Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow pc - random crashes


  • This topic is locked This topic is locked
9 replies to this topic

#1 Sellat

Sellat

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 19 March 2017 - 02:04 PM

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 15-03-2017
Executado por Avell (administrador) em AVELL-PC (19-03-2017 15:57:56)
Executando a partir de C:\Users\Avell\Desktop
Perfis Carregados: Avell (Perfis Disponíveis: Avell)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(TODO: <Company name>) C:\Program Files (x86)\BTOPtm\BTOptm.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(VideoPlugin Services) C:\Program Files\VideoPlugin\BrowserService\VideoPlugin.BrowserService.exe
(VideoPlugin Services) C:\Program Files\VideoPlugin\UpdateService\VideoPlugin.UpdateService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterService.exe
(VideoPlugin Services) C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
(Bluestack System Inc. ) C:\Program Files (x86)\BlueStacks\BstkSVC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2012-01-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-15] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [418672 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [BTOptm] => C:\Program Files (x86)\BTOPtm\BTOptm.exe [1907056 2012-03-09] (TODO: <Company name>)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-08-09] (InstallShield Software Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-10-09] (SteelSeries ApS)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6362CEAB-E522-4659-81BF-FBDB80662937}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
SearchScopes: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-11-12] (Microsoft Corporation)
BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2011-10-26] (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => Nenhum Arquivo
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-27] (Oracle Corporation)
BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-27] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Avell\AppData\Roaming\Mozilla\Firefox\Profiles\r913z6hu.default-1485557848714 [2017-03-19]
FF Homepage: Mozilla\Firefox\Profiles\r913z6hu.default-1485557848714 -> hxxps://www.google.com.br
FF Extension: (Adblock Plus) - C:\Users\Avell\AppData\Roaming\Mozilla\Firefox\Profiles\r913z6hu.default-1485557848714\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: ( Online Accounts Extension ) - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2012-08-01] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt20
FF Extension: ( Online Accounts Extension ) - C:\Program Files (x86)\EgisTec BioExcess\FFExt20 [2012-08-01] [não assinado]
FF HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: (GBBD Caixa Economica Federal) - C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-07-14] [não assinado]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-27] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Nenhum Arquivo]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-10] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Avell\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2315785857-4177499487-4149518941-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Avell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2315785857-4177499487-4149518941-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2015-07-14] (GAS Tecnologia)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default [2017-03-19]
CHR Extension: (Google Apresentações) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-16]
CHR Extension: (Google Docs) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
CHR Extension: (Google Drive) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (AdBlock Plus) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhbihjkbifdakjlfjkpfeadmgefejcdk [2014-10-20]
CHR Extension: (YouTube) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Planilhas do Google) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-16]
CHR Extension: (Documentos Google off-line) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Online Accounts Extension ) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladimmjldcgbeamniagencjbodhnmgen [2014-10-19]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Gmail) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ladimmjldcgbeamniagencjbodhnmgen] - C:\Program Files (x86)\EgisTec BioExcess\ChromeEx\EgisPBChromeExt.crx [2011-10-26]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [428056 2017-02-14] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [406040 2017-02-14] (BlueStack Systems, Inc.)
R3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [452632 2017-02-14] (BlueStack Systems, Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-11-03] (Hi-Rez Studios) [Arquivo não assinado]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Arquivo não assinado]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5070784 2013-08-01] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-10] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-16] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 VideoPlugin.BrowserService; C:\Program Files\VideoPlugin\BrowserService\VideoPlugin.BrowserService.exe [138752 2016-03-14] (VideoPlugin Services) [Arquivo não assinado]
R2 VideoPlugin.FilterService; C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterService.exe [104968 2016-03-14] ()
R2 VideoPlugin.UpdateService; C:\Program Files\VideoPlugin\UpdateService\VideoPlugin.UpdateService.exe [52736 2016-03-14] (VideoPlugin Services) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-02-14] (BlueStack Systems)
R3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-02-14] (Bluestack System Inc. )
S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [Arquivo não assinado]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-25] (Disc Soft Ltd)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-12-23] (SteelSeries Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2014-06-07] (Sony Ericsson Mobile Communications)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-20] ()
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R2 VideoPlugin.FilterDriver; C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterDriver.sys [13392 2016-03-14] ()
S3 BTMCOM; System32\Drivers\btmcom.sys [X]
S3 BTMUSB; System32\Drivers\btmusb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-03-19 15:57 - 2017-03-19 15:59 - 00023458 _____ C:\Users\Avell\Desktop\FRST.txt
2017-03-19 15:57 - 2017-03-19 15:57 - 02424832 _____ (Farbar) C:\Users\Avell\Desktop\FRST64.exe
2017-03-19 15:54 - 2017-03-19 15:57 - 00000000 ____D C:\Users\Avell\Desktop\vairos
2017-03-15 17:08 - 2017-03-15 17:08 - 00001514 _____ C:\Users\Avell\Desktop\Hearthstone.lnk
2017-03-15 16:54 - 2017-03-15 16:54 - 00000000 ____D C:\Users\Avell\AppData\LocalLow\Blizzard Entertainment
2017-03-15 16:54 - 2017-03-15 16:54 - 00000000 ____D C:\Users\Avell\AppData\Local\Blizzard
2017-03-15 16:38 - 2017-03-15 16:38 - 00000000 ____D C:\Users\Avell\AppData\Roaming\NVIDIA
2017-03-15 16:36 - 2017-03-19 09:03 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-15 16:32 - 2017-03-15 16:32 - 00181834 _____ C:\Windows\ntbtlog.txt
2017-03-15 16:06 - 2017-03-18 14:40 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-03-15 16:06 - 2017-03-15 16:06 - 00000000 ____D C:\Users\Todos os Usuários\Blizzard Entertainment
2017-03-15 16:06 - 2017-03-15 16:06 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-03-15 16:01 - 2017-03-19 09:26 - 00000000 ____D C:\Users\Avell\AppData\Local\Battle.net
2017-03-15 16:01 - 2017-03-15 16:01 - 00000000 ____D C:\Users\Avell\AppData\Local\Blizzard Entertainment
2017-03-15 16:01 - 2017-03-15 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-03-15 15:34 - 2017-03-15 22:05 - 00000000 ____D C:\Users\Avell\AppData\Roaming\Battle.net
2017-03-15 15:04 - 2017-03-15 16:10 - 00000000 ____D C:\Users\Avell\Documents\Fiddler2
2017-03-15 15:03 - 2017-03-15 16:10 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2017-03-15 14:57 - 2017-03-15 15:35 - 00000000 ____D C:\Users\Todos os Usuários\Battle.net
2017-03-15 14:57 - 2017-03-15 15:35 - 00000000 ____D C:\ProgramData\Battle.net
2017-03-15 14:52 - 2017-03-15 14:52 - 00002336 _____ C:\BNetHotFixUpdate5.bat
2017-03-15 14:35 - 2017-03-15 14:35 - 03126768 _____ (Blizzard Entertainment) C:\Battle.net-Setup.exe
2017-03-14 14:56 - 2017-03-14 14:56 - 03319280 _____ (Blizzard Entertainment) C:\Hearthstone-Setup.exe
2017-03-02 20:23 - 2017-03-02 20:23 - 00000000 ____D C:\Users\Avell\Desktop\Academy Music
2017-02-27 14:59 - 2017-02-27 14:59 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-27 14:59 - 2017-02-27 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-27 14:59 - 2017-02-27 14:59 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-27 14:49 - 2017-02-27 14:49 - 00000000 ____D C:\Users\Avell\AppData\Roaming\Sun
2017-02-27 14:47 - 2017-02-27 15:00 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2017-02-27 14:47 - 2017-02-27 15:00 - 00000000 ____D C:\ProgramData\Oracle
2017-02-25 01:12 - 2017-03-04 02:48 - 00000000 ____D C:\Users\Avell\Desktop\Arrow.S05E14.HDTV.x264-LOL[ettv]
2017-02-25 01:12 - 2017-02-25 01:12 - 00000000 ____D C:\Users\Avell\Desktop\The.Flash.2014.S03E13.HDTV.x264-LOL[ettv]
2017-02-23 13:41 - 2017-02-23 13:41 - 00000000 ____D C:\Users\Avell\Documents\League of Legends
2017-02-18 14:34 - 2017-02-18 14:34 - 01886010 _____ C:\Users\Avell\Desktop\video-1481412335.mp4

