Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.DNSChanger - MalwareBytes removes, but it comes back


  • This topic is locked This topic is locked
23 replies to this topic

#1 fple

fple

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:11 PM

Posted 30 September 2016 - 05:01 PM

Hi! First, I don't really understand much about virus and trojan and those things in general but I would appreciate any help in this. I downloaded MalwareBytes and found Trojan.DNSChanger, I follow every step to delete the virus but it keeps coming back every time, I don't know what to do. Thanks in advance.

Attached Files

  • Attached File  01.png   17.35KB   0 downloads
  • Attached File  02.png   14KB   0 downloads


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:11 AM

Posted 02 October 2016 - 03:17 AM

Hello fpie and welcome to BleepingComputer!       :)

 

My name is Sirawit and I'm here to help you.

 

If I don't reply after 2 days, feel free to PM me.      :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right-hand corner of the topic, you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 3 days I will bump the topic, if you didn't reply in next 3 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Is this issue happening on this device only or other ones as well?

 

-------------------

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to a disclaimer.
  • Press the Scan button.
  • When finished, it will produce 2 logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 fple

fple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:11 PM

Posted 04 October 2016 - 07:58 AM

Hi Sirawit, thank you so much for replying and sorry for the delay. I back up my files in a external drive (I wonder if it's "clean"). Yes, this problem only happened with my notebook. I downloaded Farbar and here's the two logs:

 

FRST.txt

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 03-10-2016
Executado por chico (administrador) em DESKTOP-5928JUV (04-10-2016 09:49:02)
Executando a partir de C:\Users\chico\Downloads
Perfis Carregados: chico (Perfis Disponíveis: chico)
Platform: Windows 10 Pro (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Edge)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

() C:\Windows\KMS-R@1n.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files (x86)\Minhateca.com.br Box\MinhaBox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe


==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2371843960-625600179-927234901-1001\...\Run: [MinhaBox.br] => C:\Program Files (x86)\Minhateca.com.br Box\MinhaBox.exe [3916800 2015-12-10] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Nenhum Arquivo
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-09-21]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 94.102.60.183 8.8.8.8
Tcpip\..\Interfaces\{ba3c7716-259f-47bb-b09d-353d01fbf436}: [DhcpNameServer] 94.102.60.183 8.8.8.8
Tcpip\..\Interfaces\{c21ce4dc-10a5-41ae-bfe8-6e3a4417d804}: [DhcpNameServer] 201.6.2.18 201.6.2.158

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2371843960-625600179-927234901-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={FA567D98-4FB2-4913-AE05-C5944D54D0A4}&mid=6d4a5815b56247cfb872f99b02c30f6f-39cb45498c5a550d3273ed0564951517b885eea3&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_1&pr=fr&d=2016-09-25 20:51:52&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Sem Nome -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Nenhum Arquivo
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: s9232rao.default
FF ProfilePath: C:\Users\chico\AppData\Roaming\Mozilla\Firefox\Profiles\s9232rao.default [2016-10-01]
FF Extension: (ImageHost Grabber) - C:\Users\chico\AppData\Roaming\Mozilla\Firefox\Profiles\s9232rao.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2016-09-21]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default [2016-10-04]
CHR Extension: (Flash Video Downloader) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-09-18]
CHR Extension: (Google Docs) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-15]
CHR Extension: (Google Drive) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-15]
CHR Extension: (YouTube) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-15]
CHR Extension: (uBlock Origin) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-09-30]
CHR Extension: (Image Downloader) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2016-09-15]
CHR Extension: (Video Downloader professional) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-09-16]
CHR Extension: (Full Page Screen Capture) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-10-01]
CHR Extension: (Planilhas do Google) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-15]
CHR Extension: (Documentos Google off-line) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-15]
CHR Extension: (Enable right click) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2016-09-15]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-15]
CHR Extension: (Gmail) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-15]
CHR Extension: (Chrome Media Router) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-09-15] () [Arquivo não assinado]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-04] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U0 aswVmm; não ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-10-04 09:49 - 2016-10-04 09:49 - 00010742 _____ C:\Users\chico\Downloads\FRST.txt
2016-10-04 09:48 - 2016-10-04 09:49 - 00000000 ____D C:\FRST
2016-10-04 09:47 - 2016-10-04 09:47 - 00016148 _____ C:\Windows\system32\DESKTOP-5928JUV_chico_HistoryPrediction.bin
2016-10-04 09:43 - 2016-10-04 09:48 - 02404864 _____ (Farbar) C:\Users\chico\Downloads\FRST64.exe
2016-10-02 20:34 - 2016-10-02 21:35 - 00000000 ____D C:\Program Files (x86)\GoldenDict
2016-10-02 20:34 - 2016-10-02 20:34 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldenDict
2016-10-02 05:31 - 2016-10-04 05:11 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4B2146F4-4093-4C55-9120-EEC9C83AFC74}
2016-10-02 05:28 - 2016-10-02 05:28 - 00000643 _____ C:\Users\chico\Desktop\KMPlayer.lnk
2016-10-02 05:28 - 2016-10-02 05:28 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2016-10-02 05:27 - 2016-10-04 04:36 - 00000000 ____D C:\KMPlayer
2016-10-02 05:26 - 2016-10-02 05:27 - 37642072 _____ (PandoraTV) C:\Users\chico\Desktop\KMPlayer_4.1.3.3.exe
2016-09-30 18:17 - 2016-10-04 09:32 - 00000000 ____D C:\Users\chico\Desktop\3
2016-09-30 04:44 - 2016-10-04 09:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-30 04:44 - 2016-09-30 04:44 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-30 04:44 - 2016-09-30 04:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-30 04:43 - 2016-09-30 04:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-30 04:43 - 2016-09-30 04:43 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-09-30 04:43 - 2016-09-30 04:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-30 04:43 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-30 04:43 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-30 04:43 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-28 10:16 - 2016-09-28 10:17 - 00000000 ____D C:\Users\chico\AppData\Roaming\XnView
2016-09-28 10:16 - 2016-09-28 10:16 - 00000791 _____ C:\Users\chico\Desktop\XnView.lnk
2016-09-25 17:51 - 2016-09-25 17:51 - 00000000 ____D C:\Users\chico\AppData\Roaming\AVG
2016-09-25 17:49 - 2016-09-25 17:49 - 00000000 ____D C:\Users\chico\AppData\Roaming\TuneUp Software
2016-09-25 17:48 - 2016-09-25 18:49 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2016-09-25 17:48 - 2016-09-25 18:49 - 00000000 ____D C:\ProgramData\MFAData
2016-09-25 17:48 - 2016-09-25 17:48 - 00000000 ____D C:\Users\chico\AppData\Local\MFAData
2016-09-25 17:41 - 2016-09-30 05:23 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk
2016-09-25 17:41 - 2016-09-30 05:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-09-25 17:40 - 2016-10-03 22:39 - 00003668 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-09-25 17:40 - 2016-09-25 18:49 - 00000000 ____D C:\Program Files (x86)\AVG
2016-09-25 17:39 - 2016-09-25 18:49 - 00000000 ____D C:\Users\chico\AppData\Local\Avg
2016-09-25 17:39 - 2016-09-25 18:47 - 00000000 ____D C:\Users\chico\AppData\Local\AvgSetupLog
2016-09-25 17:39 - 2016-09-25 17:49 - 00000000 ____D C:\Users\Todos os Usuários\Avg
2016-09-25 17:39 - 2016-09-25 17:49 - 00000000 ____D C:\ProgramData\Avg
2016-09-25 17:08 - 2016-07-26 14:24 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-09-23 17:06 - 2016-09-23 17:06 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2016-09-23 17:06 - 2016-09-23 17:06 - 00000000 ____D C:\Program Files (x86)\gs
2016-09-23 17:04 - 2016-09-23 17:04 - 00001321 _____ C:\Users\chico\Desktop\FlashFlippingBook PDF To JPG.lnk
2016-09-23 17:04 - 2016-09-23 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxoft Free PDF To JPG Converter (freeware)
2016-09-23 17:04 - 2016-09-23 17:04 - 00000000 ____D C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)
2016-09-23 17:00 - 2016-09-23 17:00 - 00000000 ____D C:\Users\chico\AppData\LocalLow\Adobe
2016-09-21 20:28 - 2016-09-21 20:28 - 00001245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.1.lnk
2016-09-21 20:28 - 2016-09-21 20:28 - 00001240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.1.lnk
2016-09-21 20:27 - 1998-11-05 04:08 - 00087392 _____ (Twain Working Group) C:\Windows\twain.dll
2016-09-21 20:24 - 1998-11-13 13:18 - 00308224 _____ (InstallShield Software Corporation, Inc.) C:\Windows\IsUn0416.exe
2016-09-21 20:15 - 2016-09-21 20:17 - 00000000 ____D C:\Users\chico\Desktop\PHOTOSHOP
2016-09-21 00:13 - 2016-09-21 00:21 - 00000000 ____D C:\Users\chico\AppData\Local\Mozilla
2016-09-21 00:13 - 2016-09-21 00:13 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-21 00:13 - 2016-09-21 00:13 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-21 00:13 - 2016-09-21 00:13 - 00000000 ____D C:\Users\chico\AppData\Roaming\Mozilla
2016-09-21 00:12 - 2016-09-25 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-21 00:12 - 2016-09-21 00:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-19 20:23 - 2016-10-04 09:41 - 00000000 ____D C:\Users\chico\AppData\Local\MinhaBox.br
2016-09-19 20:23 - 2016-10-04 09:39 - 00000000 ____D C:\Users\chico\.gstreamer-0.10
2016-09-19 20:23 - 2016-09-19 20:23 - 00000726 _____ C:\Users\Public\Desktop\Minhateca.lnk
2016-09-19 20:23 - 2016-09-19 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minhateca.com.br
2016-09-19 20:23 - 2016-09-19 20:23 - 00000000 ____D C:\Program Files (x86)\Minhateca.com.br Box
2016-09-19 18:08 - 2016-10-02 17:19 - 00000000 ____D C:\Users\chico\AppData\Local\CrashDumps
2016-09-17 02:35 - 2016-10-02 21:46 - 00000000 ____D C:\Users\chico\AppData\Roaming\CoreFTP
2016-09-17 02:34 - 2016-09-17 02:34 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64)
2016-09-17 02:34 - 2016-09-17 02:34 - 00000000 ____D C:\Program Files\CoreFTP
2016-09-16 16:54 - 2016-09-16 16:54 - 00003342 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-09-16 16:53 - 2016-09-16 16:53 - 00000000 ____D C:\Users\chico\AppData\Roaming\Skype
2016-09-16 14:42 - 2016-09-16 14:42 - 00000000 ____D C:\Users\chico\AppData\Roaming\FileZilla Server
2016-09-16 14:31 - 2016-09-16 14:31 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-09-15 17:56 - 2016-09-15 17:58 - 00000000 ____D C:\Users\chico\AppData\Local\Comms
2016-09-15 15:59 - 2016-09-15 15:59 - 00000000 ____D C:\Users\chico\AppData\Local\CEF
2016-09-15 15:55 - 2016-09-25 16:13 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-09-15 15:55 - 2016-09-25 16:13 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-15 15:41 - 2016-09-20 03:02 - 00000000 ____D C:\Users\chico\AppData\Local\Google
2016-09-15 15:37 - 2016-10-04 09:48 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 15:37 - 2016-10-04 09:38 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 15:37 - 2016-10-03 16:50 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-15 15:37 - 2016-10-03 16:50 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-15 15:37 - 2016-09-30 23:04 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-15 15:37 - 2016-09-15 15:43 - 00004166 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-15 15:37 - 2016-09-15 15:43 - 00003934 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-15 15:37 - 2016-09-15 15:37 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-15 15:36 - 2016-09-21 20:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-09-15 15:36 - 2016-09-15 17:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-15 15:36 - 2016-09-15 17:12 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-09-15 15:36 - 2016-09-15 17:12 - 00000000 ____D C:\ProgramData\Adobe
2016-09-15 15:36 - 2016-09-15 15:36 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-09-15 15:35 - 2016-09-23 17:00 - 00000000 ____D C:\Users\chico\AppData\Local\Adobe
2016-09-15 15:33 - 2016-09-15 15:33 - 00000000 ____D C:\Users\chico\AppData\Roaming\Macromedia
2016-09-15 15:33 - 2016-09-15 15:33 - 00000000 ____D C:\Users\chico\AppData\Local\NetworkTiles
2016-09-15 15:26 - 2016-10-04 09:38 - 00000306 _____ C:\Windows\Tasks\AutoKMS.job
2016-09-15 15:26 - 2016-09-25 18:16 - 00000000 ____D C:\Windows\AutoKMS
2016-09-15 15:26 - 2016-09-24 18:20 - 00002966 _____ C:\Windows\System32\Tasks\AutoKMS
2016-09-15 15:19 - 2016-09-15 15:19 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-09-15 15:19 - 2016-09-15 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-09-15 15:19 - 2016-09-15 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-09-15 15:19 - 2016-09-15 15:19 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-09-15 15:18 - 2016-09-15 15:18 - 00000000 ____D C:\Windows\PCHEALTH
2016-09-15 15:18 - 2016-09-15 15:18 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2016-09-15 15:18 - 2016-09-15 15:18 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-09-15 15:15 - 2016-09-15 15:20 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-09-15 15:15 - 2016-09-15 15:18 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 __RHD C:\MSOCache
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Users\chico\AppData\Local\Microsoft Help
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-09-15 15:13 - 2016-09-15 15:32 - 00000000 ____D C:\Users\chico\AppData\Local\MicrosoftEdge
2016-09-15 15:09 - 2016-09-15 15:09 - 00001168 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-09-15 15:09 - 2016-09-15 15:09 - 00001168 __RSH C:\ProgramData\ntuser.pol
2016-09-15 15:05 - 2016-09-24 15:14 - 00000000 ____D C:\Users\Todos os Usuários\KMSAutoS
2016-09-15 15:05 - 2016-09-24 15:14 - 00000000 ____D C:\ProgramData\KMSAutoS
2016-09-15 15:05 - 2016-09-15 15:05 - 00003786 _____ C:\Windows\System32\Tasks\KMSAutoNet
2016-09-15 14:55 - 2016-09-15 14:55 - 00026112 _____ C:\Windows\KMS-R@1n.exe
2016-09-15 14:55 - 2016-09-15 14:55 - 00003235 _____ C:\R@1n.txt
2016-09-15 14:55 - 2016-09-15 14:55 - 00000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
2016-09-15 14:53 - 2016-09-15 14:53 - 00000000 ____D C:\Users\chico\AppData\Local\PeerDistRepub
2016-09-15 14:51 - 2016-09-15 15:06 - 00000000 ____D C:\Users\chico\AppData\Local\MSfree Inc
2016-09-15 14:39 - 2016-09-15 14:51 - 00000000 ____D C:\Users\chico\AppData\Roaming\WinRAR
2016-09-15 14:39 - 2016-09-15 14:39 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-15 14:39 - 2016-09-15 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-15 14:38 - 2016-09-15 14:39 - 00000000 ____D C:\Program Files\WinRAR
2016-09-15 14:36 - 2016-09-15 14:36 - 00000000 ____D C:\Users\chico\AppData\Local\mpress
2016-09-15 14:35 - 2016-09-15 14:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-09-15 14:31 - 2016-09-16 16:54 - 00002369 _____ C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-15 14:31 - 2016-09-16 16:54 - 00000000 ___RD C:\Users\chico\OneDrive
2016-09-15 14:31 - 2016-09-15 14:31 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
2016-09-15 14:31 - 2016-09-15 14:31 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-15 14:30 - 2016-10-04 09:42 - 01720508 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-15 14:29 - 2016-10-02 20:34 - 00000000 ____D C:\Users\chico
2016-09-15 14:29 - 2016-09-25 20:15 - 00000000 ____D C:\Users\chico\AppData\Roaming\Adobe
2016-09-15 14:29 - 2016-09-21 21:01 - 00000000 ____D C:\Users\chico\AppData\Local\VirtualStore
2016-09-15 14:29 - 2016-09-15 14:46 - 00000000 ____D C:\Users\chico\AppData\Local\Packages
2016-09-15 14:29 - 2016-09-15 14:29 - 00016148 _____ C:\Windows\system32\DESKTOP-5928JUV_defaultuser0_HistoryPrediction.bin
2016-09-15 14:29 - 2016-09-15 14:29 - 00000020 ___SH C:\Users\chico\ntuser.ini
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Modelos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Meus Documentos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Menu Iniciar
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Documents\Minhas Músicas
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Documents\Minhas Imagens
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Documents\Meus Vídeos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Dados de Aplicativos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Configurações Locais
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\AppData\Local\Histórico
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\AppData\Local\Dados de Aplicativos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Ambiente de Rede
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Ambiente de Impressão
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 ____D C:\Users\chico\AppData\Local\TileDataLayer
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 ____D C:\Users\chico\AppData\Local\Publishers
2016-09-15 14:27 - 2016-09-15 14:27 - 00000000 ____D C:\Windows\CSC
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Músicas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Imagens
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Meus Vídeos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Histórico
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários\Modelos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários\Menu Iniciar
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários\Documentos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Public\Documents\Minhas Músicas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Public\Documents\Minhas Imagens
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Public\Documents\Meus Vídeos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Modelos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Meus Documentos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Menu Iniciar
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Documents\Minhas Músicas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Documents\Minhas Imagens
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Documents\Meus Vídeos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Configurações Locais
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\AppData\Local\Histórico
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\AppData\Local\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Ambiente de Rede
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Ambiente de Impressão
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\Documents\Minhas Músicas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\Documents\Minhas Imagens
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\Documents\Meus Vídeos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Histórico
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Modelos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Menu Iniciar
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Documentos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Program Files\Common Files\Sistema
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Program Files\Arquivos Comuns
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Arquivos de Programas
2016-09-15 14:24 - 2015-07-10 07:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-09-15 14:20 - 2016-09-15 14:27 - 00000000 ____D C:\Windows\Panther

