção.
 
ID do Processo: 22ec
 
Hora de Início: 01d1fd5e89c61de1
 
Hora de Cessação: 16
 
Caminho da Aplicação: C:\Windows\System32\mmc.exe
 
ID do Relatório: da2b43f3-6951-11e6-bf44-ac220b153c4a
 
Nome completo do pacote com falha: 
 
ID da aplicação relativa ao pacote com falha:
 
Error: (08/23/2016 05:51:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa mmc.exe versão 10.0.14393.0 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo de Segurança e Manutenção.
 
ID do Processo: 1cbc
 
Hora de Início: 01d1fd5e89c61dd5
 
Hora de Cessação: 12
 
Caminho da Aplicação: C:\Windows\System32\mmc.exe
 
ID do Relatório: d68e2056-6951-11e6-bf44-ac220b153c4a
 
Nome completo do pacote com falha: 
 
ID da aplicação relativa ao pacote com falha:
 
Error: (08/23/2016 01:49:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração do contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest1". Erro no ficheiro de política ou manifesto C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest2 na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest3.
Uma versão de componente necessária para a aplicação está em conflito com outra versão de componente já ativa.
Os componentes em conflito são:
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.
 
Error: (08/23/2016 01:29:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração do contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest1". Erro no ficheiro de política ou manifesto C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest2 na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest3.
Uma versão de componente necessária para a aplicação está em conflito com outra versão de componente já ativa.
Os componentes em conflito são:
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.
 
Error: (08/23/2016 01:29:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração do contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest1". Erro no ficheiro de política ou manifesto C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest2 na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest3.
Uma versão de componente necessária para a aplicação está em conflito com outra versão de componente já ativa.
Os componentes em conflito são:
Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest.
Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest.
 
 
System errors:
=============
Error: (08/24/2016 10:22:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Cache de Tipos de Letra do Arquitectura de Apresentação do Windows 3.0.0.0 falhou o arranque devido ao seguinte erro: 
%%1053 = O serviço não respondeu ao pedido de início ou controlo atempadamente.
 
Error: (08/24/2016 10:22:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço FontCache3.0.0.0.
 
Error: (08/24/2016 10:21:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico/a(s) da aplicaçãoLocalAtivação{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYSERVIÇO LOCALS-1-5-19LocalHost (Com LRPC)IndisponívelIndisponível
 
Error: (08/24/2016 10:21:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico/a(s) da aplicaçãoLocalAtivação{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYSERVIÇO LOCALS-1-5-19LocalHost (Com LRPC)IndisponívelIndisponível
 
Error: (08/24/2016 10:21:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico/a(s) da aplicaçãoLocalAtivação{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Com LRPC)IndisponívelIndisponível
 
Error: (08/24/2016 10:21:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço MBAMService depende do serviço MBAMProtector o qual falhou o arranque devido ao seguinte erro: 
%%193
 
Error: (08/24/2016 10:21:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço MBAMProtector falhou o arranque devido ao seguinte erro: 
%%193
 
Error: (08/24/2016 08:58:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Steam Client Service falhou o arranque devido ao seguinte erro: 
%%1053 = O serviço não respondeu ao pedido de início ou controlo atempadamente.
 
Error: (08/24/2016 08:58:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço Steam Client Service.
 
Error: (08/24/2016 08:55:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Cache de Tipos de Letra do Arquitectura de Apresentação do Windows 3.0.0.0 falhou o arranque devido ao seguinte erro: 
%%1053 = O serviço não respondeu ao pedido de início ou controlo atempadamente.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-23 11:50:44.646
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-23 11:50:42.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-23 11:50:40.479
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-23 11:50:19.123
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-23 11:50:18.935
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-23 11:50:12.243
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-23 11:50:04.021
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-23 11:50:03.799
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-23 11:50:03.587
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-23 11:50:00.699
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 8077.54 MB
Available physical RAM: 4745.06 MB
Total Virtual: 9997.54 MB
Available Virtual: 6508.63 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:294.45 GB) (Free:9.45 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:382.87 GB) (Free:76.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 32FAA5A0)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 24 August 2016 - 06:38 PM

Alright so it looks like the Zodiac hijack really was fully removed by Malwarebytes. There's still a few things that needs to be addressed :)

warning.gifP2P Program Warning!
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

Are you aware that you have multiple Google Chrome profiles set? At least 2-3 from what I can see.

