Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HDD Full Virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 Karmaniak

Karmaniak

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 02 May 2017 - 05:36 PM

Hi Guys,

 

First of all, in the name of all pc users in trouble, thanks a lot for volunteering your knowledge and your time to help less experienced users like me in solving our problems.

 

This is my first topic here. I need help to get rid of a virus that appears to use all the free space in the disk.

 

Lately I've been receiving messages that my disk is full. I have one HDD with 2 partitions, C: for Windows and Programs, and D: for personal documents. The problem is only occurring in partition D:. I know that the amount of used memory in D: is way less than the capacity of the partition, so I've installed Free Disk Explorer and confirm that I'm only using 150GB, from a total of 332GB. However, in My Computer the disk appears full, with only 1.4GB free.

 

I searched similar problems on Google, and found a topic here on your forum:

 

https://www.bleepingcomputer.com/forums/t/483583/virus-causing-hdd-to-become-completely-full/

 

Since the solution seemed customized, I have decided to create a new topic, instead of follow the steps you recomended to Prickly Pete.

 

Thank you very much for your help.

 

Here is the Log from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05-2017
Ran by Bruno Pinto Carmo (administrator) on BRUNOPINTOCARMO (02-05-2017 23:12:54)
Running from C:\Users\Bruno Pinto Carmo\Desktop
Loaded Profiles: UpdatusUser & Bruno Pinto Carmo &  (Available Profiles: UpdatusUser & Bruno Pinto Carmo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Português (Portugal)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CYPE Ingenieros S.A.) C:\CYPE Ingenieros\Versão 2017\programas\bimserv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(iOSinstaller.com) C:\Program Files (x86)\iOSinstaller\Updater.exe
() C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(iolo technologies, LLC) C:\Program Files (x86)\System Mechanic\ioloGovernor64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CYPE Ingenieros S.A.) C:\CYPE Ingenieros\Versão 2017\programas\bimservinst.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [909744 2017-03-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064 2012-09-14] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-04-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28432392 2017-05-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1479254243-496030957-2477417331-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1479254243-496030957-2477417331-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316141\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1479254243-496030957-2477417331-1002\...\Run: [GoogleChromeAutoLaunch_7B82EAC530586E33232462E738397CCE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-29] (Google Inc.)
HKU\S-1-5-21-1479254243-496030957-2477417331-1002\...\Policies\Explorer: [] 
HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250\...\Run: [GoogleChromeAutoLaunch_7B82EAC530586E33232462E738397CCE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-29] (Google Inc.)
HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250\...\Policies\Explorer: [] 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BIMserver.center.lnk [2017-03-17]
ShortcutTarget: BIMserver.center.lnk -> C:\CYPE Ingenieros\Versão 2017\programas\bimservinst.exe (CYPE Ingenieros S.A.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B26C38EB-19B5-4774-B6A7-51A6BA5C2844}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B26C38EB-19B5-4774-B6A7-51A6BA5C2844}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316141\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316141\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316141 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316141 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-19] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Bruno Pinto Carmo\AppData\Roaming\Mozilla\Firefox\Profiles\GMHJnXtf.default [2015-01-31]
FF Extension: (Avira Browser Safety) - C:\Users\Bruno Pinto Carmo\AppData\Roaming\Mozilla\Firefox\Profiles\GMHJnXtf.default\Extensions\abs@avira.com [2015-01-31] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-03] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-03] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1479254243-496030957-2477417331-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bruno Pinto Carmo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-12] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bruno Pinto Carmo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-12] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-pt
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default [2017-05-02]
CHR Extension: (Apresentações Google) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Adguard AdBlocker) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-12-25]
CHR Extension: (YouTube) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Speed Booster - Carga Sites Mais Rápido!) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bogglmmbglnfnjdnaabjkphdelhdiomd [2016-08-24]
CHR Extension: (Google Search) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-14]
CHR Extension: (Google Folhas de Cálculo) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Documentos do Google offline) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Proxy de VPN gratuito do Hotspot Shield – Desbloquear sites) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-05-02]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-03-14]
CHR Extension: (Logout 4 All) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmbibbjnobhnbkkmopbnppjphjajdkoh [2016-12-24]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Speedtest by Ookla) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2016-11-03]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2016-08-24]
CHR Extension: (Gmail) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1479254243-496030957-2477417331-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1115552 2017-03-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [487432 2017-03-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [487432 2017-03-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1519136 2017-03-24] (Avira Operations GmbH & Co. KG)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350120 2017-04-11] (Avira Operations GmbH & Co. KG)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 Cype BIM; C:\CYPE Ingenieros\Versão 2017\programas\bimserv.exe [106496 2017-01-27] (CYPE Ingenieros S.A.) [File not signed]
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-01] (Dropbox, Inc.)
R2 iOSinstallerUpdater; C:\Program Files (x86)\iOSinstaller\updater.exe [165376 2015-04-08] (iOSinstaller.com) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-24] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
S2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems) [File not signed]
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-05-02] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-02] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-02] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-02] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-05-02] (Malwarebytes)
S1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32168 2015-12-09] (EldoS Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-31] (Duplex Secure Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
U3 a14iedt0; C:\Windows\System32\Drivers\a14iedt0.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-02 23:12 - 2017-05-02 23:13 - 00031410 _____ C:\Users\Bruno Pinto Carmo\Desktop\FRST.txt
2017-05-02 23:11 - 2017-05-02 23:12 - 00000000 ____D C:\FRST
2017-05-02 23:10 - 2017-05-02 23:10 - 02428416 _____ (Farbar) C:\Users\Bruno Pinto Carmo\Desktop\FRST64.exe
2017-05-02 22:41 - 2017-05-02 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-05-02 22:41 - 2017-05-02 22:41 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-05-02 22:39 - 2017-05-02 22:40 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Bruno Pinto Carmo\Downloads\cbSetup.exe
2017-05-02 20:53 - 2017-05-02 21:13 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-02 20:53 - 2017-05-02 21:13 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-02 20:53 - 2017-05-02 21:13 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-02 20:53 - 2017-05-02 21:13 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-02 20:53 - 2017-05-02 20:53 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-02 20:53 - 2017-05-02 20:53 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-02 20:53 - 2017-05-02 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-02 20:53 - 2017-05-02 20:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-02 20:53 - 2017-05-02 20:53 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-02 20:53 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-02 20:52 - 2017-05-02 20:52 - 60107896 _____ (Malwarebytes ) C:\Users\Bruno Pinto Carmo\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-02 20:42 - 2017-05-02 20:42 - 00000000 ____D C:\Users\Bruno Pinto Carmo\AppData\Local\VMware
2017-05-02 20:36 - 2017-05-02 20:36 - 00001278 _____ C:\Users\Bruno Pinto Carmo\Desktop\Free Disk Explorer.lnk
2017-05-02 20:36 - 2017-05-02 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Disk Explorer
2017-05-02 20:36 - 2017-05-02 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-02 20:36 - 2017-05-02 20:36 - 00000000 ____D C:\Program Files (x86)\HLP Software
2017-05-02 20:35 - 2017-05-02 20:35 - 00737248 _____ (HLP SOFTWARE ) C:\Users\Bruno Pinto Carmo\Downloads\free-disk-explorer.exe
2017-05-02 20:22 - 2017-05-02 20:22 - 00000000 _____ C:\Users\Bruno Pinto Carmo\Downloads\Baixaki_free-disk-explorer.exe
2017-05-01 15:49 - 2017-05-01 15:49 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-04-30 18:11 - 2017-04-30 18:11 - 00005966 _____ C:\Users\Bruno Pinto Carmo\Downloads\millenniumbcp (28).pdf
2017-04-30 11:41 - 2017-04-30 11:41 - 00396469 _____ C:\Users\Bruno Pinto Carmo\Downloads\Férias Abril 2017_CC (1).xlsx
2017-04-24 12:52 - 2017-04-24 12:52 - 03109123 _____ C:\Users\Bruno Pinto Carmo\Downloads\Guia_Tecnico_22_3aGeracaoAQS_vs03 (1).pdf
2017-04-24 12:46 - 2017-04-24 12:46 - 03109123 _____ C:\Users\Bruno Pinto Carmo\Downloads\Guia_Tecnico_22_3aGeracaoAQS_vs03.pdf
2017-04-22 14:20 - 2017-04-22 14:20 - 00006080 _____ C:\Users\Bruno Pinto Carmo\Downloads\millenniumbcp (27).pdf
2017-04-22 14:19 - 2017-04-22 14:19 - 00005883 _____ C:\Users\Bruno Pinto Carmo\Downloads\millenniumbcp (26).pdf
2017-04-22 14:18 - 2017-04-22 14:18 - 00005881 _____ C:\Users\Bruno Pinto Carmo\Downloads\millenniumbcp (25).pdf
2017-04-22 14:17 - 2017-04-22 14:17 - 00005859 _____ C:\Users\Bruno Pinto Carmo\Downloads\millenniumbcp (24).pdf
2017-04-22 14:13 - 2017-04-22 14:13 - 00005842 _____ C:\Users\Bruno Pinto Carmo\Downloads\millenniumbcp (23).pdf
2017-04-22 13:26 - 2017-04-22 13:26 - 00001138 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-04-18 19:25 - 2017-04-18 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-04-02 15:52 - 2017-04-02 15:52 - 00136458 _____ C:\Users\Bruno Pinto Carmo\Downloads\documento (1).pdf
2017-04-02 15:51 - 2017-04-02 15:52 - 00136458 _____ C:\Users\Bruno Pinto Carmo\Downloads\documento.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-02 23:03 - 2011-02-19 05:45 - 00734502 _____ C:\Windows\system32\prfh0816.dat
2017-05-02 23:03 - 2011-02-19 05:45 - 00157320 _____ C:\Windows\system32\prfc0816.dat
2017-05-02 23:03 - 2009-07-14 06:13 - 01692800 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-02 23:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-05-02 22:53 - 2015-11-03 17:10 - 00000000 ____D C:\Users\Bruno Pinto Carmo\Desktop\TRANSPORTE
2017-05-02 22:26 - 2015-01-31 05:51 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2017-05-02 21:20 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-02 21:20 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-02 21:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-02 21:06 - 2015-01-31 15:11 - 00000000 ____D C:\Program Files (x86)\Nero
2017-05-02 20:42 - 2016-02-16 22:10 - 00000000 ____D C:\Users\Bruno Pinto Carmo\AppData\Roaming\VMware
2017-05-02 20:39 - 2016-10-24 21:15 - 00000412 _____ C:\Windows\Tasks\update-sys.job
2017-05-02 20:37 - 2015-08-16 23:17 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-05-02 20:35 - 2015-08-16 23:21 - 00000000 ___RD C:\Users\Bruno Pinto Carmo\Dropbox
2017-05-02 19:28 - 2016-10-24 21:15 - 00000412 _____ C:\Windows\Tasks\update-S-1-5-21-1479254243-496030957-2477417331-1002.job
2017-05-02 17:07 - 2016-12-18 17:46 - 00003108 _____ C:\Windows\System32\Tasks\iolo Process Governor
2017-05-02 17:07 - 2016-12-18 17:46 - 00000000 ____D C:\ProgramData\ioloGovernor
2017-04-30 16:45 - 2011-04-13 03:33 - 00003440 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 16:45 - 2011-04-13 03:33 - 00003312 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-24 18:44 - 2016-07-28 13:34 - 00000000 ____D C:\stremio-cache
2017-04-22 13:26 - 2015-01-31 13:44 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-22 13:26 - 2015-01-31 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-04-19 02:09 - 2016-07-23 12:37 - 00000000 ____D C:\Users\Bruno Pinto Carmo\AppData\Roaming\stremio
2017-04-19 00:46 - 2015-01-31 13:32 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-19 00:46 - 2011-04-13 03:33 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-18 20:38 - 2015-05-31 13:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-18 20:37 - 2015-05-31 13:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-18 20:07 - 2016-12-18 17:46 - 00001948 _____ C:\Users\Public\Desktop\System Mechanic.lnk
2017-04-18 20:07 - 2016-12-18 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2017-04-18 20:06 - 2016-12-18 17:46 - 00000000 ____D C:\Program Files (x86)\System Mechanic
2017-04-18 19:56 - 2016-12-18 17:41 - 00000000 ____D C:\ProgramData\iolo
2017-04-18 19:55 - 2016-12-18 17:46 - 00004018 _____ C:\Windows\System32\Tasks\ioloTUDsDownloader
2017-04-18 19:55 - 2016-12-18 17:46 - 00003872 _____ C:\Windows\System32\Tasks\ioloToaster
2017-04-18 19:37 - 2016-08-09 15:56 - 00000000 ____D C:\Users\Bruno Pinto Carmo\AppData\Roaming\Kodi
2017-04-18 19:25 - 2016-10-24 21:15 - 00003310 _____ C:\Windows\System32\Tasks\update-S-1-5-21-1479254243-496030957-2477417331-1002
2017-04-18 19:25 - 2016-10-24 21:15 - 00003308 _____ C:\Windows\System32\Tasks\update-sys
2017-04-18 19:25 - 2016-10-24 21:15 - 00000424 _____ C:\Users\Bruno Pinto Carmo\AppData\Local\UserProducts.xml
2017-04-15 21:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-02 23:36 - 2015-01-31 05:51 - 00000000 ____D C:\Users\Bruno Pinto Carmo
 