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-10-04 09:42 - 2015-07-10 13:36 - 00745200 _____ C:\Windows\system32\prfh0416.dat
2016-10-04 09:42 - 2015-07-10 13:36 - 00145230 _____ C:\Windows\system32\prfc0416.dat
2016-10-04 09:42 - 2015-07-10 08:02 - 00000000 ____D C:\Windows\INF
2016-10-04 09:38 - 2015-07-10 09:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-04 09:37 - 2015-07-10 06:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2016-10-01 05:58 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\NDF
2016-09-30 23:28 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\LiveKernelReports
2016-09-25 18:48 - 2015-07-10 08:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-09-25 17:53 - 2015-07-10 06:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-09-22 15:00 - 2015-07-10 07:55 - 00000000 ____D C:\Windows\CbsTemp
2016-09-15 18:19 - 2015-07-10 09:20 - 00347392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-15 16:30 - 2015-07-10 08:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-15 15:19 - 2015-07-10 13:50 - 00000000 ____D C:\Windows\ShellNew
2016-09-15 15:19 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-15 15:15 - 2015-07-10 08:04 - 00000167 _____ C:\Windows\win.ini
2016-09-15 15:15 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Common Files\System
2016-09-15 15:08 - 2015-07-10 08:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-09-15 14:51 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\AppReadiness
2016-09-15 14:45 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\DevicesFlow
2016-09-15 14:29 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-09-15 14:29 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\PrintDialog
2016-09-15 14:29 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\MiracastView
2016-09-15 14:29 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-09-15 14:28 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\rescache
2016-09-15 14:27 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\spool
2016-09-15 14:27 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-09-15 14:25 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Windows NT
2016-09-15 14:23 - 2015-07-10 06:05 - 00000000 ____D C:\Windows\system32\Sysprep
2016-09-15 14:20 - 2015-07-10 08:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-09-28 10:33

==================== Fim de FRST.txt ============================

Addition.txt

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 03-10-2016
Executado por chico (04-10-2016 09:49:48)
Executando a partir de C:\Users\chico\Downloads
Windows 10 Pro (X64) (2016-09-15 17:27:36)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-2371843960-625600179-927234901-500 - Administrator - Disabled)
chico (S-1-5-21-2371843960-625600179-927234901-1001 - Administrator - Enabled) => C:\Users\chico
Convidado (S-1-5-21-2371843960-625600179-927234901-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-2371843960-625600179-927234901-503 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.101.2.40207 - AVG Technologies)
AVG Zen (Version: 1.101.4 - AVG Technologies) Hidden
Boxoft Free PDF To JPG Converter (freeware) (HKLM-x32\...\Boxoft Free PDF To JPG Converter (freeware)_is1) (Version:  - boxoft Solution)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
GoldenDict (HKLM-x32\...\GoldenDict) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM-x32\...\GPL Ghostscript 8.71) (Version:  - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.3.3 - PandoraTV)
Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Minhateca.com.br Box (HKLM-x32\...\{88CF5E68-D90C-4653-9FF4-CEE16AE50270}) (Version: 2.0.9 - Minhateca.com.br)
Mozilla Firefox 49.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 49.0 (x86 pt-BR)) (Version: 49.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0 - Mozilla)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-2371843960-625600179-927234901-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {21D0A16A-DCFD-461F-89A1-6B150126F94A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-16] (Microsoft Corporation)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {411E896D-C40F-4AC2-AD3A-A9F89F187295} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-11-12] (MSFree Inc.)
Task: {471B969B-BE33-46E0-BF49-4C73B03D0710} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {4D2B0906-D4BE-4913-AF39-C129B4FBBEE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-15] (Google Inc.)
Task: {9C1090AC-829B-4851-90DD-FF833A0E3A2F} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {9EC4D2AC-AA31-40AC-BDCD-A6FAFABBF308} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {EC4FF1DF-55E4-4706-BC6F-19E36FFB9071} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {F563EADD-9FF6-4E55-A611-732DFA16C687} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-15] (Google Inc.)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2015-07-10 08:00 - 2015-07-10 08:00 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-07-10 07:59 - 2015-07-10 07:59 - 00403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2016-09-15 14:55 - 2016-09-15 14:55 - 00026112 _____ () C:\Windows\KMS-R@1n.exe
2015-07-10 08:00 - 2015-07-10 08:00 - 02498296 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-07-10 08:00 - 2015-07-10 08:00 - 02498296 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-09-16 16:53 - 2016-09-16 16:53 - 01864384 _____ () C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-07-10 07:59 - 2015-07-10 07:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 08:00 - 2015-07-10 13:49 - 06579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 08:00 - 2015-07-10 13:49 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-10 08:00 - 2015-07-10 13:49 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-10 17:10 - 2015-12-10 17:10 - 03916800 _____ () C:\Program Files (x86)\Minhateca.com.br Box\MinhaBox.exe
2015-07-10 13:57 - 2015-07-10 13:57 - 00007168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-07-10 13:57 - 2015-07-10 13:57 - 13490688 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-09-16 16:53 - 2016-09-16 16:53 - 01383616 _____ () C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-09-16 16:53 - 2016-09-16 16:53 - 00118976 _____ () C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00699392 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgstreamer-0.10.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00053760 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgstinterfaces-0.10.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 01396736 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libxml2-2.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 00085504 _____ () C:\Program Files (x86)\Minhateca.com.br Box\z.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00013824 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstacmmp3dec.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 00041984 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgstriff-0.10.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00133120 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgsttag-0.10.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00109568 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgstaudio-0.10.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 00253440 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgstbase-0.10.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00038400 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstaiff.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00018944 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstalaw.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00015360 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstapetag.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00098304 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgstpbutils-0.10.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 00038912 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgstvideo-0.10.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00008192 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstapp.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00039936 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgstapp-0.10.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00095232 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstasf.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00070656 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgstrtp-0.10.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 00025088 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgstsdp-0.10.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 00070144 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgstrtsp-0.10.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00064000 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstasfmux.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00078336 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstaudioconvert.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 00563712 _____ () C:\Program Files (x86)\Minhateca.com.br Box\liborc-0.4-0.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00020480 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstaudiorate.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00052224 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstaudioresample.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00018944 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstauparse.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00029184 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstautodetect.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00022528 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstcdxaparse.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00212992 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstcoreelements.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00011776 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstcoreindexers.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00032768 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstdecodebin.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00086016 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstdecodebin2.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00228864 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstdirectsound.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00026624 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstequalizer.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00126976 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgstcontroller-0.10.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00180736 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstffmpeg-lgpl.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 00881664 _____ () C:\Program Files (x86)\Minhateca.com.br Box\avformat-lgpl-52.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00111104 _____ () C:\Program Files (x86)\Minhateca.com.br Box\avutil-lgpl-50.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 05038592 _____ () C:\Program Files (x86)\Minhateca.com.br Box\avcodec-lgpl-52.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 00018944 _____ () C:\Program Files (x86)\Minhateca.com.br Box\avcore-lgpl-0.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00067584 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libbz2.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00069120 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstflac.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00331264 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libFLAC-8.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00023552 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libogg-0.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00015872 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgsticydemux.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00032256 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstid3demux.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00035840 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstinterleave.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00019456 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstlevel.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00047616 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstmpegaudioparse.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00151040 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstmpegdemux.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00030208 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstmpegpsmux.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00059904 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstmpegstream.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00039424 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstmpegtsmux.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00023552 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstneonhttpsrc.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 00125952 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libneon-27.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 00167424 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libexpat-1.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00718336 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgnutls-26.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00604160 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgcrypt-11.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00077312 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libtasn1-3.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00035328 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libgpg-error-0.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00014336 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstnetsim.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00132608 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstogg.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00197632 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstplaybin.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00149504 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstqtdemux.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00114688 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstqtmux.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00035840 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstrawparse.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00030208 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstreal.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00035328 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstreplaygain.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00017920 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstspeed.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00012288 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgststereo.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00022016 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgsttta.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00061952 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgsttypefindfunctions.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00034304 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstvolume.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00053760 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstvorbis.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00162304 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libvorbis-0.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 01520128 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libvorbisenc-2.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00019968 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstwasapi.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00015360 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstwaveenc.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00015872 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstwaveformsink.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00050688 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstwavpack.dll
2011-12-02 14:14 - 2011-12-02 14:14 - 00196608 _____ () C:\Program Files (x86)\Minhateca.com.br Box\libwavpack-1.dll
2011-12-02 14:15 - 2011-12-02 14:15 - 00042496 _____ () C:\Program Files (x86)\Minhateca.com.br Box\gplugins\libgstwavparse.dll
2014-03-03 23:05 - 2014-03-03 23:05 - 00025088 _____ () C:\Program Files (x86)\Minhateca.com.br Box\tsplugins\integration\chomikbox_win7.tsp
2016-09-25 17:40 - 2016-09-25 17:40 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-09-15 17:37 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\chico\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-15 17:37 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\chico\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)


==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)


==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)


==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2015-07-10 08:04 - 2015-07-10 08:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-2371843960-625600179-927234901-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 94.102.60.183 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

MSCONFIG\Services: wuauserv => 3

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [TCP Query User{964CC9E9-A92A-41BA-9174-F7E2CE753C3E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{3403FFA0-7167-43BB-A6BA-E89A1AE1B97C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{2CB2FC90-8E7B-4C61-9C64-66CDA75AF3EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Pontos de Restauração =========================

15-09-2016 15:14:44 Installed Microsoft Office Professional Plus 2010
19-09-2016 20:20:11 Instalado Minhateca.com.br Box
22-09-2016 15:00:15 Instalador de Módulos do Windows
25-09-2016 17:48:58 Installed AVG 2016

==================== Dispositivos Apresentando Falhas No Gerenciador =============

Name: Dispositivo do sistema básico
Description: Dispositivo do sistema básico
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: BCM20702A0
Description: BCM20702A0
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Porta serial PCI
Description: Porta serial PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controlador de comunicação PCI simples
Description: Controlador de comunicação PCI simples
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (10/03/2016 05:18:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5928JUV)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (10/03/2016 06:45:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5928JUV)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (10/03/2016 01:52:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5928JUV)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (10/02/2016 05:18:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: KMPlayer.exe, versão: 4.1.3.3, carimbo de data/hora: 0x57e4adf6
Nome do módulo com falha: LAVVideo.ax, versão: 0.67.0.0, carimbo de data/hora: 0x56b0742e
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000858c3
ID do processo com falha: 0x16f8
Hora de início do aplicativo com falha: 0x01d21cea25dc5df9
Caminho do aplicativo com falha: C:\KMPlayer\KMPlayer.exe
Caminho do módulo com falha: C:\KMPlayer\LAVVideo.ax
ID do Relatório: 3af248a0-3a6a-4d84-ae07-260502f45ebd
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Error: (10/02/2016 05:18:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: KMPlayer.exe, versão: 4.1.3.3, carimbo de data/hora: 0x57e4adf6
Nome do módulo com falha: LAVVideo.ax, versão: 0.67.0.0, carimbo de data/hora: 0x56b0742e
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000858c3
ID do processo com falha: 0xd90
Hora de início do aplicativo com falha: 0x01d21cea109f8437
Caminho do aplicativo com falha: C:\KMPlayer\KMPlayer.exe
Caminho do módulo com falha: C:\KMPlayer\LAVVideo.ax
ID do Relatório: dfc9e647-56fc-4195-bc9b-275418a5dda0
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Error: (10/02/2016 05:17:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: KMPlayer.exe, versão: 4.1.3.3, carimbo de data/hora: 0x57e4adf6
Nome do módulo com falha: LAVVideo.ax, versão: 0.67.0.0, carimbo de data/hora: 0x56b0742e
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000858c3
ID do processo com falha: 0xfc4
Hora de início do aplicativo com falha: 0x01d21ce9fd52b711
Caminho do aplicativo com falha: C:\KMPlayer\KMPlayer.exe
Caminho do módulo com falha: C:\KMPlayer\LAVVideo.ax
ID do Relatório: 6da9e0a5-c732-4fe2-9398-286d4e65cfd4
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Error: (10/02/2016 05:16:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: KMPlayer.exe, versão: 4.1.3.3, carimbo de data/hora: 0x57e4adf6
Nome do módulo com falha: LAVVideo.ax, versão: 0.67.0.0, carimbo de data/hora: 0x56b0742e
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000858c3
ID do processo com falha: 0x15d0
Hora de início do aplicativo com falha: 0x01d21ce9dabda9e0
Caminho do aplicativo com falha: C:\KMPlayer\KMPlayer.exe
Caminho do módulo com falha: C:\KMPlayer\LAVVideo.ax
ID do Relatório: db53bfad-d203-4d44-b73e-0e1b65a57d93
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Error: (10/02/2016 05:13:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: KMPlayer.exe, versão: 4.1.3.3, carimbo de data/hora: 0x57e4adf6
Nome do módulo com falha: LAVVideo.ax_unloaded, versão: 0.67.0.0, carimbo de data/hora: 0x56b0742e
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0001141e
ID do processo com falha: 0xc54
Hora de início do aplicativo com falha: 0x01d21ce91ca900e2
Caminho do aplicativo com falha: C:\KMPlayer\KMPlayer.exe
Caminho do módulo com falha: LAVVideo.ax
ID do Relatório: 9fb400eb-9bd3-4c21-8d3a-261897e9aebd
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Error: (10/02/2016 05:12:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: KMPlayer.exe, versão: 4.1.3.3, carimbo de data/hora: 0x57e4adf6
Nome do módulo com falha: LAVVideo.ax_unloaded, versão: 0.67.0.0, carimbo de data/hora: 0x56b0742e
Código de exceção: 0xc00001a5
Deslocamento da falha: 0x000d7a90
ID do processo com falha: 0xc54
Hora de início do aplicativo com falha: 0x01d21ce91ca900e2
Caminho do aplicativo com falha: C:\KMPlayer\KMPlayer.exe
Caminho do módulo com falha: LAVVideo.ax
ID do Relatório: 7f3bf918-06c1-40b6-8fc4-44f50c43d98c
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Error: (10/02/2016 06:45:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5928JUV)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.


Erros de Sistema:
=============
Error: (10/04/2016 09:37:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (10/04/2016 04:16:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (10/03/2016 05:19:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço avgsvc.

Error: (10/03/2016 05:18:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5928JUV)
Description: O servidor {9BA05972-F6A8-11CF-A442-00A0C90A8F39} não se registrou no DCOM dentro do tempo limite necessário.

Error: (10/03/2016 05:18:33 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: O servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} não se registrou no DCOM dentro do tempo limite necessário.

Error: (10/03/2016 05:18:33 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: O servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} não se registrou no DCOM dentro do tempo limite necessário.

Error: (10/03/2016 05:18:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5928JUV)
Description: O servidor CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca não se registrou no DCOM dentro do tempo limite necessário.

Error: (10/03/2016 05:18:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session2 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (10/03/2016 06:45:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço avgsvc.

Error: (10/03/2016 06:45:09 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5928JUV)
Description: O servidor CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca não se registrou no DCOM dentro do tempo limite necessário.


CodeIntegrity:
===================================
  Date: 2016-10-02 19:34:46.044
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 20:23:19.822
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-30 20:56:29.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-25 20:53:17.804
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-25 17:27:04.403
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-25 16:53:15.451
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentagem de memória em uso: 50%
RAM física total: 3793.65 MB
RAM física disponível: 1868.46 MB
Virtual Total: 5009.65 MB
Virtual disponível: 3128.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.27 GB) (Free:396.74 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 037208B2)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt ============================


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:11 AM

Posted 04 October 2016 - 10:43 AM

Hi fple.

 

I found a trace of KMSpico/AutoKMSS/KMS-R@in in your computer. I do not suggest you use cracked software because this is a highly possible way to get an infection on your computer. We deserved the rights to close the topic with cracked software present. However, I will continue to help you. Just try to refrain from using these kinds of software in the future.

 

----------------

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   3.11KB   3 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

We need to remove programs using "Programs and Features"


Click the "Start" orb on the taskbar, and then click the "Settings" button. Then go to System > Apps & Features.

 

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

AVG Zen

Additional instructions can be found here if needed.

 

-----------------

 

How's your computer running? Do you still getting warnings from Malwarebytes?

 

After you have completed the above steps, please create a new set of FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 fple

fple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:11 PM

Posted 04 October 2016 - 03:30 PM

Thank you! I didn't know it was a cracked version when they installed for me, I'm sorry about that.