We'll run a fix with FRST to remove some remnants and useless entries, and since you ran AdwCleaner already, we'll throw in JRT instead with Emsisoft Emergency Kit.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    CreateRestorePoint:
    
    HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2162864 2016-08-10] (Hola Networks Ltd.) <===== ATTENTION
    HKLM-x32\...\Run: [kbdsprt] => [X]
    
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    
    CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-08-23]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
    
    R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [5618864 2016-08-10] (Hola Networks Ltd.) <==== ATTENTION
    R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5618864 2016-08-10] (Hola Networks Ltd.) <==== ATTENTION
    
    Task: {0DD2EAB7-68C9-44D5-8B0B-004A7E3F9BE0} - \WPD\SqmUpload_S-1-5-21-4061365162-1835910497-3583636770-1002 -> No File <==== ATTENTION
    Task: {156C9526-8F8F-415C-B118-914752DE9EB6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {15A26032-84D2-4264-AABC-ACD1B0580BA5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {4A824FD5-FB5B-4438-915B-F9F8E11E252E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {4B9C8731-10E5-4CC4-888F-7EFFF6B5A62F} - System32\Tasks\{3D8F7001-E8E7-415A-AB91-7F6C8EBAAF3E} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=-9
    Task: {4CEC0673-FF4D-4D26-9C74-38BDA5070DEB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {53C22CEB-1E09-4FE2-A7C4-C8661E8A8722} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4061365162-1835910497-3583636770-1002 -> No File <==== ATTENTION
    Task: {73F803DB-FD31-4C58-AE34-460C2B611C9C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {8AEBA49D-D969-4D23-82BC-84DA522FBFCD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A4FFF33C-809F-4275-9426-EF3D6F677E8F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {AC1DAAEF-16FD-42F5-802D-E3E152F99A03} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {B5AD772B-0C1B-431A-A554-62759A0E1E58} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {CD5A9688-56C6-4D26-9AE4-9C1EE01138E3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {E244998A-61D7-4E58-8347-67B397C091E6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {E546876D-F212-40DC-8018-9CC31AFABA71} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    
    ShortcutWithArgument: C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Iniciador de Aplicações do Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
    ShortcutWithArgument: C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Iniciador de Aplicações do Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
    ShortcutWithArgument: C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
    
    IE trusted site: HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\hola.org -> hxxp://hola.org
    
    C:\Program Files (x86)\Enigma Software Group
    C:\Program Files\Hola
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk
    C:\Users\RuiPaulino\AppData\Local\{8E80F05B-DE0F-4EDC-8A4A-4502101B4A14}
    C:\Users\RuiPaulino\AppData\Local\ACCCx2_7_1_418.zip.aamdownload
    C:\Users\RuiPaulino\AppData\Local\ACCCx2_7_1_418.zip.aamdownload.aamd
    C:\Users\RuiPaulino\AppData\Roaming\Hola
    C:\Users\RuiPaulino\AppData\Roaming\sp_data.sys
    C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
    
    EmptyTemp:
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
How's your computer running now?

Your next reply(ies) should include:
  • Answer to my question about your Google Chrome profiles;
  • Copy/pasted content of FRST fixlog.txt;
  • Copy/pasted content of JRT.txt;
  • Copy/pasted content of EEK's clean log;
  • Answer to my question about your computer current state;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 ruipandrade

ruipandrade
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 25 August 2016 - 04:20 AM

Hello Yoan,

Had no idea about the chrome profiles, they did no appear under the accounts tab at all. The computer is now running fine thanks to you, with no pop-up reccurrence whatsoever. Ran both junkware removal the emisoft emergency kit and no results were found.

Once again, thank you very much for your support and availability.

Kind regards,
Rui



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 25 August 2016 - 07:01 AM

Looks to me like you have 2 profiles, and the second one is in use.
CHR Profile: C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2
The 1st one could be an old profile and you created a new one to address a certain issue or else.

Glad to hear that your computer is running fine :)

Can you at least copy/paste the content of the FRST fixlog.txt, so I can see whether or not the fix went through?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 ruipandrade

ruipandrade
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 25 August 2016 - 07:21 AM

I deleted the fixlog file right after I ran both the junkware removal and the emisoft emergency kit and they came through clean, sorry. Did open it beforehand and all the items appeared under 'successful' or something like that.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 25 August 2016 - 07:27 AM

The log should still be present in the FRST folder, C:\FRST\Logs. Can you check to see if it's there and copy/paste its content?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 ruipandrade

ruipandrade
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 25 August 2016 - 07:52 AM

It's not there at all, no luck.



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 25 August 2016 - 08:07 AM

In that case, please run it again. Create a new fixlist.txt, run FRST with it and copy/paste the content of the new fixlog.txt here. If it fails to process the lines, it means that the previous fix worked :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 ruipandrade

ruipandrade
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 AM

Posted 25 August 2016 - 08:30 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by RuiPaulino (25-08-2016 14:19:42) Run:3
Running from C:\Users\RuiPaulino\Desktop
Loaded Profiles: RuiPaulino (Available Profiles: RuiPaulino)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2162864 2016-08-10] (Hola Networks Ltd.) <===== ATTENTION
HKLM-x32\...\Run: [kbdsprt] => [X]
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
 
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
 
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-08-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - <no Path/update_url>
 
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [5618864 2016-08-10] (Hola Networks Ltd.) <==== ATTENTION
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5618864 2016-08-10] (Hola Networks Ltd.) <==== ATTENTION
 