==================== Files in the root of some directories =======
 
2016-10-24 21:15 - 2016-10-24 21:15 - 0000003 _____ () C:\Users\Bruno Pinto Carmo\AppData\Local\updater.log
2016-10-24 21:15 - 2017-04-18 19:25 - 0000424 _____ () C:\Users\Bruno Pinto Carmo\AppData\Local\UserProducts.xml
2011-04-13 03:48 - 2010-07-07 00:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2015-04-12 00:32 - 2015-04-12 00:32 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-02-01 05:36 - 2015-02-01 05:37 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-02-01 05:36 - 2015-02-01 05:36 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
2017-04-29 20:47 - 2017-04-29 20:47 - 5970743 _____ (Smart Code Ltd.) C:\Users\Bruno Pinto Carmo\AppData\Local\Temp\Stremio3.6.7.asar.exe
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㈮㬸嘠䙄㠠ㄮ⸱㈲⸹㐲㬰圠湩潤獷㜠䠠浯⁥牐浥畩㭭匠牥楶散倠捡㬱倠牯畴慧㭬㘠攱㐵攵㌶㠳㈱㈲っ㡦㝡㕥㘲㥡㔶愸㐸㠵㌳㠳㭤〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱倠㭔䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬰ㄠ※㬱朠潯汧⁥档潲敭※㬱㜠㔳扥㐲晦摦㐴㈶戶昲愰㌴摢晣ぢ扡㥣㈲〲搶㭤〠)r Des瘱疘o耀Taerdl.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-02 21:30
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,728 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:15 AM

Posted 05 May 2017 - 06:33 AM

Karmaniak:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

I will need some time to review your FRST logs. That could take a day or two. In the future, please copy and paste all logs into your replies, despite the posting instructions. That makes it quicker for me to analyze your logs and scan results. Thank you for your anticipated cooperation.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,728 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:15 AM

Posted 05 May 2017 - 08:53 AM

Karmaniak:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Please uninstall the following programs from your computer. See the links below for the reasons that I am making this request. Use the Control Panel, Add/Remove programs to uninstall them and reboot your computer.

  • Popcorn Time (HKU\S-1-5-21-1479254243-496030957-2477417331-1002\...\Popcorn Time) (Version: - Popcorn Official)
  • Popcorn Time (HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250\...\Popcorn Time) (Version: - Popcorn Official)
  • Akamai NetSession Interface (HKU\S-1-5-21-1479254243-496030957-2477417331-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
  • Akamai NetSession Interface (HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250\...\Akamai) (Version: - Akamai Technologies, Inc)
  • Lightshot-5.4.0.5 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.5 - Skillbrains)

Popcorn Time link
Akamai NetSession link
Lightshot by Skillbrains link
 
.


:step2: In going over your logs I noticed that you have µTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.


.


:step3: Please run a FRST fix for me. BEFORE doing so, please rename your copy of FRST64.exe to FRST64English.exe, which will result in the logs being translated into English. Thank you.

NOTE: It is important that both files, FRST64English.exe and fixlist.txt ,are in the same folder or the fix will not work.

NOTICE: This "fixlist.txt" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1479254243-496030957-2477417331-1002\...\Policies\Explorer: [] 
HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250\...\Policies\Explorer: [] 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKU\S-1-5-21-1479254243-496030957-2477417331-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
S3 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
U3 a14iedt0; C:\Windows\System32\Drivers\a14iedt0.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Drivers\a14iedt0.sys
S3 dbx; system32\DRIVERS\dbx.sys [X]
File: C:\Users\Bruno Pinto Carmo\AppData\Local\Temp\Stremio3.6.7.asar.exe
C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㈮㬸嘠䙄㠠ㄮ⸱㈲⸹㐲㬰圠湩潤獷㜠䠠浯⁥牐浥畩㭭匠牥楶散倠捡㬱倠牯畴慧㭬㘠攱㐵攵㌶㠳㈱㈲っ㡦㝡㕥㘲㥡㔶愸㐸㠵㌳㠳㭤〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱倠㭔䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬰ㄠ※㬱朠潯汧⁥档潲敭※㬱㜠㔳扥㐲晦摦㐴㈶戶昲愰㌴摢晣ぢ扡㥣㈲〲搶㭤〠)r Des瘱疘o耀Taerdl.dll
Task: {9D1C6BB6-CFBF-48DB-BCD3-DF0B14CAE9A3} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {B531031D-69BE-4E82-A69B-C830EA0DA5FC} - System32\Tasks\update-S-1-5-21-1479254243-496030957-2477417331-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: C:\Windows\Tasks\update-S-1-5-21-1479254243-496030957-2477417331-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
FirewallRules: [TCP Query User{1E5E95C5-D7B6-471A-BCE3-0AEED3181E13}C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A4715401-9015-4123-9DAF-CB43AD8157D1}C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{6FDBBF30-7501-48C2-A987-1C8DE6E6CB47}C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{AB94B517-1499-47F5-8215-4AB1CC85E38A}C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{21FA0628-345D-4B04-9A90-9714D9B02FAE}C:\users\bruno pinto carmo\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{528A1B75-4ECB-4B93-A3C5-0A62310C0DED}C:\users\bruno pinto carmo\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{3C3F493B-9F94-4C23-978B-605B9B716E84}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{355D08C8-1708-4D43-A2E7-4390591316B7}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [TCP Query User{74D3C280-3865-4F75-806F-61AEB9911D57}C:\users\bruno pinto carmo\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe] => (Allow) C:\users\bruno pinto carmo\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe
FirewallRules: [UDP Query User{F4EE8BC7-E32D-432D-9AE0-0FF78CDD4DEF}C:\users\bruno pinto carmo\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe] => (Allow) C:\users\bruno pinto carmo\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe
FirewallRules: [{1E3C9489-D054-4DE4-851C-BDB3CC3FD59B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{62B0570D-2F36-4897-80B4-DD40E09864C5}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{FAFFCEB0-CA9E-423A-95AB-98EC9F991FB6}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{8024E0BF-A70A-4266-A8A2-C47366E2077C}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{B4514D64-F70A-468E-9617-587D7735B56B}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{DBA989C8-3422-4558-89B6-E7D99B18FB29}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
Folder: C:\Windows\Logs\CBS
  • Right click FRST64English.exe, and select "Run as Administrator".
  • Press Ctrl+y (Ctrl and Y keys at the same time).
  • A "fixlist.txt" file opens up, copy and paste the contents of the code box above into the file.
  • Press Ctrl+S to save the file. Close the "fixlist.txt" file.
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.