 

Fixlog

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 03-10-2016
Executado por chico (04-10-2016 17:04:18) Run:1
Executando a partir de C:\Users\chico\Downloads\frst1
Perfis Carregados: chico (Perfis Disponíveis: chico)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Windows\KMS-R@1n.exe
GroupPolicy: Restrição <======= ATENÇÃO
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Nenhum Arquivo
Tcpip\Parameters: [DhcpNameServer] 94.102.60.183 8.8.8.8
Tcpip\..\Interfaces\{ba3c7716-259f-47bb-b09d-353d01fbf436}: [DhcpNameServer] 94.102.60.183 8.8.8.8
SearchScopes: HKU\S-1-5-21-2371843960-625600179-927234901-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={FA567D98-4FB2-4913-AE05-C5944D54D0A4}&mid=6d4a5815b56247cfb872f99b02c30f6f-39cb45498c5a550d3273ed0564951517b885eea3&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=ZenTest_B_1&pr=fr&d=2016-09-25 20:51:52&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms}
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-09-15] () [Arquivo não assinado]
U0 aswVmm; não ImagePath
2016-09-15 14:55 - 2016-09-15 14:55 - 00003235 _____ C:\R@1n.txt
AVG Zen (Version: 1.101.4 - AVG Technologies) Hidden
Task: {411E896D-C40F-4AC2-AD3A-A9F89F187295} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-11-12] (MSFree Inc.)
C:\ProgramData\KMSAutoS
Task: {9EC4D2AC-AA31-40AC-BDCD-A6FAFABBF308} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
Task: {EC4FF1DF-55E4-4706-BC6F-19E36FFB9071} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
CMD: ipconfig /flushdns
EmptyTemp:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
C:\Windows\KMS-R@1n.exe => movido com sucesso
C:\Windows\system32\GroupPolicy\Machine => movido com sucesso
C:\Windows\system32\GroupPolicy\GPT.ini => movido com sucesso
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => chave removido (a) com sucesso.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => chave não encontrado (a). 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => valor removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ba3c7716-259f-47bb-b09d-353d01fbf436}\\DhcpNameServer => valor removido (a) com sucesso.
"HKU\S-1-5-21-2371843960-625600179-927234901-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => chave removido (a) com sucesso.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => chave não encontrado (a). 
KMS-R@1n => serviço removido (a) com sucesso.
aswVmm => serviço removido (a) com sucesso.
C:\R@1n.txt => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A842DD0-1FE5-4699-B40A-2B3F3CCC51B1}\\SystemComponent => valor removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{411E896D-C40F-4AC2-AD3A-A9F89F187295}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{411E896D-C40F-4AC2-AD3A-A9F89F187295}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\KMSAutoNet => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet" => chave removido (a) com sucesso.
C:\ProgramData\KMSAutoS => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9EC4D2AC-AA31-40AC-BDCD-A6FAFABBF308}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EC4D2AC-AA31-40AC-BDCD-A6FAFABBF308}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\AutoKMS => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => chave removido (a) com sucesso.
C:\Windows\AutoKMS => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC4FF1DF-55E4-4706-BC6F-19E36FFB9071}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC4FF1DF-55E4-4706-BC6F-19E36FFB9071}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\R@1n-KMS\Windows64Professional => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional" => chave removido (a) com sucesso.
C:\Windows\Tasks\AutoKMS.job => movido com sucesso

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 1946773 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 128557078 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 4776895 B
Edge => 17478486 B
Chrome => 332726155 B
Firefox => 152833070 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 8382 B
NetworkService => 111122776 B
chico => 690288649 B

RecycleBin => 0 B
EmptyTemp: => 1.3 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 17:06:02 ====

When I tried to unistall AVG Zen, I got this message:

e9pzISu.png

 

 

Something little weird happened a few hours ago, a message appear asking if I wanted to change VPN to private, I didn't know what to do so I just turn off my computer. Could this be related to what's happening?

 

Unfortunately yes, I'm still getting the same message from Malwarebytes:

dawxIf8.png



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:11 AM

Posted 05 October 2016 - 01:43 AM

Hi fple.

 

AVG zen should be fine to leave like that.

 

 

 

Something little weird happened a few hours ago, a message appear asking if I wanted to change VPN to private, I didn't know what to do so I just turn off my computer. Could this be related to what's happening?

 

Do you use any VPN software? I can't find any of them installed on your system. Could you make a screenshot of the message?

 

Also, what is the model of your router? We might need to investigate that too, I assumed you have a username/password for it.

 

---------------

 

For now, please rename FRST64.exe to FRSTenglish64.exe so the log file will be in English, and then create a new set of FRST log for me.

 

Thank you,


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 fple

fple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:11 PM

Posted 05 October 2016 - 02:59 AM

Hi!

 

No, as far I as know I don't use any VPN software and I'm not really sure what it means. That message it's not appearing anymore anymore for me since I turn off my computer that first time.

 

My router: D-Link DIR-615

 

 

 

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by chico (administrator) on DESKTOP-5928JUV (05-10-2016 03:51:42)
Running from C:\Users\chico\Downloads\frst1
Loaded Profiles: chico (Available Profiles: chico)
Platform: Windows 10 Pro (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Core FTP) C:\Program Files\CoreFTP\coreftp.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\chico\Downloads\frst1\EnglishFRST64.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2371843960-625600179-927234901-1001\...\Run: [MinhaBox.br] => C:\Program Files (x86)\Minhateca.com.br Box\MinhaBox.exe [3916800 2015-12-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-09-21]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 94.102.60.183 8.8.8.8
Tcpip\..\Interfaces\{ba3c7716-259f-47bb-b09d-353d01fbf436}: [DhcpNameServer] 94.102.60.183 8.8.8.8
Tcpip\..\Interfaces\{c21ce4dc-10a5-41ae-bfe8-6e3a4417d804}: [DhcpNameServer] 201.6.2.18 201.6.2.158

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: s9232rao.default
FF ProfilePath: C:\Users\chico\AppData\Roaming\Mozilla\Firefox\Profiles\s9232rao.default [2016-10-04]
FF Extension: (ImageHost Grabber) - C:\Users\chico\AppData\Roaming\Mozilla\Firefox\Profiles\s9232rao.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2016-09-21]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default [2016-10-05]
CHR Extension: (Flash Video Downloader) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-09-18]
CHR Extension: (Google Docs) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-15]
CHR Extension: (Google Drive) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-15]
CHR Extension: (YouTube) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-15]
CHR Extension: (uBlock Origin) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-09-30]
CHR Extension: (Image Downloader) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2016-09-15]
CHR Extension: (Video Downloader professional) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-09-16]
CHR Extension: (Full Page Screen Capture) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-10-01]
CHR Extension: (Planilhas do Google) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-15]
CHR Extension: (Documentos Google off-line) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-15]
CHR Extension: (Enable right click) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2016-09-15]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-15]
CHR Extension: (Gmail) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-15]
CHR Extension: (Chrome Media Router) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-05 03:44 - 2016-10-05 03:44 - 00016148 _____ C:\Windows\system32\DESKTOP-5928JUV_chico_HistoryPrediction.bin
2016-10-05 00:58 - 2016-10-05 01:00 - 00000000 ____D C:\Users\chico\Documents\SPL1367629_Courtney_Love
2016-10-05 00:51 - 2016-10-05 00:52 - 00000000 ____D C:\Users\chico\Documents\SPL1367955_Ellen_von_Unwerth
2016-10-05 00:48 - 2016-10-05 00:48 - 00000616 _____ C:\Users\chico\Desktop\seydouxdaily.txt
2016-10-04 17:38 - 2016-10-04 17:39 - 00000000 ____D C:\Users\chico\Documents\VN_Harington_Leslie_EXCL
2016-10-04 17:15 - 2016-10-04 17:15 - 00000000 ____D C:\Windows\system32\appmgmt
2016-10-04 17:02 - 2016-10-05 03:51 - 00000000 ____D C:\Users\chico\Downloads\frst1
2016-10-04 10:00 - 2015-11-11 09:08 - 00008336 _____ C:\Windows\system32\SppExtComObjPatcher.exe
2016-10-04 10:00 - 2014-05-24 21:36 - 00015360 _____ C:\Windows\system32\SppExtComObjHook.dll
2016-10-04 09:48 - 2016-10-05 03:51 - 00000000 ____D C:\FRST
2016-10-02 20:34 - 2016-10-02 21:35 - 00000000 ____D C:\Program Files (x86)\GoldenDict
2016-10-02 20:34 - 2016-10-02 20:34 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldenDict
2016-10-02 05:31 - 2016-10-05 03:49 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4B2146F4-4093-4C55-9120-EEC9C83AFC74}
2016-10-02 05:28 - 2016-10-02 05:28 - 00000643 _____ C:\Users\chico\Desktop\KMPlayer.lnk
2016-10-02 05:28 - 2016-10-02 05:28 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2016-10-02 05:27 - 2016-10-04 04:36 - 00000000 ____D C:\KMPlayer
2016-10-02 05:26 - 2016-10-02 05:27 - 37642072 _____ (PandoraTV) C:\Users\chico\Desktop\KMPlayer_4.1.3.3.exe
2016-09-30 18:17 - 2016-10-04 09:32 - 00000000 ____D C:\Users\chico\Desktop\3
2016-09-30 04:44 - 2016-10-05 01:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-30 04:44 - 2016-09-30 04:44 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-30 04:44 - 2016-09-30 04:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-30 04:43 - 2016-09-30 04:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-30 04:43 - 2016-09-30 04:43 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-09-30 04:43 - 2016-09-30 04:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-30 04:43 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-30 04:43 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-30 04:43 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-28 10:16 - 2016-09-28 10:17 - 00000000 ____D C:\Users\chico\AppData\Roaming\XnView
2016-09-28 10:16 - 2016-09-28 10:16 - 00000791 _____ C:\Users\chico\Desktop\XnView.lnk
2016-09-25 17:51 - 2016-09-25 17:51 - 00000000 ____D C:\Users\chico\AppData\Roaming\AVG
2016-09-25 17:49 - 2016-09-25 17:49 - 00000000 ____D C:\Users\chico\AppData\Roaming\TuneUp Software
2016-09-25 17:48 - 2016-09-25 18:49 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2016-09-25 17:48 - 2016-09-25 18:49 - 00000000 ____D C:\ProgramData\MFAData
2016-09-25 17:48 - 2016-09-25 17:48 - 00000000 ____D C:\Users\chico\AppData\Local\MFAData
2016-09-25 17:41 - 2016-09-30 05:23 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk
2016-09-25 17:41 - 2016-09-30 05:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-09-25 17:40 - 2016-10-05 02:58 - 00003668 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-09-25 17:40 - 2016-09-25 18:49 - 00000000 ____D C:\Program Files (x86)\AVG
2016-09-25 17:39 - 2016-09-25 18:49 - 00000000 ____D C:\Users\chico\AppData\Local\Avg
2016-09-25 17:39 - 2016-09-25 18:47 - 00000000 ____D C:\Users\chico\AppData\Local\AvgSetupLog
2016-09-25 17:39 - 2016-09-25 17:49 - 00000000 ____D C:\Users\Todos os Usuários\Avg
2016-09-25 17:39 - 2016-09-25 17:49 - 00000000 ____D C:\ProgramData\Avg
2016-09-25 17:08 - 2016-07-26 14:24 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-09-23 17:06 - 2016-09-23 17:06 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2016-09-23 17:06 - 2016-09-23 17:06 - 00000000 ____D C:\Program Files (x86)\gs
2016-09-23 17:04 - 2016-09-23 17:04 - 00001321 _____ C:\Users\chico\Desktop\FlashFlippingBook PDF To JPG.lnk
2016-09-23 17:04 - 2016-09-23 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxoft Free PDF To JPG Converter (freeware)
2016-09-23 17:04 - 2016-09-23 17:04 - 00000000 ____D C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)
2016-09-23 17:00 - 2016-09-23 17:00 - 00000000 ____D C:\Users\chico\AppData\LocalLow\Adobe
2016-09-21 20:28 - 2016-09-21 20:28 - 00001245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.1.lnk
2016-09-21 20:28 - 2016-09-21 20:28 - 00001240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.1.lnk
2016-09-21 20:27 - 1998-11-05 04:08 - 00087392 _____ (Twain Working Group) C:\Windows\twain.dll
2016-09-21 20:24 - 1998-11-13 13:18 - 00308224 _____ (InstallShield Software Corporation, Inc.) C:\Windows\IsUn0416.exe
2016-09-21 20:15 - 2016-09-21 20:17 - 00000000 ____D C:\Users\chico\Desktop\PHOTOSHOP
2016-09-21 00:13 - 2016-09-21 00:21 - 00000000 ____D C:\Users\chico\AppData\Local\Mozilla
2016-09-21 00:13 - 2016-09-21 00:13 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-21 00:13 - 2016-09-21 00:13 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-21 00:13 - 2016-09-21 00:13 - 00000000 ____D C:\Users\chico\AppData\Roaming\Mozilla
2016-09-21 00:12 - 2016-09-25 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-21 00:12 - 2016-09-21 00:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-19 20:23 - 2016-10-04 23:21 - 00000000 ____D C:\Users\chico\AppData\Local\MinhaBox.br
2016-09-19 20:23 - 2016-10-04 23:10 - 00000000 ____D C:\Users\chico\.gstreamer-0.10
2016-09-19 20:23 - 2016-09-19 20:23 - 00000726 _____ C:\Users\Public\Desktop\Minhateca.lnk
2016-09-19 20:23 - 2016-09-19 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minhateca.com.br
2016-09-19 20:23 - 2016-09-19 20:23 - 00000000 ____D C:\Program Files (x86)\Minhateca.com.br Box
2016-09-19 18:08 - 2016-10-02 17:19 - 00000000 ____D C:\Users\chico\AppData\Local\CrashDumps
2016-09-17 02:35 - 2016-10-04 19:49 - 00000000 ____D C:\Users\chico\AppData\Roaming\CoreFTP
2016-09-17 02:34 - 2016-09-17 02:34 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64)
2016-09-17 02:34 - 2016-09-17 02:34 - 00000000 ____D C:\Program Files\CoreFTP
2016-09-16 16:54 - 2016-09-16 16:54 - 00003342 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-09-16 16:53 - 2016-09-16 16:53 - 00000000 ____D C:\Users\chico\AppData\Roaming\Skype
2016-09-16 14:42 - 2016-09-16 14:42 - 00000000 ____D C:\Users\chico\AppData\Roaming\FileZilla Server
2016-09-16 14:31 - 2016-09-16 14:31 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-09-15 17:56 - 2016-09-15 17:58 - 00000000 ____D C:\Users\chico\AppData\Local\Comms
2016-09-15 15:59 - 2016-09-15 15:59 - 00000000 ____D C:\Users\chico\AppData\Local\CEF
2016-09-15 15:55 - 2016-09-25 16:13 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-09-15 15:55 - 2016-09-25 16:13 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-15 15:41 - 2016-09-20 03:02 - 00000000 ____D C:\Users\chico\AppData\Local\Google
2016-09-15 15:37 - 2016-10-05 03:48 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 15:37 - 2016-10-04 23:10 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 15:37 - 2016-10-03 16:50 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-15 15:37 - 2016-10-03 16:50 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-15 15:37 - 2016-09-30 23:04 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-15 15:37 - 2016-09-15 15:43 - 00004166 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-15 15:37 - 2016-09-15 15:43 - 00003934 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-15 15:37 - 2016-09-15 15:37 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-15 15:36 - 2016-09-21 20:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-09-15 15:36 - 2016-09-15 17:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-15 15:36 - 2016-09-15 17:12 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-09-15 15:36 - 2016-09-15 17:12 - 00000000 ____D C:\ProgramData\Adobe
2016-09-15 15:36 - 2016-09-15 15:36 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-09-15 15:35 - 2016-09-23 17:00 - 00000000 ____D C:\Users\chico\AppData\Local\Adobe
2016-09-15 15:33 - 2016-09-15 15:33 - 00000000 ____D C:\Users\chico\AppData\Roaming\Macromedia
2016-09-15 15:33 - 2016-09-15 15:33 - 00000000 ____D C:\Users\chico\AppData\Local\NetworkTiles
2016-09-15 15:19 - 2016-09-15 15:19 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-09-15 15:19 - 2016-09-15 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-09-15 15:19 - 2016-09-15 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-09-15 15:19 - 2016-09-15 15:19 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-09-15 15:18 - 2016-09-15 15:18 - 00000000 ____D C:\Windows\PCHEALTH
2016-09-15 15:18 - 2016-09-15 15:18 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2016-09-15 15:18 - 2016-09-15 15:18 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-09-15 15:15 - 2016-09-15 15:20 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-09-15 15:15 - 2016-09-15 15:18 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 __RHD C:\MSOCache
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Users\chico\AppData\Local\Microsoft Help
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-09-15 15:13 - 2016-09-15 15:32 - 00000000 ____D C:\Users\chico\AppData\Local\MicrosoftEdge
2016-09-15 15:09 - 2016-10-04 17:06 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-09-15 15:09 - 2016-10-04 17:06 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-09-15 14:55 - 2016-10-04 17:04 - 00000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
2016-09-15 14:53 - 2016-09-15 14:53 - 00000000 ____D C:\Users\chico\AppData\Local\PeerDistRepub
2016-09-15 14:51 - 2016-09-15 15:06 - 00000000 ____D C:\Users\chico\AppData\Local\MSfree Inc
2016-09-15 14:39 - 2016-09-15 14:51 - 00000000 ____D C:\Users\chico\AppData\Roaming\WinRAR
2016-09-15 14:39 - 2016-09-15 14:39 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-15 14:39 - 2016-09-15 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-15 14:38 - 2016-09-15 14:39 - 00000000 ____D C:\Program Files\WinRAR
2016-09-15 14:36 - 2016-09-15 14:36 - 00000000 ____D C:\Users\chico\AppData\Local\mpress
2016-09-15 14:35 - 2016-09-15 14:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-09-15 14:31 - 2016-09-16 16:54 - 00002369 _____ C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-15 14:31 - 2016-09-16 16:54 - 00000000 ___RD C:\Users\chico\OneDrive
2016-09-15 14:31 - 2016-09-15 14:31 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
2016-09-15 14:31 - 2016-09-15 14:31 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-15 14:30 - 2016-10-04 19:10 - 01720508 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-15 14:29 - 2016-10-04 17:06 - 00000000 ____D C:\Users\chico
2016-09-15 14:29 - 2016-09-25 20:15 - 00000000 ____D C:\Users\chico\AppData\Roaming\Adobe
2016-09-15 14:29 - 2016-09-21 21:01 - 00000000 ____D C:\Users\chico\AppData\Local\VirtualStore
2016-09-15 14:29 - 2016-09-15 14:46 - 00000000 ____D C:\Users\chico\AppData\Local\Packages
2016-09-15 14:29 - 2016-09-15 14:29 - 00016148 _____ C:\Windows\system32\DESKTOP-5928JUV_defaultuser0_HistoryPrediction.bin
2016-09-15 14:29 - 2016-09-15 14:29 - 00000020 ___SH C:\Users\chico\ntuser.ini
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Modelos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Meus Documentos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Menu Iniciar
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Documents\Minhas Músicas
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Documents\Minhas Imagens
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Documents\Meus Vídeos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Dados de Aplicativos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Configurações Locais
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\AppData\Local\Histórico
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\AppData\Local\Dados de Aplicativos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Ambiente de Rede
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Ambiente de Impressão
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 ____D C:\Users\chico\AppData\Local\TileDataLayer
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 ____D C:\Users\chico\AppData\Local\Publishers
2016-09-15 14:27 - 2016-09-15 14:27 - 00000000 ____D C:\Windows\CSC
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Músicas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Imagens
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Meus Vídeos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Histórico
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários\Modelos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários\Menu Iniciar
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários\Documentos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Public\Documents\Minhas Músicas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Public\Documents\Minhas Imagens
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Public\Documents\Meus Vídeos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Modelos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Meus Documentos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Menu Iniciar
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Documents\Minhas Músicas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Documents\Minhas Imagens
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Documents\Meus Vídeos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Configurações Locais
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\AppData\Local\Histórico
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\AppData\Local\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Ambiente de Rede
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Ambiente de Impressão
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\Documents\Minhas Músicas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\Documents\Minhas Imagens
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\Documents\Meus Vídeos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Histórico
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Modelos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Menu Iniciar
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Documentos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Program Files\Common Files\Sistema
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Program Files\Arquivos Comuns
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Arquivos de Programas
2016-09-15 14:24 - 2015-07-10 07:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-09-15 14:20 - 2016-09-15 14:27 - 00000000 ____D C:\Windows\Panther

