Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sending random websites via skype


  • This topic is locked This topic is locked
14 replies to this topic

#1 rnunojoao

rnunojoao

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 02 January 2017 - 01:26 PM

Virus sending random links via skype, prolly virus spread

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Nuno (administrator) on NUNO-PC (02-01-2017 18:23:03)
Running from C:\Users\Nuno\Downloads
Loaded Profiles: Nuno (Available Profiles: Nuno)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
() C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\Notifier.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Paludour) C:\Program Files (x86)\TenClips\TenClips.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
() C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\S5WOW_App\x64\S5wow_2005.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\Bluestacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\Bluestacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\Bluestacks\HD-SharedFolder.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Bluestacks\HD-Adb.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
() C:\Program Files (x86)\GhostMouse\GhostMouse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61640 2016-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [26832 2016-12-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup Tray] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [159568 2016-12-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [OKAYFREEDOM Notifier] => C:\Program Files (x86)\OkayFreedom\Notifier.exe [4196848 2016-11-09] (Steganos Software GmbH)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-11-11] (VMware, Inc.)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6577136 2016-11-09] (Steganos Software GmbH)
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1694344 2016-12-13] (BlueStack Systems, Inc.)
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Run: [BitTorrent] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe [2149064 2016-11-25] (BitTorrent Inc.)
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Run: [f.lux] => C:\Users\Nuno\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {286bacfd-b704-11e6-9a5a-94dbc94b6e11} - I:\Setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {9da49250-92c4-11e6-bfdc-94dbc94b6e11} - L:\setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {9da4927d-92c4-11e6-bfdc-94dbc94b6e11} - M:\setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {a75724b6-a9c6-11e6-a584-10bf487beda3} - H:\Installer_Windows.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {e0dcb966-a9a6-11e6-a584-10bf487beda3} - F:\Installer_Windows.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-11-07]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-09-17]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TenClips.lnk [2016-12-29]
ShortcutTarget: TenClips.lnk -> C:\Program Files (x86)\TenClips\TenClips.exe (Paludour)
Startup: C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2016-11-24]
ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe (No File)
Startup: C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-01-02]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-01-02]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.228.128.156 213.228.128.6
Tcpip\..\Interfaces\{2B3DF632-36D0-4847-A9AD-1993C21E005A}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{5B3C4849-30F2-428B-9151-582C6434B837}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5B3C4849-30F2-428B-9151-582C6434B837}: [DhcpNameServer] 213.228.128.156 213.228.128.6