:step4: We need to check your D: drive for errors.

To determine if your C: drive is an SSD or conventional hard drive for Windows 8/8.1. or 10, please press the Windows logo key and search for "optimize" in the Windows Start menu. Select: Defragment and optimize your drives. See this link for more information.
For Windows 7 and earlier, please the Windows logo key + R together, then type control and press the <Enter> key. Click on "System and Security" and then click on "Device Manager". Next, click on "Disk Drives" to open up a list of disk drives on your computer. If it is an SSD drive, it should say so in the description; but if you are not sure, "Google" the model number of the drive that you want to run chkdsk on.

It is important not to run chkdsk /r on an SSD as it will lead to excessive wear and shorten the life of an SSD. For SSD drives, use the chkdsk /f command.

  • Please open an Elevated Command Prompt. To do this:
    • Press the Windows "Start" button.
    • Type "cmd.exe" into the "Search" box.
    • At the top of the list that generates, you should see "cmd.exe".
    • Right click "cmd.exe" and select "Run as Administrator".
  • Type the following command exactly: chkdsk D: /r unless you have an SSD hard drive, in which case, type chkdsk /f.
  • Please note that there is a space between "chkdsk" and "D:" and between "D:" "/r" or "/f".
  • You may get a message that the volume is locked and do you want to reboot.
  • Click on "Yes" to permit the computer to reboot.
  • When the computer reboots, do not press any keys. Let the chkdsk run, which will take several hours.
  • The computer will reboot automatically when the "chkdsk" has finished.

Please follow the instructions here to find the results of the "chkdsk" scan.

Please copy and paste those results into your next reply.

You should run this command when you will not need your computer. The chkdsk scan can take five to ten hours, or more, depending on whether the hard drive is SSD or conventional, and the size and amount of data on the drive, and whether CHKDSK has to attempt repairs.

.


Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 Karmaniak

Karmaniak
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 07 May 2017 - 06:26 AM

Hello Phil,

 

My name is Bruno. Thank you very much for your support. I'll try to follow all your indications within my competences.

 

Trying to reply in the same order:

 

I have not run any Malware Scan, but I do have the Malwarebytes Installed, and it is running on background. I also have the Avira Connect Anti-Virus, also running on background. Please let me know if I should disable any of these.

 

As per your second reply, I had already made the backup I needed using the Bleeping Computer's advices and Cobian Backup 11.

 

I don't know if I have CD/DVD Emulation Software, so I used Defogger to turn them off just in case.

 

Step 1:

I have removed all the software you requested.

Step 2: and also uTorrent, which I don’t use for a long time, (P2P main sites are locked by court order here in Portugal).

Step 3:

I have changed the name of the exe file for FRST64English.exe; and I have created the fixlist and paste the code you posted. I have pressed the Fix button, and it has been now over 24 hours with the same screen (attached the prt sc). Is this normal? Should it take this long, or maybe it stalled?

As per further actions, I was not able to perform the chkdsk, but I know my HDD is conventional, not SSD.

 

Unfortunately I don’t have new logs to paste, but I attach the print screen.

 

Thank you, and a great day to you too.

 

Best regards,

 

Bruno.

Attached Files



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,728 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:15 AM

Posted 07 May 2017 - 07:22 AM

Bruno:
 
Thank you for your post and screenshot.  Thank you also for permission to address you by your first name.
 
FRST should have executed the fix within ten minutes.  It has undoubtedly stalled.  You shouldn't have to disable your Avira or Malwarebytes.

 

.
 
:step1: Please reboot your computer.
 
.
 
 
:step2: Please download Rkill by Grinler from one of the 3 links below (if one of them does not work, try another...) and save it to your desktop:

  • rkill.scr
  • rkill.com
  • rkill.exe
  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista or above, please right-click on it and select Run As Administrator.)
  • Note: You may have to run Rkill a few times before it is successful. As a reminder, you may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (the file is also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

.


:step3: Please try to copy and paste the code box in the previous message again, and save it, and then try the FRST "fixlist.txt" script again, by right-clicking FRST64English.exe and selecting "Run as Administrator", and then clicking the "Fix" button once.

 

If that too hangs, it might be hanging on the Unicode line, so please delete this line from the "fixlist.txt" script, save the file as "fixlist.txt" and try again.  FRST is supposed to handle Unicode, but the line might have become corrupted.

C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㈮㬸嘠䙄㠠ㄮ⸱㈲⸹㐲㬰圠湩潤獷㜠䠠浯⁥牐浥畩㭭匠牥楶散倠捡㬱倠牯畴慧㭬㘠攱㐵攵㌶㠳㈱㈲っ㡦㝡㕥㘲㥡㔶愸㐸㠵㌳㠳㭤〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱倠㭔䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬰ㄠ※㬱朠潯汧⁥档潲敭※㬱㜠㔳扥㐲晦摦㐴㈶戶昲愰㌴摢晣ぢ扡㥣㈲〲搶㭤〠)r Des瘱疘o耀Taerdl.dll

.


Good luck.  Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 Karmaniak

Karmaniak
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 07 May 2017 - 08:30 AM

Hi Phil,

 

Thank you for your prompt response and keen advices.

 

I have run Rkill, and everything went as expected, there was a remark to that specific folder you mentioned in Unicode “C:\Windows\SysWOW64\”

Here’s the Rkill log:

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/07/2017 01:37:03 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 3412) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

Program finished at: 05/07/2017 01:40:25 PM
Execution time: 0 hours(s), 3 minute(s), and 22 seconds(s)

After this I ran the FRST fix with the original fixlist, waited 20 minutes… Stalled. Changed the fixlist by eliminating the Unicode line and ran the FRST fix again. I have wait until now, half an our or so, and I think it stalled again. However it did generate a Fixlog. Maybe it’s useful, here it is:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-05-2017
Ran by Bruno Pinto Carmo (07-05-2017 13:47:04) Run:6
Running from C:\Users\Bruno Pinto Carmo\Desktop\FRST
Loaded Profiles: Bruno Pinto Carmo (Available Profiles: UpdatusUser & Bruno Pinto Carmo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1479254243-496030957-2477417331-1002\...\Policies\Explorer: [] 
HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250\...\Policies\Explorer: [] 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKU\S-1-5-21-1479254243-496030957-2477417331-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
S3 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
U3 a14iedt0; C:\Windows\System32\Drivers\a14iedt0.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\System32\Drivers\a14iedt0.sys
S3 dbx; system32\DRIVERS\dbx.sys [X]
File: C:\Users\Bruno Pinto Carmo\AppData\Local\Temp\Stremio3.6.7.asar.exe
Task: {9D1C6BB6-CFBF-48DB-BCD3-DF0B14CAE9A3} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {B531031D-69BE-4E82-A69B-C830EA0DA5FC} - System32\Tasks\update-S-1-5-21-1479254243-496030957-2477417331-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: C:\Windows\Tasks\update-S-1-5-21-1479254243-496030957-2477417331-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
FirewallRules: [TCP Query User{1E5E95C5-D7B6-471A-BCE3-0AEED3181E13}C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A4715401-9015-4123-9DAF-CB43AD8157D1}C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{6FDBBF30-7501-48C2-A987-1C8DE6E6CB47}C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{AB94B517-1499-47F5-8215-4AB1CC85E38A}C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{21FA0628-345D-4B04-9A90-9714D9B02FAE}C:\users\bruno pinto carmo\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{528A1B75-4ECB-4B93-A3C5-0A62310C0DED}C:\users\bruno pinto carmo\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{3C3F493B-9F94-4C23-978B-605B9B716E84}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{355D08C8-1708-4D43-A2E7-4390591316B7}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [TCP Query User{74D3C280-3865-4F75-806F-61AEB9911D57}C:\users\bruno pinto carmo\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe] => (Allow) C:\users\bruno pinto carmo\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe
FirewallRules: [UDP Query User{F4EE8BC7-E32D-432D-9AE0-0FF78CDD4DEF}C:\users\bruno pinto carmo\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe] => (Allow) C:\users\bruno pinto carmo\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe
FirewallRules: [{1E3C9489-D054-4DE4-851C-BDB3CC3FD59B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{62B0570D-2F36-4897-80B4-DD40E09864C5}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{FAFFCEB0-CA9E-423A-95AB-98EC9F991FB6}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{8024E0BF-A70A-4266-A8A2-C47366E2077C}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{B4514D64-F70A-468E-9617-587D7735B56B}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{DBA989C8-3422-4558-89B6-E7D99B18FB29}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
Folder: C:\Windows\Logs\CBS
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1479254243-496030957-2477417331-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value not found.
HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05022017211316250\...\Policies\Explorer: [] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1479254243-496030957-2477417331-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
 

 

Hope all the info can be helpful. Thank you for your patience.