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-04 19:10 - 2015-07-10 13:36 - 00745200 _____ C:\Windows\system32\prfh0416.dat
2016-10-04 19:10 - 2015-07-10 13:36 - 00145230 _____ C:\Windows\system32\prfc0416.dat
2016-10-04 19:10 - 2015-07-10 08:02 - 00000000 ____D C:\Windows\INF
2016-10-04 17:06 - 2015-07-10 09:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-04 17:06 - 2015-07-10 06:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2016-10-04 17:04 - 2015-07-10 08:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-10-01 05:58 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\NDF
2016-09-30 23:28 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\LiveKernelReports
2016-09-25 18:48 - 2015-07-10 08:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-09-25 17:53 - 2015-07-10 06:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-09-22 15:00 - 2015-07-10 07:55 - 00000000 ____D C:\Windows\CbsTemp
2016-09-15 18:19 - 2015-07-10 09:20 - 00347392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-15 16:30 - 2015-07-10 08:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-15 15:19 - 2015-07-10 13:50 - 00000000 ____D C:\Windows\ShellNew
2016-09-15 15:19 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-15 15:15 - 2015-07-10 08:04 - 00000167 _____ C:\Windows\win.ini
2016-09-15 15:15 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Common Files\System
2016-09-15 14:51 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\AppReadiness
2016-09-15 14:45 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\DevicesFlow
2016-09-15 14:29 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-09-15 14:29 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\PrintDialog
2016-09-15 14:29 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\MiracastView
2016-09-15 14:29 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-09-15 14:28 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\rescache
2016-09-15 14:27 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\spool
2016-09-15 14:27 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-09-15 14:25 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Windows NT
2016-09-15 14:23 - 2015-07-10 06:05 - 00000000 ____D C:\Windows\system32\Sysprep
2016-09-15 14:20 - 2015-07-10 08:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-28 10:33

==================== End of FRST.txt ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by chico (05-10-2016 03:52:34)
Running from C:\Users\chico\Downloads\frst1
Windows 10 Pro (X64) (2016-09-15 17:27:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2371843960-625600179-927234901-500 - Administrator - Disabled)
chico (S-1-5-21-2371843960-625600179-927234901-1001 - Administrator - Enabled) => C:\Users\chico
Convidado (S-1-5-21-2371843960-625600179-927234901-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-2371843960-625600179-927234901-503 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.101.2.40207 - AVG Technologies)
AVG Zen (HKLM\...\{5A842DD0-1FE5-4699-B40A-2B3F3CCC51B1}) (Version: 1.101.4 - AVG Technologies)
Boxoft Free PDF To JPG Converter (freeware) (HKLM-x32\...\Boxoft Free PDF To JPG Converter (freeware)_is1) (Version:  - boxoft Solution)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
GoldenDict (HKLM-x32\...\GoldenDict) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM-x32\...\GPL Ghostscript 8.71) (Version:  - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.3.3 - PandoraTV)
Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Minhateca.com.br Box (HKLM-x32\...\{88CF5E68-D90C-4653-9FF4-CEE16AE50270}) (Version: 2.0.9 - Minhateca.com.br)
Mozilla Firefox 49.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 49.0 (x86 pt-BR)) (Version: 49.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0 - Mozilla)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2371843960-625600179-927234901-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21D0A16A-DCFD-461F-89A1-6B150126F94A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-16] (Microsoft Corporation)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {471B969B-BE33-46E0-BF49-4C73B03D0710} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {4D2B0906-D4BE-4913-AF39-C129B4FBBEE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-15] (Google Inc.)
Task: {9C1090AC-829B-4851-90DD-FF833A0E3A2F} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {F563EADD-9FF6-4E55-A611-732DFA16C687} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-15] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 08:00 - 2015-07-10 08:00 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-07-10 07:59 - 2015-07-10 07:59 - 00403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-07-10 08:00 - 2015-07-10 08:00 - 02498296 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-07-10 08:00 - 2015-07-10 08:00 - 02498296 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-09-16 16:53 - 2016-09-16 16:53 - 01864384 _____ () C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-07-10 07:59 - 2015-07-10 07:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 07:59 - 2015-07-10 07:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-07-10 08:00 - 2015-07-10 13:49 - 06579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 08:00 - 2015-07-10 13:49 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-10 08:00 - 2015-07-10 13:49 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 08:00 - 2015-07-10 13:49 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-10 13:57 - 2015-07-10 13:57 - 00007168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-07-10 13:57 - 2015-07-10 13:57 - 13490688 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-09-16 16:53 - 2016-09-16 16:53 - 01383616 _____ () C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-09-16 16:53 - 2016-09-16 16:53 - 00118976 _____ () C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-09-25 17:40 - 2016-09-25 17:40 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-09-15 17:37 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\chico\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-15 17:37 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\chico\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 08:04 - 2015-07-10 08:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2371843960-625600179-927234901-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 94.102.60.183 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: wuauserv => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{964CC9E9-A92A-41BA-9174-F7E2CE753C3E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{3403FFA0-7167-43BB-A6BA-E89A1AE1B97C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{2CB2FC90-8E7B-4C61-9C64-66CDA75AF3EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-09-2016 15:14:44 Installed Microsoft Office Professional Plus 2010
19-09-2016 20:20:11 Instalado Minhateca.com.br Box
22-09-2016 15:00:15 Instalador de Módulos do Windows
25-09-2016 17:48:58 Installed AVG 2016
04-10-2016 17:04:23 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Dispositivo do sistema básico
Description: Dispositivo do sistema básico
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: BCM20702A0
Description: BCM20702A0
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Porta serial PCI
Description: Porta serial PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controlador de comunicação PCI simples
Description: Controlador de comunicação PCI simples
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2016 07:53:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5928JUV)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (10/04/2016 07:49:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5928JUV)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (10/04/2016 05:16:38 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-5928JUV)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG Zen -- Error 27054. CA_Error27054: SetupAction(0xE001003D): Installation failed.

Error: (10/04/2016 05:16:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-5928JUV)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG Zen -- Error 27054. CA_Error27054: SetupAction(0xE0010058): Installation failed.

Error: (10/04/2016 05:15:03 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-5928JUV)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG Zen -- Error 27054. CA_Error27054: SetupAction(0xE001003D): Installation failed.

Error: (10/04/2016 05:14:58 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-5928JUV)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG Zen -- Error 27054. CA_Error27054: SetupAction(0xE0010058): Installation failed.

Error: (10/04/2016 05:04:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP.

System Error:
Acesso negado.
.

Error: (10/04/2016 05:04:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
   Obtendo Dados do Gravador

Contexto:
   Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome do Gravador: System Writer
   ID de Instância de Gravador: {98eb3d58-d979-4b9c-9a80-ad057207b39c}

Error: (10/04/2016 04:56:59 PM) (Source: KMS-QAD) (EventID: 1001) (User: )
Description: Event-ID 1001

Error: (10/03/2016 05:18:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5928JUV)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.


System errors:
=============
Error: (10/04/2016 07:54:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço avgsvc.

Error: (10/04/2016 07:53:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5928JUV)
Description: O servidor CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca não se registrou no DCOM dentro do tempo limite necessário.

Error: (10/04/2016 07:49:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Host de Sincronização_Session1.

Error: (10/04/2016 07:49:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5928JUV)
Description: O servidor CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca não se registrou no DCOM dentro do tempo limite necessário.

Error: (10/04/2016 07:49:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (10/04/2016 05:06:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (10/04/2016 05:05:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Windows Search, mas essa ação falhou com o seguinte erro: 
Uma cópia deste serviço já está sendo executada.

Error: (10/04/2016 05:04:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.

Error: (10/04/2016 05:04:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço AVG Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

Error: (10/04/2016 05:04:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço MBAMService foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).


CodeIntegrity:
===================================
  Date: 2016-10-04 19:40:46.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-02 19:34:46.044
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 20:23:19.822
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-30 20:56:29.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-25 20:53:17.804
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-25 17:27:04.403
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-25 16:53:15.451
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 78%
Total physical RAM: 3793.65 MB
Available physical RAM: 829.37 MB
Total Virtual: 5481.68 MB
Available Virtual: 1744.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.27 GB) (Free:396.52 GB) NTFS
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:470.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 037208B2)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 6152F1A7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



#8 fple

fple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:11 PM

Posted 05 October 2016 - 03:22 AM

I scanned again marking everything in "Optional Scan":

 

 

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by chico (administrator) on DESKTOP-5928JUV (05-10-2016 05:16:31)
Running from C:\Users\chico\Downloads\frst1
Loaded Profiles: chico (Available Profiles: chico)
Platform: Windows 10 Pro (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Core FTP) C:\Program Files\CoreFTP\coreftp.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Farbar) C:\Users\chico\Downloads\frst1\EnglishFRST64.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2371843960-625600179-927234901-1001\...\Run: [MinhaBox.br] => C:\Program Files (x86)\Minhateca.com.br Box\MinhaBox.exe [3916800 2015-12-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-09-21]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 94.102.60.183 8.8.8.8
Tcpip\..\Interfaces\{ba3c7716-259f-47bb-b09d-353d01fbf436}: [DhcpNameServer] 94.102.60.183 8.8.8.8
Tcpip\..\Interfaces\{c21ce4dc-10a5-41ae-bfe8-6e3a4417d804}: [DhcpNameServer] 201.6.2.18 201.6.2.158