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-12-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ipj6y4gl.default
FF ProfilePath: C:\Users\Nuno\AppData\Roaming\Mozilla\Firefox\Profiles\ipj6y4gl.default [2017-01-02]
FF Extension: (No Name) - C:\Users\Nuno\AppData\Roaming\Mozilla\Firefox\Profiles\ipj6y4gl.default\Extensions\abs@avira.com [2016-11-29]
FF Extension: (iMacros for Firefox) - C:\Users\Nuno\AppData\Roaming\Mozilla\Firefox\Profiles\ipj6y4gl.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2016-09-08]
FF Extension: (OkayFreedom) - C:\Users\Nuno\AppData\Roaming\Mozilla\Firefox\Profiles\ipj6y4gl.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2016-06-29]
FF Extension: (DownThemAll!) - C:\Users\Nuno\AppData\Roaming\Mozilla\Firefox\Profiles\ipj6y4gl.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-12-26]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-764316183-3508713337-3659362344-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-934c86ec4aa148f0\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-764316183-3508713337-3659362344-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-934c86ec4aa148f0\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.pt/
CHR StartupUrls: Default -> "hxxp://www.google.pt/","hxxp://www.yoursearching.com/?type=hp&ts=1450007295&z=46ca6cc8c65b5b7f968099cgaz2w6efe3eamaobtbq&from=face&uid=WDCXWD10EZEX-00RKKA0_WD-WMC1S082375423754"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default [2017-01-02]
CHR Extension: (Apresentações Google) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-02]
CHR Extension: (Duolingo na Web) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-11-02]
CHR Extension: (BetterTTV) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-03]
CHR Extension: (Google Docs) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-02]
CHR Extension: (Google Drive) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-02]
CHR Extension: (YouTube) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-02]
CHR Extension: (uBlock Origin) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-19]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2016-08-23]
CHR Extension: (iMacros for Chrome) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2016-12-17]
CHR Extension: (vidIQ for Chrome) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppnjmdljhemhdachecffocboniemifa [2016-11-12]
CHR Extension: (Google Folhas de Cálculo) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-02]
CHR Extension: (Ambiente de Trabalho Remoto do Chrome) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-13]
CHR Extension: (Documentos do Google offline) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-07]
CHR Extension: (Google Keep – notas e listas) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-12-21]
CHR Extension: (Grammarly for Chrome) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-12-20]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-02]
CHR Extension: (Click&Clean App) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-12-26]
CHR Extension: (Gmail) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2016-06-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2016-06-03] (ASUSTeK Computer Inc.) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
S4 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [263704 2016-11-16] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [25232 2016-12-09] (Avira Operations GmbH & Co. KG)
R2 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
R3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe [76392 2016-10-16] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-10-06] (Windows ® Win 7 DDK provider)
R2 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S2 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [387856 2016-11-27] (EasyAntiCheat Ltd)
R2 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S2 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-24] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [353792 2016-11-09] (Steganos Software GmbH)
S2 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-05] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-05] (Electronic Arts)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [35416 2016-12-13] (Avira Operations GmbH & Co. KG)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-11-11] ()
R2 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-17] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-12-06] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35864 2016-12-06] (Avira Operations GmbH & Co. KG)
R3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-08-30] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-08-30] (Disc Soft Ltd)
S3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [30264 2016-10-15] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2016-11-29] ()
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-17] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-17] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2016-03-09] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [52952 2016-08-30] (SteelSeries ApS)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-07-18] (Anchorfree Inc.)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2012-01-08] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2012-01-08] (Microsoft Corporation) [File not signed]
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2016-12-26] (BigNox Corporation)
R1 vmkbd3; C:\Windows\System32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2016-09-30] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
U0 aswVmm; no ImagePath
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-02 18:23 - 2017-01-02 18:23 - 00035624 _____ C:\Users\Nuno\Downloads\FRST.txt
2017-01-02 18:22 - 2017-01-02 18:23 - 00000000 ____D C:\FRST
2017-01-02 18:22 - 2017-01-02 18:22 - 02418176 _____ (Farbar) C:\Users\Nuno\Downloads\FRST64.exe
2017-01-02 18:19 - 2017-01-02 18:20 - 00000000 ___SD C:\ComboFix
2017-01-02 18:19 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2017-01-02 18:19 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2017-01-02 18:19 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-02 18:19 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-01-02 18:19 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-01-02 18:19 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2017-01-02 18:19 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2017-01-02 18:19 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2017-01-02 18:18 - 2017-01-02 18:19 - 00000000 ____D C:\Qoobox
2017-01-02 18:18 - 2017-01-02 18:18 - 00000000 ____D C:\Windows\erdnt
2017-01-02 18:15 - 2017-01-02 18:15 - 05659917 ____R (Swearware) C:\Users\Nuno\Downloads\ComboFix.exe
2017-01-02 17:01 - 2017-01-02 17:01 - 12725681 _____ C:\Users\Nuno\Downloads\kik-messenger-7-2-2-99-en-android.apk
2017-01-01 20:48 - 2017-01-01 20:48 - 200002038 _____ C:\Users\Nuno\Desktop\ATB_4646 www.adorable-teens.net.rar
2017-01-01 20:48 - 2017-01-01 20:48 - 156419595 _____ C:\Users\Nuno\Desktop\kitty.rar
2017-01-01 17:51 - 2015-12-17 17:15 - 00873097 _____ C:\Users\Nuno\Desktop\Ultimate Minecraft Domination www.ebookleaks.org.pdf
2017-01-01 17:50 - 2017-01-01 17:50 - 01863851 _____ C:\Users\Nuno\Downloads\Ultimate Minecraft Domination www.ebookleaks.org.rar
2016-12-31 02:52 - 2016-12-31 02:52 - 00000000 ____D C:\Users\Nuno\Downloads\ATB_4379 www.adorable-teens.net
2016-12-31 02:52 - 2015-03-13 14:58 - 00000125 _____ C:\Users\Nuno\Downloads\Adorable-Teens.url
2016-12-31 02:52 - 2015-03-12 08:44 - 00099119 _____ C:\Users\Nuno\Downloads\Adorable-Teens.net .png
2016-12-31 02:20 - 2016-12-31 02:52 - 97582499 _____ C:\Users\Nuno\Downloads\ATB_4379 www.adorable-teens.net.rar
2016-12-30 21:34 - 2017-01-01 14:08 - 00000000 ____D C:\Users\Nuno\Desktop\ATB_4646 www.adorable-teens.net
2016-12-30 20:26 - 2016-12-30 21:38 - 00000000 ____D C:\Users\Nuno\Downloads\ATB 4646 www adorable-teens
2016-12-30 13:22 - 2016-12-30 13:22 - 00320817 _____ C:\Users\Nuno\Downloads\MYVID_20161229_190622 (2).mp4
2016-12-30 13:22 - 2016-12-30 13:22 - 00320817 _____ C:\Users\Nuno\Downloads\MYVID_20161229_190622 (1).mp4
2016-12-30 03:07 - 2016-12-30 03:07 - 00320817 _____ C:\Users\Nuno\Downloads\MYVID_20161229_190622.mp4
2016-12-30 03:05 - 2016-12-30 03:05 - 00364644 _____ C:\Users\Nuno\Downloads\MYVID_20161229_185233 (2).mp4
2016-12-30 02:58 - 2016-12-30 02:58 - 00364644 _____ C:\Users\Nuno\Downloads\MYVID_20161229_185233.mp4
2016-12-30 02:58 - 2016-12-30 02:58 - 00364644 _____ C:\Users\Nuno\Downloads\MYVID_20161229_185233 (1).mp4
2016-12-29 23:46 - 2016-12-29 23:46 - 00841720 _____ (ghost-mouse.com ) C:\Users\Nuno\Downloads\GhostMouse-Setup.exe
2016-12-29 23:46 - 2016-12-29 23:46 - 00001063 _____ C:\Users\Public\Desktop\GhostMouse Free.lnk
2016-12-29 23:46 - 2016-12-29 23:46 - 00000000 ____D C:\Users\Nuno\Documents\AutomaticSolution Software
2016-12-29 23:46 - 2016-12-29 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GhostMouse
2016-12-29 23:46 - 2016-12-29 23:46 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2016-12-29 19:11 - 2016-12-29 19:11 - 00113381 _____ C:\Users\Nuno\Downloads\15417050_1044263149052318_763601284_n.jpg
2016-12-29 19:09 - 2016-12-29 19:09 - 00285002 _____ C:\Users\Nuno\Downloads\15369710_1044267895718510_108150844_o.jpg
2016-12-29 17:57 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-12-29 17:57 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-12-29 17:57 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-12-29 17:57 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-12-29 17:57 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-12-29 17:56 - 2016-12-29 17:56 - 00001613 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-12-29 17:56 - 2016-12-29 17:56 - 00000000 ____D C:\Riot Games
2016-12-29 17:56 - 2016-12-29 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-12-29 17:54 - 2016-12-29 17:54 - 31876824 _____ (Riot Games) C:\Users\Nuno\Downloads\LeagueofLegends_EUW_Installer_2016_11_10.exe
2016-12-29 16:53 - 2016-12-29 17:05 - 85420032 _____ C:\Users\Nuno\Downloads\Win10_1607_English_x64.iso
2016-12-29 16:20 - 2016-12-29 16:21 - 00000000 ____D C:\Users\Nuno\Downloads\kali-linux-2016.2-i386
2016-12-29 15:15 - 2016-12-29 15:15 - 00496896 _____ C:\Users\Nuno\Downloads\flux-setup.exe
2016-12-29 15:15 - 2016-12-29 15:15 - 00002073 _____ C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2016-12-29 15:15 - 2016-12-29 15:15 - 00000000 ____D C:\Users\Nuno\AppData\Local\FluxSoftware
2016-12-29 14:54 - 2016-11-11 23:22 - 00400968 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2016-12-29 14:54 - 2016-11-11 23:22 - 00366664 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2016-12-29 14:54 - 2016-11-11 23:16 - 00088128 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2016-12-29 14:54 - 2016-11-11 23:16 - 00052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
2016-12-29 14:54 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2016-12-29 14:54 - 2016-11-11 23:05 - 00045632 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2016-12-29 14:54 - 2016-11-11 23:05 - 00044096 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2016-12-29 14:54 - 2016-09-30 01:11 - 00093248 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2016-12-29 14:54 - 2016-09-30 01:11 - 00069104 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2016-12-29 14:54 - 2016-09-30 01:11 - 00065008 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2016-12-29 14:53 - 2016-12-29 14:53 - 00001203 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk
2016-12-29 14:53 - 2016-12-29 14:53 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2016-12-29 14:53 - 2016-12-29 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2016-12-29 14:53 - 2016-11-11 23:21 - 01148488 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2016-12-29 14:53 - 2016-09-06 18:48 - 00083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2016-12-29 14:52 - 2016-12-29 14:52 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2016-12-29 14:52 - 2016-12-29 14:52 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-12-29 14:50 - 2016-12-29 14:51 - 318436392 _____ (VMware, Inc.) C:\Users\Nuno\Downloads\VMware-workstation-full-12.5.2-4638234.exe
2016-12-29 14:42 - 2016-12-29 14:42 - 00237752 _____ C:\Users\Nuno\Downloads\kali-linux-2016.2-i386.torrent
2016-12-29 13:34 - 2016-12-29 13:34 - 00004174 _____ C:\Windows\PFRO.log
2016-12-29 00:05 - 2016-12-29 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TenClips
2016-12-29 00:05 - 2016-12-29 00:05 - 00000000 ____D C:\Program Files (x86)\TenClips
2016-12-28 22:05 - 2016-12-28 22:05 - 00001315 _____ C:\Users\Nuno\Desktop\ROBLOX Player.lnk
2016-12-28 22:05 - 2016-12-28 22:05 - 00001134 _____ C:\Users\Nuno\Desktop\ROBLOX Studio.lnk
2016-12-28 22:05 - 2016-12-28 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2016-12-27 00:52 - 2016-12-27 00:52 - 00001632 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-12-27 00:52 - 2016-12-27 00:52 - 00001632 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-12-27 00:51 - 2016-12-27 00:52 - 00000000 ____D C:\Program Files (x86)\Bluestacks
2016-12-27 00:51 - 2016-12-27 00:51 - 00000000 ____D C:\Users\Nuno\AppData\Local\Bluestacks
2016-12-27 00:51 - 2016-12-13 17:27 - 00000000 ____D C:\ProgramData\Bluestacks
2016-12-27 00:21 - 2016-12-30 03:01 - 00000000 ____D C:\Users\Nuno\Desktop\ddd
2016-12-26 23:47 - 2016-12-26 23:45 - 00127432 _____ (BigNox Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2016-12-26 23:46 - 2016-12-28 01:48 - 00024352 _____ C:\Windows\DPINST.LOG
2016-12-26 23:46 - 2016-12-26 23:46 - 00000041 _____ C:\Users\Nuno\inst.ini
2016-12-26 23:46 - 2016-12-26 23:45 - 00253384 _____ (BigNox Corporation) C:\Windows\system32\Drivers\XQHDrv.sys
2016-12-26 23:45 - 2016-12-28 01:49 - 00000000 ____D C:\Program Files (x86)\Nox
2016-12-26 21:46 - 2016-12-26 21:46 - 00002076 _____ C:\Users\Nuno\Desktop\JDownloader 2.lnk
2016-12-26 21:45 - 2016-12-31 02:53 - 00000000 ____D C:\Users\Nuno\AppData\Local\JDownloader v2.0
2016-12-26 21:45 - 2016-12-26 21:45 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2016-12-26 20:08 - 2016-12-26 20:08 - 00000970 _____ C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2016-12-26 20:08 - 2016-12-26 20:08 - 00000962 _____ C:\Users\Nuno\Desktop\join.me.lnk
2016-12-26 19:00 - 2016-12-30 01:27 - 00000000 ____D C:\Users\Nuno\AppData\Local\join.me
2016-12-26 19:00 - 2016-12-30 01:26 - 00000209 _____ C:\Users\Nuno\BullseyeCoverageError.txt
2016-12-26 17:36 - 2016-12-26 17:36 - 06468153 _____ C:\Users\Nuno\Desktop\make-up-artist-business-card-template-front.psd
2016-12-26 17:36 - 2016-12-26 17:36 - 00610948 _____ C:\Users\Nuno\Desktop\15181329_152105341931968_6908684556696036346_n.psd
2016-12-26 17:07 - 2016-12-26 17:28 - 01082569 _____ C:\Users\Nuno\Desktop\make-up-artist-business-card-template-front.jpg
2016-12-26 03:28 - 2016-12-26 03:28 - 00000000 ____D C:\Users\Nuno\AppData\Local\AbzuGame
2016-12-26 03:21 - 2016-12-26 03:21 - 00000222 _____ C:\Users\Nuno\Desktop\ABZ.url
2016-12-26 02:02 - 2016-12-28 13:43 - 00000000 ____D C:\Users\Nuno\Desktop\kitty
2016-12-26 01:25 - 2016-12-27 16:41 - 00000000 ____D C:\Users\Nuno\AppData\LocalLow\Mozilla
2016-12-26 01:24 - 2016-12-26 01:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-26 01:24 - 2016-12-26 01:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-26 01:24 - 2016-12-26 01:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-25 17:29 - 2016-12-25 17:29 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-12-25 17:25 - 2016-12-25 17:37 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2016-12-25 17:25 - 2016-12-25 17:25 - 00000000 ____D C:\ProgramData\Samsung
2016-12-25 17:25 - 2016-12-25 17:25 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2016-12-25 17:22 - 2017-01-02 15:08 - 00002800 _____ C:\Windows\setupact.log
2016-12-25 17:22 - 2016-12-25 17:22 - 00000000 _____ C:\Windows\setuperr.log
2016-12-24 17:50 - 2016-12-24 17:51 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-24 17:50 - 2016-12-24 17:50 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1482601844
2016-12-24 17:50 - 2016-12-24 17:50 - 00001135 _____ C:\Users\Public\Desktop\Opera.lnk
2016-12-24 17:50 - 2016-12-24 17:50 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-24 17:50 - 2016-12-24 17:50 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Opera Software
2016-12-24 17:50 - 2016-12-24 17:50 - 00000000 ____D C:\Users\Nuno\AppData\Local\Opera Software
2016-12-24 17:46 - 2016-12-24 17:46 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Avira
2016-12-24 17:13 - 2016-12-24 17:13 - 00034240 _____ C:\Users\Nuno\Desktop\Screenshot_4.png
2016-12-24 17:11 - 2016-12-31 14:15 - 00001190 _____ C:\Users\Nuno\Desktop\traffic.txt
2016-12-23 18:47 - 2017-01-01 17:25 - 00000637 _____ C:\Users\Nuno\Desktop\asdasd.txt
2016-12-22 00:32 - 2016-12-22 00:32 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pidgin-otr
2016-12-22 00:32 - 2016-12-22 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pidgin-otr
2016-12-22 00:32 - 2016-12-22 00:32 - 00000000 ____D C:\Program Files (x86)\pidgin-otr
2016-12-22 00:30 - 2016-12-22 00:53 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\.purple
2016-12-22 00:28 - 2016-12-22 00:28 - 00000991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2016-12-22 00:28 - 2016-12-22 00:28 - 00000000 ____D C:\Program Files (x86)\Pidgin
2016-12-22 00:14 - 2016-12-22 00:22 - 00000000 ____D C:\Program Files\MyPortal
2016-12-21 00:07 - 2016-12-21 18:44 - 00000000 ____D C:\Users\Nuno\AppData\Local\UserTestingPlugin
2016-12-20 21:37 - 2016-12-20 21:37 - 00000000 ____D C:\ProgramData\TSNotifier
2016-12-20 20:36 - 2016-12-25 17:08 - 00991744 ___SH C:\Users\Nuno\Documents\Thumbs.db
2016-12-20 18:01 - 2016-12-28 14:23 - 00524288 ___SH C:\Windows\system32\config\components{89a155f7-c6a2-11e6-b9e5-10bf487beda3}.TMContainer00000000000000000001.regtrans-ms
2016-12-20 18:01 - 2016-12-28 14:23 - 00065536 ___SH C:\Windows\system32\config\components{89a155f7-c6a2-11e6-b9e5-10bf487beda3}.TM.blf
2016-12-20 18:01 - 2016-12-21 01:46 - 00524288 ___SH C:\Windows\system32\config\components{89a155f7-c6a2-11e6-b9e5-10bf487beda3}.TMContainer00000000000000000002.regtrans-ms
2016-12-20 14:59 - 2016-12-20 14:59 - 01198379 _____ C:\Windows\unins000.exe
2016-12-20 14:46 - 2016-12-20 16:02 - 00000000 ____D C:\Users\Nuno\Desktop\GTA San ANDREAS
2016-12-20 11:08 - 2016-12-20 11:08 - 00001073 _____ C:\Users\Public\Desktop\OkayFreedom.lnk
2016-12-20 11:08 - 2016-12-20 11:08 - 00000000 ____D C:\Program Files (x86)\OkayFreedom
2016-12-20 00:22 - 2016-12-21 23:13 - 00000323 _____ C:\Users\Nuno\Desktop\Novo Documento de Texto.txt
2016-12-19 16:48 - 2016-12-19 16:48 - 00000000 ____D C:\Users\Nuno\AppData\Local\ElevatedDiagnostics
2016-12-19 13:58 - 2016-12-19 13:58 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\TSNotifier
2016-12-19 13:56 - 2016-12-19 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSNotifier
2016-12-19 13:56 - 2016-12-19 15:11 - 00000000 ____D C:\Program Files (x86)\TS Notifier
2016-12-18 22:39 - 2016-12-18 22:39 - 00030957 _____ C:\Users\Nuno\Desktop\f42de540052045f9974966b209f4dd4b.png
2016-12-18 22:03 - 2016-12-18 22:03 - 00079145 _____ C:\Users\Nuno\Desktop\3NsCefD.png
2016-12-18 19:44 - 2016-12-28 01:22 - 00000000 ____D C:\Users\Nuno\AppData\Local\Troubleshooter
2016-12-18 18:45 - 2016-11-23 13:37 - 00000570 _____ C:\Users\Nuno\AppData\Local\TroubleshooterConfig.json
2016-12-18 02:16 - 2016-12-25 18:25 - 00000000 ____D C:\Users\Nuno\Desktop\Los Santos Police Department Handbook [14_NOV_16] - Los Santos Police Department_files
2016-12-18 02:16 - 2016-12-18 02:16 - 00111179 _____ C:\Users\Nuno\Desktop\Los Santos Police Department Handbook [14_NOV_16] - Los Santos Police Department.html
2016-12-18 02:12 - 2016-12-20 00:52 - 00000529 _____ C:\Users\Nuno\Desktop\code 10.txt
2016-12-17 15:52 - 2016-12-17 15:52 - 00000000 ____D C:\Program Files\Sony
2016-12-17 15:47 - 2016-12-17 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-12-17 15:26 - 2016-12-17 15:26 - 00002078 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk
2016-12-17 15:24 - 2016-12-06 16:01 - 00176464 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-12-17 15:24 - 2016-12-06 16:01 - 00148032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-12-17 15:24 - 2016-12-06 16:01 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-12-17 15:24 - 2016-12-06 16:01 - 00035864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2016-12-17 15:24 - 2016-12-06 16:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-12-17 14:48 - 2016-12-17 15:14 - 00524288 ___SH C:\Users\Nuno\ntuser.dat{8e7502af-c466-11e6-836f-10bf487beda3}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 14:48 - 2016-12-17 15:14 - 00524288 ___SH C:\Users\Nuno\ntuser.dat{8e7502af-c466-11e6-836f-10bf487beda3}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 14:48 - 2016-12-17 15:14 - 00065536 ___SH C:\Users\Nuno\ntuser.dat{8e7502af-c466-11e6-836f-10bf487beda3}.TM.blf
2016-12-17 14:42 - 2016-12-17 14:42 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\Programs
2016-12-17 14:33 - 2016-12-17 14:33 - 01293540 ____H C:\Users\nun\AppData\Local\IconCache.db
2016-12-17 14:28 - 2016-12-17 14:42 - 01363532 ____H C:\Users\Nuno.Nuno-PC.000\AppData\Local\IconCache.db
2016-12-17 14:18 - 2016-12-17 14:18 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\Adobe
2016-12-17 14:17 - 2017-01-02 15:21 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-17 14:17 - 2016-12-17 14:47 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-17 14:17 - 2016-12-17 14:47 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\Contacts
2016-12-17 14:17 - 2016-12-17 14:37 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.000\Searches
2016-12-17 14:17 - 2016-12-17 14:26 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\Google
2016-12-17 14:17 - 2016-12-17 14:17 - 00000000 ___SD C:\Users\Nuno.Nuno-PC.000\AppData\LocalLow\Microsoft
2016-12-17 14:17 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Intel Corporation
2016-12-17 14:17 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Identities
2016-12-17 14:17 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Adobe
2016-12-17 14:17 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\Avira
2016-12-17 14:16 - 2016-12-19 13:32 - 00262144 ___SH C:\Users\Nuno.Nuno-PC.000\ntuser.dat.LOG1
2016-12-17 14:16 - 2016-12-17 14:48 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-17 14:16 - 2016-12-17 14:48 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000
2016-12-17 14:16 - 2016-12-17 14:47 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\Documents
2016-12-17 14:16 - 2016-12-17 14:42 - 00786432 ___SH C:\Users\Nuno.Nuno-PC.000\NTUSER.DAT
2016-12-17 14:16 - 2016-12-17 14:42 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\Temp
2016-12-17 14:16 - 2016-12-17 14:42 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local
2016-12-17 14:16 - 2016-12-17 14:32 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming
2016-12-17 14:16 - 2016-12-17 14:28 - 00524288 ___SH C:\Users\Nuno.Nuno-PC.000\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 14:16 - 2016-12-17 14:28 - 00524288 ___SH C:\Users\Nuno.Nuno-PC.000\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 14:16 - 2016-12-17 14:28 - 00065536 ___SH C:\Users\Nuno.Nuno-PC.000\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2016-12-17 14:16 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Microsoft
2016-12-17 14:16 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\LocalLow
2016-12-17 14:16 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\Microsoft
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\SendTo
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Recent
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\PrintHood
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Os meus documentos
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\NetHood
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Modelos
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Menu Iniciar
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Documents\Os meus vídeos
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Documents\As minhas imagens
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Documents\A minha música
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Definições locais
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Cookies
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Application Data
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\AppData\Local\Temporary Internet Files
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\AppData\Local\Histórico
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\AppData\Local\Application Data
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 ___SH C:\Users\Nuno.Nuno-PC.000\ntuser.dat.LOG2
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData
2016-12-17 14:16 - 2016-12-17 14:11 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\NVIDIA Corporation
2016-12-17 14:16 - 2016-12-17 14:08 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\NVIDIA
2016-12-17 14:16 - 2011-04-12 13:06 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Media Center Programs
2016-12-17 14:15 - 2016-12-19 13:32 - 00230400 ___SH C:\Users\Nuno.Nuno-PC\ntuser.dat.LOG1
2016-12-17 14:15 - 2016-12-17 14:15 - 00524288 ___SH C:\Users\Nuno.Nuno-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 14:15 - 2016-12-17 14:15 - 00524288 ___SH C:\Users\Nuno.Nuno-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 14:15 - 2016-12-17 14:15 - 00065536 ___SH C:\Users\Nuno.Nuno-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\SendTo
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Recent
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\PrintHood
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Os meus documentos
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\NetHood
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Modelos
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Menu Iniciar
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Documents\Os meus vídeos
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Documents\As minhas imagens
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Documents\A minha música
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Definições locais
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Cookies
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Application Data
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\AppData\Local\Temporary Internet Files
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\AppData\Local\Histórico
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\AppData\Local\Application Data
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 ___SH C:\Users\Nuno.Nuno-PC\ntuser.dat.LOG2
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\LocalLow
2016-12-17 14:14 - 2016-12-17 14:48 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Roaming\Microsoft
2016-12-17 14:14 - 2016-12-17 14:48 - 00000000 ____D C:\Users\Nuno.Nuno-PC
2016-12-17 14:14 - 2016-12-17 14:15 - 00262144 ___SH C:\Users\Nuno.Nuno-PC\NTUSER.DAT
2016-12-17 14:14 - 2016-12-17 14:15 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Documents
2016-12-17 14:14 - 2016-12-17 14:15 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Local\Microsoft
2016-12-17 14:14 - 2016-12-17 14:15 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Local
2016-12-17 14:14 - 2016-12-17 14:15 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData
2016-12-17 14:14 - 2016-12-17 14:11 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Videos
2016-12-17 14:14 - 2016-12-17 14:11 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Local\NVIDIA Corporation
2016-12-17 14:14 - 2016-12-17 14:08 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Local\NVIDIA
2016-12-17 14:14 - 2011-04-12 13:06 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Roaming\Media Center Programs
2016-12-17 14:14 - 2011-04-12 13:06 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Roaming
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Pictures
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Music
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Favorites
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Downloads
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Desktop
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ____D C:\Users\Nuno.Nuno-PC\Saved Games
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Local\Temp
2016-12-17 14:10 - 2016-12-17 14:11 - 00000000 ____D C:\Users\Default\AppData\Local\NVIDIA Corporation
2016-12-17 14:10 - 2016-12-17 14:11 - 00000000 ____D C:\Users\Default User\AppData\Local\NVIDIA Corporation
2016-12-17 14:08 - 2016-12-17 14:08 - 01137350 ____H C:\Users\TEMP\AppData\Local\IconCache.db
2016-12-17 14:08 - 2016-12-17 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\NVIDIA
2016-12-17 14:08 - 2016-12-17 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\NVIDIA
2016-12-17 13:56 - 2016-12-17 13:56 - 00000000 ____D C:\Users\TEMP\AppData\Local\NVIDIA Corporation
2016-12-17 13:56 - 2016-12-17 13:56 - 00000000 ____D C:\Users\TEMP\AppData\Local\Adobe
2016-12-17 13:54 - 2016-12-19 13:32 - 00262144 ___SH C:\Users\TEMP\ntuser.dat.LOG1
2016-12-17 13:54 - 2016-12-17 14:48 - 00000000 ____D C:\Users\TEMP
2016-12-17 13:54 - 2016-12-17 14:47 - 00000000 ____D C:\Users\TEMP\Searches
2016-12-17 13:54 - 2016-12-17 14:47 - 00000000 ____D C:\Users\TEMP\Documents
2016-12-17 13:54 - 2016-12-17 14:47 - 00000000 ____D C:\Users\TEMP\Contacts
2016-12-17 13:54 - 2016-12-17 14:08 - 01048576 ___SH C:\Users\TEMP\NTUSER.DAT
2016-12-17 13:54 - 2016-12-17 14:08 - 00524288 ___SH C:\Users\TEMP\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 13:54 - 2016-12-17 14:08 - 00524288 ___SH C:\Users\TEMP\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 13:54 - 2016-12-17 14:08 - 00065536 ___SH C:\Users\TEMP\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2016-12-17 13:54 - 2016-12-17 14:08 - 00000000 ____D C:\Users\TEMP\AppData\Local\Temp
2016-12-17 13:54 - 2016-12-17 14:08 - 00000000 ____D C:\Users\TEMP\AppData\Local
2016-12-17 13:54 - 2016-12-17 14:03 - 00000000 ____D C:\Users\TEMP\AppData\Local\Google
2016-12-17 13:54 - 2016-12-17 13:54 - 01141036 ____H C:\Users\Nuno.Nuno-PC.001\AppData\Local\IconCache.db
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\SendTo
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Recent
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\PrintHood
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Os meus documentos
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\NetHood
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Modelos
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Menu Iniciar
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Documents\Os meus vídeos
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Documents\As minhas imagens
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Documents\A minha música
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Definições locais
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Cookies
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Application Data
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Temporary Internet Files
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Histórico
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Application Data
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ___SH C:\Users\TEMP\ntuser.dat.LOG2
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ___SD C:\Users\TEMP\AppData\LocalLow\Microsoft
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Intel Corporation
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Identities
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Roaming
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\LocalLow
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Local\NVIDIA
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Local\Avira
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData
2016-12-17 13:54 - 2011-04-12 13:06 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-12-17 13:44 - 2016-12-17 13:44 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\NVIDIA Corporation
2016-12-17 13:44 - 2016-12-17 13:44 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\Adobe
2016-12-17 13:43 - 2016-12-17 14:47 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\Searches
2016-12-17 13:43 - 2016-12-17 14:47 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\Contacts
2016-12-17 13:43 - 2016-12-17 13:51 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\Google
2016-12-17 13:43 - 2016-12-17 13:43 - 00000000 ___SD C:\Users\Nuno.Nuno-PC.001\AppData\LocalLow\Microsoft
2016-12-17 13:43 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Intel Corporation
2016-12-17 13:43 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Identities
2016-12-17 13:43 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Adobe
2016-12-17 13:43 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\Avira
2016-12-17 13:42 - 2016-12-19 13:32 - 00262144 ___SH C:\Users\Nuno.Nuno-PC.001\ntuser.dat.LOG1
2016-12-17 13:42 - 2016-12-17 14:48 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-17 13:42 - 2016-12-17 14:48 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001
2016-12-17 13:42 - 2016-12-17 14:47 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.001\Saved Games
2016-12-17 13:42 - 2016-12-17 14:47 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.001\Pictures
2016-12-17 13:42 - 2016-12-17 14:47 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-17 13:42 - 2016-12-17 14:47 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-17 13:42 - 2016-12-17 14:47 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\Documents
2016-12-17 13:42 - 2016-12-17 13:54 - 01048576 ___SH C:\Users\Nuno.Nuno-PC.001\NTUSER.DAT
2016-12-17 13:42 - 2016-12-17 13:54 - 00524288 ___SH C:\Users\Nuno.Nuno-PC.001\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 13:42 - 2016-12-17 13:54 - 00524288 ___SH C:\Users\Nuno.Nuno-PC.001\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 13:42 - 2016-12-17 13:54 - 00065536 ___SH C:\Users\Nuno.Nuno-PC.001\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2016-12-17 13:42 - 2016-12-17 13:54 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\Temp
2016-12-17 13:42 - 2016-12-17 13:54 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local
2016-12-17 13:42 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Microsoft
2016-12-17 13:42 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming
2016-12-17 13:42 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\LocalLow
2016-12-17 13:42 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\Microsoft
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\SendTo
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Recent
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\PrintHood
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Os meus documentos
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\NetHood
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Modelos
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Menu Iniciar
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Documents\Os meus vídeos
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Documents\As minhas imagens
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Documents\A minha música
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Definições locais
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Cookies
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Application Data
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\AppData\Local\Temporary Internet Files
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\AppData\Local\Histórico
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\AppData\Local\Application Data
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 ___SH C:\Users\Nuno.Nuno-PC.001\ntuser.dat.LOG2
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\NVIDIA
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData
2016-12-17 13:42 - 2011-04-12 13:06 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Media Center Programs
2016-12-17 13:38 - 2016-12-17 13:38 - 00000000 ____D C:\Users\nun\AppData\Local\Adobe
2016-12-17 13:37 - 2017-01-02 18:20 - 01048576 ___SH C:\Users\nun\NTUSER.DAT
2016-12-17 13:37 - 2017-01-02 18:20 - 00262144 ___SH C:\Users\nun\ntuser.dat.LOG1
2016-12-17 13:37 - 2016-12-17 14:48 - 00000000 ____D C:\Users\nun
2016-12-17 13:37 - 2016-12-17 14:47 - 00000000 ____D C:\Users\nun\Searches
2016-12-17 13:37 - 2016-12-17 14:47 - 00000000 ____D C:\Users\nun\Documents
2016-12-17 13:37 - 2016-12-17 14:47 - 00000000 ____D C:\Users\nun\Contacts
2016-12-17 13:37 - 2016-12-17 14:33 - 00524288 ___SH C:\Users\nun\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 13:37 - 2016-12-17 14:33 - 00524288 ___SH C:\Users\nun\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 13:37 - 2016-12-17 14:33 - 00065536 ___SH C:\Users\nun\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2016-12-17 13:37 - 2016-12-17 14:33 - 00000000 ____D C:\Users\nun\AppData\Local
2016-12-17 13:37 - 2016-12-17 14:32 - 00000000 ____D C:\Users\nun\AppData\Local\Temp
2016-12-17 13:37 - 2016-12-17 13:46 - 00000000 ____D C:\Users\nun\AppData\Local\Google
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\SendTo
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Recent
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\PrintHood
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Os meus documentos
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\NetHood
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Modelos
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Menu Iniciar
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Documents\Os meus vídeos
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Documents\As minhas imagens
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Documents\A minha música
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Definições locais
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Cookies
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Application Data
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\AppData\Local\Temporary Internet Files
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\AppData\Local\Histórico
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\AppData\Local\Application Data
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ___SH C:\Users\nun\ntuser.dat.LOG2
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ___SD C:\Users\nun\AppData\LocalLow\Microsoft
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Roaming\Microsoft
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Roaming\Intel Corporation
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Roaming\Identities
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Roaming\Adobe
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Roaming
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\LocalLow
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Local\NVIDIA
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Local\Microsoft
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Local\Avira
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData
2016-12-17 13:37 - 2011-04-12 13:06 - 00000000 ____D C:\Users\nun\AppData\Roaming\Media Center Programs
2016-12-17 01:02 - 2016-12-17 01:02 - 00000000 ____D C:\Users\Nuno\AppData\Local\Astro
2016-12-16 16:27 - 2016-12-27 01:49 - 00116600 _____ C:\Users\Nuno\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-15 21:04 - 2016-12-17 14:43 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log
2016-12-15 21:04 - 2016-12-17 14:34 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2016-12-15 17:44 - 2017-01-02 15:21 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-12-15 17:44 - 2016-12-15 17:44 - 00001215 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-12-14 20:31 - 2016-12-14 20:31 - 00000000 ___DL C:\Users\Nuno\Local Settings
2016-12-14 20:31 - 2016-12-14 20:31 - 00000000 ___DL C:\Users\Nuno\Documents\My Videos
2016-12-14 20:31 - 2016-12-14 20:31 - 00000000 ___DL C:\Users\Nuno\Documents\My Pictures
2016-12-14 20:31 - 2016-12-14 20:31 - 00000000 ___DL C:\Users\Nuno\Documents\My Music
2016-12-14 20:31 - 2016-12-14 20:31 - 00000000 ___DL C:\Users\Nuno\AppData\Local\History
2016-12-14 20:22 - 2016-12-17 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-12-14 20:22 - 2016-12-14 20:22 - 00003650 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-12-14 20:22 - 2016-12-14 20:22 - 00002159 _____ C:\Users\Nuno\Desktop\Tweaking.com - Windows Repair.lnk
2016-12-14 20:22 - 2016-12-14 20:22 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-12-14 19:18 - 2016-12-22 22:05 - 00001121 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-12-14 19:18 - 2016-12-20 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-12-14 19:18 - 2016-12-16 08:53 - 00040984 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-12-14 19:18 - 2016-12-14 19:18 - 00000000 ____D C:\Users\Nuno\AppData\Local\VS Revo Group
2016-12-14 19:18 - 2016-12-14 19:18 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-12-14 19:18 - 2016-12-14 19:18 - 00000000 ____D C:\Program Files\VS Revo Group
2016-12-14 17:25 - 2016-12-17 14:51 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-14 17:24 - 2016-12-17 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-14 17:24 - 2016-11-29 06:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-14 17:14 - 2016-12-14 18:44 - 00524288 ___SH C:\Users\Nuno\ntuser.dat{fb02836d-c21e-11e6-b16c-10bf487beda3}.TMContainer00000000000000000002.regtrans-ms
2016-12-14 17:14 - 2016-12-14 18:44 - 00524288 ___SH C:\Users\Nuno\ntuser.dat{fb02836d-c21e-11e6-b16c-10bf487beda3}.TMContainer00000000000000000001.regtrans-ms
2016-12-14 17:14 - 2016-12-14 18:44 - 00065536 ___SH C:\Users\Nuno\ntuser.dat{fb02836d-c21e-11e6-b16c-10bf487beda3}.TM.blf
2016-12-14 16:25 - 2016-12-17 14:09 - 00000000 ____D C:\NVIDIA Corporation
2016-12-13 18:44 - 2016-12-13 18:44 - 00000000 ____D C:\Users\Nuno\AppData\Local\Chromium
2016-12-11 01:09 - 2016-12-11 01:09 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\New Technology Studio
2016-12-11 01:09 - 2016-12-11 01:09 - 00000000 ____D C:\Users\Nuno\AppData\Local\New Technology Studio
2016-12-07 16:25 - 2016-12-08 01:06 - 00004471 _____ C:\Users\Nuno\Desktop\Texto.txt
2016-12-05 15:01 - 2016-12-05 15:01 - 00000000 ____D C:\Users\Nuno\My Documents
2016-12-03 20:23 - 2016-12-03 20:23 - 00000000 ____D C:\Users\Nuno\AppData\LocalLow\Weappy
2016-12-03 20:01 - 2016-12-03 20:01 - 00000000 ____D C:\Users\Nuno\AppData\LocalLow\Improx Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-02 18:21 - 2016-06-03 17:02 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Skype
2017-01-02 18:06 - 2016-08-29 13:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-02 17:00 - 2016-07-04 21:26 - 00000000 ____D C:\Users\Nuno\.android
2017-01-02 15:42 - 2016-06-05 20:51 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-01-02 15:27 - 2016-06-02 21:32 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-02 15:26 - 2016-06-03 16:40 - 00000000 _____ C:\Windows\Path.idx
2017-01-02 15:26 - 2009-07-14 04:45 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-02 15:26 - 2009-07-14 04:45 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-02 15:21 - 2016-10-14 22:13 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\BitTorrent
2017-01-02 15:21 - 2016-06-03 16:35 - 01048576 _____ C:\Windows\PE_Rom.dll
2017-01-02 15:21 - 2016-06-02 21:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-02 15:09 - 2016-07-04 22:07 - 00000000 ____D C:\ProgramData\VMware
2017-01-02 15:08 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-01 19:08 - 2016-07-04 22:40 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\VMware
2017-01-01 19:08 - 2016-07-04 22:40 - 00000000 ____D C:\Users\Nuno\AppData\Local\VMware
2017-01-01 00:13 - 2016-08-29 13:48 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-01 00:13 - 2016-06-03 16:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-31 04:37 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\config
2016-12-31 04:37 - 2009-07-14 02:34 - 49020928 _____ C:\Windows\system32\config\components
2016-12-31 04:37 - 2009-07-14 02:34 - 00262144 ____H C:\Windows\system32\config\COMPONENTS.LOG1
2016-12-29 23:46 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Documents
2016-12-29 23:46 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-29 23:46 - 2009-07-14 03:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs
2016-12-29 23:46 - 2009-07-14 03:20 - 00000000 ___RD C:\Program Files (x86)
2016-12-29 17:57 - 2016-06-03 15:48 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Riot Games
2016-12-29 17:57 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64
2016-12-29 17:56 - 2016-06-02 20:44 - 00000000 __SHD C:\Windows\Installer
2016-12-29 17:56 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Tasks
2016-12-29 17:56 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Logs
2016-12-29 15:15 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-29 14:54 - 2016-07-16 16:43 - 00000000 ___DC C:\Windows\system32\DRVSTORE
2016-12-29 14:54 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\DriverStore
2016-12-29 14:54 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\System32
2016-12-29 14:54 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-12-29 14:53 - 2016-06-03 16:07 - 01680172 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-29 14:53 - 2011-04-12 12:55 - 00726276 _____ C:\Windows\system32\prfh0816.dat
2016-12-29 14:53 - 2011-04-12 12:55 - 00154694 _____ C:\Windows\system32\prfc0816.dat
2016-12-29 14:53 - 2009-07-14 02:36 - 00659594 _____ C:\Windows\system32\perfh009.dat
2016-12-29 14:53 - 2009-07-14 02:36 - 00123932 _____ C:\Windows\system32\perfc009.dat
2016-12-29 14:52 - 2016-07-04 22:07 - 00000000 ____D C:\Program Files (x86)\VMware
2016-12-29 14:52 - 2009-07-14 03:20 - 00000000 ___RD C:\Users\Public\Documents
2016-12-29 14:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\drivers
2016-12-29 14:52 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files
2016-12-29 14:52 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-29 00:05 - 2009-07-14 03:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-28 22:05 - 2016-08-27 00:56 - 00000244 _____ C:\Users\Nuno\AppData\LocalLow\rbxcsettings.rbx
2016-12-28 20:16 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-28 18:33 - 2016-06-18 21:59 - 00000000 ____D C:\stremio-cache
2016-12-28 14:12 - 2016-06-05 17:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-28 14:09 - 2016-06-05 17:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-28 03:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\catroot
2016-12-28 01:48 - 2016-07-16 16:42 - 00000000 ____D C:\Users\Nuno\AppData\Local\Nox
2016-12-28 01:48 - 2016-06-02 20:31 - 00000000 ____D C:\Users\Nuno
2016-12-28 01:47 - 2016-07-16 16:45 - 00000000 ____D C:\Users\Nuno\vmlogs
2016-12-27 18:49 - 2016-06-17 22:01 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-12-27 18:49 - 2016-06-17 22:01 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-12-27 18:49 - 2016-06-17 22:01 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-27 18:49 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Tasks
2016-12-27 15:55 - 2009-07-14 04:45 - 00531312 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-27 01:36 - 2009-07-14 03:20 - 00000000 __RSD C:\Windows\Fonts
2016-12-27 00:52 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-12-27 00:52 - 2009-07-14 03:20 - 00000000 ___HD C:\ProgramData
2016-12-26 23:47 - 2016-06-07 18:41 - 00000000 ____D C:\Users\Nuno\AppData\Local\CrashDumps
2016-12-26 23:45 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2016-12-26 03:44 - 2016-06-05 17:43 - 00000000 ____D C:\Users\Nuno\AppData\Local\UnrealEngine
2016-12-26 03:21 - 2016-06-03 19:08 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-26 01:24 - 2016-09-08 13:56 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-25 20:15 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-25 17:14 - 2016-10-15 17:15 - 00000073 _____ C:\Users\Nuno\AppData\Local\X-Plane_drm.prf
2016-12-25 17:14 - 2016-08-30 21:58 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\DAEMON Tools Lite
2016-12-25 17:10 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Music
2016-12-25 17:08 - 2016-06-02 21:41 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\TS3Client
2016-12-25 17:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-24 17:50 - 2016-06-02 20:31 - 00000000 ____D C:\Users\Nuno\AppData\Roaming
2016-12-23 14:26 - 2016-10-26 15:09 - 00001202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2016-12-23 14:26 - 2016-10-26 15:09 - 00001190 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2016-12-23 14:26 - 2016-10-26 15:09 - 00000000 ____D C:\Program Files\Paint.NET
2016-12-23 14:26 - 2009-07-14 03:20 - 00000000 __RSD C:\Windows\assembly
2016-12-22 00:14 - 2009-07-14 03:20 - 00000000 ___RD C:\Program Files
2016-12-21 18:08 - 2016-06-30 13:55 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\OBS
2016-12-20 21:52 - 2016-06-08 18:29 - 00000000 ____D C:\Users\Nuno\Documents\GTA San Andreas User Files
2016-12-20 21:39 - 2016-06-04 13:21 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Notepad++
2016-12-20 20:36 - 2016-06-07 17:14 - 00000000 ____D C:\Users\Nuno\Documents\Lightshot
2016-12-20 15:00 - 2016-07-02 12:51 - 00000000 ____D C:\Users\Nuno\AppData\Local\modloader
2016-12-20 15:00 - 2016-07-02 12:51 - 00000000 ____D C:\ProgramData\modloader
2016-12-20 14:59 - 2016-06-17 20:52 - 00162018 _____ C:\Windows\unins000.dat
2016-12-19 23:56 - 2016-06-30 13:54 - 00000000 ____D C:\Program Files\OBS
2016-12-18 21:13 - 2016-10-14 19:55 - 00524288 ___SH C:\Windows\system32\config\components{e86633ca-920e-11e6-b1aa-10bf487beda3}.TMContainer00000000000000000001.regtrans-ms
2016-12-18 21:13 - 2016-10-14 19:55 - 00065536 ___SH C:\Windows\system32\config\components{e86633ca-920e-11e6-b1aa-10bf487beda3}.TM.blf
2016-12-17 16:42 - 2016-06-03 19:17 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\steelseries-engine-3-client
2016-12-17 16:09 - 2009-07-14 05:13 - 01662686 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-17 15:48 - 2016-06-03 16:40 - 00000000 ____D C:\Users\Nuno\AppData\Local\Programs
2016-12-17 15:44 - 2016-08-16 16:29 - 00000000 ____D C:\Users\Nuno\AppData\Local\Deployment
2016-12-17 15:41 - 2016-10-12 18:12 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-12-17 15:35 - 2016-11-05 21:43 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-12-17 15:35 - 2016-10-27 20:46 - 00000568 _____ C:\Windows\SysWOW64\nativelog.txt
2016-12-17 15:35 - 2016-09-01 13:08 - 00000000 ____D C:\ProgramData\Battle.net
2016-12-17 15:35 - 2016-08-29 13:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-17 15:34 - 2016-08-29 13:48 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-17 15:34 - 2016-08-29 13:48 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-17 15:34 - 2016-08-29 13:48 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-17 15:30 - 2016-06-07 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-17 15:26 - 2016-11-29 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-12-17 15:26 - 2016-11-29 19:17 - 00000000 ____D C:\ProgramData\Avira
2016-12-17 15:26 - 2016-11-29 19:17 - 00000000 ____D C:\Program Files (x86)\Avira
2016-12-17 15:00 - 2016-06-02 21:33 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicações do Chrome
2016-12-17 14:52 - 2016-06-02 21:02 - 00003440 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 14:52 - 2016-06-02 21:02 - 00003312 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-17 14:52 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\config\TxR
2016-12-17 14:51 - 2016-06-07 18:43 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-17 14:51 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-17 14:50 - 2016-06-03 20:55 - 00000000 ____D C:\Users\Nuno\AppData\Local\NVIDIA Corporation
2016-12-17 14:50 - 2016-06-02 21:27 - 00000000 ____D C:\Users\Nuno\AppData\Local\NVIDIA
2016-12-17 14:48 - 2016-06-13 22:55 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru
2016-12-17 14:48 - 2016-06-05 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2016-12-17 14:48 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\wfp
2016-12-17 14:48 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\wbem
2016-12-17 14:47 - 2016-11-13 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-12-17 14:47 - 2016-11-12 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-12-17 14:47 - 2016-11-04 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2016-12-17 14:47 - 2016-10-21 18:33 - 00000000 ____D C:\Program Files (x86)\IVAO
2016-12-17 14:47 - 2016-10-09 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2016-12-17 14:47 - 2016-08-14 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-12-17 14:47 - 2016-08-12 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-12-17 14:47 - 2016-08-10 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-12-17 14:47 - 2016-07-24 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2016-12-17 14:47 - 2016-07-22 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-12-17 14:47 - 2016-07-22 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-12-17 14:47 - 2016-07-22 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-12-17 14:47 - 2016-07-20 23:16 - 00000000 ____D C:\Users\Nuno\AppData\Local\Akamai
2016-12-17 14:47 - 2016-07-16 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-12-17 14:47 - 2016-07-14 14:13 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-12-17 14:47 - 2016-07-14 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-12-17 14:47 - 2016-06-16 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-17 14:47 - 2016-06-14 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016
2016-12-17 14:47 - 2016-06-08 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2016-12-17 14:47 - 2016-06-05 17:29 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-12-17 14:47 - 2016-06-04 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-12-17 14:47 - 2016-06-03 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-17 14:47 - 2016-06-03 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2016-12-17 14:47 - 2016-06-03 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-12-17 14:47 - 2016-06-03 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-17 14:47 - 2016-06-03 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-17 14:47 - 2016-06-02 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-17 14:47 - 2016-06-02 21:26 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-17 14:47 - 2016-06-02 20:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-17 14:47 - 2016-06-02 20:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-12-17 14:47 - 2016-06-02 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-12-17 14:47 - 2016-06-02 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
2016-12-17 14:47 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Searches
2016-12-17 14:47 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Saved Games
2016-12-17 14:47 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Links
2016-12-17 14:47 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Contacts
2016-12-17 14:47 - 2009-07-14 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-17 14:47 - 2009-07-14 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-17 14:47 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-12-17 14:47 - 2009-07-14 03:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-17 14:47 - 2009-07-14 03:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-17 14:47 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\winsxs
2016-12-17 14:47 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\System32\Tasks\Microsoft
2016-12-17 14:47 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\config\systemprofile
2016-12-17 14:47 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-17 14:46 - 2016-09-08 13:56 - 00000000 ____D C:\Users\Nuno\AppData\Local\Mozilla
2016-12-17 14:46 - 2016-06-02 21:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-17 14:46 - 2016-06-02 20:31 - 00000000 ____D C:\Users\Nuno\AppData\Local\Microsoft
2016-12-17 14:46 - 2009-07-14 03:20 - 00000000 ___RD C:\Users
2016-12-17 14:12 - 2009-07-14 03:20 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft
2016-12-17 14:12 - 2009-07-14 03:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft
2016-12-17 14:11 - 2009-07-14 03:20 - 00000000 ___RD C:\Users\Default\Videos
2016-12-17 14:10 - 2009-07-14 03:20 - 00000000 ____D C:\Users\Default\AppData\Local
2016-12-17 14:10 - 2009-07-14 03:20 - 00000000 ____D C:\Users\Default User\AppData\Local
2016-12-15 17:44 - 2009-07-14 03:20 - 00000000 ___RD C:\Users\Public
2016-12-15 17:27 - 2016-06-03 16:40 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2016-12-15 17:27 - 2016-06-03 16:40 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-764316183-3508713337-3659362344-1000.job
2016-12-14 19:41 - 2016-10-15 17:20 - 00003326 _____ C:\Windows\System32\Tasks\SidebarExecute
2016-12-14 19:41 - 2016-06-03 16:40 - 00003396 _____ C:\Windows\System32\Tasks\update-sys
2016-12-14 19:41 - 2016-06-03 16:40 - 00003372 _____ C:\Windows\System32\Tasks\update-S-1-5-21-764316183-3508713337-3659362344-1000
2016-12-14 19:35 - 2016-06-02 21:01 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-12-14 19:33 - 2016-11-13 13:35 - 00000000 ____D C:\Users\Nuno\Downloads\X-Plane 10
2016-12-14 19:33 - 2016-11-05 21:41 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-14 19:33 - 2016-10-20 21:11 - 00000000 ____D C:\Users\Public\Geografia 8ª 2
2016-12-14 19:33 - 2016-10-13 19:11 - 00000000 ____D C:\Users\Nuno\Desktop\Geografia 8ª
2016-12-14 19:33 - 2016-10-13 18:47 - 00000000 ____D C:\Users\Public\Geografia 8ª
2016-12-14 19:19 - 2016-06-02 21:02 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 19:19 - 2016-06-02 21:02 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 19:09 - 2016-07-15 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2016-12-14 19:06 - 2016-08-18 20:16 - 00000000 ____D C:\Windows\pss
2016-12-14 19:05 - 2016-11-09 15:18 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-12-14 19:03 - 2016-11-30 14:37 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-12-14 19:02 - 2016-11-30 14:36 - 00000000 ____D C:\ProgramData\Soluto
2016-12-14 19:00 - 2016-11-30 14:37 - 00000193 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-12-14 18:59 - 2016-09-06 21:49 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Nox
2016-12-14 18:58 - 2016-10-12 18:13 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-12-14 18:58 - 2016-06-02 20:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-14 18:06 - 2016-08-29 13:48 - 00003882 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-14 17:13 - 2016-11-05 21:44 - 00000000 ____D C:\Users\Nuno\Documents\Heroes of the Storm
2016-12-14 17:13 - 2016-09-30 21:26 - 00000000 ____D C:\Users\Nuno\Documents\The Escapists
2016-12-14 17:13 - 2016-09-04 23:14 - 00000000 ____D C:\Users\Nuno\Documents\Wondershare Filmora
2016-12-14 17:13 - 2016-07-24 18:58 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Steganos VPN
2016-12-14 17:13 - 2016-07-24 18:58 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Steganos Updates
2016-12-14 17:13 - 2016-07-16 19:25 - 00000000 ____D C:\Users\Nuno\Documents\Euro Truck Simulator 2
2016-12-14 17:13 - 2016-06-26 17:06 - 00000000 ____D C:\Users\Nuno\Documents\My Data Files
2016-12-14 17:13 - 2016-06-02 21:40 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-12-14 17:13 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Pictures
2016-12-14 17:12 - 2016-11-25 23:18 - 00000000 ____D C:\Windows\Minidump
2016-12-14 17:12 - 2016-10-14 21:47 - 00000000 ____D C:\Users\Nuno\Desktop\X-Plane 10
2016-12-14 17:12 - 2016-10-12 18:14 - 00000000 ____D C:\Users\Nuno\Documents\My Games
2016-12-14 17:12 - 2016-09-08 14:02 - 00000000 ____D C:\Users\Nuno\Documents\iMacros
2016-12-14 17:12 - 2016-07-24 18:58 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Steganos
2016-12-14 17:12 - 2016-07-14 14:13 - 00000000 ____D C:\Users\Nuno\Documents\Image-Line
2016-12-13 18:44 - 2016-06-02 21:34 - 00000000 ____D C:\Users\Nuno\AppData\Local\Steam
2016-12-03 01:30 - 2016-11-05 21:43 - 00000000 ____D C:\Users\Nuno\AppData\Local\Battle.net