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-03-19 15:57 - 2015-01-08 12:04 - 00000000 ____D C:\FRST
2017-03-19 15:52 - 2009-07-14 01:45 - 00030864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-19 15:52 - 2009-07-14 01:45 - 00030864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-19 15:50 - 2013-03-05 21:32 - 24112225 _____ C:\IFRToolLog.txt
2017-03-19 15:46 - 2016-11-18 19:30 - 00000000 ____D C:\Users\Avell\AppData\LocalLow\Mozilla
2017-03-19 15:45 - 2013-03-15 21:19 - 00000430 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-03-19 15:44 - 2012-08-01 16:38 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2017-03-19 15:44 - 2012-08-01 16:38 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-19 15:43 - 2012-08-02 03:19 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-03-19 15:43 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-19 15:42 - 2012-01-09 18:01 - 00000024 _____ C:\Users\Todos os Usuários\BTOptm.ini
2017-03-19 15:42 - 2012-01-09 18:01 - 00000024 _____ C:\ProgramData\BTOptm.ini
2017-03-19 15:25 - 2012-08-02 03:19 - 00000832 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-03-19 14:36 - 2013-05-30 14:11 - 28235776 ___SH C:\Users\Avell\Desktop\Thumbs.db
2017-03-19 14:14 - 2016-04-02 13:44 - 00000000 ____D C:\Users\Avell\Desktop\Fotos
2017-03-19 13:53 - 2016-11-08 16:45 - 00000388 _____ C:\Windows\Tasks\update-sys.job
2017-03-19 13:50 - 2013-03-15 13:45 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000UA.job
2017-03-19 13:50 - 2013-03-15 13:45 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000Core.job
2017-03-19 12:19 - 2016-11-08 16:45 - 00000388 _____ C:\Windows\Tasks\update-S-1-5-21-2315785857-4177499487-4149518941-1000.job
2017-03-19 02:13 - 2016-02-27 17:29 - 00000000 ____D C:\Users\Avell\Desktop\Songs
2017-03-18 22:54 - 2012-08-02 03:09 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{735F6201-B70F-4D5B-AA89-EDA8CDA60315}
2017-03-18 22:23 - 2013-03-02 19:00 - 00000000 ____D C:\Users\Avell\AppData\Roaming\TS3Client
2017-03-18 20:16 - 2013-03-02 19:58 - 00000000 ____D C:\Users\Avell\AppData\Roaming\uTorrent
2017-03-18 17:45 - 2015-08-18 14:49 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksSetup
2017-03-18 17:45 - 2015-08-18 14:49 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-03-18 12:27 - 2016-06-17 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-18 02:40 - 2016-03-20 14:04 - 00000000 ____D C:\Users\Avell\AppData\Local\CrashDumps
2017-03-18 00:45 - 2016-11-18 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-15 15:40 - 2013-03-09 15:11 - 00000000 ____D C:\PS2
2017-03-15 15:13 - 2011-04-12 10:40 - 00706008 _____ C:\Windows\system32\prfh0416.dat
2017-03-15 15:13 - 2011-04-12 10:40 - 00147848 _____ C:\Windows\system32\prfc0416.dat
2017-03-15 15:13 - 2009-07-14 02:13 - 01635826 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-15 15:13 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-03-07 14:42 - 2017-02-15 15:05 - 00000552 _____ C:\Users\Avell\AppData\Local\TroubleshooterConfig.json
2017-03-04 15:14 - 2017-02-15 15:08 - 00000000 ____D C:\Users\Avell\AppData\Local\Troubleshooter
2017-03-02 20:43 - 2013-11-19 14:48 - 00000000 ___RD C:\Users\Avell\Desktop\Musicas
2017-03-02 20:23 - 2015-06-13 00:36 - 79474589 _____ C:\Program Files\Coisas.rar
2017-02-27 14:48 - 2014-07-18 14:03 - 00268864 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2017-02-27 14:37 - 2014-08-17 02:01 - 00000000 ____D C:\Users\Avell\AppData\Local\Adobe
2017-02-27 14:37 - 2012-08-01 16:40 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-27 14:37 - 2012-08-01 16:40 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-27 14:37 - 2012-08-01 16:40 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-27 14:36 - 2012-08-01 16:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-26 14:46 - 2013-10-09 19:55 - 00000000 ____D C:\Users\Avell\AppData\Roaming\vlc
2017-02-24 09:10 - 2015-07-01 17:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 00:51 - 2016-08-22 00:33 - 00000000 ____D C:\Users\Avell\AppData\Roaming\Telegram Desktop