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: s9232rao.default
FF ProfilePath: C:\Users\chico\AppData\Roaming\Mozilla\Firefox\Profiles\s9232rao.default [2016-10-04]
FF Extension: (ImageHost Grabber) - C:\Users\chico\AppData\Roaming\Mozilla\Firefox\Profiles\s9232rao.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2016-09-21]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default [2016-10-05]
CHR Extension: (Flash Video Downloader) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-09-18]
CHR Extension: (Google Docs) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-15]
CHR Extension: (Google Drive) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-15]
CHR Extension: (YouTube) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-15]
CHR Extension: (uBlock Origin) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-09-30]
CHR Extension: (Image Downloader) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2016-09-15]
CHR Extension: (Video Downloader professional) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-09-16]
CHR Extension: (Full Page Screen Capture) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-10-01]
CHR Extension: (Planilhas do Google) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-15]
CHR Extension: (Documentos Google off-line) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-15]
CHR Extension: (Enable right click) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2016-09-15]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-15]
CHR Extension: (Gmail) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-15]
CHR Extension: (Chrome Media Router) - C:\Users\chico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys 22CE801AD25C51E2553F41A076BB0CB2
C:\Windows\System32\drivers\3ware.sys 2C49A2441EBB24C6ACFB524C1459115F
C:\Windows\System32\drivers\ACPI.sys 862C26ABD7140AF3963B3B9905EE6440
C:\Windows\System32\Drivers\acpiex.sys 1E3C4EDBB7F3F668B7205E351010BB79
C:\Windows\System32\drivers\acpipagr.sys 13B1C26AEDCB40082CDD97506F968129
C:\Windows\System32\drivers\acpipmi.sys B3D64FF927D611721DA73A61BF3A18B3
C:\Windows\System32\drivers\acpitime.sys 19F793B2203D94AC1F8AEDB08B494E2E
C:\Windows\System32\drivers\ADP80XX.SYS 2A24E10C1A1DE0E0035E353EED494A1C
C:\Windows\system32\drivers\afd.sys 6C12C7E01A4F64E0AA9C88AF66955CC9
C:\Windows\System32\drivers\agp440.sys EF09D07626820F7F89519514C17FE768
C:\Windows\System32\DRIVERS\ahcache.sys 8A289EF0721F95267BF2404BABEE146D
C:\Windows\System32\drivers\amdk8.sys 6763084E8322A4876D1613854640F914
C:\Windows\System32\drivers\amdppm.sys DE29D8AB57AD67D4940CAB4A48B3E230
C:\Windows\System32\drivers\amdsata.sys 4C1F9BBAF5CCD76D4642F3B92B97B454
C:\Windows\System32\drivers\amdsbs.sys F8195C1A15955180DD663E7FF4C2F6DD
C:\Windows\System32\drivers\amdxata.sys DD2F5BBCFAC4D8E48DB1A95A7EEBFF08
C:\Windows\system32\drivers\appid.sys 46AAF119090573A80D603745582229ED
C:\Windows\System32\drivers\arcsas.sys 0756EECAC010BE449D07502DF27E7701
C:\Windows\System32\drivers\asyncmac.sys A5792F971EFE86B7F56EE7299ED1082B
C:\Windows\System32\drivers\atapi.sys 8921DF6060DB5C7700AA48CB12E9EA08
C:\Windows\System32\drivers\bxvbda.sys 00D64E82900E4EC9062805ED87C2D75A
C:\Windows\System32\drivers\BasicDisplay.sys 5164A66EC1565711A7B4CF2F143B4979
C:\Windows\System32\drivers\BasicRender.sys F4C58BBF2972BD84C73F6A14CA35AC4E
C:\Windows\System32\drivers\bcmfn2.sys 25349D0B334E528667980948ED107D89
C:\Windows\System32\Drivers\Beep.sys 1E8A9267F8886803AAE02982FC1B5BC4
C:\Windows\System32\DRIVERS\bowser.sys C9FD65687EF89715999C582D3E568812
C:\Windows\System32\drivers\BthAvrcpTg.sys F8DD3B0EAC1EF1D087AE47E5819540AC
C:\Windows\System32\drivers\bthhfenum.sys 2FEDE143C0314A42DEB594DA9EB523CB
C:\Windows\System32\drivers\BthHFHid.sys B95040CAD3434D9EE003065363A0FAFF
C:\Windows\System32\drivers\bthmodem.sys 29AEE352AED4FCD2191436D263D75347
C:\Windows\System32\drivers\buttonconverter.sys F34AD5A9F944D91BD285D1C29EEECB2B
C:\Windows\System32\drivers\capimg.sys A10A1E05A943B10ECE5D57D131B7404D
C:\Windows\System32\DRIVERS\cdfs.sys F2829DC6D292DCAC5029893BB2E9FEE3
C:\Windows\System32\drivers\cdrom.sys CA160E02F35A61C6F5C681FB4669C519
C:\Windows\System32\drivers\circlass.sys 60D7D304DF75DFF6A46CF633F583B592
C:\Windows\System32\drivers\CLFS.sys FF9D4BCE19E5D36CB3A845A3286DA6C3
C:\Windows\System32\drivers\CmBatt.sys 8EBA63416EC166EBA6EF6D34A505D8C8
C:\Windows\System32\Drivers\cng.sys 0CC7CA2AC602F8B6BC93B57F63889235
C:\Windows\System32\DRIVERS\cnghwassist.sys 5EEA0856000F81B3D709BC81B3AA1EF2
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys 74CD3BF688E2B408227FE012A2F2D8ED
C:\Windows\System32\drivers\condrv.sys D38774D1D383A2CDB9A4F64B7206913B
C:\Windows\System32\drivers\csc.sys 838755238B2BAE5A4802B038443B8A22
C:\Windows\System32\drivers\dam.sys 4FBDC124FDFE5B51522ECD077D016623
C:\Windows\System32\Drivers\dfsc.sys 25435407D97419627F4B10653433BF2B
C:\Windows\System32\drivers\disk.sys FDCD449AE9E75D7690593D16ADAF4DB4
C:\Windows\System32\drivers\dmvsc.sys F10A8F6D036CEDD14A5471782C52F041
C:\Windows\system32\drivers\drmkaud.sys 45771610FF181434073B5A0A00F20F8D
C:\Windows\System32\drivers\dxgkrnl.sys 3AE126D2F420D9B8838D19F81B6F7337
C:\Windows\System32\drivers\e1i63x64.sys C413D1219AFF3005E1318CC8EA38DB4F
C:\Windows\System32\drivers\evbda.sys 3070013B01EDA42C7EB67D731340C396
C:\Windows\System32\drivers\EhStorClass.sys 59EE187E333EE9914DD9BEA5F4E0D85D
C:\Windows\System32\drivers\EhStorTcgDrv.sys 9297F1CC486F24BDFD2874156AC5430F
C:\Windows\System32\drivers\errdev.sys F7FCCA6300485EF60CEA6D991D6C8C78
C:\Windows\System32\Drivers\exfat.sys DCCDC3F35F0618692117DF90800A4284
C:\Windows\System32\Drivers\fastfat.sys 435FC0D25ADFD1A2FBA8C98BD4D79E23
C:\Windows\System32\drivers\fcvsc.sys 4E4B7D935DBF522B2F23D3573596181D
C:\Windows\System32\drivers\fdc.sys 583EB1C7690E361213BBD0472155128B
C:\Windows\System32\drivers\filecrypt.sys CDFD81CACE0E11596A3BB61EC4CF6467
C:\Windows\System32\drivers\fileinfo.sys 3F02FEDAE894CBF4BAADDF8C8E1D53A8
C:\Windows\System32\drivers\filetrace.sys 2824933386E30DE5BA089DF539CE19A3
C:\Windows\System32\drivers\flpydisk.sys 6A598249640F8BEDD79EC73917E1664F
C:\Windows\System32\drivers\fltmgr.sys 44B6A6832134DF651E887E941478CA35
C:\Windows\System32\drivers\FsDepends.sys 3F3B9E8CECD5604BC7746EF3A852EB67
C:\Windows\System32\Drivers\Fs_Rec.sys A60583221C7BB7CEC35C63285A297BE1
C:\Windows\System32\DRIVERS\fvevol.sys 58013A50225174EEF1410E37795D7908
C:\Windows\System32\drivers\gagp30kx.sys 0DAAE3EFCE00133AB3E383A36C47CDAF
C:\Windows\System32\drivers\vmgencounter.sys F59155B95D01C08F9ED774B626B504A1
C:\Windows\System32\drivers\genericusbfn.sys AE24452F55C6F1784CBD7489D0CDDB02
C:\Windows\System32\Drivers\msgpioclx.sys 96F0D3A583A91B634EE2AC2507356EDC
C:\Windows\System32\drivers\gpuenergydrv.sys BA2455D93BD57989A04FE4094AA6F941
C:\Windows\system32\DRIVERS\HdAudio.sys FE85E924C86D6D313D61C28A451EA4DE
C:\Windows\System32\drivers\HDAudBus.sys C277A49F8A8295840DEBC9240B75A282
C:\Windows\System32\drivers\HidBatt.sys D5A57EF4822A0388352FFF9F5CD53495
C:\Windows\System32\drivers\hidbth.sys 39575B53EB80C77FF2A3F1449D00B7F5
C:\Windows\System32\drivers\hidi2c.sys 35C3B602664116E737FF729F9A7156AD
C:\Windows\System32\drivers\hidinterrupt.sys C4ABE526BBF2A18E8AF70177FBAD9C6E
C:\Windows\System32\drivers\hidir.sys 348416C7D7EB05BC3099FE2F2B27985C
C:\Windows\System32\drivers\hidusb.sys 01F732724AF6EFE69886DA95A4E51820
C:\Windows\System32\drivers\HpSAMD.sys 3844CE7DD23530CAD59D8CABA57CCB05
C:\Windows\System32\drivers\HTTP.sys CA6EADBB8731CA27BDA4037BF290AC14
C:\Windows\System32\drivers\hwpolicy.sys 8841D927EB1F7FFC8B1805BC0CF190ED
C:\Windows\System32\drivers\hyperkbd.sys 53436C3835E80F4421652A67F44D6313
C:\Windows\system32\DRIVERS\HyperVideo.sys B2DC6C2F313EBB967B556B4E73A75451
C:\Windows\System32\drivers\i8042prt.sys D4CDEE4A62BDFFF6E8558A9552148EA7
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys F1DF87463AC308047B089E9F0456B4C8
C:\Windows\System32\drivers\iaStorAV.sys 9FDD4763A115D04F565C38183DE4646F
C:\Windows\System32\drivers\iaStorV.sys 4E69EE8F8E5DA036535D433C544AF9E2
C:\Windows\System32\drivers\ibbus.sys 15C59DF20F74A0C2C764B991FED7F4A5
C:\Windows\System32\drivers\intelide.sys 498759139F71142888CF7EFA1ABE18C8
C:\Windows\System32\drivers\intelpep.sys DC270DDCDDC2EF65D484A65CC5166222
C:\Windows\System32\drivers\intelppm.sys B4D9C777762B1F7356958B9C0AA93BEB
C:\Windows\System32\drivers\ioqos.sys 22BD83268B80A8C89AAC0BDF46E4EB5D
C:\Windows\System32\DRIVERS\ipfltdrv.sys A49E47A6E1429123F46A7CA9C05AEFC1
C:\Windows\System32\drivers\IPMIDrv.sys E0C276985AF968CE295B8E09C121321F
C:\Windows\System32\drivers\ipnat.sys 5D3744E6FDEC1A6FB3FA9B1DD4AF0694
C:\Windows\System32\drivers\irenum.sys B18202D72C0EF4B53CEC6F59E3E1B955
C:\Windows\System32\drivers\isapnp.sys CD04CBCCCB4C0E4BB06B98E0F45C888A
C:\Windows\System32\drivers\msiscsi.sys 5D90E942C94B20E0F321015C0ABF3EEA
C:\Windows\System32\drivers\kbdclass.sys 4192DFE6CA143C0AD8AF42C51A82BECA
C:\Windows\System32\drivers\kbdhid.sys B63C0DB341DCB46CF7AA259333A737DD
C:\Windows\System32\drivers\kdnic.sys 53C79A7FABDAAFD11EAB31963FB2CED7
C:\Windows\System32\Drivers\ksecdd.sys 1E99B26BDB9B9C9BC775ED4543558560
C:\Windows\System32\Drivers\ksecpkg.sys 6198A79011C67497B324798B3D4272CE
C:\Windows\system32\drivers\ksthunk.sys 503597D9B72DBD9998F722F12A51ACFC
C:\Windows\System32\drivers\lltdio.sys DB789F57CE94C827FBFF709CA5ABD29E
C:\Windows\System32\drivers\lsi_sas.sys 3BB39166E446D456C277C17DFEA3DAC6
C:\Windows\System32\drivers\lsi_sas2i.sys 25CF625E46307A5D6674C8DFA1A289AA
C:\Windows\System32\drivers\lsi_sas3i.sys 722C52B12EA4C198D56994934C9DDAB6
C:\Windows\System32\drivers\lsi_sss.sys 3371FF1D5D745C3306C6A2C4E99C25A9
C:\Windows\system32\drivers\luafv.sys C692B9C0352315417CF49FFA664957A3
C:\Windows\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\system32\drivers\mwac.sys 898415AC0B5F1D2A9A48ABCB68A6DC4B
C:\Windows\System32\drivers\megasas.sys B2ED9A7A5587A128A0EFD0DBE7662E95
C:\Windows\System32\drivers\megasr.sys 083F71488E6780A67290273180256EA5
C:\Windows\System32\drivers\mlx4_bus.sys 5907A10D46747A2B6DBFD6A198254DC2
C:\Windows\system32\drivers\mmcss.sys 91ED6F0EDF4158D63C52194F17D4F42E
C:\Windows\System32\drivers\modem.sys 2C4CC9F6ADBED5A6D131FDB97A78FF68
C:\Windows\System32\drivers\monitor.sys D8DB13529C8AD6FBAF8E2F382024374F
C:\Windows\System32\drivers\mouclass.sys 2DAAF1EE1C30F2FCF59851A64ADA0422
C:\Windows\System32\drivers\mouhid.sys D30FE074503283829ED194BCAE6239C3
C:\Windows\System32\drivers\mountmgr.sys 828BD02B24D0DEAA985C4E040F1AB21D
C:\Windows\System32\drivers\mpsdrv.sys 989A1BBD9C49B107B4A47D06E6827A69
C:\Windows\system32\drivers\mrxdav.sys C1E74DD1D84861D8F12FF8BC0BA11975
C:\Windows\System32\DRIVERS\mrxsmb.sys 1DF2C5FD2710A13B07E663A12F0E0EEA
C:\Windows\System32\DRIVERS\mrxsmb10.sys 185932B1149BD707F8A13174CDAB365B
C:\Windows\System32\DRIVERS\mrxsmb20.sys 99E24D4DBACBC569833B9A67710D65E7
C:\Windows\System32\drivers\bridge.sys 6F8BE4FB6262012E61BBADB5444628DC
C:\Windows\System32\Drivers\Msfs.sys 7C55F1751CAC199680D4489D1EE46544
C:\Windows\System32\drivers\msgpiowin32.sys 7395DF6A6C67033E6B3AE97CC838A10F
C:\Windows\System32\drivers\mshidkmdf.sys 09622DBC24D0178F15DB8461BB6970DF
C:\Windows\System32\drivers\mshidumdf.sys 34BB07495C0159BE4189841E16F3BC2F
C:\Windows\System32\drivers\msisadrv.sys 7BF3F0DA362C053918F5F2EC43CE39E2
C:\Windows\system32\drivers\MSKSSRV.sys B2D0FD21FE67D6434769CC6F7A7883CA
C:\Windows\System32\drivers\mslldp.sys FB3801F176376286A3F8F20FFB8CDC53
C:\Windows\system32\drivers\MSPCLOCK.sys 8CBDF0E7A6CD824352F37A682A33DF7E
C:\Windows\system32\drivers\MSPQM.sys 33E5B6261D69ACD4948A5C64B9D8F29F
C:\Windows\System32\Drivers\MsRPC.sys 557DF8C0DBBBF518AC395C6EB1B179AE
C:\Windows\System32\drivers\mssmbios.sys 0A29AFA668F5DD50482A98ECE70C77A7
C:\Windows\system32\drivers\MSTEE.sys 30CE30877FD5BFADE74FA27D7829BF89
C:\Windows\System32\drivers\MTConfig.sys 13D88C0B8A2FA001CD72D454955A6974
C:\Windows\System32\Drivers\mup.sys 00C7F0F06A0A48B9CDB6B3AC3BE288F0
C:\Windows\System32\drivers\mvumis.sys 8E237527CA260C71D39ED4081BDF3419
C:\Windows\System32\DRIVERS\nwifi.sys 48D0587A8302FD3302CFE6F59F7345B0
C:\Windows\System32\drivers\ndfltr.sys CF8296427834CF8BBB3EE1444C17362D
C:\Windows\System32\drivers\ndis.sys C055015D9B573A7EDAF2B2948E687F36
C:\Windows\System32\drivers\ndiscap.sys A0719D1EBA971DFC5DF5F7CC010385F8
C:\Windows\System32\drivers\NdisImPlatform.sys 0C557932CCCC65AEB37326DD36504527
C:\Windows\System32\DRIVERS\ndistapi.sys 56F9345D1945826135FBAB7589592B1F
C:\Windows\System32\drivers\ndisuio.sys AADFC340939D99E5D756E713E1D452EB
C:\Windows\System32\drivers\NdisVirtualBus.sys 312DFD787D99D3BF1427B0388BC04F71
C:\Windows\System32\drivers\ndiswan.sys 2103F43E0A1ECFB14B7E1B889F5F24D7
C:\Windows\System32\DRIVERS\ndiswan.sys 2103F43E0A1ECFB14B7E1B889F5F24D7
C:\Windows\System32\DRIVERS\NDProxy.sys 6E98F16983C4AE8703FF9F90AB4B31DD
C:\Windows\System32\drivers\Ndu.sys F1B7CC77F412C8D45B2DDCF76EDA4F9D
C:\Windows\System32\drivers\netbios.sys 824FDC990A3F79069BE468A132EB6888
C:\Windows\System32\DRIVERS\netbt.sys F0D791348AD254360CC3C3E501CCB745
C:\Windows\System32\drivers\netvsc.sys 46E862DA2CF8F351375EF537276B69B5
C:\Windows\System32\drivers\NETwew01.sys 0F76FA3A3F8D169B1CA6F54DC7561CD5
C:\Windows\System32\Drivers\Npfs.sys 41557BE174E9EC6AC703A8A4ADBC6650
C:\Windows\System32\drivers\npsvctrig.sys AC3F70FCFBCE97AA2F12BA43EE13B86E
C:\Windows\System32\drivers\nsiproxy.sys 66A98C407085B8920DF1E6D722F1ADB8
C:\Windows\System32\Drivers\NTFS.sys 5B3D91EB07785D0EDB19449D5C35E30A
C:\Windows\System32\Drivers\Null.sys 383E546EF4982262A0EF6CC2B6E9D525
C:\Windows\System32\drivers\nvraid.sys 466F875F1D4C6ABB46AF28007009237C
C:\Windows\System32\drivers\nvstor.sys 76F19EAE7A52CBAF7B8EC428BE6E0DA0
C:\Windows\System32\drivers\nv_agp.sys 0D0CB77D74B38E0EC62341C19E469D8D
C:\Windows\System32\drivers\parport.sys 38F1AE32339731F6E5A7281AE8042545
C:\Windows\System32\drivers\partmgr.sys 707889D2F95AAE8C9DD254D8767AD908
C:\Windows\System32\drivers\pci.sys 2D28307BF258572FA46E643A594CD0EA
C:\Windows\System32\drivers\pciide.sys 3D587E4295B11B8480F7ACB09A89D718
C:\Windows\System32\drivers\pcmcia.sys B8F07002B5F1DA23CFF979C2806B09F3
C:\Windows\System32\drivers\pcw.sys FF588077D0C6AC2EA3FCBF1903CE08D0
C:\Windows\System32\drivers\pdc.sys 5A4426450501534666F9E6157E258A0B
C:\Windows\System32\drivers\peauth.sys 688F47C342E1BBC87A48AB71D316233E
C:\Windows\System32\drivers\percsas2i.sys 189265498945593D5256CFF7FEBB9665
C:\Windows\System32\drivers\percsas3i.sys 9B86965114F6831A5130EFE6657B17D9
C:\Windows\System32\drivers\raspptp.sys 1433EB7908E5E1E20FFD50E4126C3484
C:\Windows\System32\drivers\processr.sys 22DE54C3974E4FD98F61D095C22C59B7
C:\Windows\System32\drivers\pacer.sys EDD52C352CBAAAD13FD7BD5DCEA309B3
C:\Windows\system32\drivers\qwavedrv.sys 51590F442C6E5D43244BA30DDB0CE79D
C:\Windows\System32\DRIVERS\rasacd.sys E951E70019865B06126AF850BCCA2026
C:\Windows\System32\drivers\AgileVpn.sys 0BF8607133AE264BC3C41A5BAA5FFB7B
C:\Windows\System32\drivers\rasl2tp.sys CA60F6C03611AF1710BC903ED9F566FB
C:\Windows\System32\drivers\raspppoe.sys E5FA41160F5A3D78D8F7765E5C5F6BB0
C:\Windows\System32\drivers\rassstp.sys DF0834AE921E633E05D1FDC55C318957
C:\Windows\System32\DRIVERS\rdbss.sys FC9B7AC6E2B837EF7CD6C64F7068D41D
C:\Windows\System32\drivers\rdpbus.sys FB7375657F8A5932C35EAA45E9B4B416
C:\Windows\System32\drivers\rdpdr.sys A32AED8C644734B283A7C9D08D76064D
C:\Windows\System32\drivers\rdpvideominiport.sys 37CC7E41243EFBB4FBC0510E5CA32A02
C:\Windows\System32\drivers\rdyboost.sys 9C5002D1DC437DCE6D11FA4448D994D7
C:\Windows\System32\Drivers\ReFSv1.sys E726FE08AFAFAC6F8E75E5DCC3BF8177
C:\Windows\System32\drivers\rspndr.sys DC66C1D262D64E30A30B68E9F21AC74B
C:\Windows\System32\drivers\vms3cap.sys 88F7703F2A4677C828124AE2110D3EBC
C:\Windows\System32\drivers\sbp2port.sys B467E932FE4E16E201DC7E56870CB559
C:\Windows\System32\DRIVERS\scfilter.sys 31DDA0716EC265CA57DAF9D2295FD76F
C:\Windows\System32\drivers\sdbus.sys CC41D16FB823F9BE167BE773F225CD1F
C:\Windows\System32\drivers\sdstor.sys F4BF50A7D16A97A887BFA0F193693C42
C:\Windows\System32\drivers\SerCx.sys 9DB0BBE3ABE1F49651AE51EC5BCABE58
C:\Windows\System32\drivers\SerCx2.sys C4AF79C37334D995D95C22C14FDBF7FD
C:\Windows\System32\drivers\serenum.sys FC541A272F47BE03E67A9FCB87FA8C3E
C:\Windows\System32\drivers\serial.sys 2A5F5F95FCA123DCBF53B5F603B64789
C:\Windows\System32\drivers\sermouse.sys C8738887228B7BFA3B1A906816A8BB12
C:\Windows\System32\drivers\sfloppy.sys 67832B68752CDF7FDE56949E4A2E70BF
C:\Windows\System32\drivers\SiSRaid2.sys ED058030296CF9B79C8D48BF43724323
C:\Windows\System32\drivers\sisraid4.sys 633D3D1581E9DCCD5A2D8F039104C9A5
C:\Windows\System32\drivers\spaceport.sys 187B4AD4446C59F8FCC4A10F473EE3D1
C:\Windows\System32\drivers\SpbCx.sys 2799FCA215919FDC9A87C5FCAB530828
C:\Windows\System32\DRIVERS\srv.sys AA1F23501511EFE9CF9771F6B20E8D45
C:\Windows\System32\DRIVERS\srv2.sys F5B169EDF9D5E3C7200D89D30E065D13
C:\Windows\System32\DRIVERS\srvnet.sys 2E142E027F0AA698BA4DCE49CBDB43CD
C:\Windows\System32\drivers\stexstor.sys DDE064A4298FD1FBF804D3ED691E7EDB
C:\Windows\System32\drivers\storahci.sys 32C95F44108C3E7DB58F773346E3C9D0
C:\Windows\System32\drivers\vmstorfl.sys 8883C8CE4942A99B84E1CC6EFA19738E
C:\Windows\System32\drivers\stornvme.sys 7042792AC7045D1EE8CC9FE743FD5194
C:\Windows\System32\drivers\storqosflt.sys 63513EF3121689B3A59BD217618A2E42
C:\Windows\System32\drivers\storufs.sys 000F5CFCEF0F06DC8FD1D2F568E48AE4
C:\Windows\System32\drivers\storvsc.sys 7415087F9006D6818F85F3CBD79B1A50
C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys 802278EE4ACCE9EA1F1481DF20EB1667
C:\Windows\System32\drivers\Synth3dVsc.sys 12D0CB1DCAE6725B6CA54CC2038C4C8C
C:\Windows\System32\drivers\tcpip.sys BA8CDF0FC9469005A84453A128EEB6AE
C:\Windows\System32\drivers\tcpip.sys BA8CDF0FC9469005A84453A128EEB6AE
C:\Windows\System32\drivers\tcpipreg.sys D378A1AF58AFA84BB6AC753F2C1BE9F4
C:\Windows\system32\DRIVERS\tdx.sys 28E1E63A1AC65E17B3194238FA2CF3BF
C:\Windows\System32\drivers\terminpt.sys CCDBD2817C10A4F631280CBB3AE44FFB
C:\Windows\system32\drivers\tpm.sys F4AEDABC8F3A9D632F8206D0C7F8CA09
C:\Windows\System32\drivers\TsUsbFlt.sys 676C801CAA61AADD0C918CC536A74B78
C:\Windows\System32\drivers\TsUsbGD.sys 2BB6CC0DD1CEE86330743B56FA9FE91F
C:\Windows\System32\drivers\tunnel.sys 20FFDE9DE8B57B51262EC54940DE4C82
C:\Windows\System32\drivers\uagp35.sys D0BE5EA1652D55029C9A898FB8ACFCE0
C:\Windows\System32\drivers\uaspstor.sys 13C15E4B238895FE4731DB1D612EEB5F
C:\Windows\System32\Drivers\UcmCx.sys BEBB8B55C5F99B69EEE39A9D7BADB21E
C:\Windows\System32\drivers\UcmUcsi.sys C4F7D38D959CF6297747CCEEEF021726
C:\Windows\System32\drivers\ucx01000.sys FB1C1D8B96A482F3581338D6752E1D6C
C:\Windows\System32\drivers\udecx.sys 4E1543ACE2F6E2846713E5123D9D4159
C:\Windows\System32\DRIVERS\udfs.sys CDCA9CC1D8293E75218D8FF85F2337A4
C:\Windows\System32\drivers\UEFI.sys BC683E19307C533C7161DB7A58051347
C:\Windows\System32\drivers\ufx01000.sys D14B42C26DE402F316D49667D15446F0
C:\Windows\System32\drivers\UfxChipidea.sys 192470BE4321791FBB25F379D0141D6F
C:\Windows\System32\drivers\ufxsynopsys.sys F7BD838E84E6B286DBCE068EFB8C0800
C:\Windows\System32\drivers\uliagpkx.sys A25842AC180F0E8B02380ECB8ADA1AF5
C:\Windows\System32\drivers\umbus.sys 21088F43172525C7E02D335A3327F46C
C:\Windows\System32\drivers\umpass.sys 294A291B5D48FE8F38DD94B7272442C5
C:\Windows\System32\drivers\urschipidea.sys A7A52EDDC3FAF183D6AC4774690ADF13
C:\Windows\System32\drivers\urscx01000.sys 2EEA0897DD9E30E958B508D557F0B5E4
C:\Windows\System32\drivers\urssynopsys.sys DC54D775A3A61E4CDE871B4E38A1459A
C:\Windows\System32\drivers\usbccgp.sys 18B63A0980F4AA1E6D7879B253980E37
C:\Windows\System32\drivers\usbcir.sys 1C60A1A3C8E1E819E16F12BAEB1C83F8
C:\Windows\System32\drivers\usbehci.sys 9A3E39F85DC6E3B9F792F1095ACFF788
C:\Windows\System32\drivers\usbhub.sys 758B05374B34D13ADCDFE27B741E42D4
C:\Windows\System32\drivers\UsbHub3.sys 69EB556E0A693ADCCFC83A380C44BD8A
C:\Windows\System32\drivers\usbohci.sys 72EA850B59F40C25A4FEDDA5FE84EFEB
C:\Windows\System32\drivers\usbprint.sys 47B2B2DE152E25546944049CA1170BB1
C:\Windows\System32\drivers\usbser.sys 40B2D0D9BEB100F882AED916775EB656
C:\Windows\System32\drivers\USBSTOR.SYS CD35467670DF1E6FBF36DA308F0C872B
C:\Windows\System32\drivers\usbuhci.sys DFA92EA105DD1073B43FB210EEB03DD4
C:\Windows\System32\Drivers\usbvideo.sys B1484D4BBC6B7B424F1CD1554B0AFB84
C:\Windows\System32\drivers\USBXHCI.SYS 0728504F9863774E56A54AE66C3F1E6B
C:\Windows\System32\drivers\vdrvroot.sys 26223003DDFB347B5CF3EC0B56DB066B
C:\Windows\System32\drivers\VerifierExt.sys A417284BC6B5C2EEF63F2C5154473530
C:\Windows\System32\drivers\vhdmp.sys 4C39C05A72EB14C0567501C7E087E564
C:\Windows\System32\drivers\vhf.sys C42206A15078596FDE8E89BB629DE342
C:\Windows\System32\drivers\vmbus.sys 248D9F911A5C94CF8477125DD0C3A291
C:\Windows\System32\drivers\VMBusHID.sys 3E98DD4E0CBD6B4F9CBD0E9E0EDF541E
C:\Windows\System32\drivers\volmgr.sys 91F165C5D71D9DCB18D4661CF10D1084
C:\Windows\System32\drivers\volmgrx.sys 17042748AC05862A0283D32575220080
C:\Windows\System32\drivers\volsnap.sys 823A237D871CD652C6BFD47BECB6810A
C:\Windows\System32\drivers\vpci.sys 78727FA284C2095EED660D71CD3C9AEF
C:\Windows\System32\drivers\vsmraid.sys 2415961D561E02F5E46B7C1C687A6788
C:\Windows\System32\drivers\vstxraid.sys 6AE9A843AE979F2DCCA5A25C07C7A5F8
C:\Windows\System32\drivers\vwifibus.sys BD232C761C59FA8D8EF626CA630E2D2E
C:\Windows\System32\drivers\vwififlt.sys 3039687AB65CEE26CF478C1F42FFCD7D
C:\Windows\System32\drivers\vwifimp.sys 37C868DDE3103130B00AD1313DAB5ACB
C:\Windows\System32\drivers\wacompen.sys FC40A7527D39F06D032A6553D22E4BF6
C:\Windows\System32\DRIVERS\wanarp.sys E9E22E116F810DAC98C5EC207F24C916
C:\Windows\System32\DRIVERS\wanarp.sys E9E22E116F810DAC98C5EC207F24C916
C:\Windows\System32\drivers\WdBoot.sys C8BA574B3BA6AE88741AC86B1FE3C1DC
C:\Windows\System32\drivers\Wdf01000.sys 796D1C95894BC15B3FEF090C107CBA31
C:\Windows\System32\drivers\WdFilter.sys C5BB7C612B4C852836BEA39593BA5F46
C:\Windows\System32\DRIVERS\wdiwifi.sys A9B6536FC0EA0E533B97A4F31F985D56
C:\Windows\System32\Drivers\WdNisDrv.sys BD193A7BD34B2E829FAF56306FEE3B09
C:\Windows\System32\drivers\wfplwfs.sys DBF5255B759212E5217A2748567A0B5C
C:\Windows\System32\drivers\wimmount.sys 4375BCBA419D19695CF566082CEF27D3
C:\Windows\System32\drivers\WindowsTrustedRT.sys 037BC6DE5F58D4A74A5BB0C12DCECDCA
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 70BCD70BD53F2FE660ED94B025A043EB
C:\Windows\System32\drivers\winmad.sys 7792AE5403BF8975B6460DFC3428D129
C:\Windows\System32\drivers\WinUSB.SYS 811F30EB6EE8318C4171CB95AE30B9BD
C:\Windows\System32\drivers\winverbs.sys DF00381AB8665D48DE3FF794BC6760AB
C:\Windows\System32\drivers\wmiacpi.sys 623ED8E10DFEEAB7AE2CD11A0451DB79
C:\Windows\System32\Drivers\Wof.sys 8F5140800751CFDAB57AEC1F59E7C7AA
C:\Windows\System32\DRIVERS\wpcfltr.sys D1D0BEA5CD87754D276656013F0D8341
C:\Windows\System32\drivers\WpdUpFltr.sys 37DCE976B3935380F2F6E39ABB6BF40D
C:\Windows\system32\drivers\ws2ifsl.sys 3CD22DD5A790CF7C24D65455E565EA83
C:\Windows\System32\drivers\WudfPf.sys 835F60262E7E310080EA05F6752BF248
C:\Windows\System32\drivers\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
C:\Windows\system32\DRIVERS\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
C:\Windows\System32\drivers\xboxgip.sys 30021D1E0407B71E8D5D4F8DAE4E656A
C:\Windows\System32\drivers\xinputhid.sys 6851673B90D8CB332439E0339F81A6B6