==================== Files in the root of some directories =======

2016-06-24 17:19 - 2016-06-24 17:19 - 0000046 _____ () C:\Users\Nuno\AppData\Roaming\1119HOTK.dat
2016-06-07 18:38 - 2016-06-07 18:38 - 6867968 _____ () C:\Users\Nuno\AppData\Roaming\agent.dat
2016-06-07 18:36 - 2016-06-07 18:36 - 0128512 _____ () C:\Users\Nuno\AppData\Roaming\Installer.dat
2016-06-07 18:38 - 2016-06-07 18:38 - 0018432 _____ () C:\Users\Nuno\AppData\Roaming\Main.dat
2016-10-16 14:31 - 2016-10-16 14:45 - 0000280 _____ () C:\Users\Nuno\AppData\Roaming\OpenSceneryX Installer.plist
2016-10-08 11:01 - 2016-10-08 11:01 - 305520897 _____ () C:\Users\Nuno\AppData\Local\ACCCx3_8_0_310.zip.aamdownload
2016-10-08 11:01 - 2016-10-08 11:01 - 0003413 _____ () C:\Users\Nuno\AppData\Local\ACCCx3_8_0_310.zip.aamdownload.aamd
2016-08-14 00:31 - 2016-08-14 00:36 - 0000181 _____ () C:\Users\Nuno\AppData\Local\Lockdir6
2016-10-14 22:12 - 2016-10-14 22:12 - 0000218 _____ () C:\Users\Nuno\AppData\Local\recently-used.xbel
2016-09-09 12:58 - 2016-09-09 12:58 - 0007601 _____ () C:\Users\Nuno\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Nuno\AppData\Local\setup.txt
2016-12-18 18:45 - 2016-11-23 13:37 - 0000570 _____ () C:\Users\Nuno\AppData\Local\TroubleshooterConfig.json
2016-06-03 16:40 - 2016-06-03 16:40 - 0000003 _____ () C:\Users\Nuno\AppData\Local\updater.log
2016-06-03 16:40 - 2016-08-10 16:22 - 0000424 _____ () C:\Users\Nuno\AppData\Local\UserProducts.xml
2016-10-14 21:58 - 2016-11-25 22:42 - 0000037 _____ () C:\Users\Nuno\AppData\Local\X-Plane Installer.prf
2016-10-15 17:15 - 2016-12-25 17:14 - 0000073 _____ () C:\Users\Nuno\AppData\Local\X-Plane_drm.prf
2016-10-14 21:47 - 2016-10-14 21:47 - 0000035 _____ () C:\Users\Nuno\AppData\Local\x-plane_install_10.txt
2016-11-25 22:29 - 2016-11-25 22:29 - 0000035 _____ () C:\Users\Nuno\AppData\Local\x-plane_install_11.txt
2016-09-23 15:11 - 2016-09-23 15:11 - 0000000 _____ () C:\Users\Nuno\AppData\Local\{001377AC-B335-46A1-BC0B-FBAD7DBD2525}
2016-10-10 15:55 - 2016-10-10 15:55 - 0238612 _____ () C:\ProgramData\1476114849.bdinstall.bin
2016-10-14 21:56 - 2016-10-14 21:56 - 0028667 _____ () C:\ProgramData\agent.1476482195.bdinstall.bin
2016-11-30 14:37 - 2016-12-14 19:00 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-07-20 23:34 - 2016-07-20 23:34 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-15 21:04 - 2016-12-17 14:43 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 21:04 - 2016-12-17 14:34 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
C:\Users\Nuno\AppData\Local\Temp\131272622749346261.exe
C:\Users\Nuno\AppData\Local\Temp\13127262276868871772.exe
C:\Users\Nuno\AppData\Local\Temp\BluestacksUninstaller.exe
C:\Users\Nuno\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Nuno\AppData\Local\Temp\HD-LibraryHandler.dll
C:\Users\Nuno\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\Nuno\AppData\Local\Temp\proxy_vole5160625304774036293.dll
C:\Users\Nuno\AppData\Local\Temp\proxy_vole8687870130684433978.dll
C:\Users\Nuno\AppData\Local\Temp\proxy_vole8881665497816780025.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-25 20:15

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Nuno (02-01-2017 18:23:53)
Running from C:\Users\Nuno\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-06-02 20:31:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-764316183-3508713337-3659362344-500 - Administrator - Disabled)
Convidado (S-1-5-21-764316183-3508713337-3659362344-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-764316183-3508713337-3659362344-1004 - Limited - Enabled)
Nuno (S-1-5-21-764316183-3508713337-3659362344-1000 - Administrator - Enabled) => C:\Users\Nuno

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABZÛ (HKLM\...\Steam App 384190) (Version: - Giant Squid)
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Actualizações da NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\{58E533B1-9B29-432D-BB38-25B489C1D53B}) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Ansel (Version: 376.09 - NVIDIA Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Assistente de Atualização do Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
ASUS Update (HKLM-x32\...\{F178DD09-E45A-4C29-979A-1EEAEFC35A5F}) (Version: - )
AutoHotkey 1.1.24.00 (HKLM\...\AutoHotkey) (Version: 1.1.24.00 - Lexikos)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.0.2.26813 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{115347FE-037B-4F4D-86F2-057FEF294C7A}) (Version: 1.2.4.459 - Avira Operations GmbH & Co. KG)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blue Satin Skin (HKLM-x32\...\{FB7D6550-9260-42E6-83C8-BF3A7E54442F}) (Version: 2.2.1 - Screaming Bee)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.83.6332 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{D669DC52-B1A4-4933-878D-CB80F660D95D}) (Version: 55.0.2883.17 - Google Inc.)
Creatures of Darkness (HKLM-x32\...\{573F9269-A022-4C6F-97BD-CF1316A76369}) (Version: 3.3.1 - Screaming Bee)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
f.lux (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Flux) (Version: - )
Farm Animal Sounds (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Farm Animal Sounds for MorphVOX (HKLM-x32\...\{915a6d7b-d1dc-4350-ac2a-dc3420a893a8}) (Version: 4.4.41 - Screaming Bee Inc.)
Female Voices (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Female Voices for MorphVOX (HKLM-x32\...\{7deb85b1-333a-461a-9ae0-00b4b8a6e3e7}) (Version: 4.4.41 - Screaming Bee Inc.)
Galactic Voices (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Galactic Voices for MorphVOX (HKLM-x32\...\{2485772c-4503-4ec6-b02e-9238a08e748e}) (Version: 4.4.41 - Screaming Bee Inc.)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JetBrains PyCharm Community Edition 2016.2.3 (HKLM-x32\...\PyCharm Community Edition 2016.2.3) (Version: 162.1967.10 - JetBrains s.r.o.)
join.me (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\JoinMe) (Version: 3.0.0.4054 - LogMeIn, Inc.)
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - pt-pt (HKLM\...\ProPlusRetail - pt-pt) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{75B956F9-D72D-4929-B695-120D70E8AEE1}) (Version: 4.4.7 - Screaming Bee)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA Controlador 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Controlador gráfico 376.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA O controlador de 3D Vision 376.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.09 - NVIDIA Corporation)
NVIDIA O controlador de HD Audio 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA O software do sistema PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.7.4 - Steganos Software GmbH)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Opera Stable 42.0.2393.94 (HKLM-x32\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.1.1.35466 - Electronic Arts, Inc.)
Painel de controlo da NVIDIA 376.09 (Version: 376.09 - NVIDIA Corporation) Hidden
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.11.0 - )
pidgin-otr 4.0.2 (HKLM-x32\...\pidgin-otr) (Version: 4.0.2 - Cypherpunks CA)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25424 - Microsoft Corporation) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Special Effects Voices (HKLM-x32\...\{913C4C4F-9E3E-41A6-A614-1BDC1352A225}) (Version: 1.0.2 - Screaming Bee)
Spooky Sounds (HKLM-x32\...\{F71EBF86-9A73-44C0-A674-55FA3E4A8428}) (Version: 2.1.1 - Screaming Bee)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.5 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.5 - SteelSeries ApS)
Stremio (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Stremio) (Version: 3.6.1 - Smart Code Ltd.)
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TenClips (HKLM-x32\...\TenClips) (Version: 2.4 - Paludour)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Translator Fun Voices (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Translator Fun Voices for MorphVOX (HKLM-x32\...\{55b71d33-5b8a-4c30-9286-3a0570b4e712}) (Version: 4.4.41 - Screaming Bee Inc.)
TS Notifier (HKLM-x32\...\{A8C69D46-A92E-40FA-B393-0E3A417D8F2A}) (Version: 1.6.0000 - Andreas Gebert)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.19 - Tweaking.com)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.35.0 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
UserTesting (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\UserTestingPlugin) (Version: - UserTesting.com)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VMware Workstation (HKLM\...\{07C33FB0-25C8-4723-A1E4-01868089B961}) (Version: 12.5.2 - VMware, Inc.)
VS Update core components (x32 Version: 14.0.25424 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25424 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Workplace Backgrounds (HKLM-x32\...\{13304708-E115-4044-82DA-88A6F5424359}) (Version: 1.0.0 - Screaming Bee)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Nuno\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0657B88E-AE97-432C-AB60-08E7BF9DBF08} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {07455D4D-BA35-4F55-B390-D656EAB0AE4C} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {086168D9-E4D2-4FEB-985B-DC5E65C983B4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)
Task: {0DF7652A-1BEF-4239-8BD8-01E79B49A97C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {13A995B0-75B9-43AD-8E94-2AC1FB06DD2E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {1DA2E9F3-9C4B-4C65-938A-C1DB50ECEFC3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {281AFA46-2E17-49E3-B7FF-3D1ABF097796} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {2AA28036-E3B5-4B7D-8DC4-2776691F74EE} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {34CA9F8F-D17E-40FD-8490-2C1E2A5C94AC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {35458FBA-7304-4BCF-8DEA-8B0550FA44BC} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-08-14] (ASUSTeK Computer Inc.)
Task: {39391C59-FB7B-4217-8FDA-C753442E36B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation)
Task: {6FD8C4F5-DE11-44D9-8528-A85CE43EB5F9} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {78DCFE30-CE29-494C-AB66-E835DFC7B379} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation)
Task: {8B9C3069-B8EB-49F4-9BD0-9942C59CEB9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-02] (Google Inc.)
Task: {8BB3D9BA-4C6D-4B31-B253-997B01FD196B} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {91F6207D-C4CF-4ECA-AA99-1D3FFED3B14D} - System32\Tasks\update-S-1-5-21-764316183-3508713337-3659362344-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {A0AB67C3-CEE2-49F0-8651-B1B04CFFFE42} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {A3BBAE32-0552-4F72-B94E-2EDD546A909C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {B872784C-7662-444A-A8B4-A5BF8D43B7A0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {C59BF0B3-1B67-49A1-A897-AEDD12E86BDC} - System32\Tasks\Opera scheduled Autoupdate 1482601844 => C:\Program Files (x86)\Opera\launcher.exe [2016-12-19] (Opera Software)
Task: {C989712D-3263-48FF-9A80-959CF71C250B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {CC32822C-4F45-4421-AF8F-994C76466A04} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {DC5E424D-8353-40E5-9636-6A2BD77FC531} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-02] (Google Inc.)
Task: {E1F5A65F-0326-4425-AC7F-1A9F869A12B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {E3155634-7848-4635-8B06-A5CDE9FFEDC2} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe [2012-07-12] (ASUSTeK Computer Inc.)
Task: {F9E7B3D0-E67F-49FA-809E-6BB4C6FB3D3B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\update-S-1-5-21-764316183-3508713337-3659362344-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Nuno\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86"
ShortcutWithArgument: C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Nuno\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64"
ShortcutWithArgument: C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Nuno\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64"
ShortcutWithArgument: C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicações do Chrome\Ambiente de Trabalho Remoto do Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicações do Chrome\Google Keep – notas e listas.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Nuno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1ec0f72738fb119e\iMacros for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cplklnmnlbnpmjogncfgfijoopmnlemp