==================== Arquivos na raiz de alguns diretórios =======

2015-06-13 00:36 - 2017-03-02 20:23 - 79474589 _____ () C:\Program Files\Coisas.rar
2016-04-02 13:41 - 2016-08-28 01:02 - 49870818 _____ () C:\Program Files\TESTES.rar
2013-03-15 23:09 - 2013-03-29 00:04 - 0045270 _____ () C:\Users\Avell\AppData\Roaming\room_v3.dat
2015-10-11 10:29 - 2015-10-11 10:29 - 0007602 _____ () C:\Users\Avell\AppData\Local\Resmon.ResmonCfg
2017-02-15 15:05 - 2017-03-07 14:42 - 0000552 _____ () C:\Users\Avell\AppData\Local\TroubleshooterConfig.json
2016-11-08 16:45 - 2016-11-08 16:45 - 0000003 _____ () C:\Users\Avell\AppData\Local\updater.log
2016-11-08 16:45 - 2016-11-08 16:45 - 0000424 _____ () C:\Users\Avell\AppData\Local\UserProducts.xml
2012-01-09 18:01 - 2017-03-19 15:42 - 0000024 _____ () C:\ProgramData\BTOptm.ini

Alguns arquivos em TEMP:
====================
2016-09-10 23:50 - 2016-08-11 11:50 - 0962072 _____ (BlueStack Systems, Inc.) C:\Users\Avell\AppData\Local\Temp\BluestacksUninstaller.exe
2016-09-10 23:50 - 2016-08-11 11:49 - 0187416 _____ (BlueStack Systems) C:\Users\Avell\AppData\Local\Temp\HD-LibraryHandler.dll
2016-09-10 23:50 - 2016-08-11 11:47 - 0246808 _____ (BlueStack Systems) C:\Users\Avell\AppData\Local\Temp\HD-Logger-Native.dll
2017-03-13 20:45 - 2017-03-13 20:45 - 0061440 _____ () C:\Users\Avell\AppData\Local\Temp\ynb-vumx.dll

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2017-03-14 03:39

==================== Fim de FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 32,777 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 AM

Posted 20 March 2017 - 07:33 PM

Greetings Sellat and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like to get the FRST reports in English so that it is easier for me to review. Please right click on the FRST icon, select Rename, and rename it to FRSTenglish or FRST64english depending on which version you are using. Be sure Addition.txt is checked before you click scan and then copy and paste both documents in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#3 Sellat