Task: {0DD2EAB7-68C9-44D5-8B0B-004A7E3F9BE0} - \WPD\SqmUpload_S-1-5-21-4061365162-1835910497-3583636770-1002 -> No File <==== ATTENTION
Task: {156C9526-8F8F-415C-B118-914752DE9EB6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {15A26032-84D2-4264-AABC-ACD1B0580BA5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4A824FD5-FB5B-4438-915B-F9F8E11E252E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4B9C8731-10E5-4CC4-888F-7EFFF6B5A62F} - System32\Tasks\{3D8F7001-E8E7-415A-AB91-7F6C8EBAAF3E} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=-9
Task: {4CEC0673-FF4D-4D26-9C74-38BDA5070DEB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {53C22CEB-1E09-4FE2-A7C4-C8661E8A8722} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4061365162-1835910497-3583636770-1002 -> No File <==== ATTENTION
Task: {73F803DB-FD31-4C58-AE34-460C2B611C9C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8AEBA49D-D969-4D23-82BC-84DA522FBFCD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A4FFF33C-809F-4275-9426-EF3D6F677E8F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AC1DAAEF-16FD-42F5-802D-E3E152F99A03} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B5AD772B-0C1B-431A-A554-62759A0E1E58} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CD5A9688-56C6-4D26-9AE4-9C1EE01138E3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E244998A-61D7-4E58-8347-67B397C091E6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E546876D-F212-40DC-8018-9CC31AFABA71} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
 
ShortcutWithArgument: C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Iniciador de Aplicações do Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Iniciador de Aplicações do Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
IE trusted site: HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\...\hola.org -> hxxp://hola.org
 
C:\Program Files (x86)\Enigma Software Group
C:\Program Files\Hola
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk
C:\Users\RuiPaulino\AppData\Local\{8E80F05B-DE0F-4EDC-8A4A-4502101B4A14}
C:\Users\RuiPaulino\AppData\Local\ACCCx2_7_1_418.zip.aamdownload
C:\Users\RuiPaulino\AppData\Local\ACCCx2_7_1_418.zip.aamdownload.aamd
C:\Users\RuiPaulino\AppData\Roaming\Hola
C:\Users\RuiPaulino\AppData\Roaming\sp_data.sys
C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\hola => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\kbdsprt => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value not found.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value not found.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => key not found. 
hola_svc => service not found.
hola_updater => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DD2EAB7-68C9-44D5-8B0B-004A7E3F9BE0} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4061365162-1835910497-3583636770-1002 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{156C9526-8F8F-415C-B118-914752DE9EB6} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15A26032-84D2-4264-AABC-ACD1B0580BA5} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A824FD5-FB5B-4438-915B-F9F8E11E252E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B9C8731-10E5-4CC4-888F-7EFFF6B5A62F} => key not found. 
C:\WINDOWS\System32\Tasks\{3D8F7001-E8E7-415A-AB91-7F6C8EBAAF3E} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3D8F7001-E8E7-415A-AB91-7F6C8EBAAF3E} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CEC0673-FF4D-4D26-9C74-38BDA5070DEB} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53C22CEB-1E09-4FE2-A7C4-C8661E8A8722} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4061365162-1835910497-3583636770-1002 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73F803DB-FD31-4C58-AE34-460C2B611C9C} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AEBA49D-D969-4D23-82BC-84DA522FBFCD} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4FFF33C-809F-4275-9426-EF3D6F677E8F} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC1DAAEF-16FD-42F5-802D-E3E152F99A03} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5AD772B-0C1B-431A-A554-62759A0E1E58} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD5A9688-56C6-4D26-9AE4-9C1EE01138E3} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E244998A-61D7-4E58-8347-67B397C091E6} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E546876D-F212-40DC-8018-9CC31AFABA71} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
C:\Users\RuiPaulino\AppData\Local\Google\Chrome\User Data\Iniciador de Aplicações do Chrome.lnk => Shortcut argument removed successfully.
C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Iniciador de Aplicações do Chrome.lnk => Shortcut argument removed successfully.
C:\Users\RuiPaulino\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk => Shortcut argument removed successfully.
HKU\S-1-5-21-4061365162-1835910497-3583636770-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org => key not found. 
"C:\Program Files (x86)\Enigma Software Group" => not found.
"C:\Program Files\Hola" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk" => not found.
"C:\Users\RuiPaulino\AppData\Local\{8E80F05B-DE0F-4EDC-8A4A-4502101B4A14}" => not found.
"C:\Users\RuiPaulino\AppData\Local\ACCCx2_7_1_418.zip.aamdownload" => not found.
"C:\Users\RuiPaulino\AppData\Local\ACCCx2_7_1_418.zip.aamdownload.aamd" => not found.
"C:\Users\RuiPaulino\AppData\Roaming\Hola" => not found.
C:\Users\RuiPaulino\AppData\Roaming\sp_data.sys => moved successfully
"C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10697790 B
Java, Flash, Steam htmlcache => 24282909 B
Windows/system/drivers => 12719290 B
Edge => 0 B
Chrome => 251538118 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1642 B
NetworkService => 0 B
RuiPaulino => 4124900 B
 
RecycleBin => 0 B
EmptyTemp: => 289.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:20:59 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users