==================== Loaded Modules (Whitelisted) ==============

2015-06-11 06:52 - 2015-06-11 06:52 - 00022528 _____ () C:\Windows\System32\sst8clm.dll
2016-06-03 16:22 - 2016-06-03 16:22 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2016-07-28 22:50 - 2016-01-19 17:45 - 01314848 _____ () C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
2016-09-10 10:50 - 2016-11-17 13:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-10 10:50 - 2016-11-17 13:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-10 10:51 - 2016-11-17 13:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-06-02 21:26 - 2016-11-24 19:39 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-03 16:29 - 2012-05-03 09:40 - 00258048 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\S5WOW_App\x64\S5wow_2005.exe
2016-12-27 00:51 - 2016-11-23 13:33 - 01011200 _____ () C:\Program Files (x86)\Bluestacks\HD-Adb.exe
2016-12-29 23:46 - 2016-04-09 16:44 - 00884992 _____ () C:\Program Files (x86)\GhostMouse\GhostMouse.exe
2016-06-03 16:22 - 2017-01-02 15:08 - 00030208 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2016-06-03 16:22 - 2010-06-29 09:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2016-06-02 20:44 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-06-04 12:21 - 2016-06-04 12:21 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c0cf9576d4edde5de5e39aab1fe5562b\IsdiInterop.ni.dll
2016-06-02 20:51 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2016-09-10 10:50 - 2016-11-17 13:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-10 10:50 - 2016-11-17 13:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-10 10:50 - 2016-11-17 13:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-06-03 16:27 - 2012-05-17 17:57 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2016-09-10 10:50 - 2016-12-12 14:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-10 10:50 - 2016-12-12 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-10 10:50 - 2016-12-12 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-10 10:50 - 2016-12-12 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-10 10:50 - 2016-12-12 14:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-10 10:50 - 2016-12-12 14:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-10 10:50 - 2016-12-12 14:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-06-03 16:27 - 2012-07-05 11:05 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2016-06-02 20:49 - 2011-07-12 18:14 - 00147456 ____N () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2016-06-02 20:49 - 2010-10-05 07:22 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2016-06-03 16:24 - 2011-09-26 18:36 - 00869376 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2016-06-02 20:49 - 2012-03-21 11:07 - 00972288 ____N () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2016-06-03 16:24 - 2013-05-08 15:22 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2016-06-03 16:25 - 2012-06-19 11:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2016-06-03 16:25 - 2012-08-14 10:14 - 01123840 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2016-06-03 16:26 - 2012-07-20 08:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2016-06-02 20:49 - 2012-05-25 09:33 - 00883712 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2016-06-02 20:49 - 2012-05-28 20:27 - 01622528 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2016-06-02 20:49 - 2011-09-19 19:18 - 01243136 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2016-06-02 20:49 - 2011-07-21 08:06 - 00846848 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2016-06-02 20:49 - 2011-10-14 19:03 - 00885248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2016-06-03 16:29 - 2012-07-10 16:55 - 01625600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\WiFiGO.dll
2016-06-02 20:49 - 2010-08-23 02:17 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2016-06-02 20:49 - 2010-10-05 07:22 - 00208896 ____N () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2016-06-03 16:28 - 2012-01-19 08:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
2016-06-03 16:28 - 2012-07-17 15:55 - 00062464 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi Engine\IsSupported.dll
2016-06-03 16:28 - 2010-09-23 10:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll
2016-06-03 16:28 - 2010-02-25 13:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\Aszip.dll
2016-06-02 20:49 - 2009-08-12 19:15 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2016-06-03 16:29 - 2012-02-06 20:08 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\pngio.dll
2016-12-14 19:19 - 2016-12-08 07:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 19:19 - 2016-12-08 07:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-06-02 21:33 - 2016-12-08 15:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-06-02 21:33 - 2016-09-01 01:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-06-02 21:33 - 2016-09-01 01:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-06-02 21:33 - 2016-09-01 01:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-06-02 21:33 - 2016-12-20 02:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2016-06-02 21:33 - 2016-01-27 07:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-06-02 21:33 - 2016-01-27 07:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-06-02 21:33 - 2016-01-27 07:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-06-02 21:33 - 2016-01-27 07:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-06-02 21:33 - 2016-01-27 07:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-06-02 21:33 - 2016-12-20 02:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-06-02 21:33 - 2016-07-04 22:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-14 17:18 - 2016-12-05 16:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-06-02 21:33 - 2016-12-20 02:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-06-02 21:33 - 2015-09-24 23:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-12-24 17:50 - 2016-12-19 07:20 - 68763736 _____ () C:\Program Files (x86)\Opera\42.0.2393.94\opera.dll
2016-12-24 17:50 - 2016-12-19 07:20 - 01893976 _____ () C:\Program Files (x86)\Opera\42.0.2393.94\libglesv2.dll
2016-12-24 17:50 - 2016-12-19 07:20 - 00086616 _____ () C:\Program Files (x86)\Opera\42.0.2393.94\libegl.dll
2016-12-14 18:06 - 2016-12-14 18:06 - 17833560 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_24_0_0_186.dll
2016-12-27 00:51 - 2016-12-13 17:17 - 03243616 _____ () C:\Program Files (x86)\Bluestacks\libGLESv2.dll
2016-12-27 00:51 - 2016-12-13 17:17 - 00140896 _____ () C:\Program Files (x86)\Bluestacks\libEGL.dll
2016-12-27 00:51 - 2016-11-23 13:34 - 03378688 _____ () C:\ProgramData\Bluestacks\BluestacksGameManager\xulrunner-sdk\mozjs.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2016-10-10 15:35 - 00002134 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 teamspeak.com
127.0.0.1 accounting.teamspeak.com
127.0.0.1 backupaccounting.teamspeak.com
127.0.0.1 blacklist.teamspeak.com
127.0.0.1 ipcheck.teamspeak.com
127.0.0.1 ocsp.digicert.com
127.0.0.1 hardy.teamspeak.4players.de
127.0.0.1 teamspeak.com
127.0.0.1 accounting.teamspeak.com
127.0.0.1 backupaccounting.teamspeak.com
127.0.0.1 blacklist.teamspeak.com
127.0.0.1 ipcheck.teamspeak.com
127.0.0.1 ocsp.digicert.com
127.0.0.1 hardy.teamspeak.4players.de
127.0.0.1 teamspeak.com
127.0.0.1 accounting.teamspeak.com
127.0.0.1 backupaccounting.teamspeak.com
127.0.0.1 blacklist.teamspeak.com
127.0.0.1 ipcheck.teamspeak.com
127.0.0.1 ocsp.digicert.com
127.0.0.1 hardy.teamspeak.4players.de

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\@2\Control Panel\Desktop\\Wallpaper -> C:\Users\nun\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AviraPhantomVPN => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdPlusAndroidSvc => 3
MSCONFIG\Services: OkayFreedom VPN Starter Service => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^Users^Nuno^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasherPro.lnk => C:\Windows\pss\MailWasherPro.lnk.Startup
MSCONFIG\startupreg: BitTorrent => "C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: Clownfish =>
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: gflauncher => "C:\Program Files (x86)\Crytek\GFACE Launcher\live\gflauncher.exe" --autostart
MSCONFIG\startupreg: GUSDelayStartup => "C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe" -delayrun
MSCONFIG\startupreg: MinerGateGui => C:\Program Files\MinerGate\minergate.exe --auto
MSCONFIG\startupreg: Spotify => "C:\Users\Nuno\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Nuno\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: ZoneAlarm Installer => "C:\Users\Nuno\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\Launcher.exe" "C:\Users\Nuno\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\Install.exe" /r download /c "Install.xml" /w

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{53ADF61C-0D1B-4A9F-9DF2-D2D8B12CB7FD}] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{9FE00DC6-BB04-45A4-9D71-15EEF0BA1A90}] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{85C55E96-0C81-4099-9C45-09E11682A5D9}] => LPort=2869
FirewallRules: [{D12B3E09-5A90-4509-A6C9-5C9B9CF1D4AB}] => LPort=1900
FirewallRules: [{D4461E8A-7667-42CD-93B7-9D7DDC750040}] => C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{4A9C9226-4CC8-46E1-B369-0EE7EECC4FD7}] => C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{DDE1B3BF-12B6-4FEC-9809-76B3A48BAA11}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7E40D509-3BF0-4A7A-8DF8-2CE97CFD8BC3}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{87A310EC-0D2D-445B-927D-0856BEA01623}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{060F0286-4EC7-4599-AFE6-31F40A36EE11}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{13BBAB45-80D9-4929-B297-54D5F7D17786}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B4526FDB-67F8-4A65-8CCA-B8804920117C}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A9C13FAB-3D4C-4207-AB21-9CF7BCB3E97C}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{92FBEEE7-BAF5-4D2C-8520-5C050CA1E5F9}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{890296AB-D83C-4B68-B989-3B72266E9337}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{759441D4-D5D9-4492-A2F8-FCEC7838630B}] => C:\Users\Nuno\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{AEA946D2-E31B-4FF4-A3B2-2CD354E28EA3}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8829A5DC-DCA9-42B6-ADA8-5960FB9FF910}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A32A5B97-F331-4FB4-91D6-641889E70E86}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8E3AB507-DA13-46FC-A37C-95F868E4024A}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CF994066-806D-4F66-8C09-634525925773}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{AA9687A7-4BC3-46BA-A225-0C7D742C7403}C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe] => C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [UDP Query User{A2675841-DC3B-45A3-A3A5-5BA84D93EC80}C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe] => C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [TCP Query User{91B8105D-6D1D-4BD5-8741-FBB079F50A1F}C:\users\nuno\appdata\local\akamai\netsession_win.exe] => C:\users\nuno\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{428E22B2-7CFE-4A18-A823-4D9D3405A1A0}C:\users\nuno\appdata\local\akamai\netsession_win.exe] => C:\users\nuno\appdata\local\akamai\netsession_win.exe
FirewallRules: [{D0406810-6C69-4E2F-B6F5-45C97AD549EC}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{BB8934CD-F62B-4C0D-9C1C-5356969323CB}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{61B43E8A-0F56-4EDD-82FC-1B02AEE94DA4}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{52D536E8-1742-4902-A92D-2717B345A79B}C:\users\nuno\appdata\local\akamai\netsession_win.exe] => C:\users\nuno\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5BCD6838-E083-4B75-847C-EC6580AF4939}C:\users\nuno\appdata\local\akamai\netsession_win.exe] => C:\users\nuno\appdata\local\akamai\netsession_win.exe
FirewallRules: [{7774EE56-BE6E-4921-B5C0-1CC9BB117A0B}] => LPort=2869
FirewallRules: [{4F18E700-6E29-4A2E-B2FF-DADDC9D020FA}] => LPort=1900
FirewallRules: [{09EA3C8D-8A76-4972-8590-98D17D7849D6}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{0371BAA9-D588-4BE3-B7AF-8FB78C51FF69}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{218164AF-1DF5-4122-995E-0D20B0C88BBE}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0A34E71F-B82B-46FC-83F8-42ECAF52D8C4}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8AEBEBAD-D43C-48FE-8621-4DBBE24F7D3B}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CB56B322-0AA2-4120-A8FC-6B3C6896E63E}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0115372D-D9C2-4F89-9FD1-F02D83127C1B}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2561B23D-FBB7-437D-A300-644530082159}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B63D7546-7C75-4720-B0FE-8B7C5E9F1803}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{21C4B4C6-AC1B-4B48-B216-8F644A1090D8}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{7520D9BC-0FBF-4482-8F7E-9064E95ABC53}C:\users\nuno\desktop\x-plane 10\x-plane.exe] => C:\users\nuno\desktop\x-plane 10\x-plane.exe
FirewallRules: [UDP Query User{BB0730C1-0692-4C1D-BF94-C0F93BFD611E}C:\users\nuno\desktop\x-plane 10\x-plane.exe] => C:\users\nuno\desktop\x-plane 10\x-plane.exe
FirewallRules: [TCP Query User{B002C5C0-E7CB-44E7-A414-0BDF67112DAB}C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe] => C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe
FirewallRules: [UDP Query User{21A90480-24E9-4ED3-8202-82806AD6A06A}C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe] => C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe
FirewallRules: [TCP Query User{5C138F75-909E-40B4-ACC4-40573B574349}C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe] => C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [UDP Query User{1C826139-4F82-4D56-A957-76A86303044D}C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe] => C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [{9D140959-BCBD-4310-B19B-8A6FBCB46B95}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{3112D7EF-D852-4972-AD2A-C1AEFD141409}] => C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
FirewallRules: [{19B57AF1-6685-43FA-8401-40F215604599}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CF7DDE8F-675A-4A80-8C7B-C646DDC2C8C4}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E3F429E2-7075-4F90-8B29-52D98ACAD7CC}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0401F550-6F77-46AE-9968-660390A2824C}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B635536F-4C17-416A-833B-116D99EDE971}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{4C1016F3-7971-4AA5-B25E-755C0E8F4FA4}C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe] => C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe
FirewallRules: [UDP Query User{EC14E370-0CEF-4239-A097-E8233454A375}C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe] => C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe
FirewallRules: [{6237A481-4B22-45FD-9661-64B0A7FFB835}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB2DD851-83A7-4B2F-8608-968D4FCA1E5F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9B90E67-FC93-40C1-A2A6-223C44AC2DF1}] => C:\Program Files (x86)\Steam\steamapps\common\ABZU\AbzuGame.exe
FirewallRules: [{BB051A05-41A4-4CEB-8ED4-D2A788E6564D}] => C:\Program Files (x86)\Steam\steamapps\common\ABZU\AbzuGame.exe
FirewallRules: [TCP Query User{61C7BE05-EF8A-43E5-AFDF-9CF653D432E0}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe
FirewallRules: [UDP Query User{9C78B75E-5068-4E74-891A-98284C20BAE5}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe
FirewallRules: [{7EB1C073-4644-43D6-B363-FBE066AE972F}] => C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{FCA23D76-1F7E-446C-92C3-53A1E7543DDC}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1998B4E0-3D69-4CCE-84D1-C98B9B20D805}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3BAF60BD-289D-4FC0-9321-550ACC8AB6D4}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0F2DD840-845E-4932-91DE-B539003ABB61}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C8BF310E-E7EF-4EB1-B8F0-EB71DBABF6FC}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EC71FB00-D7E7-4EFE-A150-9B6E9AAFCCC8}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{BE70B601-7682-4E92-B622-8823DBE3C076}C:\program files (x86)\tenclips\tenclips.exe] => C:\program files (x86)\tenclips\tenclips.exe
FirewallRules: [UDP Query User{B140EA35-1529-4DD6-9916-2ACB9B81F81E}C:\program files (x86)\tenclips\tenclips.exe] => C:\program files (x86)\tenclips\tenclips.exe
FirewallRules: [{D10876A6-9C14-43F4-8EAF-5BA25196CA57}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{8D425ED5-7D82-40CB-9875-86BADC0273AE}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{43AC5113-1118-4BFC-889F-C7CF43B28006}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{58DE2780-1E83-41CD-9664-B88F69B4A5C1}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{E96E7B0A-ED85-49BE-91A1-95FCCB5D621E}C:\program files (x86)\tenclips\tenclips.exe] => C:\program files (x86)\tenclips\tenclips.exe
FirewallRules: [UDP Query User{37E0F1B9-A06A-4967-A096-C0E40B48577F}C:\program files (x86)\tenclips\tenclips.exe] => C:\program files (x86)\tenclips\tenclips.exe
FirewallRules: [{6CD6F5C9-3920-4927-BD36-4AAC684984CF}] => LPort=49298
FirewallRules: [{001706F3-A1A7-47CD-9B86-51B8970073D0}] => LPort=5000
FirewallRules: [{E0A62EB1-A281-4E4C-BB6C-47522CD319B9}] => LPort=49585
FirewallRules: [{40173127-69E7-44AF-85CD-BDCF5C224796}] => LPort=5000

==================== Restore Points =========================

29-12-2016 14:52:07 Installed VMware Workstation
29-12-2016 17:56:06 Installed League of Legends
29-12-2016 17:56:58 Installed DirectX
02-01-2017 18:19:50 ComboFix created restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2017 03:09:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/02/2017 01:18:06 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Falha ao encerrar o serviço. Erro ocorrido: System.InvalidOperationException: UpdatePendingStatus só pode ser chamado durante o processamento de comandos Início, Parar, Colocar em Pausa e Continuar.
em System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
em BlueStacks.hyperDroid.Service.Service.OnStop()
em BlueStacks.hyperDroid.Service.Service.OnShutdown()
em System.ServiceProcess.ServiceBase.DeferredShutdown().

Error: (01/01/2017 01:25:55 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Não é possível iniciar o serviço. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
em BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/01/2017 01:25:55 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Não é possível iniciar o serviço. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
em BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/01/2017 01:20:27 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Não é possível iniciar o serviço. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
em BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
em System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/01/2017 01:18:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2017 01:18:21 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Não foi possível abrir o objecto de desempenho do serviço de servidor. Os primeiros quatro bytes (DWORD) na secção de dados contém o código de estado.

Error: (12/31/2016 12:47:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa taskmgr.exe versão 6.1.7601.17514 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo do Centro de Acção.

ID do Processo: 1dfc

Hora de Início: 01d26363f7c4e339

Hora de Fim: 4

Caminho da Aplicação: C:\Windows\system32\taskmgr.exe

ID do Relatório: 49991690-cf57-11e6-ba55-005056c00005

Error: (12/31/2016 12:46:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/31/2016 12:45:50 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Não foi possível abrir o objecto de desempenho do serviço de servidor. Os primeiros quatro bytes (DWORD) na secção de dados contém o código de estado.


System errors:
=============
Error: (01/02/2017 03:09:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falhou o carregamento dos seguintes controladores de início de arranque ou de início do sistema:
cdrom

Error: (01/02/2017 03:09:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço NVIDIA NetworkService Container terminou inesperadamente. Isto aconteceu 1 vez(es).

Error: (01/02/2017 03:09:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Origin Web Helper Service falhou o arranque devido ao seguinte erro:
O serviço não respondeu ao pedido de início ou controlo atempadamente.

Error: (01/02/2017 03:09:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço Origin Web Helper Service.

Error: (01/02/2017 03:08:32 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: O serviço Adaptador de Serviço de Escuta Net.Tcp depende do seguinte serviço: was. Este serviço poderá não estar instalado.

Error: (01/02/2017 03:08:32 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: O serviço Adaptador de Serviço de Escuta Net.Pipe depende do seguinte serviço: was. Este serviço poderá não estar instalado.

Error: (01/02/2017 03:08:32 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: O serviço Adaptador de Serviço de Escuta Net.Msmq depende do seguinte serviço: msmq. Este serviço poderá não estar instalado.

Error: (01/01/2017 01:25:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o seguinte erro:
Ocorreu uma excepção no serviço ao processar o pedido de controlo.

Error: (01/01/2017 01:25:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o seguinte erro:
Ocorreu uma excepção no serviço ao processar o pedido de controlo.

Error: (01/01/2017 01:20:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço BlueStacks Android Service terminou com o seguinte erro:
Ocorreu uma excepção no serviço ao processar o pedido de controlo.


CodeIntegrity:
===================================
Date: 2017-01-02 15:21:07.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-02 15:09:00.481
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-01 14:27:06.797
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-01 13:20:45.500
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-31 12:46:42.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-30 12:49:52.653
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-30 00:29:28.294
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-30 00:04:19.102
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-29 18:15:46.444
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-29 17:23:27.330
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 77%
Total physical RAM: 8147.22 MB
Available physical RAM: 1851.4 MB
Total Virtual: 16292.63 MB
Available Virtual: 6751.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:640.43 GB) (Free:369.38 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Segundo Disco para Backups) (Fixed) (Total:290.1 GB) (Free:254.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CBDCC86C)
Partition 1: (Active) - (Size=640.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
Partition 4: (Not Active) - (Size=290.1 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 09 January 2017 - 11:17 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 AM

Posted 07 January 2017 - 01:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/636289 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rnunojoao