 

Best regards,

 

Bruno



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,728 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:15 AM

Posted 07 May 2017 - 11:57 AM

Bruno:

Thank you for your post.  Something is "hanging" the FRST "fixlist.txt" script file.  There are a number of possibilities, but for now, I am going to assume that it might be some malware, until I can rule that out.  I am going to ask you to run three different scans for me, and then provide me with a new set of FRST logs.  It is always possible that something got missed.

Please copy and paste all requested logs into your next replies. It might require more than one reply,

Please note that if the ESET online scan (Step :step2:) doesn't find anything, there will be no log generated to export.  Also note that the ESET scan can take an hour, or longer, to run, depending on the speed of your computer and how much it has to scan, so please be patient (as you have been).

 

If any of the scans won't run, or you get an error "requested resource in use", please post back to me immediately.

And don't worry about all of these scanning/disinfection tools - I will remove them all when I am finished disinfecting your computer in one easy step!

.

:step1: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • Right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan.
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and TDSSKiller will offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • Note: If Cure is not an option, select Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

.


:step2: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.


:step3: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.


:step4: Please download the latest version of FRST from here, and rename "FRST64.exe" to FRST64English.exe.  A new version of FRST was released today.

 

Please right click the file and "Run as Administrator" and then press the "Scan" button.

 

Please copy and paste both the contents of the "FRST.txt" file and the "Addition.txt" file into your next reply/replies.

.


Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#8 Karmaniak

Karmaniak
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 09 May 2017 - 06:26 PM

Hi Phil,

 

Sorry for the late reply.

 

I'm traveling on work since yesterday morning, and I will only be back tomorrow evening. I don't have the infected computer on me, so I'm not able to follow the steps.

 

Just wanted to let know I haven't lost interest on the subject. I have already performed tasks 1 and 2. As soon as I get home, in about 24 hours, I'll finish all the tasks and send you the info.

 

Please don't quit just yet :)

 

Thank you very much for your support and your patience.

 

Best regards,

 

Bruno.



#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,728 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:15 AM

Posted 10 May 2017 - 08:37 AM

Bruno:

 

Thank you very much for the update.  I was about to send you the "three-day" bump.  As long as I know you are still with, I will wait and work with you, as your time permits.

 

This Forum is closely monitored by Moderators, to ensure that replies are timely and that resolved or stale topics are properly concluded so that Forum statistics can be generated for the information of management and Moderators.

 

As long as you keep posting every two or three days and want assistance, I will hold the topic open.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#10 Karmaniak

Karmaniak
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 10 May 2017 - 11:58 AM

Hi Phil,

 

I’m back and I have completed all the tasks you requested. Here are the results:

 

At a first atemp I got a messege that the post was too long, so I'll divide it in a few:

 

First Post.

 

1 – Content of the log file named TDSSKiller.3.1.0.15_07.05.2017_23.35.39_log.txt:

 