Sellat
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 21 March 2017 - 12:38 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Avell (administrator) on AVELL-PC (21-03-2017 14:31:37)
Running from C:\Users\Avell\Desktop
Loaded Profiles: Avell (Available Profiles: Avell)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(TODO: <Company name>) C:\Program Files (x86)\BTOPtm\BTOptm.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(VideoPlugin Services) C:\Program Files\VideoPlugin\BrowserService\VideoPlugin.BrowserService.exe
(VideoPlugin Services) C:\Program Files\VideoPlugin\UpdateService\VideoPlugin.UpdateService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\Bluestacks.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
(Bluestack System Inc. ) C:\Program Files (x86)\BlueStacks\BstkSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterService.exe
(VideoPlugin Services) C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\Avell\Desktop\FRST64english.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2012-01-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-15] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [418672 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [BTOptm] => C:\Program Files (x86)\BTOPtm\BTOptm.exe [1907056 2012-03-09] (TODO: <Company name>)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-08-09] (InstallShield Software Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-10-09] (SteelSeries ApS)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6362CEAB-E522-4659-81BF-FBDB80662937}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
SearchScopes: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-11-12] (Microsoft Corporation)
BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2011-10-26] (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-27] (Oracle Corporation)
BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-27] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Avell\AppData\Roaming\Mozilla\Firefox\Profiles\r913z6hu.default-1485557848714 [2017-03-21]
FF Homepage: Mozilla\Firefox\Profiles\r913z6hu.default-1485557848714 -> hxxps://www.google.com.br
FF Extension: (Adblock Plus) - C:\Users\Avell\AppData\Roaming\Mozilla\Firefox\Profiles\r913z6hu.default-1485557848714\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: ( Online Accounts Extension ) - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2012-08-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt20
FF Extension: ( Online Accounts Extension ) - C:\Program Files (x86)\EgisTec BioExcess\FFExt20 [2012-08-01] [not signed]
FF HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: (GBBD Caixa Economica Federal) - C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-07-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-27] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-10] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Avell\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2315785857-4177499487-4149518941-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Avell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2315785857-4177499487-4149518941-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2015-07-14] (GAS Tecnologia)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default [2017-03-21]
CHR Extension: (Google Apresentações) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-16]
CHR Extension: (Google Docs) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
CHR Extension: (Google Drive) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (AdBlock Plus) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhbihjkbifdakjlfjkpfeadmgefejcdk [2014-10-20]
CHR Extension: (YouTube) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Planilhas do Google) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-16]
CHR Extension: (Documentos Google off-line) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Online Accounts Extension ) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladimmjldcgbeamniagencjbodhnmgen [2014-10-19]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Gmail) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\Avell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ladimmjldcgbeamniagencjbodhnmgen] - C:\Program Files (x86)\EgisTec BioExcess\ChromeEx\EgisPBChromeExt.crx [2011-10-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [428056 2017-02-14] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [406040 2017-02-14] (BlueStack Systems, Inc.)
R3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [452632 2017-02-14] (BlueStack Systems, Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-11-03] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5070784 2013-08-01] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-10] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-16] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 VideoPlugin.BrowserService; C:\Program Files\VideoPlugin\BrowserService\VideoPlugin.BrowserService.exe [138752 2016-03-14] (VideoPlugin Services) [File not signed]
R2 VideoPlugin.FilterService; C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterService.exe [104968 2016-03-14] ()
R2 VideoPlugin.UpdateService; C:\Program Files\VideoPlugin\UpdateService\VideoPlugin.UpdateService.exe [52736 2016-03-14] (VideoPlugin Services) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-02-14] (BlueStack Systems)
R3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-02-14] (Bluestack System Inc. )
S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-25] (Disc Soft Ltd)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-12-23] (SteelSeries Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2014-06-07] (Sony Ericsson Mobile Communications)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-20] ()
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R2 VideoPlugin.FilterDriver; C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterDriver.sys [13392 2016-03-14] ()
S3 BTMCOM; System32\Drivers\btmcom.sys [X]
S3 BTMUSB; System32\Drivers\btmusb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-21 14:31 - 2017-03-19 15:57 - 02424832 _____ (Farbar) C:\Users\Avell\Desktop\FRST64english.exe
2017-03-21 00:27 - 2017-03-21 00:27 - 00014751 _____ C:\Users\Avell\Desktop\comprovante_processo.pdf
2017-03-19 16:38 - 2017-03-19 16:38 - 00000000 ____D C:\Users\Avell\Desktop\Arrow.S05E16.HDTV.x264-LOL[ettv]
2017-03-19 16:38 - 2017-03-19 16:38 - 00000000 ____D C:\Users\Avell\Desktop\Arrow.S05E15.HDTV.x264-LOL[ettv]
2017-03-19 15:59 - 2017-03-19 16:03 - 00049859 _____ C:\Users\Avell\Desktop\Addition.txt
2017-03-19 15:57 - 2017-03-21 14:33 - 00023403 _____ C:\Users\Avell\Desktop\FRST.txt
2017-03-19 15:54 - 2017-03-21 14:31 - 00000000 ____D C:\Users\Avell\Desktop\vairos
2017-03-15 17:08 - 2017-03-15 17:08 - 00001514 _____ C:\Users\Avell\Desktop\Hearthstone.lnk
2017-03-15 16:54 - 2017-03-15 16:54 - 00000000 ____D C:\Users\Avell\AppData\LocalLow\Blizzard Entertainment
2017-03-15 16:54 - 2017-03-15 16:54 - 00000000 ____D C:\Users\Avell\AppData\Local\Blizzard
2017-03-15 16:38 - 2017-03-15 16:38 - 00000000 ____D C:\Users\Avell\AppData\Roaming\NVIDIA
2017-03-15 16:36 - 2017-03-20 17:56 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-15 16:32 - 2017-03-15 16:32 - 00181834 _____ C:\Windows\ntbtlog.txt
2017-03-15 16:06 - 2017-03-18 14:40 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-03-15 16:06 - 2017-03-15 16:06 - 00000000 ____D C:\Users\Todos os Usuários\Blizzard Entertainment
2017-03-15 16:06 - 2017-03-15 16:06 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-03-15 16:01 - 2017-03-20 18:42 - 00000000 ____D C:\Users\Avell\AppData\Local\Battle.net
2017-03-15 16:01 - 2017-03-15 16:01 - 00000000 ____D C:\Users\Avell\AppData\Local\Blizzard Entertainment
2017-03-15 16:01 - 2017-03-15 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-03-15 15:34 - 2017-03-15 22:05 - 00000000 ____D C:\Users\Avell\AppData\Roaming\Battle.net
2017-03-15 15:04 - 2017-03-15 16:10 - 00000000 ____D C:\Users\Avell\Documents\Fiddler2
2017-03-15 15:03 - 2017-03-15 16:10 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2017-03-15 14:57 - 2017-03-15 15:35 - 00000000 ____D C:\Users\Todos os Usuários\Battle.net
2017-03-15 14:57 - 2017-03-15 15:35 - 00000000 ____D C:\ProgramData\Battle.net
2017-03-15 14:52 - 2017-03-15 14:52 - 00002336 _____ C:\BNetHotFixUpdate5.bat
2017-03-15 14:35 - 2017-03-15 14:35 - 03126768 _____ (Blizzard Entertainment) C:\Battle.net-Setup.exe
2017-03-14 14:56 - 2017-03-14 14:56 - 03319280 _____ (Blizzard Entertainment) C:\Hearthstone-Setup.exe
2017-03-02 20:23 - 2017-03-02 20:23 - 00000000 ____D C:\Users\Avell\Desktop\Academy Music
2017-02-27 14:59 - 2017-02-27 14:59 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-27 14:59 - 2017-02-27 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-27 14:59 - 2017-02-27 14:59 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-27 14:49 - 2017-02-27 14:49 - 00000000 ____D C:\Users\Avell\AppData\Roaming\Sun
2017-02-27 14:47 - 2017-02-27 15:00 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2017-02-27 14:47 - 2017-02-27 15:00 - 00000000 ____D C:\ProgramData\Oracle
2017-02-25 01:12 - 2017-03-04 02:48 - 00000000 ____D C:\Users\Avell\Desktop\Arrow.S05E14.HDTV.x264-LOL[ettv]
2017-02-25 01:12 - 2017-02-25 01:12 - 00000000 ____D C:\Users\Avell\Desktop\The.Flash.2014.S03E13.HDTV.x264-LOL[ettv]
2017-02-23 13:41 - 2017-02-23 13:41 - 00000000 ____D C:\Users\Avell\Documents\League of Legends