rnunojoao
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 07 January 2017 - 09:46 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-01-2017
Ran by Nuno (administrator) on NUNO-PC (08-01-2017 02:42:34)
Running from C:\Users\Nuno\Downloads
Loaded Profiles: Nuno (Available Profiles: Nuno)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
() C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
() C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\S5WOW_App\x64\S5wow_2005.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Akamai Technologies, Inc.) C:\Users\Nuno\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe
(Akamai Technologies, Inc.) C:\Users\Nuno\AppData\Local\Akamai\netsession_win.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\Bluestacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\Bluestacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\Bluestacks\HD-SharedFolder.exe
(Sysinternals - www.sysinternals.com) C:\Users\Nuno\Desktop\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Nuno\AppData\Local\Temp\procexp64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {286bacfd-b704-11e6-9a5a-94dbc94b6e11} - I:\Setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {9da49250-92c4-11e6-bfdc-94dbc94b6e11} - L:\setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {9da4927d-92c4-11e6-bfdc-94dbc94b6e11} - M:\setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {a75724b6-a9c6-11e6-a584-10bf487beda3} - H:\Installer_Windows.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {e0dcb966-a9a6-11e6-a584-10bf487beda3} - F:\Installer_Windows.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-01-07]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.228.128.156 213.228.128.6
Tcpip\..\Interfaces\{2B3DF632-36D0-4847-A9AD-1993C21E005A}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{5B3C4849-30F2-428B-9151-582C6434B837}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5B3C4849-30F2-428B-9151-582C6434B837}: [DhcpNameServer] 213.228.128.156 213.228.128.6
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-12-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: ipj6y4gl.default
FF ProfilePath: C:\Users\Nuno\AppData\Roaming\Mozilla\Firefox\Profiles\ipj6y4gl.default [2017-01-08]
FF Extension: (No Name) - C:\Users\Nuno\AppData\Roaming\Mozilla\Firefox\Profiles\ipj6y4gl.default\Extensions\abs@avira.com [2016-11-29]
FF Extension: (iMacros for Firefox) - C:\Users\Nuno\AppData\Roaming\Mozilla\Firefox\Profiles\ipj6y4gl.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2016-09-08]
FF Extension: (OkayFreedom) - C:\Users\Nuno\AppData\Roaming\Mozilla\Firefox\Profiles\ipj6y4gl.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2016-06-29]
FF Extension: (DownThemAll!) - C:\Users\Nuno\AppData\Roaming\Mozilla\Firefox\Profiles\ipj6y4gl.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-12-26]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-764316183-3508713337-3659362344-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-934c86ec4aa148f0\\NPRobloxProxy.dll [No File]
FF Plugin HKU\S-1-5-21-764316183-3508713337-3659362344-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-934c86ec4aa148f0\\NPRobloxProxy64.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.pt/
CHR StartupUrls: Default -> "hxxp://www.google.pt/","hxxp://www.yoursearching.com/?type=hp&ts=1450007295&z=46ca6cc8c65b5b7f968099cgaz2w6efe3eamaobtbq&from=face&uid=WDCXWD10EZEX-00RKKA0_WD-WMC1S082375423754"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default [2017-01-08]
CHR Extension: (Apresentações Google) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-02]
CHR Extension: (Duolingo na Web) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-11-02]
CHR Extension: (BetterTTV) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-03]
CHR Extension: (Google Docs) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-02]
CHR Extension: (Google Drive) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-02]
CHR Extension: (YouTube) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-02]
CHR Extension: (uBlock Origin) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-19]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2016-08-23]
CHR Extension: (vidIQ for Chrome) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppnjmdljhemhdachecffocboniemifa [2016-11-12]
CHR Extension: (Google Folhas de Cálculo) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-02]
CHR Extension: (Ambiente de Trabalho Remoto do Chrome) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-13]
CHR Extension: (Documentos do Google offline) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-07]
CHR Extension: (Google Keep – notas e listas) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-12-21]
CHR Extension: (Grammarly for Chrome) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-12-20]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-02]
CHR Extension: (Click&Clean App) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-12-26]
CHR Extension: (Gmail) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2016-06-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2016-06-03] (ASUSTeK Computer Inc.) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
S4 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [263704 2016-11-16] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [25232 2016-12-09] (Avira Operations GmbH & Co. KG)
R2 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
R3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe [76392 2016-10-16] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-10-06] (Windows ® Win 7 DDK provider)
R2 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S2 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [387856 2016-11-27] (EasyAntiCheat Ltd)
R2 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S2 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-24] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [353792 2016-11-09] (Steganos Software GmbH)
S2 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-05] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-05] (Electronic Arts)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [35416 2016-12-13] (Avira Operations GmbH & Co. KG)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R2 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-17] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-12-06] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35864 2016-12-06] (Avira Operations GmbH & Co. KG)
R3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-08-30] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-08-30] (Disc Soft Ltd)
S3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [30264 2016-10-15] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2016-11-29] ()
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-17] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-17] (Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2016-03-09] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [52960 2016-10-05] (SteelSeries ApS)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-07-18] (Anchorfree Inc.)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2012-01-08] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2012-01-08] (Microsoft Corporation) [File not signed]
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2016-12-26] (BigNox Corporation)
R4 vmkbd3; C:\Windows\System32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.)
U0 aswVmm; no ImagePath
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-08 02:42 - 2017-01-08 02:43 - 00031376 _____ C:\Users\Nuno\Downloads\FRST.txt
2017-01-08 02:42 - 2017-01-08 02:42 - 02418688 _____ (Farbar) C:\Users\Nuno\Downloads\FRST64.exe
2017-01-08 01:37 - 2017-01-08 01:37 - 00000000 ____D C:\Users\Nuno\tmp136161
2017-01-08 01:37 - 2017-01-08 01:37 - 00000000 ____D C:\Users\Nuno\tmp126736
2017-01-08 00:46 - 2017-01-08 00:46 - 06406456 _____ C:\Users\Nuno\Desktop\The_Art_of_Human_Hacking.pdf
2017-01-07 17:56 - 2017-01-07 17:56 - 00003792 ____N C:\bootsqm.dat
2017-01-07 02:54 - 2017-01-07 02:54 - 00000000 ____D C:\Users\Nuno\xinorbis
2017-01-07 02:53 - 2017-01-07 02:53 - 06664871 _____ C:\Users\Nuno\Downloads\XinorbisInstall.exe
2017-01-07 02:53 - 2017-01-07 02:53 - 00001151 _____ C:\Users\Nuno\Desktop\Xinorbis6.lnk
2017-01-07 02:53 - 2017-01-07 02:53 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xinorbis6
2017-01-07 02:53 - 2017-01-07 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xinorbis6
2017-01-07 02:53 - 2017-01-07 02:53 - 00000000 ____D C:\Program Files (x86)\freshney.org
2017-01-07 02:24 - 2017-01-07 02:50 - 00000000 ____D C:\Program Files (x86)\Belarc
2017-01-07 02:16 - 2017-01-07 02:16 - 04952208 _____ C:\Users\Nuno\Downloads\advisorinstaller.exe
2017-01-07 02:13 - 2017-01-07 02:13 - 00000000 ____D C:\Users\Nuno\Desktop\Tia
2017-01-07 01:49 - 2017-01-07 01:49 - 00000222 _____ C:\Users\Nuno\Desktop\H1Z1 King of the Kill.url
2017-01-07 01:26 - 2017-01-07 01:26 - 04121824 _____ (Husdawg, LLC) C:\Users\Nuno\Downloads\Detection.exe
2017-01-06 23:33 - 2017-01-06 23:51 - 00002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-01-06 23:33 - 2017-01-06 23:49 - 00001901 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2017-01-06 23:33 - 2017-01-06 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-01-06 23:33 - 2017-01-06 23:33 - 00000000 ____D C:\Program Files (x86)\WinPcap
2017-01-06 23:31 - 2017-01-06 23:34 - 00000000 ____D C:\Program Files\Wireshark
2017-01-06 23:31 - 2017-01-06 23:31 - 00603640 _____ (Visicom Media inc.) C:\Users\Nuno\Downloads\ManyCamWebInstaller.exe
2017-01-06 23:30 - 2017-01-06 23:31 - 49358520 _____ (Wireshark development team) C:\Users\Nuno\Downloads\Wireshark-win64-2.2.3.exe
2017-01-06 18:08 - 2017-01-06 18:09 - 03506689 _____ C:\Users\Nuno\Downloads\gramblr2_win64.zip
2017-01-05 22:04 - 2017-01-05 22:04 - 00000000 ____D C:\Users\Nuno\AppData\LocalLow\Pinkapp
2017-01-05 00:06 - 2017-01-05 00:06 - 00001197 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
2017-01-05 00:06 - 2017-01-05 00:06 - 00000000 ____D C:\Users\Nuno\Downloads\PopcornTime
2017-01-05 00:06 - 2017-01-05 00:06 - 00000000 ____D C:\Users\Nuno\AppData\Local\PopcornTime
2017-01-05 00:06 - 2017-01-05 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2017-01-05 00:05 - 2017-01-05 00:06 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2017-01-05 00:05 - 2017-01-05 00:05 - 56002117 _____ (Popcorn Time ) C:\Users\Nuno\Downloads\PopcornTime-latest.exe
2017-01-04 19:15 - 2017-01-04 19:16 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\RealVNC
2017-01-04 19:15 - 2017-01-04 19:15 - 08417360 _____ (RealVNC Ltd) C:\Users\Nuno\Downloads\VNC-Viewer-6.0.1-Windows-64bit.exe
2017-01-04 19:13 - 2017-01-04 19:14 - 00000000 ____D C:\ProgramData\RealVNC-Service
2017-01-04 19:12 - 2017-01-04 19:50 - 00000000 ____D C:\Users\Nuno\AppData\Local\RealVNC
2017-01-04 19:12 - 2017-01-04 19:12 - 18972264 _____ (RealVNC Ltd ) C:\Users\Nuno\Downloads\VNC-6.0.1-Windows.exe
2017-01-02 20:19 - 2017-01-02 20:19 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-02 18:23 - 2017-01-02 18:25 - 00104096 _____ C:\Users\Nuno\Desktop\FRST.txt
2017-01-02 18:23 - 2017-01-02 18:25 - 00069397 _____ C:\Users\Nuno\Desktop\Addition.txt
2017-01-02 18:22 - 2017-01-08 02:42 - 00000000 ____D C:\FRST
2017-01-02 18:19 - 2017-01-02 18:19 - 00000000 ___SD C:\ComboFix
2017-01-02 18:19 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2017-01-02 18:19 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2017-01-02 18:19 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-01-02 18:19 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-01-02 18:19 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-01-02 18:19 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2017-01-02 18:19 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2017-01-02 18:19 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2017-01-02 18:18 - 2017-01-02 18:19 - 00000000 ____D C:\Qoobox
2017-01-02 18:18 - 2017-01-02 18:18 - 00000000 ____D C:\Windows\erdnt
2017-01-02 18:15 - 2017-01-02 18:15 - 05659917 ____R (Swearware) C:\Users\Nuno\Downloads\ComboFix.exe
2017-01-02 17:01 - 2017-01-02 17:01 - 12725681 _____ C:\Users\Nuno\Downloads\kik-messenger-7-2-2-99-en-android.apk
2017-01-01 17:51 - 2015-12-17 17:15 - 00873097 _____ C:\Users\Nuno\Desktop\Ultimate Minecraft Domination www.ebookleaks.org.pdf
2017-01-01 17:50 - 2017-01-01 17:50 - 01863851 _____ C:\Users\Nuno\Downloads\Ultimate Minecraft Domination www.ebookleaks.org.rar
2016-12-31 02:52 - 2016-12-31 02:52 - 00000000 ____D C:\Users\Nuno\Downloads\ATB_4379 www.adorable-teens.net
2016-12-31 02:52 - 2015-03-13 14:58 - 00000125 _____ C:\Users\Nuno\Downloads\Adorable-Teens.url
2016-12-31 02:52 - 2015-03-12 08:44 - 00099119 _____ C:\Users\Nuno\Downloads\Adorable-Teens.net .png
2016-12-31 02:20 - 2016-12-31 02:52 - 97582499 _____ C:\Users\Nuno\Downloads\ATB_4379 www.adorable-teens.net.rar
2016-12-30 21:34 - 2017-01-08 01:47 - 00000000 ____D C:\Users\Nuno\Desktop\ATB_4646 www.adorable-teens.net
2016-12-30 20:26 - 2016-12-30 21:38 - 00000000 ____D C:\Users\Nuno\Downloads\ATB 4646 www adorable-teens
2016-12-30 13:22 - 2016-12-30 13:22 - 00320817 _____ C:\Users\Nuno\Downloads\MYVID_20161229_190622 (2).mp4
2016-12-30 13:22 - 2016-12-30 13:22 - 00320817 _____ C:\Users\Nuno\Downloads\MYVID_20161229_190622 (1).mp4
2016-12-30 03:07 - 2016-12-30 03:07 - 00320817 _____ C:\Users\Nuno\Downloads\MYVID_20161229_190622.mp4
2016-12-30 03:05 - 2016-12-30 03:05 - 00364644 _____ C:\Users\Nuno\Downloads\MYVID_20161229_185233 (2).mp4
2016-12-30 02:58 - 2016-12-30 02:58 - 00364644 _____ C:\Users\Nuno\Downloads\MYVID_20161229_185233.mp4
2016-12-30 02:58 - 2016-12-30 02:58 - 00364644 _____ C:\Users\Nuno\Downloads\MYVID_20161229_185233 (1).mp4
2016-12-29 23:46 - 2016-12-29 23:46 - 00841720 _____ (ghost-mouse.com ) C:\Users\Nuno\Downloads\GhostMouse-Setup.exe
2016-12-29 23:46 - 2016-12-29 23:46 - 00001063 _____ C:\Users\Public\Desktop\GhostMouse Free.lnk
2016-12-29 23:46 - 2016-12-29 23:46 - 00000000 ____D C:\Users\Nuno\Documents\AutomaticSolution Software
2016-12-29 23:46 - 2016-12-29 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GhostMouse
2016-12-29 23:46 - 2016-12-29 23:46 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2016-12-29 19:11 - 2016-12-29 19:11 - 00113381 _____ C:\Users\Nuno\Downloads\15417050_1044263149052318_763601284_n.jpg
2016-12-29 19:09 - 2016-12-29 19:09 - 00285002 _____ C:\Users\Nuno\Downloads\15369710_1044267895718510_108150844_o.jpg
2016-12-29 17:57 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-12-29 17:57 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-12-29 17:57 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-12-29 17:57 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-12-29 17:57 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-12-29 17:56 - 2016-12-29 17:56 - 00001613 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-12-29 17:56 - 2016-12-29 17:56 - 00000000 ____D C:\Riot Games
2016-12-29 17:56 - 2016-12-29 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-12-29 17:54 - 2016-12-29 17:54 - 31876824 _____ (Riot Games) C:\Users\Nuno\Downloads\LeagueofLegends_EUW_Installer_2016_11_10.exe
2016-12-29 16:53 - 2016-12-29 17:05 - 85420032 _____ C:\Users\Nuno\Downloads\Win10_1607_English_x64.iso
2016-12-29 16:20 - 2016-12-29 16:21 - 00000000 ____D C:\Users\Nuno\Downloads\kali-linux-2016.2-i386
2016-12-29 15:15 - 2016-12-29 15:15 - 00496896 _____ C:\Users\Nuno\Downloads\flux-setup.exe
2016-12-29 14:54 - 2016-11-11 23:16 - 00088128 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2016-12-29 14:54 - 2016-11-11 23:16 - 00052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
2016-12-29 14:53 - 2016-12-29 14:53 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2016-12-29 14:53 - 2016-09-06 18:48 - 00083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2016-12-29 14:50 - 2016-12-29 14:51 - 318436392 _____ (VMware, Inc.) C:\Users\Nuno\Downloads\VMware-workstation-full-12.5.2-4638234.exe
2016-12-29 14:42 - 2016-12-29 14:42 - 00237752 _____ C:\Users\Nuno\Downloads\kali-linux-2016.2-i386.torrent
2016-12-28 22:05 - 2016-12-28 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2016-12-27 00:52 - 2016-12-27 00:52 - 00001632 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-12-27 00:52 - 2016-12-27 00:52 - 00001632 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-12-27 00:51 - 2016-12-27 00:52 - 00000000 ____D C:\Program Files (x86)\Bluestacks
2016-12-27 00:51 - 2016-12-27 00:51 - 00000000 ____D C:\Users\Nuno\AppData\Local\Bluestacks
2016-12-27 00:51 - 2016-12-13 17:27 - 00000000 ____D C:\ProgramData\Bluestacks
2016-12-27 00:21 - 2017-01-06 18:47 - 00000000 ____D C:\Users\Nuno\Desktop\ddd
2016-12-26 23:47 - 2016-12-26 23:45 - 00127432 _____ (BigNox Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2016-12-26 23:46 - 2016-12-26 23:46 - 00000041 _____ C:\Users\Nuno\inst.ini
2016-12-26 23:46 - 2016-12-26 23:45 - 00253384 _____ (BigNox Corporation) C:\Windows\system32\Drivers\XQHDrv.sys
2016-12-26 21:46 - 2016-12-26 21:46 - 00002076 _____ C:\Users\Nuno\Desktop\JDownloader 2.lnk
2016-12-26 21:45 - 2016-12-31 02:53 - 00000000 ____D C:\Users\Nuno\AppData\Local\JDownloader v2.0
2016-12-26 21:45 - 2016-12-26 21:45 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2016-12-26 20:08 - 2016-12-26 20:08 - 00000970 _____ C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2016-12-26 20:08 - 2016-12-26 20:08 - 00000962 _____ C:\Users\Nuno\Desktop\join.me.lnk
2016-12-26 19:00 - 2016-12-30 01:27 - 00000000 ____D C:\Users\Nuno\AppData\Local\join.me
2016-12-26 19:00 - 2016-12-30 01:26 - 00000209 _____ C:\Users\Nuno\BullseyeCoverageError.txt
2016-12-26 17:36 - 2016-12-26 17:36 - 06468153 _____ C:\Users\Nuno\Desktop\make-up-artist-business-card-template-front.psd
2016-12-26 17:36 - 2016-12-26 17:36 - 00610948 _____ C:\Users\Nuno\Desktop\15181329_152105341931968_6908684556696036346_n.psd
2016-12-26 17:07 - 2016-12-26 17:28 - 01082569 _____ C:\Users\Nuno\Desktop\make-up-artist-business-card-template-front.jpg
2016-12-26 03:28 - 2016-12-26 03:28 - 00000000 ____D C:\Users\Nuno\AppData\Local\AbzuGame
2016-12-26 03:21 - 2016-12-26 03:21 - 00000222 _____ C:\Users\Nuno\Desktop\ABZ.url
2016-12-26 02:02 - 2016-12-28 13:43 - 00000000 ____D C:\Users\Nuno\Desktop\kitty
2016-12-26 01:25 - 2017-01-04 14:42 - 00000000 ____D C:\Users\Nuno\AppData\LocalLow\Mozilla
2016-12-26 01:24 - 2016-12-26 01:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-26 01:24 - 2016-12-26 01:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-26 01:24 - 2016-12-26 01:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-25 17:29 - 2016-12-25 17:29 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-12-25 17:25 - 2016-12-25 17:37 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2016-12-25 17:25 - 2016-12-25 17:25 - 00000000 ____D C:\ProgramData\Samsung
2016-12-25 17:25 - 2016-12-25 17:25 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2016-12-24 17:50 - 2016-12-24 17:51 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-24 17:50 - 2016-12-24 17:50 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1482601844
2016-12-24 17:50 - 2016-12-24 17:50 - 00001135 _____ C:\Users\Public\Desktop\Opera.lnk
2016-12-24 17:50 - 2016-12-24 17:50 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-24 17:50 - 2016-12-24 17:50 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Opera Software
2016-12-24 17:50 - 2016-12-24 17:50 - 00000000 ____D C:\Users\Nuno\AppData\Local\Opera Software
2016-12-24 17:46 - 2016-12-24 17:46 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Avira
2016-12-24 17:13 - 2016-12-24 17:13 - 00034240 _____ C:\Users\Nuno\Desktop\Screenshot_4.png
2016-12-24 17:11 - 2017-01-05 00:30 - 00001331 _____ C:\Users\Nuno\Desktop\traffic.txt
2016-12-23 18:47 - 2017-01-05 18:36 - 00000131 _____ C:\Users\Nuno\Desktop\asdasd.txt
2016-12-22 00:30 - 2016-12-22 00:53 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\.purple
2016-12-22 00:28 - 2016-12-22 00:28 - 00000991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2016-12-22 00:14 - 2016-12-22 00:22 - 00000000 ____D C:\Program Files\MyPortal
2016-12-20 21:37 - 2016-12-20 21:37 - 00000000 ____D C:\ProgramData\TSNotifier
2016-12-20 20:36 - 2016-12-25 17:08 - 00991744 ___SH C:\Users\Nuno\Documents\Thumbs.db
2016-12-20 18:01 - 2017-01-06 21:08 - 00524288 ___SH C:\Windows\system32\config\components{89a155f7-c6a2-11e6-b9e5-10bf487beda3}.TMContainer00000000000000000001.regtrans-ms
2016-12-20 18:01 - 2017-01-06 21:08 - 00065536 ___SH C:\Windows\system32\config\components{89a155f7-c6a2-11e6-b9e5-10bf487beda3}.TM.blf
2016-12-20 18:01 - 2016-12-21 01:46 - 00524288 ___SH C:\Windows\system32\config\components{89a155f7-c6a2-11e6-b9e5-10bf487beda3}.TMContainer00000000000000000002.regtrans-ms
2016-12-20 14:59 - 2016-12-20 14:59 - 01198379 _____ C:\Windows\unins000.exe
2016-12-20 14:46 - 2016-12-20 16:02 - 00000000 ____D C:\Users\Nuno\Desktop\GTA San ANDREAS
2016-12-20 11:08 - 2016-12-20 11:08 - 00001073 _____ C:\Users\Public\Desktop\OkayFreedom.lnk
2016-12-20 11:08 - 2016-12-20 11:08 - 00000000 ____D C:\Program Files (x86)\OkayFreedom
2016-12-19 16:48 - 2016-12-19 16:48 - 00000000 ____D C:\Users\Nuno\AppData\Local\ElevatedDiagnostics
2016-12-19 13:58 - 2016-12-19 13:58 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\TSNotifier
2016-12-19 13:56 - 2016-12-19 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSNotifier
2016-12-19 13:56 - 2016-12-19 15:11 - 00000000 ____D C:\Program Files (x86)\TS Notifier
2016-12-18 22:39 - 2016-12-18 22:39 - 00030957 _____ C:\Users\Nuno\Desktop\f42de540052045f9974966b209f4dd4b.png
2016-12-18 22:03 - 2016-12-18 22:03 - 00079145 _____ C:\Users\Nuno\Desktop\3NsCefD.png
2016-12-18 19:44 - 2017-01-07 19:10 - 00000000 ____D C:\Users\Nuno\AppData\Local\Troubleshooter
2016-12-18 18:45 - 2016-11-23 13:37 - 00000570 _____ C:\Users\Nuno\AppData\Local\TroubleshooterConfig.json
2016-12-18 02:16 - 2016-12-25 18:25 - 00000000 ____D C:\Users\Nuno\Desktop\Los Santos Police Department Handbook [14_NOV_16] - Los Santos Police Department_files
2016-12-18 02:16 - 2016-12-18 02:16 - 00111179 _____ C:\Users\Nuno\Desktop\Los Santos Police Department Handbook [14_NOV_16] - Los Santos Police Department.html
2016-12-18 02:12 - 2016-12-20 00:52 - 00000529 _____ C:\Users\Nuno\Desktop\code 10.txt
2016-12-17 15:52 - 2016-12-17 15:52 - 00000000 ____D C:\Program Files\Sony
2016-12-17 15:47 - 2016-12-17 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-12-17 15:26 - 2016-12-17 15:26 - 00002078 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk
2016-12-17 15:24 - 2016-12-06 16:01 - 00176464 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-12-17 15:24 - 2016-12-06 16:01 - 00148032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-12-17 15:24 - 2016-12-06 16:01 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-12-17 15:24 - 2016-12-06 16:01 - 00035864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2016-12-17 15:24 - 2016-12-06 16:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-12-17 14:48 - 2016-12-17 15:14 - 00524288 ___SH C:\Users\Nuno\ntuser.dat{8e7502af-c466-11e6-836f-10bf487beda3}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 14:48 - 2016-12-17 15:14 - 00524288 ___SH C:\Users\Nuno\ntuser.dat{8e7502af-c466-11e6-836f-10bf487beda3}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 14:48 - 2016-12-17 15:14 - 00065536 ___SH C:\Users\Nuno\ntuser.dat{8e7502af-c466-11e6-836f-10bf487beda3}.TM.blf
2016-12-17 14:42 - 2016-12-17 14:42 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\Programs
2016-12-17 14:33 - 2016-12-17 14:33 - 01293540 ____H C:\Users\nun\AppData\Local\IconCache.db
2016-12-17 14:28 - 2016-12-17 14:42 - 01363532 ____H C:\Users\Nuno.Nuno-PC.000\AppData\Local\IconCache.db
2016-12-17 14:18 - 2016-12-17 14:18 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\Adobe
2016-12-17 14:17 - 2017-01-06 20:58 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-17 14:17 - 2016-12-17 14:47 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-17 14:17 - 2016-12-17 14:47 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\Contacts
2016-12-17 14:17 - 2016-12-17 14:37 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.000\Searches
2016-12-17 14:17 - 2016-12-17 14:26 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\Google
2016-12-17 14:17 - 2016-12-17 14:17 - 00000000 ___SD C:\Users\Nuno.Nuno-PC.000\AppData\LocalLow\Microsoft
2016-12-17 14:17 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Intel Corporation
2016-12-17 14:17 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Identities
2016-12-17 14:17 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Adobe
2016-12-17 14:17 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\Avira
2016-12-17 14:16 - 2016-12-19 13:32 - 00262144 ___SH C:\Users\Nuno.Nuno-PC.000\ntuser.dat.LOG1
2016-12-17 14:16 - 2016-12-17 14:48 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-17 14:16 - 2016-12-17 14:48 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000
2016-12-17 14:16 - 2016-12-17 14:47 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\Documents
2016-12-17 14:16 - 2016-12-17 14:42 - 00786432 ___SH C:\Users\Nuno.Nuno-PC.000\NTUSER.DAT
2016-12-17 14:16 - 2016-12-17 14:42 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\Temp
2016-12-17 14:16 - 2016-12-17 14:42 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local
2016-12-17 14:16 - 2016-12-17 14:32 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming
2016-12-17 14:16 - 2016-12-17 14:28 - 00524288 ___SH C:\Users\Nuno.Nuno-PC.000\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 14:16 - 2016-12-17 14:28 - 00524288 ___SH C:\Users\Nuno.Nuno-PC.000\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 14:16 - 2016-12-17 14:28 - 00065536 ___SH C:\Users\Nuno.Nuno-PC.000\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2016-12-17 14:16 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Microsoft
2016-12-17 14:16 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\LocalLow
2016-12-17 14:16 - 2016-12-17 14:17 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\Microsoft
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\SendTo
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Recent
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\PrintHood
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Os meus documentos
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\NetHood
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Modelos
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Menu Iniciar
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Documents\Os meus vídeos
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Documents\As minhas imagens
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Documents\A minha música
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Definições locais
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Cookies
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\Application Data
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\AppData\Local\Temporary Internet Files
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\AppData\Local\Histórico
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.000\AppData\Local\Application Data
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 ___SH C:\Users\Nuno.Nuno-PC.000\ntuser.dat.LOG2
2016-12-17 14:16 - 2016-12-17 14:16 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData
2016-12-17 14:16 - 2016-12-17 14:11 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\NVIDIA Corporation
2016-12-17 14:16 - 2016-12-17 14:08 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Local\NVIDIA
2016-12-17 14:16 - 2011-04-12 13:06 - 00000000 ____D C:\Users\Nuno.Nuno-PC.000\AppData\Roaming\Media Center Programs
2016-12-17 14:15 - 2016-12-19 13:32 - 00230400 ___SH C:\Users\Nuno.Nuno-PC\ntuser.dat.LOG1
2016-12-17 14:15 - 2016-12-17 14:15 - 00524288 ___SH C:\Users\Nuno.Nuno-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 14:15 - 2016-12-17 14:15 - 00524288 ___SH C:\Users\Nuno.Nuno-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 14:15 - 2016-12-17 14:15 - 00065536 ___SH C:\Users\Nuno.Nuno-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\SendTo
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Recent
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\PrintHood
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Os meus documentos
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\NetHood
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Modelos
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Menu Iniciar
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Documents\Os meus vídeos
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Documents\As minhas imagens
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Documents\A minha música
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Definições locais
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Cookies
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\Application Data
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\AppData\Local\Temporary Internet Files
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\AppData\Local\Histórico
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC\AppData\Local\Application Data
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 ___SH C:\Users\Nuno.Nuno-PC\ntuser.dat.LOG2
2016-12-17 14:15 - 2016-12-17 14:15 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\LocalLow
2016-12-17 14:14 - 2016-12-17 14:48 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Roaming\Microsoft
2016-12-17 14:14 - 2016-12-17 14:48 - 00000000 ____D C:\Users\Nuno.Nuno-PC
2016-12-17 14:14 - 2016-12-17 14:15 - 00262144 ___SH C:\Users\Nuno.Nuno-PC\NTUSER.DAT
2016-12-17 14:14 - 2016-12-17 14:15 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Documents
2016-12-17 14:14 - 2016-12-17 14:15 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Local\Microsoft