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-05 05:10 - 2016-10-05 05:10 - 00001681 _____ C:\Users\chico\Desktop\Adobe ImageReady 7.0.1.lnk
2016-10-05 05:09 - 2016-10-05 05:09 - 00001946 _____ C:\Users\chico\Desktop\Core FTP LE.lnk
2016-10-05 05:09 - 2016-10-05 05:09 - 00001673 _____ C:\Users\chico\Desktop\Adobe Photoshop 7.0.1.lnk
2016-10-05 04:55 - 2016-10-05 04:55 - 00016148 _____ C:\Windows\system32\DESKTOP-5928JUV_chico_HistoryPrediction.bin
2016-10-05 00:48 - 2016-10-05 00:48 - 00000616 _____ C:\Users\chico\Desktop\seydouxdaily.txt
2016-10-04 17:15 - 2016-10-04 17:15 - 00000000 ____D C:\Windows\system32\appmgmt
2016-10-04 17:02 - 2016-10-05 05:16 - 00000000 ____D C:\Users\chico\Downloads\frst1
2016-10-04 10:00 - 2015-11-11 09:08 - 00008336 _____ C:\Windows\system32\SppExtComObjPatcher.exe
2016-10-04 10:00 - 2014-05-24 21:36 - 00015360 _____ C:\Windows\system32\SppExtComObjHook.dll
2016-10-04 09:48 - 2016-10-05 05:16 - 00000000 ____D C:\FRST
2016-10-02 20:34 - 2016-10-02 21:35 - 00000000 ____D C:\Program Files (x86)\GoldenDict
2016-10-02 20:34 - 2016-10-02 20:34 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldenDict
2016-10-02 05:31 - 2016-10-05 03:49 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4B2146F4-4093-4C55-9120-EEC9C83AFC74}
2016-10-02 05:28 - 2016-10-02 05:28 - 00000643 _____ C:\Users\chico\Desktop\KMPlayer.lnk
2016-10-02 05:28 - 2016-10-02 05:28 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2016-10-02 05:27 - 2016-10-04 04:36 - 00000000 ____D C:\KMPlayer
2016-09-30 04:44 - 2016-10-05 01:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-30 04:44 - 2016-09-30 04:44 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-30 04:44 - 2016-09-30 04:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-30 04:43 - 2016-09-30 04:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-30 04:43 - 2016-09-30 04:43 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-09-30 04:43 - 2016-09-30 04:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-30 04:43 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-30 04:43 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-30 04:43 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-28 10:16 - 2016-09-28 10:17 - 00000000 ____D C:\Users\chico\AppData\Roaming\XnView
2016-09-25 17:51 - 2016-09-25 17:51 - 00000000 ____D C:\Users\chico\AppData\Roaming\AVG
2016-09-25 17:49 - 2016-09-25 17:49 - 00000000 ____D C:\Users\chico\AppData\Roaming\TuneUp Software
2016-09-25 17:48 - 2016-09-25 18:49 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2016-09-25 17:48 - 2016-09-25 18:49 - 00000000 ____D C:\ProgramData\MFAData
2016-09-25 17:48 - 2016-09-25 17:48 - 00000000 ____D C:\Users\chico\AppData\Local\MFAData
2016-09-25 17:41 - 2016-09-30 05:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-09-25 17:40 - 2016-10-05 02:58 - 00003668 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-09-25 17:40 - 2016-09-25 18:49 - 00000000 ____D C:\Program Files (x86)\AVG
2016-09-25 17:39 - 2016-09-25 18:49 - 00000000 ____D C:\Users\chico\AppData\Local\Avg
2016-09-25 17:39 - 2016-09-25 18:47 - 00000000 ____D C:\Users\chico\AppData\Local\AvgSetupLog
2016-09-25 17:39 - 2016-09-25 17:49 - 00000000 ____D C:\Users\Todos os Usuários\Avg
2016-09-25 17:39 - 2016-09-25 17:49 - 00000000 ____D C:\ProgramData\Avg
2016-09-25 17:08 - 2016-07-26 14:24 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-09-23 17:06 - 2016-09-23 17:06 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2016-09-23 17:06 - 2016-09-23 17:06 - 00000000 ____D C:\Program Files (x86)\gs
2016-09-23 17:04 - 2016-09-23 17:04 - 00001321 _____ C:\Users\chico\Desktop\FlashFlippingBook PDF To JPG.lnk
2016-09-23 17:04 - 2016-09-23 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxoft Free PDF To JPG Converter (freeware)
2016-09-23 17:04 - 2016-09-23 17:04 - 00000000 ____D C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)
2016-09-23 17:00 - 2016-09-23 17:00 - 00000000 ____D C:\Users\chico\AppData\LocalLow\Adobe
2016-09-21 20:28 - 2016-09-21 20:28 - 00001245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.1.lnk
2016-09-21 20:28 - 2016-09-21 20:28 - 00001240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.1.lnk
2016-09-21 20:27 - 1998-11-05 04:08 - 00087392 _____ (Twain Working Group) C:\Windows\twain.dll
2016-09-21 20:24 - 1998-11-13 13:18 - 00308224 _____ (InstallShield Software Corporation, Inc.) C:\Windows\IsUn0416.exe
2016-09-21 00:13 - 2016-09-21 00:21 - 00000000 ____D C:\Users\chico\AppData\Local\Mozilla
2016-09-21 00:13 - 2016-09-21 00:13 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-21 00:13 - 2016-09-21 00:13 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-21 00:13 - 2016-09-21 00:13 - 00000000 ____D C:\Users\chico\AppData\Roaming\Mozilla
2016-09-21 00:12 - 2016-09-25 17:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-21 00:12 - 2016-09-21 00:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-19 20:23 - 2016-10-04 23:21 - 00000000 ____D C:\Users\chico\AppData\Local\MinhaBox.br
2016-09-19 20:23 - 2016-10-04 23:10 - 00000000 ____D C:\Users\chico\.gstreamer-0.10
2016-09-19 20:23 - 2016-09-19 20:23 - 00000726 _____ C:\Users\Public\Desktop\Minhateca.lnk
2016-09-19 20:23 - 2016-09-19 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minhateca.com.br
2016-09-19 20:23 - 2016-09-19 20:23 - 00000000 ____D C:\Program Files (x86)\Minhateca.com.br Box
2016-09-19 18:08 - 2016-10-02 17:19 - 00000000 ____D C:\Users\chico\AppData\Local\CrashDumps
2016-09-17 02:35 - 2016-10-04 19:49 - 00000000 ____D C:\Users\chico\AppData\Roaming\CoreFTP
2016-09-17 02:34 - 2016-09-17 02:34 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64)
2016-09-17 02:34 - 2016-09-17 02:34 - 00000000 ____D C:\Program Files\CoreFTP
2016-09-16 16:54 - 2016-09-16 16:54 - 00003342 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-09-16 16:53 - 2016-09-16 16:53 - 00000000 ____D C:\Users\chico\AppData\Roaming\Skype
2016-09-16 14:42 - 2016-09-16 14:42 - 00000000 ____D C:\Users\chico\AppData\Roaming\FileZilla Server
2016-09-16 14:31 - 2016-09-16 14:31 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-09-15 17:56 - 2016-09-15 17:58 - 00000000 ____D C:\Users\chico\AppData\Local\Comms
2016-09-15 15:59 - 2016-09-15 15:59 - 00000000 ____D C:\Users\chico\AppData\Local\CEF
2016-09-15 15:55 - 2016-09-25 16:13 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-09-15 15:55 - 2016-09-25 16:13 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-15 15:41 - 2016-09-20 03:02 - 00000000 ____D C:\Users\chico\AppData\Local\Google
2016-09-15 15:37 - 2016-10-05 04:48 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 15:37 - 2016-10-04 23:10 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 15:37 - 2016-10-03 16:50 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-15 15:37 - 2016-10-03 16:50 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-15 15:37 - 2016-09-30 23:04 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-15 15:37 - 2016-09-15 15:43 - 00004166 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-15 15:37 - 2016-09-15 15:43 - 00003934 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-15 15:37 - 2016-09-15 15:37 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-15 15:36 - 2016-09-21 20:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-09-15 15:36 - 2016-09-15 17:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-15 15:36 - 2016-09-15 17:12 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-09-15 15:36 - 2016-09-15 17:12 - 00000000 ____D C:\ProgramData\Adobe
2016-09-15 15:36 - 2016-09-15 15:36 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-09-15 15:35 - 2016-09-23 17:00 - 00000000 ____D C:\Users\chico\AppData\Local\Adobe
2016-09-15 15:33 - 2016-09-15 15:33 - 00000000 ____D C:\Users\chico\AppData\Roaming\Macromedia
2016-09-15 15:33 - 2016-09-15 15:33 - 00000000 ____D C:\Users\chico\AppData\Local\NetworkTiles
2016-09-15 15:19 - 2016-09-15 15:19 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-09-15 15:19 - 2016-09-15 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-09-15 15:19 - 2016-09-15 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-09-15 15:19 - 2016-09-15 15:19 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-09-15 15:18 - 2016-09-15 15:18 - 00000000 ____D C:\Windows\PCHEALTH
2016-09-15 15:18 - 2016-09-15 15:18 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2016-09-15 15:18 - 2016-09-15 15:18 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-09-15 15:15 - 2016-09-15 15:20 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-09-15 15:15 - 2016-09-15 15:18 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 __RHD C:\MSOCache
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Users\chico\AppData\Local\Microsoft Help
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-15 15:15 - 2016-09-15 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-09-15 15:13 - 2016-09-15 15:32 - 00000000 ____D C:\Users\chico\AppData\Local\MicrosoftEdge
2016-09-15 15:09 - 2016-10-04 17:06 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-09-15 15:09 - 2016-10-04 17:06 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-09-15 14:55 - 2016-10-04 17:04 - 00000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
2016-09-15 14:53 - 2016-09-15 14:53 - 00000000 ____D C:\Users\chico\AppData\Local\PeerDistRepub
2016-09-15 14:51 - 2016-09-15 15:06 - 00000000 ____D C:\Users\chico\AppData\Local\MSfree Inc
2016-09-15 14:39 - 2016-09-15 14:51 - 00000000 ____D C:\Users\chico\AppData\Roaming\WinRAR
2016-09-15 14:39 - 2016-09-15 14:39 - 00000000 ____D C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-15 14:39 - 2016-09-15 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-15 14:38 - 2016-09-15 14:39 - 00000000 ____D C:\Program Files\WinRAR
2016-09-15 14:36 - 2016-09-15 14:36 - 00000000 ____D C:\Users\chico\AppData\Local\mpress
2016-09-15 14:35 - 2016-09-15 14:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-09-15 14:31 - 2016-09-16 16:54 - 00002369 _____ C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-15 14:31 - 2016-09-16 16:54 - 00000000 ___RD C:\Users\chico\OneDrive
2016-09-15 14:31 - 2016-09-15 14:31 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
2016-09-15 14:31 - 2016-09-15 14:31 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-15 14:30 - 2016-10-04 19:10 - 01720508 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-15 14:29 - 2016-10-04 17:06 - 00000000 ____D C:\Users\chico
2016-09-15 14:29 - 2016-09-25 20:15 - 00000000 ____D C:\Users\chico\AppData\Roaming\Adobe
2016-09-15 14:29 - 2016-09-21 21:01 - 00000000 ____D C:\Users\chico\AppData\Local\VirtualStore
2016-09-15 14:29 - 2016-09-15 14:46 - 00000000 ____D C:\Users\chico\AppData\Local\Packages
2016-09-15 14:29 - 2016-09-15 14:29 - 00016148 _____ C:\Windows\system32\DESKTOP-5928JUV_defaultuser0_HistoryPrediction.bin
2016-09-15 14:29 - 2016-09-15 14:29 - 00000020 ___SH C:\Users\chico\ntuser.ini
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Modelos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Meus Documentos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Menu Iniciar
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Documents\Minhas Músicas
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Documents\Minhas Imagens
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Documents\Meus Vídeos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Dados de Aplicativos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Configurações Locais
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\AppData\Local\Histórico
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\AppData\Local\Dados de Aplicativos
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Ambiente de Rede
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 _SHDL C:\Users\chico\Ambiente de Impressão
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 ____D C:\Users\chico\AppData\Local\TileDataLayer
2016-09-15 14:29 - 2016-09-15 14:29 - 00000000 ____D C:\Users\chico\AppData\Local\Publishers
2016-09-15 14:27 - 2016-09-15 14:27 - 00000000 ____D C:\Windows\CSC
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Músicas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Imagens
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Meus Vídeos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Histórico
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Usuário Padrão
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários\Modelos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários\Menu Iniciar
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários\Documentos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Todos os Usuários
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Public\Documents\Minhas Músicas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Public\Documents\Minhas Imagens
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Public\Documents\Meus Vídeos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Modelos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Meus Documentos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Menu Iniciar
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Documents\Minhas Músicas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Documents\Minhas Imagens
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Documents\Meus Vídeos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Configurações Locais
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\AppData\Local\Histórico
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\AppData\Local\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Ambiente de Rede
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default\Ambiente de Impressão
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\Documents\Minhas Músicas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\Documents\Minhas Imagens
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\Documents\Meus Vídeos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Histórico
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Modelos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Menu Iniciar
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Documentos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\ProgramData\Dados de Aplicativos
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Program Files\Common Files\Sistema
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Program Files\Arquivos Comuns
2016-09-15 14:25 - 2016-09-15 14:25 - 00000000 _SHDL C:\Arquivos de Programas
2016-09-15 14:24 - 2015-07-10 07:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-09-15 14:20 - 2016-09-15 14:27 - 00000000 ____D C:\Windows\Panther