23:35:39.0295 0x1b68  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
23:35:45.0043 0x1b68  ============================================================
23:35:45.0044 0x1b68  Current date / time: 2017/05/07 23:35:45.0043
23:35:45.0044 0x1b68  SystemInfo:
23:35:45.0044 0x1b68  
23:35:45.0044 0x1b68  OS Version: 6.1.7601 ServicePack: 1.0
23:35:45.0044 0x1b68  Product type: Workstation
23:35:45.0044 0x1b68  ComputerName: BRUNOPINTOCARMO
23:35:45.0044 0x1b68  UserName: Bruno Pinto Carmo
23:35:45.0045 0x1b68  Windows directory: C:\Windows
23:35:45.0045 0x1b68  System windows directory: C:\Windows
23:35:45.0045 0x1b68  Running under WOW64
23:35:45.0045 0x1b68  Processor architecture: Intel x64
23:35:45.0045 0x1b68  Number of processors: 8
23:35:45.0045 0x1b68  Page size: 0x1000
23:35:45.0045 0x1b68  Boot type: Normal boot
23:35:45.0045 0x1b68  CodeIntegrityOptions = 0x00000001
23:35:45.0045 0x1b68  ============================================================
23:35:47.0534 0x1b68  KLMD registered as C:\Windows\system32\drivers\48733206.sys
23:35:47.0534 0x1b68  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.17514, osProperties = 0x1
23:35:47.0888 0x1b68  System UUID: {D8997982-C5BE-27C7-A8B4-63F5348F611A}
23:35:48.0301 0x1b68  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:35:48.0313 0x1b68  ============================================================
23:35:48.0313 0x1b68  \Device\Harddisk0\DR0:
23:35:48.0314 0x1b68  MBR partitions:
23:35:48.0314 0x1b68  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1DCF0000
23:35:48.0331 0x1b68  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x20EF1000, BlocksNum 0x29966800
23:35:48.0331 0x1b68  ============================================================
23:35:48.0364 0x1b68  C: <-> \Device\Harddisk0\DR0\Partition1
23:35:48.0407 0x1b68  D: <-> \Device\Harddisk0\DR0\Partition2
23:35:48.0408 0x1b68  ============================================================
23:35:48.0408 0x1b68  Initialize success
23:35:48.0408 0x1b68  ============================================================
23:36:04.0768 0x1a0c  ============================================================
23:36:04.0768 0x1a0c  Scan started
23:36:04.0768 0x1a0c  Mode: Manual; 
23:36:04.0768 0x1a0c  ============================================================
23:36:04.0768 0x1a0c  KSN ping started
23:36:07.0422 0x1a0c  KSN ping finished: true
23:36:08.0843 0x1a0c  ================ Scan system memory ========================
23:36:08.0843 0x1a0c  System memory - ok
23:36:08.0843 0x1a0c  ================ Scan services =============================
23:36:09.0045 0x1a0c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:36:09.0077 0x1a0c  1394ohci - ok
23:36:09.0139 0x1a0c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:36:09.0155 0x1a0c  ACPI - ok
23:36:09.0170 0x1a0c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:36:09.0170 0x1a0c  AcpiPmi - ok
23:36:09.0357 0x1a0c  [ CBDF353624D1744734F2FD13B4786F90, 615C695F842D2F777C7D0DAA19B3674AB903FDC401E22A130C04DB0D0C1486D2 ] AdAppMgrSvc     C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
23:36:09.0404 0x1a0c  AdAppMgrSvc - ok
23:36:09.0498 0x1a0c  [ 8D6BA8E7676038A27FD4ECF12CC744B0, F5D59B764DCB4A06A51939533DC7B2391FD68E3979C48939C023A60DCE0D2101 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:36:09.0513 0x1a0c  AdobeARMservice - ok
23:36:09.0655 0x1a0c  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:36:09.0702 0x1a0c  AdobeFlashPlayerUpdateSvc - ok
23:36:09.0811 0x1a0c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:36:09.0842 0x1a0c  adp94xx - ok
23:36:09.0889 0x1a0c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:36:09.0920 0x1a0c  adpahci - ok
23:36:09.0967 0x1a0c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:36:09.0982 0x1a0c  adpu320 - ok
23:36:09.0998 0x1a0c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:36:09.0998 0x1a0c  AeLookupSvc - ok
23:36:10.0060 0x1a0c  [ 69FD46FAC0D9C4A8ECD522AC6A7481F5, 048FA3F77423D43346A35F142DBD0ACEC190F5E68F79960856C325B3CA7DD6C9 ] AFBAgent        C:\Windows\system32\FBAgent.exe
23:36:10.0092 0x1a0c  AFBAgent - ok
23:36:10.0185 0x1a0c  [ D31DC7A16DEA4A9BAF179F3D6FBDB38C, 532678D86E3E667F2E789C4873565E0B92C549A93F10802BB6D5B505CA3238CE ] AFD             C:\Windows\system32\drivers\afd.sys
23:36:10.0216 0x1a0c  AFD - ok
23:36:10.0232 0x1a0c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:36:10.0232 0x1a0c  agp440 - ok
23:36:10.0263 0x1a0c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:36:10.0263 0x1a0c  ALG - ok
23:36:10.0294 0x1a0c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:36:10.0294 0x1a0c  aliide - ok
23:36:10.0294 0x1a0c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:36:10.0310 0x1a0c  amdide - ok
23:36:10.0326 0x1a0c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:36:10.0341 0x1a0c  AmdK8 - ok
23:36:10.0341 0x1a0c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:36:10.0357 0x1a0c  AmdPPM - ok
23:36:10.0388 0x1a0c  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:36:10.0388 0x1a0c  amdsata - ok
23:36:10.0419 0x1a0c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:36:10.0435 0x1a0c  amdsbs - ok
23:36:10.0450 0x1a0c  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:36:10.0450 0x1a0c  amdxata - ok
23:36:10.0591 0x1a0c  [ 0C891285258A793146DCF286BFEDFF20, 2BF060A4D1C26FBB99229DADFBDBE4C03DE3DE1FA6376948DEC257907CB83442 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
23:36:10.0622 0x1a0c  AntiVirMailService - ok
23:36:10.0684 0x1a0c  [ A92B5723DC25E9755C745F9946A2E2EA, 5C1994BB7BE36555AE43400E12A650B1AC4CC37E9765B3AB5A605AD13E0CE1CF ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:36:10.0700 0x1a0c  AntiVirSchedulerService - ok
23:36:10.0762 0x1a0c  [ A92B5723DC25E9755C745F9946A2E2EA, 5C1994BB7BE36555AE43400E12A650B1AC4CC37E9765B3AB5A605AD13E0CE1CF ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:36:10.0778 0x1a0c  AntiVirService - ok
23:36:10.0840 0x1a0c  [ 56B7AEE325CE5EA2BD854899E4E7123B, E25491348675939CB81C0E19A50473C8B13C1CFA1F84305478DD3403E1393800 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
23:36:10.0872 0x1a0c  AntiVirWebService - ok
23:36:10.0903 0x1a0c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
23:36:10.0903 0x1a0c  AppID - ok
23:36:10.0934 0x1a0c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:36:10.0934 0x1a0c  AppIDSvc - ok
23:36:10.0965 0x1a0c  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
23:36:10.0965 0x1a0c  Appinfo - ok
23:36:11.0090 0x1a0c  [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:36:11.0106 0x1a0c  Apple Mobile Device Service - ok
23:36:11.0137 0x1a0c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
23:36:11.0152 0x1a0c  arc - ok
23:36:11.0168 0x1a0c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:36:11.0184 0x1a0c  arcsas - ok
23:36:11.0277 0x1a0c  [ D01D1B40EEF27F64B45165CE0ACDE6CD, E6A9200A66806A2477D5D846D9B48A7087DBC6E99892213E99AB4F030ECB04FE ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:36:11.0277 0x1a0c  ASLDRService - ok
23:36:11.0324 0x1a0c  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:36:11.0324 0x1a0c  ASMMAP64 - ok
23:36:11.0464 0x1a0c  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:36:11.0464 0x1a0c  aspnet_state - ok
23:36:11.0480 0x1a0c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:36:11.0480 0x1a0c  AsyncMac - ok
23:36:11.0511 0x1a0c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:36:11.0511 0x1a0c  atapi - ok
23:36:11.0620 0x1a0c  [ 0ACC06FCF46F64ED4F11E57EE461C1F4, F2AB7198C7F7D36AB1D6D03C1FEFD929ED402002AC835B909FC14938BC0EE24B ] athr            C:\Windows\system32\DRIVERS\athrx.sys
23:36:11.0731 0x1a0c  athr - ok
23:36:11.0777 0x1a0c  [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:36:11.0777 0x1a0c  ATKGFNEXSrv - ok
23:36:11.0824 0x1a0c  [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO_   C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
23:36:11.0824 0x1a0c  ATKWMIACPIIO_ - ok
23:36:11.0887 0x1a0c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:36:11.0918 0x1a0c  AudioEndpointBuilder - ok
23:36:11.0949 0x1a0c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:36:11.0965 0x1a0c  AudioSrv - ok
23:36:12.0043 0x1a0c  [ F431DC5D94F4B2FDBC927655D8A9B10E, FA16A95E5B83D08F0FD76FDAB03FC7CD4B6917BFE15F2F1D9F3B781F6A1888D8 ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
23:36:12.0058 0x1a0c  Autodesk Content Service - ok
23:36:12.0089 0x1a0c  [ C0B4C2DF426BDFC679F658C442113E9C, CEC53912FF5A9378CB58F2E72FE61D3265E65B800EDCFC32278465ACDB5455D7 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:36:12.0105 0x1a0c  avgntflt - ok
23:36:12.0183 0x1a0c  [ AD68D7AC2CABCA09140E4FCEA98BCEF6, 134AD5DDFAC5BD58173E2EB2AC7DB1413E9416507E4252E4E0A8172B1A6206F5 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:36:12.0199 0x1a0c  avipbb - ok
23:36:12.0292 0x1a0c  [ 64943D597895DE755A58EE46402932F3, 11D6668F325A5C8343C533BC037AD38019EA6F8E84FB15639B16BD3113F73C8D ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
23:36:12.0308 0x1a0c  Avira.ServiceHost - ok
23:36:12.0323 0x1a0c  [ 3E0AB8C453FA433B15A30BAA8BD4B275, 30453E68013DF1A3CD9197F28E8591A67BFA6CA784129666A6F7DF9D2E12440B ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:36:12.0339 0x1a0c  avkmgr - ok
23:36:12.0370 0x1a0c  [ 19B6F9073BD606B7ABEC03A0328FDC1B, 639E6A05BB0E52CDBDF887A3FA209B32F84253D274F2A9A89E1D96F1BE4C8143 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
23:36:12.0370 0x1a0c  avnetflt - ok
23:36:12.0433 0x1a0c  [ 7692F4B242E45870873CAF4CB85CF769, 9D28627FD73F62134792528A9D2F2FCCBB0FDD7E45D8D7D816B9FC3C07AE4CA2 ] AxAutoMntSrv    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
23:36:12.0448 0x1a0c  AxAutoMntSrv - ok
23:36:12.0479 0x1a0c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:36:12.0479 0x1a0c  AxInstSV - ok
23:36:12.0557 0x1a0c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:36:12.0635 0x1a0c  b06bdrv - ok
23:36:12.0682 0x1a0c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:36:12.0713 0x1a0c  b57nd60a - ok
23:36:12.0760 0x1a0c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:36:12.0760 0x1a0c  BDESVC - ok