2016-12-17 14:14 - 2016-12-17 14:15 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Local
2016-12-17 14:14 - 2016-12-17 14:15 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData
2016-12-17 14:14 - 2016-12-17 14:11 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Videos
2016-12-17 14:14 - 2016-12-17 14:11 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Local\NVIDIA Corporation
2016-12-17 14:14 - 2016-12-17 14:08 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Local\NVIDIA
2016-12-17 14:14 - 2011-04-12 13:06 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Roaming\Media Center Programs
2016-12-17 14:14 - 2011-04-12 13:06 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Roaming
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Pictures
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Music
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Favorites
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Downloads
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ___RD C:\Users\Nuno.Nuno-PC\Desktop
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ____D C:\Users\Nuno.Nuno-PC\Saved Games
2016-12-17 14:14 - 2009-07-14 02:34 - 00000000 ____D C:\Users\Nuno.Nuno-PC\AppData\Local\Temp
2016-12-17 14:10 - 2016-12-17 14:11 - 00000000 ____D C:\Users\Default\AppData\Local\NVIDIA Corporation
2016-12-17 14:10 - 2016-12-17 14:11 - 00000000 ____D C:\Users\Default User\AppData\Local\NVIDIA Corporation
2016-12-17 14:08 - 2016-12-17 14:08 - 01137350 ____H C:\Users\TEMP\AppData\Local\IconCache.db
2016-12-17 14:08 - 2016-12-17 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\NVIDIA
2016-12-17 14:08 - 2016-12-17 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\NVIDIA
2016-12-17 13:56 - 2016-12-17 13:56 - 00000000 ____D C:\Users\TEMP\AppData\Local\NVIDIA Corporation
2016-12-17 13:56 - 2016-12-17 13:56 - 00000000 ____D C:\Users\TEMP\AppData\Local\Adobe
2016-12-17 13:54 - 2016-12-19 13:32 - 00262144 ___SH C:\Users\TEMP\ntuser.dat.LOG1
2016-12-17 13:54 - 2016-12-17 14:48 - 00000000 ____D C:\Users\TEMP
2016-12-17 13:54 - 2016-12-17 14:47 - 00000000 ____D C:\Users\TEMP\Searches
2016-12-17 13:54 - 2016-12-17 14:47 - 00000000 ____D C:\Users\TEMP\Documents
2016-12-17 13:54 - 2016-12-17 14:47 - 00000000 ____D C:\Users\TEMP\Contacts
2016-12-17 13:54 - 2016-12-17 14:08 - 01048576 ___SH C:\Users\TEMP\NTUSER.DAT
2016-12-17 13:54 - 2016-12-17 14:08 - 00524288 ___SH C:\Users\TEMP\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 13:54 - 2016-12-17 14:08 - 00524288 ___SH C:\Users\TEMP\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 13:54 - 2016-12-17 14:08 - 00065536 ___SH C:\Users\TEMP\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2016-12-17 13:54 - 2016-12-17 14:08 - 00000000 ____D C:\Users\TEMP\AppData\Local\Temp
2016-12-17 13:54 - 2016-12-17 14:08 - 00000000 ____D C:\Users\TEMP\AppData\Local
2016-12-17 13:54 - 2016-12-17 14:03 - 00000000 ____D C:\Users\TEMP\AppData\Local\Google
2016-12-17 13:54 - 2016-12-17 13:54 - 01141036 ____H C:\Users\Nuno.Nuno-PC.001\AppData\Local\IconCache.db
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\SendTo
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Recent
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\PrintHood
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Os meus documentos
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\NetHood
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Modelos
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Menu Iniciar
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Documents\Os meus vídeos
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Documents\As minhas imagens
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Documents\A minha música
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Definições locais
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Cookies
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\Application Data
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Temporary Internet Files
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Histórico
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Application Data
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ___SH C:\Users\TEMP\ntuser.dat.LOG2
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ___SD C:\Users\TEMP\AppData\LocalLow\Microsoft
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Intel Corporation
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Identities
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Roaming
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\LocalLow
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Local\NVIDIA
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData\Local\Avira
2016-12-17 13:54 - 2016-12-17 13:54 - 00000000 ____D C:\Users\TEMP\AppData
2016-12-17 13:54 - 2011-04-12 13:06 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-12-17 13:44 - 2016-12-17 13:44 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\NVIDIA Corporation
2016-12-17 13:44 - 2016-12-17 13:44 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\Adobe
2016-12-17 13:43 - 2016-12-17 14:47 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\Searches
2016-12-17 13:43 - 2016-12-17 14:47 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\Contacts
2016-12-17 13:43 - 2016-12-17 13:51 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\Google
2016-12-17 13:43 - 2016-12-17 13:43 - 00000000 ___SD C:\Users\Nuno.Nuno-PC.001\AppData\LocalLow\Microsoft
2016-12-17 13:43 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Intel Corporation
2016-12-17 13:43 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Identities
2016-12-17 13:43 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Adobe
2016-12-17 13:43 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\Avira
2016-12-17 13:42 - 2016-12-19 13:32 - 00262144 ___SH C:\Users\Nuno.Nuno-PC.001\ntuser.dat.LOG1
2016-12-17 13:42 - 2016-12-17 14:48 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-17 13:42 - 2016-12-17 14:48 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001
2016-12-17 13:42 - 2016-12-17 14:47 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.001\Saved Games
2016-12-17 13:42 - 2016-12-17 14:47 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.001\Pictures
2016-12-17 13:42 - 2016-12-17 14:47 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-17 13:42 - 2016-12-17 14:47 - 00000000 ___RD C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-17 13:42 - 2016-12-17 14:47 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\Documents
2016-12-17 13:42 - 2016-12-17 13:54 - 01048576 ___SH C:\Users\Nuno.Nuno-PC.001\NTUSER.DAT
2016-12-17 13:42 - 2016-12-17 13:54 - 00524288 ___SH C:\Users\Nuno.Nuno-PC.001\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 13:42 - 2016-12-17 13:54 - 00524288 ___SH C:\Users\Nuno.Nuno-PC.001\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 13:42 - 2016-12-17 13:54 - 00065536 ___SH C:\Users\Nuno.Nuno-PC.001\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2016-12-17 13:42 - 2016-12-17 13:54 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\Temp
2016-12-17 13:42 - 2016-12-17 13:54 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local
2016-12-17 13:42 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Microsoft
2016-12-17 13:42 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming
2016-12-17 13:42 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\LocalLow
2016-12-17 13:42 - 2016-12-17 13:43 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\Microsoft
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\SendTo
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Recent
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\PrintHood
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Os meus documentos
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\NetHood
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Modelos
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Menu Iniciar
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Documents\Os meus vídeos
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Documents\As minhas imagens
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Documents\A minha música
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Definições locais
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Cookies
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\Application Data
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\AppData\Local\Temporary Internet Files
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\AppData\Local\Histórico
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 _SHDL C:\Users\Nuno.Nuno-PC.001\AppData\Local\Application Data
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 ___SH C:\Users\Nuno.Nuno-PC.001\ntuser.dat.LOG2
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Local\NVIDIA
2016-12-17 13:42 - 2016-12-17 13:42 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData
2016-12-17 13:42 - 2011-04-12 13:06 - 00000000 ____D C:\Users\Nuno.Nuno-PC.001\AppData\Roaming\Media Center Programs
2016-12-17 13:38 - 2016-12-17 13:38 - 00000000 ____D C:\Users\nun\AppData\Local\Adobe
2016-12-17 13:37 - 2017-01-03 00:10 - 01048576 ___SH C:\Users\nun\NTUSER.DAT
2016-12-17 13:37 - 2017-01-03 00:10 - 00262144 ___SH C:\Users\nun\ntuser.dat.LOG1
2016-12-17 13:37 - 2016-12-17 14:48 - 00000000 ____D C:\Users\nun
2016-12-17 13:37 - 2016-12-17 14:47 - 00000000 ____D C:\Users\nun\Searches
2016-12-17 13:37 - 2016-12-17 14:47 - 00000000 ____D C:\Users\nun\Documents
2016-12-17 13:37 - 2016-12-17 14:47 - 00000000 ____D C:\Users\nun\Contacts
2016-12-17 13:37 - 2016-12-17 14:33 - 00524288 ___SH C:\Users\nun\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 13:37 - 2016-12-17 14:33 - 00524288 ___SH C:\Users\nun\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2016-12-17 13:37 - 2016-12-17 14:33 - 00065536 ___SH C:\Users\nun\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2016-12-17 13:37 - 2016-12-17 14:33 - 00000000 ____D C:\Users\nun\AppData\Local
2016-12-17 13:37 - 2016-12-17 14:32 - 00000000 ____D C:\Users\nun\AppData\Local\Temp
2016-12-17 13:37 - 2016-12-17 13:46 - 00000000 ____D C:\Users\nun\AppData\Local\Google
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\SendTo
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Recent
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\PrintHood
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Os meus documentos
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\NetHood
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Modelos
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Menu Iniciar
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Documents\Os meus vídeos
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Documents\As minhas imagens
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Documents\A minha música
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Definições locais
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Cookies
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\Application Data
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\AppData\Local\Temporary Internet Files
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\AppData\Local\Histórico
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 _SHDL C:\Users\nun\AppData\Local\Application Data
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ___SH C:\Users\nun\ntuser.dat.LOG2
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ___SD C:\Users\nun\AppData\LocalLow\Microsoft
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Roaming\Microsoft
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Roaming\Intel Corporation
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Roaming\Identities
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Roaming\Adobe
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Roaming
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\LocalLow
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Local\NVIDIA
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Local\Microsoft
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData\Local\Avira
2016-12-17 13:37 - 2016-12-17 13:37 - 00000000 ____D C:\Users\nun\AppData
2016-12-17 13:37 - 2011-04-12 13:06 - 00000000 ____D C:\Users\nun\AppData\Roaming\Media Center Programs
2016-12-17 01:02 - 2016-12-17 01:02 - 00000000 ____D C:\Users\Nuno\AppData\Local\Astro
2016-12-16 16:27 - 2016-12-27 01:49 - 00116600 _____ C:\Users\Nuno\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-15 21:04 - 2016-12-17 14:43 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log
2016-12-15 21:04 - 2016-12-17 14:34 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2016-12-15 17:44 - 2017-01-07 17:59 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-12-15 17:44 - 2016-12-15 17:44 - 00001215 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-12-14 20:31 - 2016-12-14 20:31 - 00000000 ___DL C:\Users\Nuno\Local Settings
2016-12-14 20:31 - 2016-12-14 20:31 - 00000000 ___DL C:\Users\Nuno\Documents\My Videos
2016-12-14 20:31 - 2016-12-14 20:31 - 00000000 ___DL C:\Users\Nuno\Documents\My Pictures
2016-12-14 20:31 - 2016-12-14 20:31 - 00000000 ___DL C:\Users\Nuno\Documents\My Music
2016-12-14 20:31 - 2016-12-14 20:31 - 00000000 ___DL C:\Users\Nuno\AppData\Local\History
2016-12-14 19:18 - 2016-12-22 22:05 - 00001121 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-12-14 19:18 - 2016-12-20 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-12-14 19:18 - 2016-12-16 08:53 - 00040984 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-12-14 19:18 - 2016-12-14 19:18 - 00000000 ____D C:\Users\Nuno\AppData\Local\VS Revo Group
2016-12-14 19:18 - 2016-12-14 19:18 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-12-14 19:18 - 2016-12-14 19:18 - 00000000 ____D C:\Program Files\VS Revo Group
2016-12-14 17:25 - 2016-12-17 14:51 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-14 17:24 - 2017-01-04 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-14 17:24 - 2016-11-29 06:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-14 17:14 - 2016-12-14 18:44 - 00524288 ___SH C:\Users\Nuno\ntuser.dat{fb02836d-c21e-11e6-b16c-10bf487beda3}.TMContainer00000000000000000002.regtrans-ms
2016-12-14 17:14 - 2016-12-14 18:44 - 00524288 ___SH C:\Users\Nuno\ntuser.dat{fb02836d-c21e-11e6-b16c-10bf487beda3}.TMContainer00000000000000000001.regtrans-ms
2016-12-14 17:14 - 2016-12-14 18:44 - 00065536 ___SH C:\Users\Nuno\ntuser.dat{fb02836d-c21e-11e6-b16c-10bf487beda3}.TM.blf
2016-12-14 16:25 - 2016-12-17 14:09 - 00000000 ____D C:\NVIDIA Corporation
2016-12-13 18:44 - 2016-12-13 18:44 - 00000000 ____D C:\Users\Nuno\AppData\Local\Chromium
2016-12-11 01:09 - 2016-12-11 01:09 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\New Technology Studio
2016-12-11 01:09 - 2016-12-11 01:09 - 00000000 ____D C:\Users\Nuno\AppData\Local\New Technology Studio
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-08 02:39 - 2016-07-04 22:07 - 00000000 ____D C:\Program Files (x86)\VMware
2017-01-08 02:38 - 2011-04-12 12:55 - 00723554 _____ C:\Windows\system32\prfh0816.dat
2017-01-08 02:38 - 2011-04-12 12:55 - 00153446 _____ C:\Windows\system32\prfc0816.dat
2017-01-08 02:38 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2017-01-08 02:27 - 2016-06-03 17:02 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Skype
2017-01-08 02:26 - 2016-08-18 20:16 - 00000000 ____D C:\Windows\pss
2017-01-08 02:25 - 2016-10-14 22:13 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\BitTorrent
2017-01-08 02:25 - 2016-08-30 21:58 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\DAEMON Tools Lite
2017-01-08 02:25 - 2016-06-07 18:41 - 00000000 ____D C:\Users\Nuno\AppData\Local\CrashDumps
2017-01-08 02:25 - 2016-06-02 21:32 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-08 02:17 - 2016-06-02 21:33 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicações do Chrome
2017-01-08 02:08 - 2009-07-14 04:45 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-08 02:08 - 2009-07-14 04:45 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-08 02:06 - 2016-08-29 13:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-08 01:37 - 2016-06-02 20:31 - 00000000 ____D C:\Users\Nuno
2017-01-08 00:13 - 2016-08-29 13:48 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-08 00:13 - 2016-06-03 16:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-07 23:35 - 2016-06-03 16:40 - 00000000 _____ C:\Windows\Path.idx
2017-01-07 18:47 - 2016-06-03 19:08 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-07 18:30 - 2016-06-05 20:51 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-01-07 18:01 - 2016-06-03 16:35 - 01048576 _____ C:\Windows\PE_Rom.dll
2017-01-07 17:58 - 2016-07-24 18:58 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Steganos VPN
2017-01-07 17:58 - 2016-06-02 21:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-07 17:57 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-07 02:24 - 2016-08-27 00:56 - 00000000 ____D C:\Program Files (x86)\Roblox
2017-01-06 23:32 - 2016-06-03 20:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-06 19:04 - 2016-06-03 19:17 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\steelseries-engine-3-client
2017-01-06 13:54 - 2016-11-29 19:38 - 00003646 __RSH C:\ProgramData\ntuser.pol
2017-01-04 14:02 - 2016-07-20 23:16 - 00000000 ____D C:\Users\Nuno\AppData\Local\Akamai
2017-01-04 14:02 - 2016-06-05 17:29 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-01-04 14:02 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-01-04 14:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2017-01-02 17:00 - 2016-07-04 21:26 - 00000000 ____D C:\Users\Nuno\.android
2016-12-29 23:46 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Documents
2016-12-29 17:57 - 2016-06-03 15:48 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Riot Games
2016-12-29 14:53 - 2016-06-03 16:07 - 01680172 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-28 22:05 - 2016-08-27 00:56 - 00000244 _____ C:\Users\Nuno\AppData\LocalLow\rbxcsettings.rbx
2016-12-28 20:16 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-28 18:33 - 2016-06-18 21:59 - 00000000 ____D C:\stremio-cache
2016-12-28 14:12 - 2016-06-05 17:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-28 14:09 - 2016-06-05 17:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-28 01:48 - 2016-07-16 16:42 - 00000000 ____D C:\Users\Nuno\AppData\Local\Nox
2016-12-28 01:47 - 2016-07-16 16:45 - 00000000 ____D C:\Users\Nuno\vmlogs
2016-12-27 18:49 - 2016-06-17 22:01 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-12-27 18:49 - 2016-06-17 22:01 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-12-27 18:49 - 2016-06-17 22:01 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-27 15:55 - 2009-07-14 04:45 - 00531312 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-27 01:36 - 2009-07-14 03:20 - 00000000 __RSD C:\Windows\Fonts
2016-12-27 00:52 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-12-26 03:44 - 2016-06-05 17:43 - 00000000 ____D C:\Users\Nuno\AppData\Local\UnrealEngine
2016-12-26 01:24 - 2016-09-08 13:56 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-25 17:14 - 2016-10-15 17:15 - 00000073 _____ C:\Users\Nuno\AppData\Local\X-Plane_drm.prf
2016-12-25 17:10 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Music
2016-12-25 17:08 - 2016-06-02 21:41 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\TS3Client
2016-12-25 17:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-23 14:26 - 2016-10-26 15:09 - 00001202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2016-12-23 14:26 - 2016-10-26 15:09 - 00001190 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2016-12-23 14:26 - 2016-10-26 15:09 - 00000000 ____D C:\Program Files\Paint.NET
2016-12-23 14:26 - 2009-07-14 03:20 - 00000000 __RSD C:\Windows\assembly
2016-12-21 18:08 - 2016-06-30 13:55 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\OBS
2016-12-20 21:52 - 2016-06-08 18:29 - 00000000 ____D C:\Users\Nuno\Documents\GTA San Andreas User Files
2016-12-20 21:39 - 2016-06-04 13:21 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Notepad++
2016-12-20 20:36 - 2016-06-07 17:14 - 00000000 ____D C:\Users\Nuno\Documents\Lightshot
2016-12-20 15:00 - 2016-07-02 12:51 - 00000000 ____D C:\Users\Nuno\AppData\Local\modloader
2016-12-20 15:00 - 2016-07-02 12:51 - 00000000 ____D C:\ProgramData\modloader
2016-12-20 14:59 - 2016-06-17 20:52 - 00162018 _____ C:\Windows\unins000.dat
2016-12-19 23:56 - 2016-06-30 13:54 - 00000000 ____D C:\Program Files\OBS
2016-12-18 21:13 - 2016-10-14 19:55 - 00524288 ___SH C:\Windows\system32\config\components{e86633ca-920e-11e6-b1aa-10bf487beda3}.TMContainer00000000000000000001.regtrans-ms
2016-12-18 21:13 - 2016-10-14 19:55 - 00065536 ___SH C:\Windows\system32\config\components{e86633ca-920e-11e6-b1aa-10bf487beda3}.TM.blf
2016-12-17 16:09 - 2009-07-14 05:13 - 01662686 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-17 15:48 - 2016-06-03 16:40 - 00000000 ____D C:\Users\Nuno\AppData\Local\Programs
2016-12-17 15:44 - 2016-08-16 16:29 - 00000000 ____D C:\Users\Nuno\AppData\Local\Deployment
2016-12-17 15:41 - 2016-10-12 18:12 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-12-17 15:35 - 2016-11-05 21:43 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-12-17 15:35 - 2016-10-27 20:46 - 00000568 _____ C:\Windows\SysWOW64\nativelog.txt
2016-12-17 15:35 - 2016-09-01 13:08 - 00000000 ____D C:\ProgramData\Battle.net
2016-12-17 15:35 - 2016-08-29 13:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-17 15:34 - 2016-08-29 13:48 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-17 15:34 - 2016-08-29 13:48 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-17 15:34 - 2016-08-29 13:48 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-17 15:30 - 2016-06-07 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-17 15:26 - 2016-11-29 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-12-17 15:26 - 2016-11-29 19:17 - 00000000 ____D C:\ProgramData\Avira
2016-12-17 15:26 - 2016-11-29 19:17 - 00000000 ____D C:\Program Files (x86)\Avira
2016-12-17 14:52 - 2016-06-02 21:02 - 00003440 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 14:52 - 2016-06-02 21:02 - 00003312 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-17 14:51 - 2016-06-07 18:43 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-17 14:50 - 2016-06-03 20:55 - 00000000 ____D C:\Users\Nuno\AppData\Local\NVIDIA Corporation
2016-12-17 14:50 - 2016-06-02 21:27 - 00000000 ____D C:\Users\Nuno\AppData\Local\NVIDIA
2016-12-17 14:48 - 2016-06-13 22:55 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\www.gtavicecity.ru
2016-12-17 14:48 - 2016-06-05 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2016-12-17 14:47 - 2016-11-13 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-12-17 14:47 - 2016-11-12 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-12-17 14:47 - 2016-11-04 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2016-12-17 14:47 - 2016-10-21 18:33 - 00000000 ____D C:\Program Files (x86)\IVAO
2016-12-17 14:47 - 2016-10-09 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2016-12-17 14:47 - 2016-08-14 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-12-17 14:47 - 2016-08-12 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-12-17 14:47 - 2016-08-10 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-12-17 14:47 - 2016-07-24 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2016-12-17 14:47 - 2016-07-22 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-12-17 14:47 - 2016-07-22 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-12-17 14:47 - 2016-07-22 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-12-17 14:47 - 2016-07-16 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-12-17 14:47 - 2016-07-14 14:13 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-12-17 14:47 - 2016-07-14 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-12-17 14:47 - 2016-06-16 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-17 14:47 - 2016-06-14 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016
2016-12-17 14:47 - 2016-06-08 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2016-12-17 14:47 - 2016-06-04 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-12-17 14:47 - 2016-06-03 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-12-17 14:47 - 2016-06-03 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2016-12-17 14:47 - 2016-06-03 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-12-17 14:47 - 2016-06-03 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-17 14:47 - 2016-06-03 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-17 14:47 - 2016-06-02 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-17 14:47 - 2016-06-02 21:26 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-17 14:47 - 2016-06-02 20:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-17 14:47 - 2016-06-02 20:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-12-17 14:47 - 2016-06-02 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-12-17 14:47 - 2016-06-02 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
2016-12-17 14:47 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Searches
2016-12-17 14:47 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Saved Games
2016-12-17 14:47 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Links
2016-12-17 14:47 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Contacts
2016-12-17 14:47 - 2009-07-14 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-17 14:47 - 2009-07-14 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-17 14:47 - 2009-07-14 03:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-17 14:47 - 2009-07-14 03:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-17 14:47 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\winsxs
2016-12-17 14:47 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\System32\Tasks\Microsoft
2016-12-17 14:47 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-17 14:46 - 2016-09-08 13:56 - 00000000 ____D C:\Users\Nuno\AppData\Local\Mozilla
2016-12-17 14:46 - 2016-06-02 21:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-17 14:46 - 2016-06-02 20:31 - 00000000 ____D C:\Users\Nuno\AppData\Local\Microsoft
2016-12-17 14:12 - 2009-07-14 03:20 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft
2016-12-17 14:12 - 2009-07-14 03:20 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft
2016-12-17 14:11 - 2009-07-14 03:20 - 00000000 ___RD C:\Users\Default\Videos
2016-12-17 14:10 - 2009-07-14 03:20 - 00000000 ____D C:\Users\Default\AppData\Local
2016-12-17 14:10 - 2009-07-14 03:20 - 00000000 ____D C:\Users\Default User\AppData\Local
2016-12-15 17:27 - 2016-06-03 16:40 - 00000386 _____ C:\Windows\Tasks\update-sys.job
2016-12-15 17:27 - 2016-06-03 16:40 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-764316183-3508713337-3659362344-1000.job
2016-12-14 19:41 - 2016-10-15 17:20 - 00003326 _____ C:\Windows\System32\Tasks\SidebarExecute
2016-12-14 19:41 - 2016-06-03 16:40 - 00003396 _____ C:\Windows\System32\Tasks\update-sys
2016-12-14 19:41 - 2016-06-03 16:40 - 00003372 _____ C:\Windows\System32\Tasks\update-S-1-5-21-764316183-3508713337-3659362344-1000
2016-12-14 19:35 - 2016-06-02 21:01 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-12-14 19:33 - 2016-11-13 13:35 - 00000000 ____D C:\Users\Nuno\Downloads\X-Plane 10
2016-12-14 19:33 - 2016-11-05 21:41 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-14 19:33 - 2016-10-20 21:11 - 00000000 ____D C:\Users\Public\Geografia 8ª 2
2016-12-14 19:33 - 2016-10-13 19:11 - 00000000 ____D C:\Users\Nuno\Desktop\Geografia 8ª
2016-12-14 19:33 - 2016-10-13 18:47 - 00000000 ____D C:\Users\Public\Geografia 8ª
2016-12-14 19:19 - 2016-06-02 21:02 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 19:19 - 2016-06-02 21:02 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 19:09 - 2016-07-15 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2016-12-14 19:05 - 2016-11-09 15:18 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-12-14 19:03 - 2016-11-30 14:37 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-12-14 19:02 - 2016-11-30 14:36 - 00000000 ____D C:\ProgramData\Soluto
2016-12-14 19:00 - 2016-11-30 14:37 - 00000193 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-12-14 18:59 - 2016-09-06 21:49 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Nox
2016-12-14 18:58 - 2016-10-12 18:13 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-12-14 18:58 - 2016-06-02 20:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-14 18:06 - 2016-08-29 13:48 - 00003882 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-14 17:13 - 2016-11-05 21:44 - 00000000 ____D C:\Users\Nuno\Documents\Heroes of the Storm
2016-12-14 17:13 - 2016-09-30 21:26 - 00000000 ____D C:\Users\Nuno\Documents\The Escapists
2016-12-14 17:13 - 2016-09-04 23:14 - 00000000 ____D C:\Users\Nuno\Documents\Wondershare Filmora
2016-12-14 17:13 - 2016-07-24 18:58 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Steganos Updates
2016-12-14 17:13 - 2016-07-16 19:25 - 00000000 ____D C:\Users\Nuno\Documents\Euro Truck Simulator 2
2016-12-14 17:13 - 2016-06-26 17:06 - 00000000 ____D C:\Users\Nuno\Documents\My Data Files
2016-12-14 17:13 - 2016-06-02 21:40 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-12-14 17:13 - 2016-06-02 20:31 - 00000000 ___RD C:\Users\Nuno\Pictures
2016-12-14 17:12 - 2016-11-25 23:18 - 00000000 ____D C:\Windows\Minidump
2016-12-14 17:12 - 2016-10-14 21:47 - 00000000 ____D C:\Users\Nuno\Desktop\X-Plane 10
2016-12-14 17:12 - 2016-10-12 18:14 - 00000000 ____D C:\Users\Nuno\Documents\My Games
2016-12-14 17:12 - 2016-09-08 14:02 - 00000000 ____D C:\Users\Nuno\Documents\iMacros
2016-12-14 17:12 - 2016-07-24 18:58 - 00000000 ____D C:\Users\Nuno\AppData\Roaming\Steganos
2016-12-14 17:12 - 2016-07-14 14:13 - 00000000 ____D C:\Users\Nuno\Documents\Image-Line
2016-12-13 18:44 - 2016-06-02 21:34 - 00000000 ____D C:\Users\Nuno\AppData\Local\Steam
 