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-04 19:10 - 2015-07-10 13:36 - 00745200 _____ C:\Windows\system32\prfh0416.dat
2016-10-04 19:10 - 2015-07-10 13:36 - 00145230 _____ C:\Windows\system32\prfc0416.dat
2016-10-04 19:10 - 2015-07-10 08:02 - 00000000 ____D C:\Windows\INF
2016-10-04 17:06 - 2015-07-10 09:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-04 17:06 - 2015-07-10 06:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2016-10-04 17:04 - 2015-07-10 08:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-10-01 05:58 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\NDF
2016-09-30 23:28 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\LiveKernelReports
2016-09-25 18:48 - 2015-07-10 08:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-09-25 17:53 - 2015-07-10 06:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-09-22 15:00 - 2015-07-10 07:55 - 00000000 ____D C:\Windows\CbsTemp
2016-09-15 18:19 - 2015-07-10 09:20 - 00347392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-15 16:30 - 2015-07-10 08:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-15 15:19 - 2015-07-10 13:50 - 00000000 ____D C:\Windows\ShellNew
2016-09-15 15:19 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-15 15:15 - 2015-07-10 08:04 - 00000167 _____ C:\Windows\win.ini
2016-09-15 15:15 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Common Files\System
2016-09-15 14:51 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\AppReadiness
2016-09-15 14:45 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\DevicesFlow
2016-09-15 14:29 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-09-15 14:29 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\PrintDialog
2016-09-15 14:29 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\MiracastView
2016-09-15 14:29 - 2015-07-10 08:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-09-15 14:28 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\rescache
2016-09-15 14:27 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\spool
2016-09-15 14:27 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-09-15 14:25 - 2015-07-10 08:04 - 00000000 ____D C:\Program Files\Windows NT
2016-09-15 14:23 - 2015-07-10 06:05 - 00000000 ____D C:\Windows\system32\Sysprep
2016-09-15 14:20 - 2015-07-10 08:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Gerenciador de Inicializa‡Æo do Windows
---------------------------------------
identificador           {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  pt-BR
inherit                 {globalsettings}
default                 {current}
resumeobject            {b9acfd57-7b68-11e6-a8b5-b62ee6675d93}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Carregador de Inicializa‡Æo do Windows
--------------------------------------
identificador           {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 10
locale                  pt-BR
inherit                 {bootloadersettings}
recoverysequence        {b9acfd59-7b68-11e6-a8b5-b62ee6675d93}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {b9acfd57-7b68-11e6-a8b5-b62ee6675d93}
nx                      OptIn
bootmenupolicy          Standard

Carregador de Inicializa‡Æo do Windows
--------------------------------------
identificador           {b9acfd59-7b68-11e6-a8b5-b62ee6675d93}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{b9acfd5a-7b68-11e6-a8b5-b62ee6675d93}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  pt-BR
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{b9acfd5a-7b68-11e6-a8b5-b62ee6675d93}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Continuar da Hiberna‡Æo
-----------------------
identificador           {b9acfd57-7b68-11e6-a8b5-b62ee6675d93}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  pt-BR
inherit                 {resumeloadersettings}
recoverysequence        {b9acfd59-7b68-11e6-a8b5-b62ee6675d93}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Testador de Mem¢ria do Windows
------------------------------
identificador           {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Diagn¢stico de Mem¢ria do Windows
locale                  pt-BR
inherit                 {globalsettings}
badmemoryaccess         Yes

Configura‡äes de EMS
--------------------
identificador           {emssettings}
bootems                 No

Configura‡äes do Depurador
--------------------------
identificador           {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

Defeitos de RAM
---------------
identificador           {badmemory}

Configura‡äes Globais
---------------------
identificador           {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Configura‡äes do Carregador de Inicializa‡Æo
--------------------------------------------
identificador           {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Configura‡äes do Hypervisor
---------------------------
identificador           {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Configura‡äes do Carregador de Retorno
--------------------------------------
identificador           {resumeloadersettings}
inherit                 {globalsettings}

Op‡äes de dispositivo
---------------------
identificador           {b9acfd5a-7b68-11e6-a8b5-b62ee6675d93}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2016-09-28 10:33

==================== End of FRST.txt ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by chico (05-10-2016 05:16:52)
Running from C:\Users\chico\Downloads\frst1
Windows 10 Pro (X64) (2016-09-15 17:27:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2371843960-625600179-927234901-500 - Administrator - Disabled)
chico (S-1-5-21-2371843960-625600179-927234901-1001 - Administrator - Enabled) => C:\Users\chico
Convidado (S-1-5-21-2371843960-625600179-927234901-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-2371843960-625600179-927234901-503 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.101.2.40207 - AVG Technologies)
AVG Zen (HKLM\...\{5A842DD0-1FE5-4699-B40A-2B3F3CCC51B1}) (Version: 1.101.4 - AVG Technologies)
Boxoft Free PDF To JPG Converter (freeware) (HKLM-x32\...\Boxoft Free PDF To JPG Converter (freeware)_is1) (Version:  - boxoft Solution)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
GoldenDict (HKLM-x32\...\GoldenDict) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM-x32\...\GPL Ghostscript 8.71) (Version:  - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.3.3 - PandoraTV)
Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Minhateca.com.br Box (HKLM-x32\...\{88CF5E68-D90C-4653-9FF4-CEE16AE50270}) (Version: 2.0.9 - Minhateca.com.br)
Mozilla Firefox 49.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 49.0 (x86 pt-BR)) (Version: 49.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0 - Mozilla)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2371843960-625600179-927234901-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21D0A16A-DCFD-461F-89A1-6B150126F94A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-09-16] (Microsoft Corporation)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {471B969B-BE33-46E0-BF49-4C73B03D0710} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {4D2B0906-D4BE-4913-AF39-C129B4FBBEE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-15] (Google Inc.)
Task: {9C1090AC-829B-4851-90DD-FF833A0E3A2F} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {F563EADD-9FF6-4E55-A611-732DFA16C687} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-15] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 08:00 - 2015-07-10 08:00 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-07-10 07:59 - 2015-07-10 07:59 - 00403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-07-10 08:00 - 2015-07-10 08:00 - 02498296 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-07-10 08:00 - 2015-07-10 08:00 - 02498296 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-09-16 16:53 - 2016-09-16 16:53 - 01864384 _____ () C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-07-10 07:59 - 2015-07-10 07:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 07:59 - 2015-07-10 07:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-07-10 08:00 - 2015-07-10 13:49 - 06579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 08:00 - 2015-07-10 13:49 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-10 08:00 - 2015-07-10 13:49 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 08:00 - 2015-07-10 13:49 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-10 13:57 - 2015-07-10 13:57 - 00007168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-07-10 13:57 - 2015-07-10 13:57 - 13490688 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-09-16 16:53 - 2016-09-16 16:53 - 01383616 _____ () C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-09-16 16:53 - 2016-09-16 16:53 - 00118976 _____ () C:\Users\chico\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-09-25 17:40 - 2016-09-25 17:40 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-09-15 17:37 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\chico\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-15 17:37 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\chico\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 08:04 - 2015-07-10 08:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2371843960-625600179-927234901-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 94.102.60.183 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: wuauserv => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{964CC9E9-A92A-41BA-9174-F7E2CE753C3E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{3403FFA0-7167-43BB-A6BA-E89A1AE1B97C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{2CB2FC90-8E7B-4C61-9C64-66CDA75AF3EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-09-2016 15:14:44 Installed Microsoft Office Professional Plus 2010
19-09-2016 20:20:11 Instalado Minhateca.com.br Box
22-09-2016 15:00:15 Instalador de Módulos do Windows
25-09-2016 17:48:58 Installed AVG 2016
04-10-2016 17:04:23 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Dispositivo do sistema básico
Description: Dispositivo do sistema básico
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: BCM20702A0
Description: BCM20702A0
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Porta serial PCI
Description: Porta serial PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controlador de comunicação PCI simples
Description: Controlador de comunicação PCI simples
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2016 07:53:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5928JUV)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (10/04/2016 07:49:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5928JUV)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (10/04/2016 05:16:38 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-5928JUV)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG Zen -- Error 27054. CA_Error27054: SetupAction(0xE001003D): Installation failed.

Error: (10/04/2016 05:16:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-5928JUV)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG Zen -- Error 27054. CA_Error27054: SetupAction(0xE0010058): Installation failed.

Error: (10/04/2016 05:15:03 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-5928JUV)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG Zen -- Error 27054. CA_Error27054: SetupAction(0xE001003D): Installation failed.

Error: (10/04/2016 05:14:58 PM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-5928JUV)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG Zen -- Error 27054. CA_Error27054: SetupAction(0xE0010058): Installation failed.

Error: (10/04/2016 05:04:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP.

System Error:
Acesso negado.
.

Error: (10/04/2016 05:04:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
   Obtendo Dados do Gravador

Contexto:
   Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome do Gravador: System Writer
   ID de Instância de Gravador: {98eb3d58-d979-4b9c-9a80-ad057207b39c}

Error: (10/04/2016 04:56:59 PM) (Source: KMS-QAD) (EventID: 1001) (User: )
Description: Event-ID 1001

Error: (10/03/2016 05:18:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5928JUV)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.


System errors:
=============
Error: (10/04/2016 07:54:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço avgsvc.

Error: (10/04/2016 07:53:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5928JUV)
Description: O servidor CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca não se registrou no DCOM dentro do tempo limite necessário.

Error: (10/04/2016 07:49:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Host de Sincronização_Session1.

Error: (10/04/2016 07:49:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5928JUV)
Description: O servidor CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca não se registrou no DCOM dentro do tempo limite necessário.

Error: (10/04/2016 07:49:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (10/04/2016 05:06:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (10/04/2016 05:05:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Windows Search, mas essa ação falhou com o seguinte erro: 
Uma cópia deste serviço já está sendo executada.

Error: (10/04/2016 05:04:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.

Error: (10/04/2016 05:04:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço AVG Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

Error: (10/04/2016 05:04:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço MBAMService foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).