23:36:12.0776 0x1a0c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:36:12.0776 0x1a0c  Beep - ok
23:36:12.0869 0x1a0c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:36:12.0885 0x1a0c  BFE - ok
23:36:12.0963 0x1a0c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
23:36:13.0025 0x1a0c  BITS - ok
23:36:13.0057 0x1a0c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:36:13.0057 0x1a0c  blbdrive - ok
23:36:13.0150 0x1a0c  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:36:13.0166 0x1a0c  Bonjour Service - ok
23:36:13.0228 0x1a0c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:36:13.0228 0x1a0c  bowser - ok
23:36:13.0275 0x1a0c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:36:13.0291 0x1a0c  BrFiltLo - ok
23:36:13.0291 0x1a0c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:36:13.0306 0x1a0c  BrFiltUp - ok
23:36:13.0353 0x1a0c  [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser         C:\Windows\System32\browser.dll
23:36:13.0353 0x1a0c  Browser - ok
23:36:13.0384 0x1a0c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:36:13.0415 0x1a0c  Brserid - ok
23:36:13.0447 0x1a0c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:36:13.0462 0x1a0c  BrSerWdm - ok
23:36:13.0462 0x1a0c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:36:13.0462 0x1a0c  BrUsbMdm - ok
23:36:13.0462 0x1a0c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:36:13.0462 0x1a0c  BrUsbSer - ok
23:36:13.0493 0x1a0c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
23:36:13.0509 0x1a0c  BthEnum - ok
23:36:13.0525 0x1a0c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:36:13.0540 0x1a0c  BTHMODEM - ok
23:36:13.0571 0x1a0c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:36:13.0571 0x1a0c  BthPan - ok
23:36:13.0603 0x1a0c  [ 0D25B6D300BA26A5F2C3B2A8E96B158B, 45C4D18367BDBD85D442221286FE4E9EBC053F1927A32403B2DEBF95AD4E6676 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
23:36:13.0634 0x1a0c  BTHPORT - ok
23:36:13.0665 0x1a0c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:36:13.0665 0x1a0c  bthserv - ok
23:36:13.0682 0x1a0c  [ 1F9912F8EC5BFA53432E71E150636A8A, D8DE353FA5A6B95EA1CBC79731657044C09BED38B831B8365DCCA8A6DEA67111 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
23:36:13.0697 0x1a0c  BTHUSB - ok
23:36:13.0775 0x1a0c  [ 58BF7714A312698108A96D0DE2BB6825, 87E0EC24520C9C421AF6A680FEF42E18911AABA373A9F927C5CE77AD50F8196F ] cbVSCService11  C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
23:36:13.0791 0x1a0c  cbVSCService11 - ok
23:36:13.0822 0x1a0c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:36:13.0822 0x1a0c  cdfs - ok
23:36:13.0869 0x1a0c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:36:13.0869 0x1a0c  cdrom - ok
23:36:13.0916 0x1a0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:36:13.0916 0x1a0c  CertPropSvc - ok
23:36:13.0947 0x1a0c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:36:13.0962 0x1a0c  circlass - ok
23:36:13.0994 0x1a0c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:36:14.0025 0x1a0c  CLFS - ok
23:36:14.0103 0x1a0c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:36:14.0118 0x1a0c  clr_optimization_v2.0.50727_32 - ok
23:36:14.0165 0x1a0c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:36:14.0181 0x1a0c  clr_optimization_v2.0.50727_64 - ok
23:36:14.0274 0x1a0c  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:36:14.0290 0x1a0c  clr_optimization_v4.0.30319_32 - ok
23:36:14.0352 0x1a0c  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:36:14.0352 0x1a0c  clr_optimization_v4.0.30319_64 - ok
23:36:14.0399 0x1a0c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:36:14.0399 0x1a0c  CmBatt - ok
23:36:14.0430 0x1a0c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:36:14.0446 0x1a0c  cmdide - ok
23:36:14.0508 0x1a0c  [ D5FEA92400F12412B3922087C09DA6A5, C8CD9215D26D3295FE487C96A4FC3F4C8AFED764AE9445D9858D7489823A8A2B ] CNG             C:\Windows\system32\Drivers\cng.sys
23:36:14.0555 0x1a0c  CNG - ok
23:36:14.0618 0x1a0c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:36:14.0633 0x1a0c  Compbatt - ok
23:36:14.0742 0x1a0c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:36:14.0742 0x1a0c  CompositeBus - ok
23:36:14.0758 0x1a0c  COMSysApp - ok
23:36:14.0789 0x1a0c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:36:14.0789 0x1a0c  crcdisk - ok
23:36:14.0836 0x1a0c  [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:36:14.0852 0x1a0c  CryptSvc - ok
23:36:15.0039 0x1a0c  [ 011550FE74BF9D7614794CCF6D61E1A8, 3F2D6E6B18F863040FE6056AF62FBCD13C3F836F4F17C687FE1078E08E50CDF8 ] Cype BIM        C:\CYPE Ingenieros\Versão 2017\programas\bimserv.exe
23:36:15.0070 0x1a0c  Cype BIM - ok
23:36:15.0195 0x1a0c  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
23:36:15.0195 0x1a0c  dbupdate - ok
23:36:15.0226 0x1a0c  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
23:36:15.0226 0x1a0c  dbupdatem - ok
23:36:15.0366 0x1a0c  dbx - ok
23:36:15.0398 0x1a0c  [ B8F34CB79DF33C1A613709D99F4BFE77, 686E4E071EA43C122B0BE41C471220DE9BB31A3D5FEB30079C058FCA02FF3A59 ] DbxSvc          C:\Windows\system32\DbxSvc.exe
23:36:15.0398 0x1a0c  DbxSvc - ok
23:36:15.0460 0x1a0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:36:15.0476 0x1a0c  DcomLaunch - ok
23:36:15.0522 0x1a0c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:36:15.0522 0x1a0c  defragsvc - ok
23:36:15.0554 0x1a0c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:36:15.0554 0x1a0c  DfsC - ok
23:36:15.0585 0x1a0c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:36:15.0585 0x1a0c  Dhcp - ok
23:36:15.0600 0x1a0c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:36:15.0600 0x1a0c  discache - ok
23:36:15.0647 0x1a0c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
23:36:15.0647 0x1a0c  Disk - ok
23:36:15.0695 0x1a0c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:36:15.0695 0x1a0c  Dnscache - ok
23:36:15.0711 0x1a0c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:36:15.0711 0x1a0c  dot3svc - ok
23:36:15.0742 0x1a0c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:36:15.0742 0x1a0c  DPS - ok
23:36:15.0773 0x1a0c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:36:15.0773 0x1a0c  drmkaud - ok
23:36:15.0820 0x1a0c  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:36:15.0835 0x1a0c  DXGKrnl - ok
23:36:15.0867 0x1a0c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:36:15.0882 0x1a0c  EapHost - ok
23:36:15.0993 0x1a0c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:36:16.0087 0x1a0c  ebdrv - ok
23:36:16.0134 0x1a0c  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
23:36:16.0149 0x1a0c  EFS - ok
23:36:16.0229 0x1a0c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:36:16.0261 0x1a0c  ehRecvr - ok
23:36:16.0276 0x1a0c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:36:16.0276 0x1a0c  ehSched - ok
23:36:16.0354 0x1a0c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:36:16.0401 0x1a0c  elxstor - ok
23:36:16.0417 0x1a0c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:36:16.0417 0x1a0c  ErrDev - ok
23:36:16.0495 0x1a0c  [ 5B042AA9CEBDAB5B61E747DDCEBFF51B, FBB174A6FE372F55758D6CD118F3746146866383527F5784C3AE513145F4C193 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
23:36:16.0510 0x1a0c  ETD - ok
23:36:16.0573 0x1a0c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:36:16.0588 0x1a0c  EventSystem - ok
23:36:16.0822 0x1a0c  [ 54FC81B0162478A72A93DBBEAFB35671, 1C0FA242E81105E2BB839ED32119DAF012FA4A3DB5D0E079350449CBB0CBF033 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:36:16.0885 0x1a0c  EvtEng - ok
23:36:16.0916 0x1a0c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:36:16.0931 0x1a0c  exfat - ok
23:36:16.0947 0x1a0c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:36:16.0963 0x1a0c  fastfat - ok
23:36:17.0009 0x1a0c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:36:17.0041 0x1a0c  Fax - ok
23:36:17.0072 0x1a0c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
23:36:17.0072 0x1a0c  fdc - ok
23:36:17.0087 0x1a0c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:36:17.0087 0x1a0c  fdPHost - ok
23:36:17.0103 0x1a0c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:36:17.0103 0x1a0c  FDResPub - ok
23:36:17.0119 0x1a0c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:36:17.0119 0x1a0c  FileInfo - ok
23:36:17.0119 0x1a0c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:36:17.0119 0x1a0c  Filetrace - ok
23:36:17.0228 0x1a0c  [ 8645F91F40B8D022C9AC3DABDF360A6B, 4F83080B1273C92470EB90D80B32056C913240DCC9C4C50B7BE85254066D654D ] FlexNet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
23:36:17.0275 0x1a0c  FlexNet Licensing Service 64 - ok
23:36:17.0290 0x1a0c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:36:17.0290 0x1a0c  flpydisk - ok
23:36:17.0321 0x1a0c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:36:17.0321 0x1a0c  FltMgr - ok
23:36:17.0368 0x1a0c  [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache       C:\Windows\system32\FntCache.dll
23:36:17.0399 0x1a0c  FontCache - ok
23:36:17.0509 0x1a0c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:36:17.0509 0x1a0c  FontCache3.0.0.0 - ok
23:36:17.0540 0x1a0c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:36:17.0540 0x1a0c  FsDepends - ok
23:36:17.0571 0x1a0c  [ 6C06701BF1DB05405804D7EB610991CE, 75DEB2204D9AC338ED7C4742BEFAFA0AFC7E42B2C1B54A57DF8A1AD097D9EC3E ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
23:36:17.0587 0x1a0c  fssfltr - ok
23:36:17.0712 0x1a0c  [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:36:17.0759 0x1a0c  fsssvc - ok
23:36:17.0806 0x1a0c  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:36:17.0806 0x1a0c  Fs_Rec - ok
23:36:17.0868 0x1a0c  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:36:17.0884 0x1a0c  fvevol - ok
23:36:17.0900 0x1a0c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:36:17.0915 0x1a0c  gagp30kx - ok
23:36:18.0009 0x1a0c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:36:18.0040 0x1a0c  gpsvc - ok
23:36:18.0102 0x1a0c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:36:18.0118 0x1a0c  gupdate - ok