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-21 14:31 - 2015-01-08 12:04 - 00000000 ____D C:\FRST
2017-03-21 13:53 - 2016-11-08 16:45 - 00000388 _____ C:\Windows\Tasks\update-sys.job
2017-03-21 13:50 - 2013-03-15 13:45 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000UA.job
2017-03-21 13:50 - 2013-03-15 13:45 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000Core.job
2017-03-21 12:51 - 2013-05-30 14:11 - 28380160 ___SH C:\Users\Avell\Desktop\Thumbs.db
2017-03-21 12:48 - 2009-07-14 01:45 - 00030864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-21 12:48 - 2009-07-14 01:45 - 00030864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-21 12:44 - 2013-03-05 21:32 - 24218425 _____ C:\IFRToolLog.txt
2017-03-21 12:41 - 2016-11-18 19:30 - 00000000 ____D C:\Users\Avell\AppData\LocalLow\Mozilla
2017-03-21 12:39 - 2013-03-15 21:19 - 00000430 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-03-21 12:39 - 2012-08-01 16:38 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2017-03-21 12:39 - 2012-08-01 16:38 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-21 12:38 - 2012-08-02 03:19 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-03-21 12:38 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-21 12:36 - 2012-01-09 18:01 - 00000024 _____ C:\Users\Todos os Usuários\BTOptm.ini
2017-03-21 12:36 - 2012-01-09 18:01 - 00000024 _____ C:\ProgramData\BTOptm.ini
2017-03-21 12:19 - 2016-11-08 16:45 - 00000388 _____ C:\Windows\Tasks\update-S-1-5-21-2315785857-4177499487-4149518941-1000.job
2017-03-21 02:46 - 2013-11-19 14:48 - 00000000 ___RD C:\Users\Avell\Desktop\Musicas
2017-03-21 00:18 - 2012-08-02 03:09 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{735F6201-B70F-4D5B-AA89-EDA8CDA60315}
2017-03-20 20:03 - 2015-08-18 14:49 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksSetup
2017-03-20 20:03 - 2015-08-18 14:49 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-03-20 17:25 - 2013-03-09 15:11 - 00000000 ____D C:\PS2
2017-03-20 15:25 - 2012-08-02 03:19 - 00000832 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-03-20 08:46 - 2012-08-01 16:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-19 23:58 - 2016-08-22 00:33 - 00000000 ____D C:\Users\Avell\AppData\Roaming\Telegram Desktop
2017-03-19 16:46 - 2013-03-02 19:58 - 00000000 ____D C:\Users\Avell\AppData\Roaming\uTorrent
2017-03-19 14:14 - 2016-04-02 13:44 - 00000000 ____D C:\Users\Avell\Desktop\Fotos
2017-03-19 02:13 - 2016-02-27 17:29 - 00000000 ____D C:\Users\Avell\Desktop\Songs
2017-03-18 22:23 - 2013-03-02 19:00 - 00000000 ____D C:\Users\Avell\AppData\Roaming\TS3Client
2017-03-18 12:27 - 2016-06-17 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-18 02:40 - 2016-03-20 14:04 - 00000000 ____D C:\Users\Avell\AppData\Local\CrashDumps
2017-03-18 00:45 - 2016-11-18 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-15 15:13 - 2011-04-12 10:40 - 00706008 _____ C:\Windows\system32\prfh0416.dat
2017-03-15 15:13 - 2011-04-12 10:40 - 00147848 _____ C:\Windows\system32\prfc0416.dat
2017-03-15 15:13 - 2009-07-14 02:13 - 01635826 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-15 15:13 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-03-07 14:42 - 2017-02-15 15:05 - 00000552 _____ C:\Users\Avell\AppData\Local\TroubleshooterConfig.json
2017-03-04 15:14 - 2017-02-15 15:08 - 00000000 ____D C:\Users\Avell\AppData\Local\Troubleshooter
2017-03-02 20:23 - 2015-06-13 00:36 - 79474589 _____ C:\Program Files\Coisas.rar
2017-02-27 14:48 - 2014-07-18 14:03 - 00268864 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2017-02-27 14:37 - 2014-08-17 02:01 - 00000000 ____D C:\Users\Avell\AppData\Local\Adobe
2017-02-27 14:37 - 2012-08-01 16:40 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-27 14:37 - 2012-08-01 16:40 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-27 14:37 - 2012-08-01 16:40 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-26 14:46 - 2013-10-09 19:55 - 00000000 ____D C:\Users\Avell\AppData\Roaming\vlc
2017-02-24 09:10 - 2015-07-01 17:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-06-13 00:36 - 2017-03-02 20:23 - 79474589 _____ () C:\Program Files\Coisas.rar
2016-04-02 13:41 - 2016-08-28 01:02 - 49870818 _____ () C:\Program Files\TESTES.rar
2013-03-15 23:09 - 2013-03-29 00:04 - 0045270 _____ () C:\Users\Avell\AppData\Roaming\room_v3.dat
2015-10-11 10:29 - 2015-10-11 10:29 - 0007602 _____ () C:\Users\Avell\AppData\Local\Resmon.ResmonCfg
2017-02-15 15:05 - 2017-03-07 14:42 - 0000552 _____ () C:\Users\Avell\AppData\Local\TroubleshooterConfig.json
2016-11-08 16:45 - 2016-11-08 16:45 - 0000003 _____ () C:\Users\Avell\AppData\Local\updater.log
2016-11-08 16:45 - 2016-11-08 16:45 - 0000424 _____ () C:\Users\Avell\AppData\Local\UserProducts.xml
2012-01-09 18:01 - 2017-03-21 12:36 - 0000024 _____ () C:\ProgramData\BTOptm.ini

Some files in TEMP:
====================
2016-09-10 23:50 - 2016-08-11 11:50 - 0962072 _____ (BlueStack Systems, Inc.) C:\Users\Avell\AppData\Local\Temp\BluestacksUninstaller.exe
2016-09-10 23:50 - 2016-08-11 11:49 - 0187416 _____ (BlueStack Systems) C:\Users\Avell\AppData\Local\Temp\HD-LibraryHandler.dll
2016-09-10 23:50 - 2016-08-11 11:47 - 0246808 _____ (BlueStack Systems) C:\Users\Avell\AppData\Local\Temp\HD-Logger-Native.dll
2017-03-13 20:45 - 2017-03-13 20:45 - 0061440 _____ () C:\Users\Avell\AppData\Local\Temp\ynb-vumx.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-14 03:39