==================== Files in the root of some directories =======
 
2016-06-24 17:19 - 2016-06-24 17:19 - 0000046 _____ () C:\Users\Nuno\AppData\Roaming\1119HOTK.dat
2016-06-07 18:38 - 2016-06-07 18:38 - 6867968 _____ () C:\Users\Nuno\AppData\Roaming\agent.dat
2016-06-07 18:36 - 2016-06-07 18:36 - 0128512 _____ () C:\Users\Nuno\AppData\Roaming\Installer.dat
2016-06-07 18:38 - 2016-06-07 18:38 - 0018432 _____ () C:\Users\Nuno\AppData\Roaming\Main.dat
2016-10-16 14:31 - 2016-10-16 14:45 - 0000280 _____ () C:\Users\Nuno\AppData\Roaming\OpenSceneryX Installer.plist
2016-10-08 11:01 - 2016-10-08 11:01 - 305520897 _____ () C:\Users\Nuno\AppData\Local\ACCCx3_8_0_310.zip.aamdownload
2016-10-08 11:01 - 2016-10-08 11:01 - 0003413 _____ () C:\Users\Nuno\AppData\Local\ACCCx3_8_0_310.zip.aamdownload.aamd
2016-08-14 00:31 - 2016-08-14 00:36 - 0000181 _____ () C:\Users\Nuno\AppData\Local\Lockdir6
2016-10-14 22:12 - 2016-10-14 22:12 - 0000218 _____ () C:\Users\Nuno\AppData\Local\recently-used.xbel
2016-09-09 12:58 - 2016-09-09 12:58 - 0007601 _____ () C:\Users\Nuno\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Nuno\AppData\Local\setup.txt
2016-12-18 18:45 - 2016-11-23 13:37 - 0000570 _____ () C:\Users\Nuno\AppData\Local\TroubleshooterConfig.json
2016-06-03 16:40 - 2016-06-03 16:40 - 0000003 _____ () C:\Users\Nuno\AppData\Local\updater.log
2016-06-03 16:40 - 2016-08-10 16:22 - 0000424 _____ () C:\Users\Nuno\AppData\Local\UserProducts.xml
2016-10-14 21:58 - 2016-11-25 22:42 - 0000037 _____ () C:\Users\Nuno\AppData\Local\X-Plane Installer.prf
2016-10-15 17:15 - 2016-12-25 17:14 - 0000073 _____ () C:\Users\Nuno\AppData\Local\X-Plane_drm.prf
2016-10-14 21:47 - 2016-10-14 21:47 - 0000035 _____ () C:\Users\Nuno\AppData\Local\x-plane_install_10.txt
2016-11-25 22:29 - 2016-11-25 22:29 - 0000035 _____ () C:\Users\Nuno\AppData\Local\x-plane_install_11.txt
2016-09-23 15:11 - 2016-09-23 15:11 - 0000000 _____ () C:\Users\Nuno\AppData\Local\{001377AC-B335-46A1-BC0B-FBAD7DBD2525}
2016-10-10 15:55 - 2016-10-10 15:55 - 0238612 _____ () C:\ProgramData\1476114849.bdinstall.bin
2016-10-14 21:56 - 2016-10-14 21:56 - 0028667 _____ () C:\ProgramData\agent.1476482195.bdinstall.bin
2016-11-30 14:37 - 2016-12-14 19:00 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-07-20 23:34 - 2016-07-20 23:34 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-15 21:04 - 2016-12-17 14:43 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 21:04 - 2016-12-17 14:34 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
 
Some files in TEMP:
====================
C:\Users\Nuno\AppData\Local\Temp\procexp64.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-05 20:07
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2017
Ran by Nuno (08-01-2017 02:43:22)
Running from C:\Users\Nuno\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-06-02 20:31:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-764316183-3508713337-3659362344-500 - Administrator - Disabled)
Convidado (S-1-5-21-764316183-3508713337-3659362344-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-764316183-3508713337-3659362344-1004 - Limited - Enabled)
Nuno (S-1-5-21-764316183-3508713337-3659362344-1000 - Administrator - Enabled) => C:\Users\Nuno
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABZÛ (HKLM\...\Steam App 384190) (Version:  - Giant Squid)
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Actualizações da NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\{58E533B1-9B29-432D-BB38-25B489C1D53B}) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (Version: 376.09 - NVIDIA Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Assistente de Atualização do Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
ASUS Update (HKLM-x32\...\{F178DD09-E45A-4C29-979A-1EEAEFC35A5F}) (Version:  - )
AutoHotkey 1.1.24.00 (HKLM\...\AutoHotkey) (Version: 1.1.24.00 - Lexikos)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.0.2.26813 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{115347FE-037B-4F4D-86F2-057FEF294C7A}) (Version: 1.2.4.459 - Avira Operations GmbH & Co. KG)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blue Satin Skin (HKLM-x32\...\{FB7D6550-9260-42E6-83C8-BF3A7E54442F}) (Version: 2.2.1 - Screaming Bee)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.83.6332 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{D669DC52-B1A4-4933-878D-CB80F660D95D}) (Version: 55.0.2883.17 - Google Inc.)
Creatures of Darkness (HKLM-x32\...\{573F9269-A022-4C6F-97BD-CF1316A76369}) (Version: 3.3.1 - Screaming Bee)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Farm Animal Sounds (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Farm Animal Sounds for MorphVOX (HKLM-x32\...\{915a6d7b-d1dc-4350-ac2a-dc3420a893a8}) (Version: 4.4.41 - Screaming Bee Inc.)
Female Voices (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Female Voices for MorphVOX (HKLM-x32\...\{7deb85b1-333a-461a-9ae0-00b4b8a6e3e7}) (Version: 4.4.41 - Screaming Bee Inc.)
Galactic Voices (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Galactic Voices for MorphVOX (HKLM-x32\...\{2485772c-4503-4ec6-b02e-9238a08e748e}) (Version: 4.4.41 - Screaming Bee Inc.)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JetBrains PyCharm Community Edition 2016.2.3 (HKLM-x32\...\PyCharm Community Edition 2016.2.3) (Version: 162.1967.10 - JetBrains s.r.o.)
join.me (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\JoinMe) (Version: 3.0.0.4054 - LogMeIn, Inc.)
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - pt-pt (HKLM\...\ProPlusRetail - pt-pt) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{75B956F9-D72D-4929-B695-120D70E8AEE1}) (Version: 4.4.7 - Screaming Bee)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA Controlador 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Controlador gráfico 376.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA O controlador de 3D Vision 376.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.09 - NVIDIA Corporation)
NVIDIA O controlador de HD Audio 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA O software do sistema PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.7.4 - Steganos Software GmbH)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Opera Stable 42.0.2393.94 (HKLM-x32\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.1.1.35466 - Electronic Arts, Inc.)
Painel de controlo da NVIDIA 376.09 (Version: 376.09 - NVIDIA Corporation) Hidden
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.0.2 - Popcorn Time) <==== ATTENTION
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25424 - Microsoft Corporation) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Special Effects Voices (HKLM-x32\...\{913C4C4F-9E3E-41A6-A614-1BDC1352A225}) (Version: 1.0.2 - Screaming Bee)
Spooky Sounds (HKLM-x32\...\{F71EBF86-9A73-44C0-A674-55FA3E4A8428}) (Version: 2.1.1 - Screaming Bee)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.5 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.5 - SteelSeries ApS)
Stremio (HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\Stremio) (Version: 3.6.1 - Smart Code Ltd.)
Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1 (x32 Version: 14.98.25331 - Microsoft) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Translator Fun Voices (x32 Version: 4.4.41 - Screaming Bee Inc.) Hidden
Translator Fun Voices for MorphVOX (HKLM-x32\...\{55b71d33-5b8a-4c30-9286-3a0570b4e712}) (Version: 4.4.41 - Screaming Bee Inc.)
TS Notifier (HKLM-x32\...\{A8C69D46-A92E-40FA-B393-0E3A417D8F2A}) (Version: 1.6.0000 - Andreas Gebert)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.35.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25424 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25424 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Driver Package - Microsoft (xusb21) XnaComposite  (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wireshark 2.2.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Workplace Backgrounds (HKLM-x32\...\{13304708-E115-4044-82DA-88A6F5424359}) (Version: 1.0.0 - Screaming Bee)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764316183-3508713337-3659362344-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Nuno\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0657B88E-AE97-432C-AB60-08E7BF9DBF08} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {07455D4D-BA35-4F55-B390-D656EAB0AE4C} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {086168D9-E4D2-4FEB-985B-DC5E65C983B4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)
Task: {0DF7652A-1BEF-4239-8BD8-01E79B49A97C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {13A995B0-75B9-43AD-8E94-2AC1FB06DD2E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {1DA2E9F3-9C4B-4C65-938A-C1DB50ECEFC3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {281AFA46-2E17-49E3-B7FF-3D1ABF097796} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {2AA28036-E3B5-4B7D-8DC4-2776691F74EE} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {34CA9F8F-D17E-40FD-8490-2C1E2A5C94AC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {35458FBA-7304-4BCF-8DEA-8B0550FA44BC} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-08-14] (ASUSTeK Computer Inc.)
Task: {39391C59-FB7B-4217-8FDA-C753442E36B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation)
Task: {6FD8C4F5-DE11-44D9-8528-A85CE43EB5F9} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {78DCFE30-CE29-494C-AB66-E835DFC7B379} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation)
Task: {8B9C3069-B8EB-49F4-9BD0-9942C59CEB9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-02] (Google Inc.)
Task: {8BB3D9BA-4C6D-4B31-B253-997B01FD196B} - \Tweaking.com - Windows Repair Tray Icon -> No File <==== ATTENTION
Task: {91F6207D-C4CF-4ECA-AA99-1D3FFED3B14D} - System32\Tasks\update-S-1-5-21-764316183-3508713337-3659362344-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {A0AB67C3-CEE2-49F0-8651-B1B04CFFFE42} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {A3BBAE32-0552-4F72-B94E-2EDD546A909C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {B872784C-7662-444A-A8B4-A5BF8D43B7A0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {C59BF0B3-1B67-49A1-A897-AEDD12E86BDC} - System32\Tasks\Opera scheduled Autoupdate 1482601844 => C:\Program Files (x86)\Opera\launcher.exe [2016-12-19] (Opera Software)
Task: {C989712D-3263-48FF-9A80-959CF71C250B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {CC32822C-4F45-4421-AF8F-994C76466A04} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {DC5E424D-8353-40E5-9636-6A2BD77FC531} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-02] (Google Inc.)
Task: {E1F5A65F-0326-4425-AC7F-1A9F869A12B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {E3155634-7848-4635-8B06-A5CDE9FFEDC2} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe [2012-07-12] (ASUSTeK Computer Inc.)
Task: {F9E7B3D0-E67F-49FA-809E-6BB4C6FB3D3B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\update-S-1-5-21-764316183-3508713337-3659362344-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Nuno\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86"
ShortcutWithArgument: C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Nuno\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64"
ShortcutWithArgument: C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Nuno\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64"
ShortcutWithArgument: C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicações do Chrome\Ambiente de Trabalho Remoto do Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicações do Chrome\Google Keep – notas e listas.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Nuno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1ec0f72738fb119e\iMacros for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cplklnmnlbnpmjogncfgfijoopmnlemp
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-11 06:52 - 2015-06-11 06:52 - 00022528 _____ () C:\Windows\System32\sst8clm.dll
2016-06-03 16:22 - 2016-06-03 16:22 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2016-07-28 22:50 - 2016-01-19 17:45 - 01314848 _____ () C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
2016-09-10 10:50 - 2016-11-17 13:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-10 10:50 - 2016-11-17 13:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-10 10:51 - 2016-11-17 13:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-06-02 21:26 - 2016-11-24 19:39 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-03 16:29 - 2012-05-03 09:40 - 00258048 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\S5WOW_App\x64\S5wow_2005.exe
2016-06-03 16:22 - 2017-01-07 17:57 - 00030208 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2016-06-03 16:22 - 2010-06-29 09:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2016-06-03 16:29 - 2012-05-02 17:04 - 00233472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\AudioProjection.dll
2016-06-03 16:29 - 2010-12-14 16:46 - 00067584 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\CoreAudioCap.dll
2016-06-03 16:29 - 2012-06-22 12:32 - 00184320 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\DLCapPP.dll
2016-06-03 16:29 - 2011-08-09 13:52 - 00425984 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\awiscale.DLL
2016-06-03 16:29 - 2012-04-25 13:57 - 00073728 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\IsSupported.dll
2016-06-03 16:29 - 2012-01-12 15:44 - 00475136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFiGO_HookKey.dll
2016-06-03 16:29 - 2012-04-20 15:24 - 00716800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiMoveHelp.dll
2016-06-03 16:29 - 2012-04-25 13:47 - 00659456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\PhoneCtrlAPI.dll
2016-06-03 16:27 - 2012-05-17 17:57 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2016-09-10 10:50 - 2016-12-12 14:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-10 10:50 - 2016-12-12 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-10 10:50 - 2016-12-12 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-10 10:50 - 2016-11-17 13:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-10 10:50 - 2016-11-17 13:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-10 10:50 - 2016-12-12 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-10 10:50 - 2016-12-12 14:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-10 10:50 - 2016-12-12 14:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-10 10:50 - 2016-12-12 14:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-09-10 10:50 - 2016-11-17 13:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-06-03 16:27 - 2012-07-05 11:05 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2016-06-03 16:29 - 2012-02-06 20:08 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\pngio.dll
2016-06-02 20:49 - 2011-07-12 18:14 - 00147456 ____N () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2016-06-02 20:49 - 2010-10-05 07:22 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2016-06-03 16:24 - 2011-09-26 18:36 - 00869376 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2016-06-02 20:49 - 2012-03-21 11:07 - 00972288 ____N () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2016-06-03 16:24 - 2013-05-08 15:22 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2016-06-03 16:25 - 2012-06-19 11:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2016-06-03 16:25 - 2012-08-14 10:14 - 01123840 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2016-06-03 16:26 - 2012-07-20 08:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2016-06-02 20:49 - 2012-05-25 09:33 - 00883712 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2016-06-02 20:49 - 2012-05-28 20:27 - 01622528 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2016-06-02 20:49 - 2011-09-19 19:18 - 01243136 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2016-06-02 20:49 - 2011-07-21 08:06 - 00846848 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2016-06-02 20:49 - 2011-10-14 19:03 - 00885248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2016-06-03 16:29 - 2012-07-10 16:55 - 01625600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\WiFiGO.dll
2016-06-02 20:49 - 2010-08-23 02:17 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2016-06-02 20:49 - 2010-10-05 07:22 - 00208896 ____N () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2016-06-03 16:28 - 2012-01-19 08:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
2016-06-03 16:28 - 2012-07-17 15:55 - 00062464 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi Engine\IsSupported.dll
2016-06-03 16:28 - 2010-09-23 10:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll
2016-06-03 16:28 - 2010-02-25 13:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\Aszip.dll
2016-06-02 20:44 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-06-02 21:33 - 2016-12-08 15:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-06-02 21:33 - 2016-09-01 01:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-06-02 21:33 - 2016-09-01 01:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-06-02 21:33 - 2016-09-01 01:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-06-02 21:33 - 2016-12-20 02:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2016-06-02 21:33 - 2016-01-27 07:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-06-02 21:33 - 2016-01-27 07:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-06-02 21:33 - 2016-01-27 07:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-06-02 21:33 - 2016-01-27 07:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-06-02 21:33 - 2016-01-27 07:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-06-02 21:33 - 2016-12-20 02:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-06-02 21:33 - 2016-07-04 22:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-14 17:18 - 2016-12-05 16:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-06-02 21:33 - 2016-12-20 02:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-06-02 21:33 - 2015-09-24 23:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-06-02 20:49 - 2009-08-12 19:15 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2016-12-14 19:19 - 2016-12-08 07:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 19:19 - 2016-12-08 07:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-06-04 12:21 - 2016-06-04 12:21 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c0cf9576d4edde5de5e39aab1fe5562b\IsdiInterop.ni.dll
2016-06-02 20:51 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2016-10-10 15:35 - 00002134 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 teamspeak.com
127.0.0.1 accounting.teamspeak.com
127.0.0.1 backupaccounting.teamspeak.com
127.0.0.1 blacklist.teamspeak.com
127.0.0.1 ipcheck.teamspeak.com
127.0.0.1 ocsp.digicert.com
127.0.0.1 hardy.teamspeak.4players.de
127.0.0.1 teamspeak.com
127.0.0.1 accounting.teamspeak.com
127.0.0.1 backupaccounting.teamspeak.com
127.0.0.1 blacklist.teamspeak.com
127.0.0.1 ipcheck.teamspeak.com
127.0.0.1 ocsp.digicert.com
127.0.0.1 hardy.teamspeak.4players.de
127.0.0.1 teamspeak.com
127.0.0.1 accounting.teamspeak.com
127.0.0.1 backupaccounting.teamspeak.com
127.0.0.1 blacklist.teamspeak.com
127.0.0.1 ipcheck.teamspeak.com
127.0.0.1 ocsp.digicert.com
127.0.0.1 hardy.teamspeak.4players.de
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nuno\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AviraPhantomVPN => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdPlusAndroidSvc => 3
MSCONFIG\Services: OkayFreedom VPN Starter Service => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaspersky Software Updater Beta.lnk => C:\Windows\pss\Kaspersky Software Updater Beta.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SteelSeries Engine 3.lnk => C:\Windows\pss\SteelSeries Engine 3.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Nuno^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Folding@home.lnk => C:\Windows\pss\Folding@home.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Nuno^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasherPro.lnk => C:\Windows\pss\MailWasherPro.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Nuno^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^zSpeedup.lnk => C:\Windows\pss\zSpeedup.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: Avira System Speedup Tray => "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe"
MSCONFIG\startupreg: Avira System Speedup User Starter => "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
MSCONFIG\startupreg: Avira SystrayStartTrigger => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Clownfish => 
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: gflauncher => "C:\Program Files (x86)\Crytek\GFACE Launcher\live\gflauncher.exe" --autostart
MSCONFIG\startupreg: GUSDelayStartup => "C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe" -delayrun
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: MinerGateGui => C:\Program Files\MinerGate\minergate.exe --auto
MSCONFIG\startupreg: OKAYFREEDOM Notifier => "C:\Program Files (x86)\OkayFreedom\Notifier.exe"
MSCONFIG\startupreg: OKAYFREEDOM_Agent => "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Nuno\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Nuno\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: ZoneAlarm Installer => "C:\Users\Nuno\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\Launcher.exe" "C:\Users\Nuno\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\Install.exe" /r download /c "Install.xml" /w
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{53ADF61C-0D1B-4A9F-9DF2-D2D8B12CB7FD}] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{9FE00DC6-BB04-45A4-9D71-15EEF0BA1A90}] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
FirewallRules: [{85C55E96-0C81-4099-9C45-09E11682A5D9}] => LPort=2869
FirewallRules: [{D12B3E09-5A90-4509-A6C9-5C9B9CF1D4AB}] => LPort=1900
FirewallRules: [{D4461E8A-7667-42CD-93B7-9D7DDC750040}] => C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{4A9C9226-4CC8-46E1-B369-0EE7EECC4FD7}] => C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{DDE1B3BF-12B6-4FEC-9809-76B3A48BAA11}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7E40D509-3BF0-4A7A-8DF8-2CE97CFD8BC3}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{87A310EC-0D2D-445B-927D-0856BEA01623}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{060F0286-4EC7-4599-AFE6-31F40A36EE11}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{13BBAB45-80D9-4929-B297-54D5F7D17786}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B4526FDB-67F8-4A65-8CCA-B8804920117C}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A9C13FAB-3D4C-4207-AB21-9CF7BCB3E97C}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{92FBEEE7-BAF5-4D2C-8520-5C050CA1E5F9}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{890296AB-D83C-4B68-B989-3B72266E9337}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{759441D4-D5D9-4492-A2F8-FCEC7838630B}] => C:\Users\Nuno\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{AEA946D2-E31B-4FF4-A3B2-2CD354E28EA3}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8829A5DC-DCA9-42B6-ADA8-5960FB9FF910}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A32A5B97-F331-4FB4-91D6-641889E70E86}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8E3AB507-DA13-46FC-A37C-95F868E4024A}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CF994066-806D-4F66-8C09-634525925773}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{AA9687A7-4BC3-46BA-A225-0C7D742C7403}C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe] => C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [UDP Query User{A2675841-DC3B-45A3-A3A5-5BA84D93EC80}C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe] => C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [TCP Query User{91B8105D-6D1D-4BD5-8741-FBB079F50A1F}C:\users\nuno\appdata\local\akamai\netsession_win.exe] => C:\users\nuno\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{428E22B2-7CFE-4A18-A823-4D9D3405A1A0}C:\users\nuno\appdata\local\akamai\netsession_win.exe] => C:\users\nuno\appdata\local\akamai\netsession_win.exe
FirewallRules: [{D0406810-6C69-4E2F-B6F5-45C97AD549EC}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{BB8934CD-F62B-4C0D-9C1C-5356969323CB}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{61B43E8A-0F56-4EDD-82FC-1B02AEE94DA4}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{52D536E8-1742-4902-A92D-2717B345A79B}C:\users\nuno\appdata\local\akamai\netsession_win.exe] => C:\users\nuno\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5BCD6838-E083-4B75-847C-EC6580AF4939}C:\users\nuno\appdata\local\akamai\netsession_win.exe] => C:\users\nuno\appdata\local\akamai\netsession_win.exe
FirewallRules: [{7774EE56-BE6E-4921-B5C0-1CC9BB117A0B}] => LPort=2869
FirewallRules: [{4F18E700-6E29-4A2E-B2FF-DADDC9D020FA}] => LPort=1900
FirewallRules: [{09EA3C8D-8A76-4972-8590-98D17D7849D6}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{0371BAA9-D588-4BE3-B7AF-8FB78C51FF69}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{218164AF-1DF5-4122-995E-0D20B0C88BBE}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0A34E71F-B82B-46FC-83F8-42ECAF52D8C4}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8AEBEBAD-D43C-48FE-8621-4DBBE24F7D3B}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CB56B322-0AA2-4120-A8FC-6B3C6896E63E}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0115372D-D9C2-4F89-9FD1-F02D83127C1B}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2561B23D-FBB7-437D-A300-644530082159}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B63D7546-7C75-4720-B0FE-8B7C5E9F1803}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{21C4B4C6-AC1B-4B48-B216-8F644A1090D8}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{7520D9BC-0FBF-4482-8F7E-9064E95ABC53}C:\users\nuno\desktop\x-plane 10\x-plane.exe] => C:\users\nuno\desktop\x-plane 10\x-plane.exe
FirewallRules: [UDP Query User{BB0730C1-0692-4C1D-BF94-C0F93BFD611E}C:\users\nuno\desktop\x-plane 10\x-plane.exe] => C:\users\nuno\desktop\x-plane 10\x-plane.exe
FirewallRules: [TCP Query User{B002C5C0-E7CB-44E7-A414-0BDF67112DAB}C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe] => C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe
FirewallRules: [UDP Query User{21A90480-24E9-4ED3-8202-82806AD6A06A}C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe] => C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe
FirewallRules: [TCP Query User{5C138F75-909E-40B4-ACC4-40573B574349}C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe] => C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [UDP Query User{1C826139-4F82-4D56-A957-76A86303044D}C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe] => C:\users\nuno\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [{9D140959-BCBD-4310-B19B-8A6FBCB46B95}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{3112D7EF-D852-4972-AD2A-C1AEFD141409}] => C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
FirewallRules: [{19B57AF1-6685-43FA-8401-40F215604599}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CF7DDE8F-675A-4A80-8C7B-C646DDC2C8C4}] => C:\Users\Nuno\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E3F429E2-7075-4F90-8B29-52D98ACAD7CC}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0401F550-6F77-46AE-9968-660390A2824C}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B635536F-4C17-416A-833B-116D99EDE971}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{4C1016F3-7971-4AA5-B25E-755C0E8F4FA4}C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe] => C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe
FirewallRules: [UDP Query User{EC14E370-0CEF-4239-A097-E8233454A375}C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe] => C:\users\nuno\desktop\x-plane 10\x-plane-32bit.exe
FirewallRules: [{6237A481-4B22-45FD-9661-64B0A7FFB835}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB2DD851-83A7-4B2F-8608-968D4FCA1E5F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9B90E67-FC93-40C1-A2A6-223C44AC2DF1}] => C:\Program Files (x86)\Steam\steamapps\common\ABZU\AbzuGame.exe
FirewallRules: [{BB051A05-41A4-4CEB-8ED4-D2A788E6564D}] => C:\Program Files (x86)\Steam\steamapps\common\ABZU\AbzuGame.exe
FirewallRules: [TCP Query User{61C7BE05-EF8A-43E5-AFDF-9CF653D432E0}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe
FirewallRules: [UDP Query User{9C78B75E-5068-4E74-891A-98284C20BAE5}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe
FirewallRules: [{7EB1C073-4644-43D6-B363-FBE066AE972F}] => C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{FCA23D76-1F7E-446C-92C3-53A1E7543DDC}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1998B4E0-3D69-4CCE-84D1-C98B9B20D805}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3BAF60BD-289D-4FC0-9321-550ACC8AB6D4}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0F2DD840-845E-4932-91DE-B539003ABB61}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C8BF310E-E7EF-4EB1-B8F0-EB71DBABF6FC}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EC71FB00-D7E7-4EFE-A150-9B6E9AAFCCC8}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B1033ED2-BD2A-49FE-BF6D-E309FFC0B033}] => C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{A0B08391-B193-4D5E-BB9E-FF9371736021}] => C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{245740EA-5CC3-4CD6-A20F-702DB5A6DBD5}] => C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{B89624FB-F4DC-4AFC-8566-8E5D24E7C94B}] => C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{6ECBAD6F-2B50-4271-83CD-D9B739536365}] => C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{F3E93C32-FEAE-4DD2-9DFB-21AA43FB8FCB}] => C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{B0CB3E49-517B-4796-92ED-6DDBFA245922}] => C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{153CC64F-8BCB-4A4A-8BD0-4A092F851503}] => C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{035DE145-8420-4D4A-8FC1-03278AD620AB}] => LPort=49287
FirewallRules: [{D94AE395-CD93-4E7C-9D97-9164900B55F5}] => LPort=5000
 
==================== Restore Points =========================
 
07-01-2017 02:18:57 Removed VNC Viewer 6.0.1
07-01-2017 02:52:51 07-1-17
08-01-2017 02:35:47 Removed VMware Workstation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2017 02:42:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/08/2017 02:12:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa opera.exe versão 42.0.2393.94 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo do Centro de Acção.
 