23:36:18.0165 0x1a0c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:36:18.0165 0x1a0c  gupdatem - ok
23:36:18.0196 0x1a0c  Hardlock - ok
23:36:18.0243 0x1a0c  [ 279527CC9B260CDB1FD883D43902A2EA, 6504EE8CA013D4C7FFA83E1FA07CCE8B022DF437D094BED16B8EDB7B9F64D4D1 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
23:36:18.0243 0x1a0c  hcmon - ok
23:36:18.0274 0x1a0c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:36:18.0290 0x1a0c  hcw85cir - ok
23:36:18.0321 0x1a0c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:36:18.0336 0x1a0c  HdAudAddService - ok
23:36:18.0368 0x1a0c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:36:18.0383 0x1a0c  HDAudBus - ok
23:36:18.0399 0x1a0c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:36:18.0399 0x1a0c  HidBatt - ok
23:36:18.0414 0x1a0c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:36:18.0414 0x1a0c  HidBth - ok
23:36:18.0446 0x1a0c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:36:18.0446 0x1a0c  HidIr - ok
23:36:18.0461 0x1a0c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:36:18.0477 0x1a0c  hidserv - ok
23:36:18.0477 0x1a0c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:36:18.0477 0x1a0c  HidUsb - ok
23:36:18.0524 0x1a0c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:36:18.0524 0x1a0c  hkmsvc - ok
23:36:18.0570 0x1a0c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:36:18.0586 0x1a0c  HomeGroupListener - ok
23:36:18.0617 0x1a0c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:36:18.0633 0x1a0c  HomeGroupProvider - ok
23:36:18.0664 0x1a0c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:36:18.0680 0x1a0c  HpSAMD - ok
23:36:18.0742 0x1a0c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:36:18.0758 0x1a0c  HTTP - ok
23:36:18.0773 0x1a0c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:36:18.0773 0x1a0c  hwpolicy - ok
23:36:18.0804 0x1a0c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:36:18.0820 0x1a0c  i8042prt - ok
23:36:18.0882 0x1a0c  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:36:18.0914 0x1a0c  iaStorV - ok
23:36:19.0023 0x1a0c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:36:19.0070 0x1a0c  idsvc - ok
23:36:19.0475 0x1a0c  [ EFE5A0AF39A8E179624117C521F1E012, 185BB1106E42256A6E7C63B09737A7059DD14DEA7C1D85ADF66C50D63CFDA556 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:36:19.0882 0x1a0c  igfx - ok
23:36:19.0944 0x1a0c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:36:19.0944 0x1a0c  iirsp - ok
23:36:20.0022 0x1a0c  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:36:20.0100 0x1a0c  IKEEXT - ok
23:36:20.0303 0x1a0c  [ 9F573C952961F444F400489E81ECA381, FA390CA173A2C67C7DB37B7F386CE6B91B160C5BAEE3DD1BDCC17A0B49F7A61B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:36:20.0350 0x1a0c  IntcAzAudAddService - ok
23:36:20.0443 0x1a0c  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:36:20.0475 0x1a0c  IntcDAud - ok
23:36:20.0506 0x1a0c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:36:20.0506 0x1a0c  intelide - ok
23:36:20.0537 0x1a0c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:36:20.0553 0x1a0c  intelppm - ok
23:36:20.0631 0x1a0c  [ AEB660B8C9D7254D68E8591904ADBDA9, 7A46B2D89DB209C45BA87A14E590160B4B9ED27465450327A72BCD414BD75FBC ] iOSinstallerUpdater C:\Program Files (x86)\iOSinstaller\updater.exe
23:36:20.0646 0x1a0c  iOSinstallerUpdater - ok
23:36:20.0693 0x1a0c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:36:20.0709 0x1a0c  IPBusEnum - ok
23:36:20.0740 0x1a0c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:36:20.0740 0x1a0c  IpFilterDriver - ok
23:36:20.0802 0x1a0c  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:36:20.0833 0x1a0c  iphlpsvc - ok
23:36:20.0849 0x1a0c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:36:20.0865 0x1a0c  IPMIDRV - ok
23:36:20.0880 0x1a0c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:36:20.0880 0x1a0c  IPNAT - ok
23:36:20.0974 0x1a0c  [ 043A93A498B3C4A88CACA3BCBC9B54C7, C08C5A03940806C6CB75ADDCBE6183145AD2AFE84D77BC85E620E7C1542F0893 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:36:20.0989 0x1a0c  iPod Service - ok
23:36:21.0021 0x1a0c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:36:21.0021 0x1a0c  IRENUM - ok
23:36:21.0036 0x1a0c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:36:21.0036 0x1a0c  isapnp - ok
23:36:21.0052 0x1a0c  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:36:21.0067 0x1a0c  iScsiPrt - ok
23:36:21.0099 0x1a0c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:36:21.0099 0x1a0c  kbdclass - ok
23:36:21.0130 0x1a0c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:36:21.0130 0x1a0c  kbdhid - ok
23:36:21.0177 0x1a0c  [ E63EF8C3271D014F14E2469CE75FECB4, 3A8DFA4B446AFDC35F01FD5218D0BEBC510A1E3DE9976210F00D19767D0F9069 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
23:36:21.0177 0x1a0c  kbfiltr - ok
23:36:21.0192 0x1a0c  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
23:36:21.0192 0x1a0c  KeyIso - ok
23:36:21.0192 0x1a0c  [ CCD53B5BD33CE0C889E830D839C8B66E, 51B7556DA7DAA0BC75E00E53099776016A55FAA115D5A4E6830E12A0A0869C10 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:36:21.0208 0x1a0c  KSecDD - ok
23:36:21.0223 0x1a0c  [ 9FF918A261752C12639E8AD4208D2C2F, B60F7A730C92F2BF7E85A6CA14DD7671AEECEE154CEC83B1E23EF268C25C9E5E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:36:21.0223 0x1a0c  KSecPkg - ok
23:36:21.0239 0x1a0c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:36:21.0239 0x1a0c  ksthunk - ok
23:36:21.0286 0x1a0c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:36:21.0301 0x1a0c  KtmRm - ok
23:36:21.0333 0x1a0c  [ 033B4AED2C5519072C0D81E00804D003, 6C450A604C382416C482FED43098B4E95BD61B480B0CEFD728A269446AF18708 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
23:36:21.0333 0x1a0c  L1C - ok
23:36:21.0411 0x1a0c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:36:21.0426 0x1a0c  LanmanServer - ok
23:36:21.0457 0x1a0c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:36:21.0473 0x1a0c  LanmanWorkstation - ok
23:36:21.0504 0x1a0c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:36:21.0504 0x1a0c  lltdio - ok
23:36:21.0535 0x1a0c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:36:21.0551 0x1a0c  lltdsvc - ok
23:36:21.0567 0x1a0c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:36:21.0567 0x1a0c  lmhosts - ok
23:36:21.0598 0x1a0c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:36:21.0613 0x1a0c  LSI_FC - ok
23:36:21.0629 0x1a0c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:36:21.0629 0x1a0c  LSI_SAS - ok
23:36:21.0660 0x1a0c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:36:21.0676 0x1a0c  LSI_SAS2 - ok
23:36:21.0691 0x1a0c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:36:21.0707 0x1a0c  LSI_SCSI - ok
23:36:21.0723 0x1a0c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:36:21.0723 0x1a0c  luafv - ok
23:36:21.0973 0x1a0c  [ 804E3246E3E73D4A936F2F4BCDC53A2D, BF1F9B4AC292238FA6EE541E325B220F311977F9D87D5BC7F90AD058FBF0B35A ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
23:36:22.0144 0x1a0c  MBAMService - ok
23:36:22.0175 0x1a0c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:36:22.0175 0x1a0c  Mcx2Svc - ok
23:36:22.0207 0x1a0c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:36:22.0222 0x1a0c  megasas - ok
23:36:22.0269 0x1a0c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:36:22.0285 0x1a0c  MegaSR - ok
23:36:22.0331 0x1a0c  [ 1C6E73FC46B509EFF9D0086AA37132DF, B4FB5512D75112C553FC22593F6123A7C9B9B7825D40148F604CCEFEB149FD97 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
23:36:22.0347 0x1a0c  MEIx64 - ok
23:36:22.0363 0x1a0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:36:22.0378 0x1a0c  MMCSS - ok
23:36:22.0394 0x1a0c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:36:22.0409 0x1a0c  Modem - ok
23:36:22.0425 0x1a0c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:36:22.0441 0x1a0c  monitor - ok
23:36:22.0472 0x1a0c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:36:22.0472 0x1a0c  mouclass - ok
23:36:22.0519 0x1a0c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:36:22.0519 0x1a0c  mouhid - ok
23:36:22.0550 0x1a0c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:36:22.0550 0x1a0c  mountmgr - ok
23:36:22.0581 0x1a0c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:36:22.0612 0x1a0c  mpio - ok
23:36:22.0628 0x1a0c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:36:22.0628 0x1a0c  mpsdrv - ok
23:36:22.0675 0x1a0c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:36:22.0706 0x1a0c  MpsSvc - ok
23:36:22.0706 0x1a0c  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:36:22.0706 0x1a0c  MRxDAV - ok
23:36:22.0753 0x1a0c  [ C2B4651001A867FF3F8865863B592991, 251CAAF0F8CE94318532CB0CEF32A065BE321469D8B577F699E2B11EEFDD941A ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:36:22.0753 0x1a0c  mrxsmb - ok
23:36:22.0768 0x1a0c  [ 7E79946AFC5F799AB62982282BE5AC13, A2A95F4C7BC970FA61FCF58F1118FA3D6806A85BC8735936196CD15538FB3080 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:36:22.0784 0x1a0c  mrxsmb10 - ok
23:36:22.0784 0x1a0c  [ 5FB954100CEA2BFEC6446FBBECAA3F79, 305F04F22E6632731E5A8C0E4BEE731DB5D0A3D1A0639C04C6575D36BFC90B5B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:36:22.0784 0x1a0c  mrxsmb20 - ok
23:36:22.0815 0x1a0c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:36:22.0815 0x1a0c  msahci - ok
23:36:22.0815 0x1a0c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:36:22.0815 0x1a0c  msdsm - ok
23:36:22.0846 0x1a0c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:36:22.0846 0x1a0c  MSDTC - ok
23:36:22.0862 0x1a0c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:36:22.0862 0x1a0c  Msfs - ok
23:36:22.0893 0x1a0c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:36:22.0893 0x1a0c  mshidkmdf - ok
23:36:22.0909 0x1a0c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:36:22.0909 0x1a0c  msisadrv - ok
23:36:22.0940 0x1a0c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:36:22.0955 0x1a0c  MSiSCSI - ok
23:36:22.0955 0x1a0c  msiserver - ok
23:36:22.0987 0x1a0c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:36:22.0987 0x1a0c  MSKSSRV - ok