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Avell (21-03-2017 14:34:01)
Running from C:\Users\Avell\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-08-02 06:07:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2315785857-4177499487-4149518941-500 - Administrator - Disabled)
Avell (S-1-5-21-2315785857-4177499487-4149518941-1000 - Administrator - Enabled) => C:\Users\Avell
Convidado (S-1-5-21-2315785857-4177499487-4149518941-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2315785857-4177499487-4149518941-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.21.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.21.0 - Alcor Micro Corp.) Hidden
Ansel (Version: 375.86 - NVIDIA Corporation) Hidden
Atualizações da NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden
AuthenTec WinBio FingerPrint Software (HKLM\...\{4BDCF60D-EAAB-4595-B571-283F529F6AFA}) (Version: 3.2.2.1072 - AuthenTec, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioExcess (HKLM-x32\...\InstallShield_{596DEDA5-FE48-4078-96E0-E449DF5D08B2}) (Version: 7.1.5.13 - Egis Technology Inc.)
BioExcess (Version: 7.1.5.13 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.1.5.13 - Egis Technology Inc.) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.97.6358 - BlueStack Systems, Inc.)
BTOptm (HKLM-x32\...\InstallShield_{4FFCF08D-DA25-4291-9080-AB00D58C756D}) (Version: 0.0.0.4 - ##COMPANY_NAME##)
BTOptm (x32 Version: 0.0.0.4 - ##COMPANY_NAME##) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Civilization II Multiplayer Gold Edition (HKLM-x32\...\Civilization II Multiplayer Gold Edition) (Version:  - )
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
EMSC (x32 Version: 0.0.0.23C - Compal Electronics, Inc.) Hidden
ETDWare PS/2-X64 10.10.2.5_WHQL (HKLM\...\Elantech) (Version: 10.10.2.5 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.20.1.2 - Futuremark Corporation)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
ManyCam 5.6.1 (HKLM-x32\...\ManyCam) (Version: 5.6.1 - Visicom Media Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Language Pack 2013  - Portuguese/Português (Brasil) (HKLM\...\Office15.OMUI.pt-br) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 pt-BR)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{293C9DF5-7669-4826-BBB2-E1F182D71046}) (Version: 7.02.8631 - Nero AG)
NVIDIA Driver de áudio HD 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Driver de gráficos 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.86 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft .NET Framework 4.5 - Português (Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50709 - Microsoft Corporation)
Painel de controle da NVIDIA 375.86 (Version: 375.86 - NVIDIA Corporation) Hidden
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PDF Rider 0.6.1 (HKLM-x32\...\{6DF94034-2D3C-4D67-ABE7-1C728399B963}_is1) (Version:  - Francesco Tonucci)
Power USB (HKLM-x32\...\InstallShield_{CE1BE487-1BDC-4AC1-B6EF-85BF0E0DC9FF}) (Version: 0.0.0.1 - )
Power USB (x32 Version: 0.0.0.1 - ) Hidden
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PSP ISO Compressor (HKLM-x32\...\{D47087E7-AA15-4D1D-8C0A-60F7E446D597}) (Version: 1.4.0 - danny_kay1710)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28188 - Nome de sua empresa:)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.39025 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Scribblenauts Unlimited (HKLM-x32\...\Scribblenauts Unlimited_is1) (Version:  - )
Scribblenauts Unmasked A DC Comics Adventure (HKLM-x32\...\Scribblenauts Unmasked A DC Comics Adventure_is1) (Version:  - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0416-1000-0000000FF1CE}_Office15.OMUI.pt-br_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
SRS Premium Sound Control Panel (HKLM\...\{75A43A49-A6A1-4FCB-A41E-02D76E166691}) (Version: 1.12.1200 - SRS Labs, Inc.)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.9.2014.1 - SteelSeries)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Test of Time Patch (HKLM-x32\...\Test of Time Patch) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wireless enable/disable (HKLM-x32\...\InstallShield_{2ED24418-A58C-45C5-B93E-A9EF60B85D89}) (Version: 0.0.0.13C - )
WSED (x32 Version: 0.0.0.13C - ) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Avell\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0247F649-E739-46AB-83BF-6A2A975D196D} - System32\Tasks\update-S-1-5-21-2315785857-4177499487-4149518941-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {106A23D7-0764-4719-8564-9ADED59C0ACB} - System32\Tasks\{B455438D-DC43-495C-8F04-AF117C6F20FE} => pcalua.exe -a "C:\Users\Avell\Desktop\AP Guitar Tuner Afinador de Violão e Guitarra\apguitargsetup.exe" -d "C:\Users\Avell\Desktop\AP Guitar Tuner Afinador de Violão e Guitarra"
Task: {1317D7F9-82C0-4388-AE59-EA18CC82E412} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {200F5D88-24A2-4FFA-A724-6808F2111EEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2670ECE0-FE65-46DC-94AA-1FCA8B45FAA3} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe
Task: {2C544927-00E9-4BE7-8309-5FC10F57B4C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {302936DF-AD1F-4D93-AAA7-367106EE6C0D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {40B9B98B-B56F-49F2-BE91-6CBA9FEE4D6E} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {49FDAED5-EA22-437E-880D-6205F72CE0C2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {599872CE-39B4-467D-9EC1-376BB59EC9B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {5B12EDFA-F04A-4C12-8ABF-BB01C0FE41C8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {673ADF94-8B7C-48BA-A7C1-E2B362CE67FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {6C018D85-2E4D-4849-B5E3-6048C5653D0A} - System32\Tasks\{7908B657-1DB3-425F-9F79-4FEA386DEDF5} => pcalua.exe -a "C:\Program Files (x86)\LeveUp! Games\RagnarokOnline\Setup.exe" -d "C:\Program Files (x86)\LeveUp! Games\RagnarokOnline"
Task: {6D15C270-4A80-412B-85FA-9989A42712D1} - System32\Tasks\{9D67971A-74D4-4D1F-AA63-2268541D587A} => pcalua.exe -a C:\Users\Avell\Desktop\tibia860.exe -d C:\Users\Avell\Desktop
Task: {7F924602-2116-4A3F-8E14-C31A6ACA520F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000UA => C:\Users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15] (Facebook Inc.)
Task: {9093DF74-EF3F-4690-9697-D67094F16225} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe [2012-03-09] (SRS Labs, Inc.)
Task: {9438EE87-3E9B-4679-9B0F-9EFD492D5E02} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {94E5D605-5398-4958-9231-F9F22E6AB2DA} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {B97A1E6C-1E06-427E-854E-3F622B94DC7D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DA529AFB-FF00-4AD3-AAA1-A605D4F211BE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000Core => C:\Users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15] (Facebook Inc.)
Task: {DC95C8CE-E640-4BDC-AECE-4F794B8ACA78} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {DDCD9538-4548-4271-891A-6D02F1ECAA30} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {ED198986-439D-40B2-BC91-C54AFA5F42E6} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {EFC42CCF-4E3C-4A69-875F-18C2B25C763D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {F070F8CB-EE6B-4A5A-BD61-62BB39B2809D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000Core.job => C:\Users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2315785857-4177499487-4149518941-1000UA.job => C:\Users\Avell\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2315785857-4177499487-4149518941-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-08-02 03:18 - 2012-02-21 12:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2016-10-07 09:52 - 2016-10-25 17:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-07 09:52 - 2016-10-25 17:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-07 09:53 - 2016-10-25 17:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2014-06-16 02:36 - 2014-06-16 02:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-11-04 21:11 - 2015-11-04 21:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-07-11 12:38 - 2016-11-10 19:38 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-14 22:21 - 2016-03-14 22:21 - 00104968 _____ () C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterService.exe
2010-04-07 14:19 - 2010-04-07 14:19 - 00935936 _____ () C:\Windows\system32\EMSC.dll
2016-10-07 09:52 - 2016-10-25 17:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-15 15:02 - 2016-11-23 10:34 - 03378688 _____ () C:\ProgramData\BlueStacks\BluestacksGameManager\xulrunner-sdk\mozjs.dll
2017-02-15 15:02 - 2016-12-29 09:45 - 03243616 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll
2017-02-15 15:02 - 2016-12-29 09:45 - 00140896 _____ () C:\Program Files (x86)\BlueStacks\libEGL.dll
2015-01-13 20:36 - 2015-01-13 20:36 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-08-02 03:19 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-08-02 03:18 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\...\bb.com.br -> hxxps://seg.bb.com.br