ID do Processo: 15fc
 
Hora de Início: 01d269109418e94c
 
Hora de Fim: 599
 
Caminho da Aplicação: C:\Program Files (x86)\Opera\42.0.2393.94\opera.exe
 
ID do Relatório: ddafbf6d-d547-11e6-8806-005056c00005
 
Error: (01/08/2017 12:30:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: BlueStacks.exe, versão: 2.5.83.6332, carimbo de data/hora: 0x58502eaf
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de excepção: 0xc000041d
Desvio de falha: 0x72de4f69
ID do processo com falha: 0x3230
Data/hora de início da aplicação com falha: 0x01d2693218b33026
Caminho da aplicação com falha: C:\Program Files (x86)\Bluestacks\BlueStacks.exe
Caminho do módulo com falha: unknown
ID do Relatório: a14cafd3-d539-11e6-8806-005056c00005
 
Error: (01/07/2017 06:38:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha ao gerar o contexto de activação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no ficheiro de manifesto ou de política "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" na linha 1.
A identidade do componente existente no manifesto não corresponde à identidade do componente necessário.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Utilize sxstrace.exe para obter um diagnóstico detalhado.
 
Error: (01/07/2017 06:38:57 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha ao gerar o contexto de activação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no ficheiro de manifesto ou de política "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" na linha 1.
A identidade do componente existente no manifesto não corresponde à identidade do componente necessário.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Utilize sxstrace.exe para obter um diagnóstico detalhado.
 
Error: (01/07/2017 05:59:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/07/2017 05:59:26 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Não foi possível abrir o objecto de desempenho do serviço de servidor. Os primeiros quatro bytes (DWORD) na secção de  dados contém o código de estado.
 
Error: (01/07/2017 03:02:46 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Falha ao encerrar o serviço. Erro ocorrido: System.InvalidOperationException: UpdatePendingStatus só pode ser chamado durante o processamento de comandos Início, Parar, Colocar em Pausa e Continuar.
   em System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
   em BlueStacks.hyperDroid.Service.Service.OnStop()
   em BlueStacks.hyperDroid.Service.Service.OnShutdown()
   em System.ServiceProcess.ServiceBase.DeferredShutdown().
 
Error: (01/07/2017 02:53:51 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha ao gerar o contexto de activação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no ficheiro de manifesto ou de política "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" na linha 1.
A identidade do componente existente no manifesto não corresponde à identidade do componente necessário.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Utilize sxstrace.exe para obter um diagnóstico detalhado.
 
Error: (01/07/2017 02:53:51 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha ao gerar o contexto de activação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no ficheiro de manifesto ou de política "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" na linha 1.
A identidade do componente existente no manifesto não corresponde à identidade do componente necessário.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Utilize sxstrace.exe para obter um diagnóstico detalhado.
 
 
System errors:
=============
Error: (01/08/2017 02:34:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Microsoft Office Click-to-Run Service terminou inesperadamente. Já o fez 1 vez(es). Será efectuada a seguinte acção correctiva em 0 milissegundos: Reiniciar o serviço.
 
Error: (01/07/2017 11:21:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Conectividade do Windows para Gramblr. terminou inesperadamente. Já o fez 1 vez(es). Será efectuada a seguinte acção correctiva em 500 milissegundos: Reiniciar o serviço.
 
Error: (01/07/2017 11:21:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Conectividade do Windows para Gramblr. terminou com o seguinte erro: 
Função incorrecta.
 
Error: (01/07/2017 05:59:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falhou o carregamento dos seguintes controladores de início de arranque ou de início do sistema: 
cdrom
 
Error: (01/07/2017 05:59:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço NVIDIA NetworkService Container terminou inesperadamente. Isto aconteceu 1 vez(es).
 
Error: (01/07/2017 05:59:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Origin Web Helper Service falhou o arranque devido ao seguinte erro: 
O serviço não respondeu ao pedido de início ou controlo atempadamente.
 
Error: (01/07/2017 05:59:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar pela ligação do serviço Origin Web Helper Service.
 
Error: (01/07/2017 05:58:08 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: O serviço Adaptador de Serviço de Escuta Net.Tcp depende do seguinte serviço: was. Este serviço poderá não estar instalado.
 
Error: (01/07/2017 05:58:08 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: O serviço Adaptador de Serviço de Escuta Net.Pipe depende do seguinte serviço: was. Este serviço poderá não estar instalado.
 
Error: (01/07/2017 05:58:08 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: O serviço Adaptador de Serviço de Escuta Net.Msmq depende do seguinte serviço: msmq. Este serviço poderá não estar instalado.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-07 18:06:04.318
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-07 17:59:02.566
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-06 21:28:25.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-06 20:56:50.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-06 20:28:56.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-06 20:24:59.142
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-06 13:55:23.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-05 17:04:12.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-04 14:28:36.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-04 14:21:12.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 58%
Total physical RAM: 8147.22 MB
Available physical RAM: 3375.98 MB
Total Virtual: 16292.63 MB
Available Virtual: 9817.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:640.43 GB) (Free:361.56 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Segundo Disco para Backups) (Fixed) (Total:290.1 GB) (Free:254.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CBDCC86C)
Partition 1: (Active) - (Size=640.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
Partition 4: (Not Active) - (Size=290.1 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

Edited by Oh My!, 09 January 2017 - 11:20 AM.


#4 rnunojoao

rnunojoao
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 07 January 2017 - 09:48 PM

Sent one time random skype messages to people.

System freezing.

System taking a lot of time to shutdown/reboot.

Random program crashes and random lot of ram/cpu spikes when I start a program.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:13 AM

Posted 09 January 2017 - 11:15 AM

Greetings rnunojoao and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:13 AM

Posted 09 January 2017 - 12:56 PM

Greetings,

Do you recognize these user names?

C:\Users\Nuno.Nuno-PC.000
C:\Users\TEMP
C:\Users\nun


Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {286bacfd-b704-11e6-9a5a-94dbc94b6e11} - I:\Setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {9da49250-92c4-11e6-bfdc-94dbc94b6e11} - L:\setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {9da4927d-92c4-11e6-bfdc-94dbc94b6e11} - M:\setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {a75724b6-a9c6-11e6-a584-10bf487beda3} - H:\Installer_Windows.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {e0dcb966-a9a6-11e6-a584-10bf487beda3} - F:\Installer_Windows.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin HKU\S-1-5-21-764316183-3508713337-3659362344-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-934c86ec4aa148f0\\NPRobloxProxy.dll [No File]
FF Plugin HKU\S-1-5-21-764316183-3508713337-3659362344-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-934c86ec4aa148f0\\NPRobloxProxy64.dll [No File]
CHR StartupUrls: Default -> "hxxp://www.google.pt/","hxxp://www.yoursearching.com/?type=hp&ts=1450007295&z=46ca6cc8c65b5b7f968099cgaz2w6efe3eamaobtbq&from=face&uid=WDCXWD10EZEX-00RKKA0_WD-WMC1S082375423754"
S2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [X]
U0 aswVmm; no ImagePath
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2017-01-08 01:37 - 2017-01-08 01:37 - 00000000 ____D C:\Users\Nuno\tmp136161
2017-01-08 01:37 - 2017-01-08 01:37 - 00000000 ____D C:\Users\Nuno\tmp126736
2016-12-29 14:53 - 2016-12-29 14:53 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2017-01-07 23:35 - 2016-06-03 16:40 - 00000000 _____ C:\Windows\Path.idx
2016-08-14 00:31 - 2016-08-14 00:36 - 0000181 _____ () C:\Users\Nuno\AppData\Local\Lockdir6
Task: {8BB3D9BA-4C6D-4B31-B253-997B01FD196B} - \Tweaking.com - Windows Repair Tray Icon -> No File <==== ATTENTION
Folder: C:\Users\Nuno\AppData\LocalLow\Pinkapp
CMD: type "C:\ComboFix.txt"
hosts:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Malwarebytes Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Once completed a JRT.txt document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize user names?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 rnunojoao

rnunojoao
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 09 January 2017 - 03:35 PM

Some time ago I had a problem with malwarebytes 3.0 one of them has created automatically the another one I created myself.
 
Adwcleaner
# AdwCleaner v6.042 - Logfile created 09/01/2017 at 18:50:22
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-09.3 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Nuno - NUNO-PC
# Running from : C:\Users\Nuno\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
[-] Service deleted: Update service
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-764316183-3508713337-3659362344-1000\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\adawarebp
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.yoursearching.com/?type=hp&ts=1450007295&z=46ca6cc8c65b5b7f968099cgaz2w6efe3eamaobtbq&from=face&uid=WDCXWD10EZEX-00RKKA0_WD-WMC1S082375423754
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1294 Bytes] - [09/01/2017 18:50:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [1511 Bytes] - [09/01/2017 18:49:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1440 Bytes] ##########
 

 
Fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Nuno (09-01-2017 18:38:06) Run:1
Running from C:\Users\Nuno\Downloads
Loaded Profiles: Nuno (Available Profiles: Nuno)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {286bacfd-b704-11e6-9a5a-94dbc94b6e11} - I:\Setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {9da49250-92c4-11e6-bfdc-94dbc94b6e11} - L:\setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {9da4927d-92c4-11e6-bfdc-94dbc94b6e11} - M:\setup.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {a75724b6-a9c6-11e6-a584-10bf487beda3} - H:\Installer_Windows.exe
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\...\MountPoints2: {e0dcb966-a9a6-11e6-a584-10bf487beda3} - F:\Installer_Windows.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin HKU\S-1-5-21-764316183-3508713337-3659362344-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-934c86ec4aa148f0\\NPRobloxProxy.dll [No File]
FF Plugin HKU\S-1-5-21-764316183-3508713337-3659362344-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-934c86ec4aa148f0\\NPRobloxProxy64.dll [No File]
CHR StartupUrls: Default -> "hxxp://www.google.pt/","hxxp://www.yoursearching.com/?type=hp&ts=1450007295&z=46ca6cc8c65b5b7f968099cgaz2w6efe3eamaobtbq&from=face&uid=WDCXWD10EZEX-00RKKA0_WD-WMC1S082375423754"
S2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [X]
U0 aswVmm; no ImagePath
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2017-01-08 01:37 - 2017-01-08 01:37 - 00000000 ____D C:\Users\Nuno\tmp136161
2017-01-08 01:37 - 2017-01-08 01:37 - 00000000 ____D C:\Users\Nuno\tmp126736
2016-12-29 14:53 - 2016-12-29 14:53 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2017-01-07 23:35 - 2016-06-03 16:40 - 00000000 _____ C:\Windows\Path.idx
2016-08-14 00:31 - 2016-08-14 00:36 - 0000181 _____ () C:\Users\Nuno\AppData\Local\Lockdir6
Task: {8BB3D9BA-4C6D-4B31-B253-997B01FD196B} - \Tweaking.com - Windows Repair Tray Icon -> No File <==== ATTENTION
Folder: C:\Users\Nuno\AppData\LocalLow\Pinkapp
CMD: type "C:\ComboFix.txt"
hosts:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION => restored successfully
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => key removed successfully
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{286bacfd-b704-11e6-9a5a-94dbc94b6e11} => key removed successfully
HKCR\CLSID\{286bacfd-b704-11e6-9a5a-94dbc94b6e11} => key not found. 
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9da49250-92c4-11e6-bfdc-94dbc94b6e11} => key removed successfully
HKCR\CLSID\{9da49250-92c4-11e6-bfdc-94dbc94b6e11} => key not found. 
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9da4927d-92c4-11e6-bfdc-94dbc94b6e11} => key removed successfully
HKCR\CLSID\{9da4927d-92c4-11e6-bfdc-94dbc94b6e11} => key not found. 
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a75724b6-a9c6-11e6-a584-10bf487beda3} => key removed successfully
HKCR\CLSID\{a75724b6-a9c6-11e6-a584-10bf487beda3} => key not found. 
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0dcb966-a9a6-11e6-a584-10bf487beda3} => key removed successfully
HKCR\CLSID\{e0dcb966-a9a6-11e6-a584-10bf487beda3} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\Software\MozillaPlugins\@nsroblox.roblox.com/launcher => key removed successfully
C:\Program Files (x86)\Roblox\Versions\version-934c86ec4aa148f0\\NPRobloxProxy.dll => not found.
HKU\S-1-5-21-764316183-3508713337-3659362344-1000\Software\MozillaPlugins\@nsroblox.roblox.com/launcher64 => key removed successfully
C:\Program Files (x86)\Roblox\Versions\version-934c86ec4aa148f0\\NPRobloxProxy64.dll => not found.
Chrome StartupUrls => removed successfully
HKLM\System\CurrentControlSet\Services\ManyCam Service => key removed successfully
ManyCam Service => service removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz136 => key removed successfully
cpuz136 => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\EagleX64 => key removed successfully
EagleX64 => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMProtection => key removed successfully
MBAMProtection => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
HKLM\System\CurrentControlSet\Services\VMnetAdapter => key removed successfully
VMnetAdapter => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
xhunter1 => service removed successfully
C:\Users\Nuno\tmp136161 => moved successfully
C:\Users\Nuno\tmp126736 => moved successfully
C:\Windows\SysWOW64\%TMP% => moved successfully
Could not move "C:\Windows\Path.idx" => Scheduled to move on reboot.
C:\Users\Nuno\AppData\Local\Lockdir6 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8BB3D9BA-4C6D-4B31-B253-997B01FD196B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BB3D9BA-4C6D-4B31-B253-997B01FD196B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tweaking.com - Windows Repair Tray Icon => key removed successfully
 
========================= Folder: C:\Users\Nuno\AppData\LocalLow\Pinkapp ========================
 
2017-01-05 22:04 - 2017-01-05 22:05 - 0000000 ____D () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX
2017-01-05 22:05 - 2017-01-06 16:15 - 0000143 _____ () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\SD.dat
2017-01-05 22:04 - 2017-01-05 22:04 - 0000000 ____D () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\Unity
2017-01-05 22:04 - 2017-01-05 22:04 - 0000000 ____D () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\Unity\8e870bbe-915e-482a-99e3-ca13a501bf84
2017-01-05 22:04 - 2017-01-05 22:04 - 0000000 ____D () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\Unity\8e870bbe-915e-482a-99e3-ca13a501bf84\Analytics
2017-01-05 22:04 - 2017-01-05 22:04 - 0000002 _____ () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\Unity\8e870bbe-915e-482a-99e3-ca13a501bf84\Analytics\config
2017-01-05 22:04 - 2017-01-06 16:15 - 0000200 _____ () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\Unity\8e870bbe-915e-482a-99e3-ca13a501bf84\Analytics\values
2017-01-05 22:04 - 2017-01-06 16:15 - 0000000 ____D () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\Unity\8e870bbe-915e-482a-99e3-ca13a501bf84\Analytics\ArchivedEvents
2017-01-06 16:15 - 2017-01-06 16:15 - 0000000 ____D () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\Unity\8e870bbe-915e-482a-99e3-ca13a501bf84\Analytics\ArchivedEvents\148371931300005.4ab6cfa5
2017-01-06 16:15 - 2017-01-06 16:15 - 0000078 _____ () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\Unity\8e870bbe-915e-482a-99e3-ca13a501bf84\Analytics\ArchivedEvents\148371931300005.4ab6cfa5\e
2017-01-06 16:15 - 2017-01-06 16:15 - 0000293 _____ () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\Unity\8e870bbe-915e-482a-99e3-ca13a501bf84\Analytics\ArchivedEvents\148371931300005.4ab6cfa5\s
2017-01-06 16:15 - 2017-01-06 16:15 - 0000000 ____D () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\Unity\8e870bbe-915e-482a-99e3-ca13a501bf84\Analytics\ArchivedEvents\148371931700006.4ab6cfa5
2017-01-06 16:15 - 2017-01-06 16:15 - 0000119 _____ () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\Unity\8e870bbe-915e-482a-99e3-ca13a501bf84\Analytics\ArchivedEvents\148371931700006.4ab6cfa5\e
2017-01-06 16:15 - 2017-01-06 16:15 - 0000293 _____ () C:\Users\Nuno\AppData\LocalLow\Pinkapp\BarrierX\Unity\8e870bbe-915e-482a-99e3-ca13a501bf84\Analytics\ArchivedEvents\148371931700006.4ab6cfa5\s
 
====== End of Folder: ======
 
 
========= type "C:\ComboFix.txt" =========
 
O sistema não conseguiu localizar o ficheiro especificado.
 
========= End of CMD: =========
 
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-01-2017 18:41:24)
 
C:\Windows\Path.idx => Is moved successfully
 
Result of scheduled keys to remove after reboot:
 
 
==== End of Fixlog 18:41:24 ====
 
JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Nuno (Administrator) on 09-01-2017 at 18:56:58,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 36 
 
Successfully deleted: C:\ProgramData\1476114849.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Users\Nuno\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\update-S-1-5-21-764316183-3508713337-3659362344-1000 (Task)
Successfully deleted: C:\Windows\system32\Tasks\update-sys (Task)
Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-764316183-3508713337-3659362344-1000.job (Task) 
Successfully deleted: C:\Windows\Tasks\update-sys.job (Task) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23II2BCA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3732GJAI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UNN9IEK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6PY26AB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E638KEXA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9MDK1DY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6IP2XWX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SON4K24B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOVTUTCA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Nuno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZY0FET1C (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23II2BCA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3732GJAI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UNN9IEK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6PY26AB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E638KEXA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9MDK1DY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S6IP2XWX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SON4K24B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOVTUTCA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZY0FET1C (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp (Registry Key) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\BrowserPlugInHelper (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09-01-2017 at 19:00:44,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 
I don't see anymore that random links to random people in my skype, I'll let you know further updates.
 
 
----
I saw that my CPU and RAM is too high comparated as before.
---
I think the main problem of my CPU being high is google chrome? when I start up the cpu instantly goes to 100% and then stabilizes in 50% or 80% depending on what im doing in my pc.
 
--
Got a warning from google chrome saying  a program modified my browser and maybe thats why it was running slowly. I reseted google chrome with the default settings and seems to be running normal now. 40% cpu with the same applications running.

Edited by Oh My!, 09 January 2017 - 10:26 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:13 AM

Posted 09 January 2017 - 10:32 PM

Thanks for the update. While we monitor your computer please do this.

===================================================

Deleting a User Account

-------------------
  • Click Start (Windows 8/10 hit the Windows key + X), Control Panel, then User Accounts
  • Click Manage another account
  • Left click on the User Account you did not create
  • Select Delete the account
  • Select Delete Files
  • Click Delete Account, then click Yes
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Delete User Account?
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 rnunojoao

rnunojoao
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 11 January 2017 - 02:09 PM

I can't find these users on the control panel.

 

ESET

 

C:\Users\Nuno\AppData\LocalLow\Oracle\Java\jre1.8.0_111\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\LocalLow\Oracle\Java\jre1.8.0_111\java_sp\JavaIC.dll a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Addons\EvadeIC_FB0B8B1.exe a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Addons\MasterMind_2430F4C1.exe a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Addons\Perfect_Udyr_3305E2FA.exe a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Addons\TBlitzReworked_D8511E05.exe a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Addons\Libraries\EloBuddy.Sandbox.dll a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Addons\Libraries\EloBuddy.SDK.dll a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Repositories\5787D165\bin\Debug\EloBuddy.SDK.dll a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Repositories\5787D165\bin\Debug\Perfect_Udyr.exe a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Repositories\5787D165\bin\Release\EloBuddy.Sandbox.dll a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Repositories\5787D165\bin\Release\EloBuddy.SDK.dll a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Repositories\5787D165\bin\Release\Perfect_Udyr.exe a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Repositories\5787D165\obj\Debug\Perfect_Udyr.exe a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Repositories\5787D165\obj\Release\Perfect_Udyr.exe a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Repositories\58A90406\TBlitzReworked\TBlitzReworked\bin\Release\EloBuddy.Sandbox.dll a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Repositories\58A90406\TBlitzReworked\TBlitzReworked\bin\Release\EloBuddy.SDK.dll a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Repositories\58A90406\TBlitzReworked\TBlitzReworked\bin\Release\TBlitzReworked.exe a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\AppData\Roaming\EloBuddy\Repositories\58A90406\TBlitzReworked\TBlitzReworked\obj\Release\TBlitzReworked.exe a variant of MSIL/GameHack.QL potentially unsafe application cleaned by deleting
C:\Users\Nuno\Downloads\ManyCam.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
D:\GTA SA\SAMPFUNCS.asi a variant of Win32/GameHack.SJ potentially unsafe application cleaned by deleting
D:\Hacks\Crack Adobe.exe a variant of Win32/HackTool.Patcher.CH potentially unsafe application cleaned by deleting
 
 
 
Screen check
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 111  
 Microsoft VisualStudio JavaScript Project System 
 Microsoft VisualStudio JavaScript Language Service 
 Java version 32-bit out of Date!
 Mozilla Firefox (50.1.0) 
 Google Chrome (55.0.2883.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: = 
 
````````````````````End of Log``````````````````````
 
 

Edited by Oh My!, 11 January 2017 - 03:10 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:13 AM

Posted 11 January 2017 - 03:12 PM

OK, don't worry about it. And no need to worry about anything else in the reports.

Are there any remaining issues before I post some closing information?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 rnunojoao

rnunojoao
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 11 January 2017 - 03:16 PM

You can close, thanks for the assistance !!



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:13 AM

Posted 11 January 2017 - 03:31 PM

:thumbsup2:

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 rnunojoao

rnunojoao
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 11 January 2017 - 03:39 PM

Done :D Thanks for the help



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:13 AM

Posted 11 January 2017 - 03:48 PM

You are quite welcome. I will close the topic but you can send me a Personal Message if necessary.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:13 AM

Posted 11 January 2017 - 03:48 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users