CodeIntegrity:
===================================
  Date: 2016-10-04 19:40:46.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-02 19:34:46.044
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 20:23:19.822
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-30 20:56:29.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-25 20:53:17.804
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-25 17:27:04.403
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-25 16:53:15.451
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 74%
Total physical RAM: 3793.65 MB
Available physical RAM: 978.77 MB
Total Virtual: 5481.68 MB
Available Virtual: 1674.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.27 GB) (Free:440.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 037208B2)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Shortcut

Users shortcut scan result (x64) Version: 04-10-2016
Ran by chico (05-10-2016 05:17:25)
Running from C:\Users\chico\Downloads\frst1
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)





Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\chico\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\chico\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\chico\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\chico\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\chico\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\chico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.1.lnk -> C:\Program Files (x86)\Adobe\Photoshop 7.0\ImageReady.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.1.lnk -> C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk -> C:\Windows\DevicesFlow\DevicesFlow.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minhateca.com.br\Minhateca.lnk -> C:\Program Files (x86)\Minhateca.com.br Box\MinhaBox.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxoft Free PDF To JPG Converter (freeware)\Boxoft Free PDF To JPG Converter (freeware) Command Line Usage.lnk -> C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)\Command line.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxoft Free PDF To JPG Converter (freeware)\Boxoft Free PDF To JPG Converter (freeware) on the Web.lnk -> C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)\apdf.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxoft Free PDF To JPG Converter (freeware)\Boxoft Free PDF To JPG Converter (freeware).lnk -> C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)\pdftojpg.exe (A-PDF.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxoft Free PDF To JPG Converter (freeware)\Uninstall Boxoft Free PDF To JPG Converter (freeware).lnk -> C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\Links\Desktop.lnk -> C:\Users\chico\Desktop ()
Shortcut: C:\Users\chico\Links\Downloads.lnk -> C:\Users\chico\Downloads ()
Shortcut: C:\Users\chico\Desktop\Adobe ImageReady 7.0.1.lnk -> 䰀 ĔȀ  쀀  F脀ࠀ                  Ā       㼆᐀ᾀ鯔㑂䔂란㢓鐴囡⤆ 者䅐偓清ࠀ̀   ꄀ ㅓ偓뒹儫䉊뗘㉁䚯켥蔀 Ȁ  : C:\Program Files (x86)\Adobe\Photoshop 7.0\ImageReady.exe   E 1卐叠薟佨Ⴋ鄈+➳   ἀ ଀ 䤀洀愀最攀刀攀愀搀礀    ꜃ ㅓ偓唨䲟禟㥋꣐ⷡ헳ᄀ ऀ    Ȁ
  ᄐ 缂 ᐀ὐ퀠椐ꋘࠀ⬰ゝᤀ⽃㩜         b1    P牯杲慭䑡瑡H	ï븀   .              ProgramData \1    M楣牯獯晴D	ï븀   .              Microsoft V1    W楮摯睳@	ï븀   .              Windows `1    S瑡牴⁍敮甀F	ï븀   .              Start Menu Z1    P牯杲慭猀B	ï븀   .              Programs 2ÝЀ5䦎묠A䑏䉅䥾ㄮ䱎䬀f	ï븵䦎묵䦎묮 ;匂        꺥Adobe ImageReady 7.0.1.lnk   ᄀ ᤀ      ጀ   ᄀ ଀    ¥   ἀ 䨀 笀㜀䌀㔀䄀㐀 䔀䘀ⴀ䄀 䘀䈀ⴀ㐀䈀䘀䌀ⴀ㠀㜀㐀䄀ⴀ䌀 䘀㈀䔀 䈀㤀䘀䄀㠀䔀紀尀䄀搀漀戀攀尀倀栀漀琀漀猀栀漀瀀 㜀⸀ 尀䤀洀愀最攀刀攀愀搀礀⸀攀砀攀 ᄀ ฀      ] 1卐匰럯䜚Ⴅ悌黫걁 
  ἀ ᜀ 䄀搀漀戀攀 䤀洀愀最攀刀攀愀搀礀 㜀⸀ ⸀㄀    伀 ㅓ偓䴋풆榐㱄膚⩔ऍ쳬ᄀ Ѐ  Y奙   ጀ ᄀ ฀  ¡   1 1卐厱᙭䒭走䢧䡀⺤㵸谕 d  ᔀ 袱魷栨벮     ꌀ ☀销 ㅓ偓랝껿贜膌葀㪣猭礀 搀  4 Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy     Ԁ   (No File)
Shortcut: C:\Users\chico\Desktop\Adobe Photoshop 7.0.1.lnk -> 0x4C0000000114020000000000C0000000000000468100080000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000370614001F809BD434424502F34DB7803893943456E121060000780541505053660508000300000000000000A100000031535053FCB3B4B9512B424AB5D8324146AFCF258500000002000000001F0000003900000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00410064006F00620065005C00500068006F0074006F00730068006F007000200037002E0030005C00500068006F0074006F00730068006F0070002E0065007800650000000000000000004100000031535053E0859FF2F94F6810AB9108002B27B3D92500000005000000001F0000000A000000500068006F0074006F00730068006F007000000000000000A70300003153505355284C9F799F394BA8D0E1D42DE1D5F31100000009000000001300000000000000910200000A00000000111000007D02000014001F50E04FD020EA3A6910A2D808002B30309D19002F433A5C00000000000000000000000000000000000000620031000000000000000000100050726F6772616D4461746100480009000400EFBE00000000000000002E0000000000000000000000000000000000000000000000000000000000500072006F006700720061006D00440061007400610000001A005C003100000000000000000010004D6963726F736F667400440009000400EFBE00000000000000002E00000000000000000000000000000000000000000000000000000000004D006900630072006F0073006F006600740000001800560031000000000000000000100057696E646F777300400009000400EFBE00000000000000002E0000000000000000000000000000000000000000000000000000000000570069006E0064006F00770073000000160060003100000000000000000010005374617274204D656E750000460009000400EFBE00000000000000002E00000000000000000000000000000000000000000000000000000000005300740061007200740020004D0065006E00750000001A005A0031000000000000000000110050726F6772616D730000420009000400EFBE00000000000000002E0000000000000000000000000000000000000000000000000000000000500072006F006700720061006D0073000000180080003200D804000035498EBB200041444F4245507E312E4C4E4B0000640009000400EFBE35498EBB35498EBB2E000000964F0200000002000000000000000000000000000000ED4AA600410064006F00620065002000500068006F0074006F00730068006F007000200037002E0030002E0031002E006C006E006B0000001C00000000000011000000190000000013000000010000001100000012000000001300000000000000110000000B000000001300000000000000A500000005000000001F000000490000007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C00500068006F0074006F00730068006F007000200037002E0030005C00500068006F0074006F00730068006F0070002E0065007800650000000000110000000E00000000130000000000000000000000590000003153505330F125B7EF471A10A5F102608C9EEBAC3D0000000A000000001F00000016000000410064006F00620065002000500068006F0074006F00730068006F007000200037002E0030002E0031000000000000004F000000315350534D0BD48669903C44819A2A54090DCCEC11000000040000000013000000595959FF11000000050000000013000000FFFFFFFF110000000E0000000013000000A1000000000000003100000031535053B1166D44AD8D7048A748402EA43D788C15000000640000000015000000870A5F5EB3BFA32000000000000000000000A30000002600EFBE9500000031535053B79DAEFF8D1CFF43818C84403AA3732D7900000064000000001F000000340000004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E005300680065006C006C0045007800700065007200690065006E006300650048006F00730074005F006300770035006E00310068003200740078007900650077007900000000000000000000007E05000000000000
Shortcut: C:\Users\chico\Desktop\Core FTP LE.lnk -> 䰀 ĔȀ  쀀  F脀ࠀ                  Ā       䠇᐀ᾀ鯔㑂䔂란㢓鐴囡㈇ 褆䅐偓眆ࠀ̀   礀 ㅓ偓뒹儫䉊뗘㉁䚯켥崀 Ȁ  % C:\Program Files\CoreFTP\coreftp.exe    = 1卐叠薟佨Ⴋ鄈+➳   ἀ ࠀ 挀漀爀攀昀琀瀀   위 ㅓ偓唨䲟禟㥋꣐ⷡ헳ᄀ ऀ    Í̀
  ᄐ 뤃 ᐀ὐ퀠椐ꋘࠀ⬰ゝᤀ⽃㩜         P1    U獥牳<	ï븀   .              Users P1    c桩捯<	ï븀   .              chico V1    A灰䑡瑡@	ï븀   .              AppData V1    R潡浩湧@	ï븀   .              Roaming \1    M楣牯獯晴D	ï븀   .              Microsoft V1    W楮摯睳@	ï븀   .              Windows `1    S瑡牴⁍敮甀F	ï븀   .              Start Menu Z1    P牯杲慭猀B	ï븀   .              Programs f1  1䥝ⰐC佒䕆呾㄀N	ï븱䥝ⰱ䥝Ⱞ g甁 w       »Core FTP (x64) l2Ç؀1䥝ⰠC佒䕆呾ㄮ䱎䬀P	ï븱䥝ⰱ䥝Ⱞ r甁 !       »Core FTP LE.lnk    ᄀ ᤀ      ጀ   ᄀ ଀       ἀ 㬀 笀㘀䐀㠀 㤀㌀㜀㜀ⴀ㘀䄀䘀 ⴀ㐀㐀㐀䈀ⴀ㠀㤀㔀㜀ⴀ䄀㌀㜀㜀㌀䘀 ㈀㈀  䔀紀尀䌀漀爀攀䘀吀倀尀挀漀爀攀昀琀瀀⸀攀砀攀  ᄀ ฀      E 1卐匰럯䜚Ⴅ悌黫갩 
  ἀ ఀ 䌀漀爀攀 䘀吀倀 䰀䔀   耀 ㅓ偓䴋풆榐㱄膚⩔ऍ쳬ᄀ Ѐ  Y奙   ἀ ༀ 䌀漀爀攀 䘀吀倀 ⠀砀㘀㐀⤀  ᄀ Ԁ  ÿ   ጀ ꄀ   ㄀ ㅓ偓넖浄궍灈Ꝉ䀮ꐽ碌ᔀ 搀  ì䞼얔纉    £ &ï뺕 1卐厷鶮᳿䎁貄䀺ꍳ⵹ d  ἀ 㐀 䴀椀挀爀漀猀漀昀琀⸀圀椀渀搀漀眀猀⸀匀栀攀氀氀䔀砀瀀攀爀椀攀渀挀攀䠀漀猀琀开挀眀㔀渀㄀栀㈀琀砀礀攀眀礀     輆    (No File)
Shortcut: C:\Users\chico\Desktop\FlashFlippingBook PDF To JPG.lnk -> C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)\pdftojpg.exe (A-PDF.com)
Shortcut: C:\Users\chico\Desktop\KMPlayer.lnk -> C:\KMPlayer\KMPlayer.exe (PandoraTV)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\chico\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk -> C:\KMPlayer\KMPlayer.exe (PandoraTV)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk -> C:\KMPlayer\uninstall.exe (PandoraTV)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-304
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldenDict\GoldenDict.lnk -> C:\Program Files (x86)\GoldenDict\GoldenDict.exe (GoldenDict)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldenDict\Uninstall.lnk -> C:\Program Files (x86)\GoldenDict\Uninstall.exe ()
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript\Ghostscript Readme 8.71 (x86).LNK -> C:\Program Files (x86)\gs\gs8.71\doc\Readme.htm ()
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64)\Core FTP Help.lnk -> C:\Program Files\CoreFTP\coreftp.chm ()
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64)\Core FTP LE.lnk -> C:\Program Files\CoreFTP\coreftp.exe (Core FTP)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP (x64)\Uninstall.lnk -> C:\Program Files\CoreFTP\uninstall.exe ()
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Office\Recente\Filme.LNK -> C:\Users\chico\Downloads\Filme.doc (No File)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Office\Recente\Modelos.LNK -> C:\Users\chico\AppData\Roaming\Microsoft\Modelos ()
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FlashFlippingBook PDF To JPG.lnk -> C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)\pdftojpg.exe (A-PDF.com)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Minhateca.lnk -> C:\Program Files (x86)\Minhateca.com.br Box\MinhaBox.exe ()
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Core FTP LE.lnk -> C:\Program Files\CoreFTP\coreftp.exe (Core FTP)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\chico\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.PurchaseDialog_cw5n1h2txyewy\Microsoft.Windows.PurchaseDialog.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.ContactSupport_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsStore_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsPhone_8wekyb3d8bbwe\CompanionApp.App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsMaps_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsFeedback_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.calendar.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.mail.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCamera_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Photos_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaUI.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.People_8wekyb3d8bbwe\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.LockApp_cw5n1h2txyewy\WindowsDefaultLockScreen.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Getstarted_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BioEnrollment_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Appconnector_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AccountsControl_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chico\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.3DBuilder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-304
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Minhateca.lnk -> C:\Program Files (x86)\Minhateca.com.br Box\MinhaBox.exe ()
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\chico\Documents ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\chico\Downloads ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\chico\Music ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\chico\Pictures ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\chico\Videos ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\chico ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.1.lnk -> C:\Program Files (x86)\Adobe\Photoshop 7.0\ImageReady.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.1.lnk -> C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk -> C:\Windows\DevicesFlow\DevicesFlow.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Minhateca.com.br\Minhateca.lnk -> C:\Program Files (x86)\Minhateca.com.br Box\MinhaBox.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Boxoft Free PDF To JPG Converter (freeware)\Boxoft Free PDF To JPG Converter (freeware) Command Line Usage.lnk -> C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)\Command line.txt ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Boxoft Free PDF To JPG Converter (freeware)\Boxoft Free PDF To JPG Converter (freeware) on the Web.lnk -> C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)\apdf.url ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Boxoft Free PDF To JPG Converter (freeware)\Boxoft Free PDF To JPG Converter (freeware).lnk -> C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)\pdftojpg.exe (A-PDF.com)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Boxoft Free PDF To JPG Converter (freeware)\Uninstall Boxoft Free PDF To JPG Converter (freeware).lnk -> C:\Program Files (x86)\Boxoft Free PDF To JPG Converter (freeware)\unins000.exe ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minhateca.com.br\Desinstalar Minhateca.com.br Box.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {88CF5E68-D90C-4653-9FF4-CEE16AE50270} 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe () ->  /design 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen\AVG.lnk -> C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) -> /zen.open_ui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript\Ghostscript 8.71 (x86).LNK -> C:\Program Files (x86)\gs\gs8.71\bin\gswin32.exe () -> "-IC:\Program Files (x86)\gs\gs8.71\lib;C:\Program Files (x86)\gs\fonts"
ShortcutWithArgument: C:\Users\chico\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\chico\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Minhateca.com.br\Desinstalar Minhateca.com.br Box.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {88CF5E68-D90C-4653-9FF4-CEE16AE50270} 
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe () ->  /design 
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\AVG Zen\AVG.lnk -> C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) -> /zen.open_ui
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX


InternetURL: C:\Users\chico\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\chico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Home Page.url -> URL: hxxp://www.kmplayer.com/forums

==================== End of Shortcut.txt =============================



#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:11 AM

Posted 06 October 2016 - 03:20 AM

Hi fple.

 

You don't need to select all checkboxes in optional scan section. Just select Addition.txt.

 

Now I need you to access your router and change these settings, you have to save the settings after you made a change in each page. Router reboot may be required.

 

1. Manual Internet Connection Setup > WAN

(I'm not sure about this step since the manual isn't clearly stated. If you can't find it this way, go to Setup tab and find a page that says WAN.)

  • Primary DNS server set to 208.67.222.222
  • Secondary DNS server set to 208.67.220.220

2. Advanced > Firewall Settings

  • Enable SPI set to Checked
  • Enable Anti-Spoof Checking set to Checked

3. Advanced > Advanced Network

  • Enable WAN ping respond set to Unchecked

4. Tools > Firmware Skip this step if your ISP use custom firmware for your router!

  • Please noted down the firmware version in Current Firmware Version field.
  • Find a sticker at the bottom or the back of your router, it will contain a field that says HW.ver.: noted down your hardware version in that field.
  • Go to this website, enter your HW.ver value and sees the latest available firmware version for your device. If it matches Current Firmware Version then your firmware is already up to date.
  • If not, please download the file in Firmware box to your computer, go back to your router and click on Browser...  button on the Upload field the click Upload button to update your device firmware. Make sure you downloaded the correct firmware for your hardware version and do not unplug your device during this process.

5. Tools > System

  • Click on Reboot the device to reboot your router and finish the process. Now go back to your computer.

----------------------

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   190bytes   6 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

After that, how's your computer running? Still getting warnings from Malwarebytes?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:11 AM

Posted 06 October 2016 - 03:21 AM

In case that you lost your router's manual, I found one here, in case you need a reference::

http://www.dlink.com/-/media/Consumer_Products/DIR/DIR%20615/manual/DIR_615_Manual_EN_UK.pdf

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 fple

fple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:11 PM

Posted 06 October 2016 - 10:09 PM

Hi Sirawit, thanks again for all the help!
 
I have a problems and a question while doing this.
 
I found this page that is just like you say http://support.dlink.com/emulators/dir855/WAN.html but I was only able to login here http://192.168.0.1 and it's a little different.
 
When I tried to change only the Primary DNS server and Secondary DNS server in "static IP" I got a message that I could not leave the other options blank. If I change to my own IP address too is that going to affect the other computers and devices in my home?
 
FeuqIW7.png


#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:11 AM

Posted 07 October 2016 - 07:15 AM

Hi fple.

 

Looks like you're using custom firmware from your ISP so your emulator page from Dlink doesn't valid anymore. I'm not sure which type of WAN connection you're using. I believed there should be a page that shows the status of your router, it should tell you which type of WAN connection you're using, try checking that first.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 fple

fple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:11 PM

Posted 09 October 2016 - 12:47 PM

I'm sorry, I'm not sure what I should do.



#14 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:11 AM

Posted 09 October 2016 - 12:49 PM

Hi fple.

 

Could you check "WAN > Dynamic" page? Put a screenshot here so I can take a look.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#15 fple

fple
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:11 PM

Posted 10 October 2016 - 04:44 AM

Here it is:

Ry3QoQu.png






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users