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2016-03-19 18:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Avell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Avell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: ATDworks => C:\Users\Avell\AppData\Local\ATDworks\TMPAFA3.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Avell\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Avell\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: VitaKeyTSR => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D3C8F18E-58B9-4380-AF48-E3D32FC4CEEE}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{7F1E1292-083F-4B0F-9BD9-1932041828C0}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [{BCCA28F0-83BB-4BD3-8C44-F90C47170FF6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5498022E-F32C-4018-9861-FCBEB6008F0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C9E4BDD-577C-4A42-B933-0BE58B52BB4A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8A5842BB-09F1-4FA8-81DD-4323B6824218}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{27AA37C7-8CB4-48FD-9605-4DB9EB942470}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0D904264-A8C0-4D94-82F3-411D0458AE9E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5423F152-EE71-41A9-AF80-7E562905C3DB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0E381471-5435-42C4-AA97-D76B9811BD48}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B4D625D9-4127-4A6C-92F5-02E8075FB0B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BC050B29-E878-47A6-8DD2-FC1B68882239}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F2E8C426-154B-4099-B2D1-EAFB4A12F13A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{712D5DAE-CD38-499B-8141-A9FBCD8B6515}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{00C5DDC0-6D33-4E1C-ACBE-CBCDD5C8617A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5CA8908F-DA4C-4547-A453-4002892EE865}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{402D6ACC-BC20-4FA6-8EBA-5A07D3C97FEB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{37777BD2-7CED-48ED-943A-029769FFF6C5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{224B41FC-BDE6-47A6-901E-853D89B66D30}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E7F6D59C-4246-4396-95F3-7889BE45DA27}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{68FB12CF-F639-4105-9253-3AA5F3E37760}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0AD62149-625B-4813-9210-6398265AFCD3}] => (Allow) C:\Program Files (x86)\ManyCam\ManyCam.exe
FirewallRules: [{D3B400E0-5636-4CEC-AD70-C9CCB3D0CBF6}] => (Allow) C:\Program Files (x86)\ManyCam\ManyCam.exe
FirewallRules: [{A0F85024-2D1A-4947-8F8C-0A6D540AFD9F}] => (Allow) C:\Users\Avell\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{AE42CC27-4EA7-40A7-9F4E-D21F53ED3B47}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1083D1D2-62FC-454A-BA23-B6DAC587FF35}] => (Allow) LPort=2869
FirewallRules: [{BDB63152-172F-47DB-95B6-772734CFE774}] => (Allow) LPort=1900
FirewallRules: [{EA5BF7B0-85FA-492E-A114-D1E5A7DD3D91}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3407AEBD-1E7F-4CE5-90B3-73A09FB747EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{59984E9D-EF83-4815-995A-6C0FA87CC2DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{20B952B0-7276-403D-BD1D-4B709250FF6C}] => (Allow) C:\Users\Avell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E9801FC9-1ED5-428F-AE0B-9597DE7A3BFD}] => (Allow) C:\Users\Avell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{36F77811-A0B8-47D9-898A-1680E8B70CA1}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe
FirewallRules: [UDP Query User{C934EED3-6A0A-46BE-BBCF-DC752E2BA568}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe
FirewallRules: [{2D5CCB01-9934-4162-B39A-6163209C9D4D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{2F647763-B9D1-48FA-9BDE-EFB9F30FD56C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{B577D3D6-E498-4141-B999-D31A77A314F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{6C3FFBF9-5866-446C-AD62-5187C9994998}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [TCP Query User{64DAF47F-DDAC-4E25-894C-97DF7F6AB36E}C:\ps2\roms\7daystodie.exe] => (Block) C:\ps2\roms\7daystodie.exe
FirewallRules: [UDP Query User{E40BF667-9D83-4FCC-82A5-FFEB3E424533}C:\ps2\roms\7daystodie.exe] => (Block) C:\ps2\roms\7daystodie.exe
FirewallRules: [{C65629F5-5A2F-4234-98CA-DE2C85A2EC4C}] => (Allow) C:\Program Files\VideoPlugin\FilterService\VideoPlugin.FilterServer.exe
FirewallRules: [{4C135FFC-F64D-41E1-83C5-DD2083A3F1D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{D7150894-C934-4305-A407-BD8AE8FEFEFC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{0AD4F302-D457-440F-9B1C-0FA6F52C07E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{71CA7077-4BEB-43E2-A4B0-A3A36D1C622C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{634C508A-C370-4C2A-BEBB-4E83895980BD}C:\ps1\ppsspp\ppssppwindows64.exe] => (Allow) C:\ps1\ppsspp\ppssppwindows64.exe
FirewallRules: [UDP Query User{DEB4FCD1-AEA4-433A-8C3C-F206C96ACD28}C:\ps1\ppsspp\ppssppwindows64.exe] => (Allow) C:\ps1\ppsspp\ppssppwindows64.exe
FirewallRules: [{589AF5A3-45A3-4C16-A6CC-BCA58AF39913}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5B6DF03E-1CB3-4854-93A1-BAB441411456}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8E89DA28-AFC7-4805-8F21-77B8A322D012}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E749A52C-ED64-4DE1-875B-F1643AB72377}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{69306978-5850-48D5-B10B-3417048E8BF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{325FBAA5-DD06-4DE0-9373-31F1499CC294}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{50E2E009-DEE2-4381-B213-C644A01C98DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{19B1E4DB-F7A3-49B9-B8CB-691D464532A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{36D6BB03-0CFE-448D-853F-312C04B1BAC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{8643E0AD-2ED5-4A41-B75B-FDE178AD03BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{B8E73390-4318-4FB1-8136-396AFE85BA2C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{6B5077A6-6F9B-4135-A35A-D0D8D6ECF373}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{8BEFF42C-ADB9-451E-82A7-79D24BA15E57}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E0FBDEAB-F7D8-490D-8DA3-6C753B995865}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{162E9F97-C9C6-4CAC-B07C-3169371E06DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5FF6DEA6-95DB-4893-9CDB-8D0F4D8E50A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D9C5D9D4-BBD0-4380-BAF9-60AEF26462CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D9580278-879E-4B8C-9C94-1E2360F8490D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DE787164-184F-4607-864A-A172C1B091B8}] => (Allow) C:\Users\Avell\Desktop\Agent\Agent.2328\Agent.exe
FirewallRules: [{4C973581-333F-48FD-A763-EC5BC4D7C567}] => (Allow) C:\Users\Avell\Desktop\Agent\Agent.2328\Agent.exe
FirewallRules: [TCP Query User{19580AB8-BE69-43DC-BB2F-00AFBD5C8666}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{9FDBFABB-308E-4D50-851E-E21588E07CD3}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe

==================== Restore Points =========================

15-03-2017 06:50:14 Ponto de Verificação Agendado

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: %TsUsbGD.DeviceDesc.Generic% (redirecionado)
Description: %TsUsbGD.DeviceDesc.Generic%
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: %StdMfg%
Service: TsUsbGD
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2017 12:39:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2017 06:29:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2017 06:09:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2017 04:21:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "c:\program files (x86)\CCleaner\CCleaner.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (03/21/2017 02:45:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/21/2017 12:26:15 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/20/2017 09:07:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/20/2017 02:59:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "c:\program files (x86)\CCleaner\CCleaner.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (03/20/2017 12:05:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/20/2017 08:26:26 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18063 - Falha ao inicializar a infra-estrutura de anexação da API do criador de perfil. Esse processo não permite que um perfil seja anexado. HRESULT: 0x80004005.  ID do Processo (decimal): 3296. ID da Mensagem: [0x2509].


System errors:
=============
Error: (03/21/2017 12:38:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço BlueStacks Log Rotator Service devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.

Error: (03/21/2017 12:38:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço BlueStacks Log Rotator Service.

Error: (03/21/2017 06:08:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço BlueStacks Log Rotator Service devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.

Error: (03/21/2017 06:08:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço BlueStacks Log Rotator Service.

Error: (03/19/2017 07:03:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço BlueStacks Log Rotator Service devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.

Error: (03/19/2017 07:03:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço BlueStacks Log Rotator Service.

Error: (03/19/2017 09:32:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço BlueStacks Log Rotator Service devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.

Error: (03/19/2017 09:32:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço BlueStacks Log Rotator Service.

Error: (03/18/2017 01:23:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Windows Update suspenso ao iniciar.

Error: (03/18/2017 12:28:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço BlueStacks Log Rotator Service devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.


CodeIntegrity:
===================================
  Date: 2016-03-23 02:48:48.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 02:48:48.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-19 18:51:31.142
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-03-19 18:51:31.096
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-21 23:58:03.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-21 23:58:03.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-24 03:46:30.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-24 03:46:29.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-11 00:59:02.195
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-11 00:59:02.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvd3dumx.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 88%
Total physical RAM: 4066.36 MB
Available physical RAM: 469.7 MB
Total Virtual: 8130.9 MB
Available Virtual: 3260.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:79.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 63F41232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 32,777 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 AM

Posted 21 March 2017 - 01:04 PM

Thank you.

Can you describe the random crashes. Blue Screen, freeze, restart, etc.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
2017-03-13 20:45 - 2017-03-13 20:45 - 0061440 _____ () C:\Users\Avell\AppData\Local\Temp\ynb-vumx.dll
Deletekey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATDworks
C:\Users\Avell\AppData\Local\ATDworks
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to crash question
  • Fixlog
  • Attached System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#5 Sellat

Sellat
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 21 March 2017 - 01:44 PM

The crashes happen when the pc starts to slow down , and there's no message and no blue screen of death , sometimes the explorer crash and i have to reopen it manually or restart , there other types of crashes that happen when i try to restore the system, and it randomly slowdown to a point i can't open anything, i know it's not a temperature issue the coolers are working sound and clear.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Avell (21-03-2017 15:25:55) Run:6
Running from C:\Users\Avell\Desktop
Loaded Profiles: Avell (Available Profiles: Avell)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
2017-03-13 20:45 - 2017-03-13 20:45 - 0061440 _____ () C:\Users\Avell\AppData\Local\Temp\ynb-vumx.dll
Deletekey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATDworks
C:\Users\Avell\AppData\Local\ATDworks
emptytemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2315785857-4177499487-4149518941-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
C:\Users\Avell\AppData\Local\Temp\ynb-vumx.dll => moved successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATDworks => key removed successfully
"C:\Users\Avell\AppData\Local\ATDworks" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 108629675 B
Java, Flash, Steam htmlcache => 171545764 B
Windows/system/drivers => 70622 B
Edge => 0 B
Chrome => 513364721 B
Firefox => 1184074403 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 31052 B
LocalService => 0 B
NetworkService => 0 B
Avell => 118672952 B
UpdatusUser => 0 B
fbwuser => 0 B

RecycleBin => 0 B
EmptyTemp: => 2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:33:43 ====

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 32,777 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 AM

Posted 21 March 2017 - 02:34 PM

This does not appear to be a malware related issue.

Please boot into Safe Mode with Networking and test your computer performance.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#7 Sellat

Sellat
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 21 March 2017 - 03:00 PM

It seems okay now, i will do more tests and report later.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 32,777 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 AM

Posted 21 March 2017 - 03:04 PM

OK, give it enough time where you would expect it to start acting up. If it doesn't act up then please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 32,777 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 AM

Posted 24 March 2017 - 09:39 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 32,777 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 AM

Posted 26 March 2017 - 01:45 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users