23:36:23.0002 0x1a0c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:36:23.0002 0x1a0c  MSPCLOCK - ok
23:36:23.0002 0x1a0c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:36:23.0002 0x1a0c  MSPQM - ok
23:36:23.0033 0x1a0c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:36:23.0049 0x1a0c  MsRPC - ok
23:36:23.0065 0x1a0c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:36:23.0065 0x1a0c  mssmbios - ok
23:36:23.0065 0x1a0c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:36:23.0065 0x1a0c  MSTEE - ok
23:36:23.0065 0x1a0c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:36:23.0065 0x1a0c  MTConfig - ok
23:36:23.0080 0x1a0c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:36:23.0080 0x1a0c  Mup - ok
23:36:23.0174 0x1a0c  [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0, 165EE2AB6F989E8D48AA52121B608510E932106835DA43071CC6476630C012FE ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:36:23.0189 0x1a0c  MyWiFiDHCPDNS - ok
23:36:23.0221 0x1a0c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:36:23.0252 0x1a0c  napagent - ok
23:36:23.0299 0x1a0c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:36:23.0299 0x1a0c  NativeWifiP - ok
23:36:23.0470 0x1a0c  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
23:36:23.0501 0x1a0c  NAUpdate - ok
23:36:23.0595 0x1a0c  [ C38B8AE57F78915905064A9A24DC1586, 5A24A490AC5DB4FCC745182BDBAEA8836E8FBEC635609AE4CF51DAC3A30A8221 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:36:23.0626 0x1a0c  NDIS - ok
23:36:23.0657 0x1a0c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:36:23.0657 0x1a0c  NdisCap - ok
23:36:23.0689 0x1a0c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:36:23.0689 0x1a0c  NdisTapi - ok
23:36:23.0704 0x1a0c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:36:23.0704 0x1a0c  Ndisuio - ok
23:36:23.0735 0x1a0c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:36:23.0735 0x1a0c  NdisWan - ok
23:36:23.0752 0x1a0c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:36:23.0768 0x1a0c  NDProxy - ok
23:36:23.0768 0x1a0c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:36:23.0783 0x1a0c  NetBIOS - ok
23:36:23.0799 0x1a0c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:36:23.0814 0x1a0c  NetBT - ok
23:36:23.0830 0x1a0c  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
23:36:23.0830 0x1a0c  Netlogon - ok
23:36:23.0861 0x1a0c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:36:23.0877 0x1a0c  Netman - ok
23:36:23.0970 0x1a0c  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:36:23.0970 0x1a0c  NetMsmqActivator - ok
23:36:23.0986 0x1a0c  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:36:24.0002 0x1a0c  NetPipeActivator - ok
23:36:24.0017 0x1a0c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:36:24.0033 0x1a0c  netprofm - ok
23:36:24.0033 0x1a0c  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:36:24.0033 0x1a0c  NetTcpActivator - ok
23:36:24.0048 0x1a0c  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:36:24.0048 0x1a0c  NetTcpPortSharing - ok
23:36:24.0392 0x1a0c  [ AC69618DE5BCCE8747C9AB0AAE1003C1, D975963FA338AB58684BE0556633F3A846D5360FAD1A5E11BB7A273474DFB64D ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
23:36:24.0672 0x1a0c  NETwNs64 - ok
23:36:24.0735 0x1a0c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:36:24.0735 0x1a0c  nfrd960 - ok
23:36:24.0782 0x1a0c  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:36:24.0813 0x1a0c  NlaSvc - ok
23:36:24.0828 0x1a0c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:36:24.0844 0x1a0c  Npfs - ok
23:36:24.0844 0x1a0c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:36:24.0844 0x1a0c  nsi - ok
23:36:24.0860 0x1a0c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:36:24.0860 0x1a0c  nsiproxy - ok
23:36:24.0938 0x1a0c  [ 05D78AA5CB5F3F5C31160BDB955D0B7C, E3CD3FAF52ED11A8FB96D667510F1EDCA49053705AA3A13F560F8F6EC995CA45 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:36:24.0984 0x1a0c  Ntfs - ok
23:36:25.0000 0x1a0c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:36:25.0000 0x1a0c  Null - ok
23:36:25.0437 0x1a0c  [ 07CA1D99512EE5EF99E954A13F3BFFA8, 0F629E7B89426D19F9AF6967A70B4F28C62323C1AF470635CAA9AFD52E1BCF79 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:36:25.0655 0x1a0c  nvlddmkm - ok
23:36:25.0702 0x1a0c  [ A8DB9EBD9887A9820DBC1878F0301EE7, F7BB512FBDE73D9D9475DD610C49C7366EA09A4B10CCB26CFDCC26B87BE5BE4C ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
23:36:25.0702 0x1a0c  nvpciflt - ok
23:36:25.0749 0x1a0c  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:36:25.0765 0x1a0c  nvraid - ok
23:36:25.0797 0x1a0c  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:36:25.0828 0x1a0c  nvstor - ok
23:36:25.0890 0x1a0c  [ 9007A22A1938A9EF81CA5122121ECCD8, 9E307F2FE138C9C17623CE1B47F00DF15D4AA6D8E936713EABE9F60E3F373B24 ] NVSvc           C:\Windows\system32\nvvsvc.exe
23:36:25.0921 0x1a0c  NVSvc - ok
23:36:26.0046 0x1a0c  [ 00572C26C6DCF99362068FB7283B7126, 76898C31D785A66EFFD4A6AFADE0C42C5FA121A93069FF7908F534AC97AE2DCB ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
23:36:26.0109 0x1a0c  nvUpdatusService - ok
23:36:26.0140 0x1a0c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:36:26.0140 0x1a0c  nv_agp - ok
23:36:26.0171 0x1a0c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:36:26.0171 0x1a0c  ohci1394 - ok
23:36:26.0265 0x1a0c  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:36:26.0280 0x1a0c  ose - ok
23:36:26.0514 0x1a0c  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:36:26.0686 0x1a0c  osppsvc - ok
23:36:26.0748 0x1a0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:36:26.0779 0x1a0c  p2pimsvc - ok
23:36:26.0826 0x1a0c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:36:26.0842 0x1a0c  p2psvc - ok
23:36:26.0889 0x1a0c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
23:36:26.0889 0x1a0c  Parport - ok
23:36:26.0920 0x1a0c  [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:36:26.0920 0x1a0c  partmgr - ok
23:36:26.0951 0x1a0c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:36:26.0951 0x1a0c  PcaSvc - ok
23:36:26.0982 0x1a0c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:36:26.0982 0x1a0c  pci - ok
23:36:27.0013 0x1a0c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:36:27.0013 0x1a0c  pciide - ok
23:36:27.0045 0x1a0c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:36:27.0045 0x1a0c  pcmcia - ok
23:36:27.0076 0x1a0c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:36:27.0076 0x1a0c  pcw - ok
23:36:27.0107 0x1a0c  [ 9F5E27C8B88A8DA1DC93E93A5C27BB9B, 296516C813F0AFE1BC6B837B213141C0B07F06448F706988990B802FA89D45DC ] PDFsFilter      C:\Windows\system32\DRIVERS\PDFsFilter.sys
23:36:27.0107 0x1a0c  PDFsFilter - ok
23:36:27.0138 0x1a0c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:36:27.0169 0x1a0c  PEAUTH - ok
23:36:27.0294 0x1a0c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:36:27.0294 0x1a0c  PerfHost - ok
23:36:27.0419 0x1a0c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:36:27.0466 0x1a0c  pla - ok
23:36:27.0497 0x1a0c  [ B806E50427511BCF4AD8E8239C3E25FA, AB89B48ECCF90F701B314D18BE531CDA5ABE1636C17B994A5E4BE5AAC136B4E3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:36:27.0513 0x1a0c  PlugPlay - ok
23:36:27.0528 0x1a0c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:36:27.0528 0x1a0c  PNRPAutoReg - ok
23:36:27.0544 0x1a0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:36:27.0544 0x1a0c  PNRPsvc - ok
23:36:27.0591 0x1a0c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:36:27.0606 0x1a0c  PolicyAgent - ok
23:36:27.0637 0x1a0c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:36:27.0637 0x1a0c  Power - ok
23:36:27.0684 0x1a0c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:36:27.0700 0x1a0c  PptpMiniport - ok
23:36:27.0731 0x1a0c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
23:36:27.0731 0x1a0c  Processor - ok
23:36:27.0747 0x1a0c  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
23:36:27.0762 0x1a0c  ProfSvc - ok
23:36:27.0779 0x1a0c  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:36:27.0779 0x1a0c  ProtectedStorage - ok
23:36:27.0826 0x1a0c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:36:27.0826 0x1a0c  Psched - ok
23:36:27.0919 0x1a0c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:36:27.0982 0x1a0c  ql2300 - ok
23:36:27.0997 0x1a0c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:36:28.0013 0x1a0c  ql40xx - ok
23:36:28.0028 0x1a0c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:36:28.0044 0x1a0c  QWAVE - ok
23:36:28.0044 0x1a0c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:36:28.0044 0x1a0c  QWAVEdrv - ok
23:36:28.0060 0x1a0c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:36:28.0060 0x1a0c  RasAcd - ok
23:36:28.0091 0x1a0c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:36:28.0091 0x1a0c  RasAgileVpn - ok
23:36:28.0138 0x1a0c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:36:28.0138 0x1a0c  RasAuto - ok
23:36:28.0200 0x1a0c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:36:28.0216 0x1a0c  Rasl2tp - ok
23:36:28.0231 0x1a0c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:36:28.0247 0x1a0c  RasMan - ok
23:36:28.0262 0x1a0c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:36:28.0262 0x1a0c  RasPppoe - ok
23:36:28.0278 0x1a0c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:36:28.0278 0x1a0c  RasSstp - ok
23:36:28.0340 0x1a0c  [ 0C7AF32DD37EDE54916F3C2B8E6F9B6A, 33DE531356F37186A178C65595C04A1D481D149939DFE48C8BDD9DF5ACBEAF5E ] RawDisk3        C:\Windows\system32\drivers\rawdsk3.sys
23:36:28.0356 0x1a0c  RawDisk3 - ok
23:36:28.0387 0x1a0c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:36:28.0403 0x1a0c  rdbss - ok
23:36:28.0418 0x1a0c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23:36:28.0418 0x1a0c  rdpbus - ok
23:36:28.0434 0x1a0c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:36:28.0450 0x1a0c  RDPCDD - ok
23:36:28.0450 0x1a0c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:36:28.0450 0x1a0c  RDPENCDD - ok
23:36:28.0467 0x1a0c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:36:28.0467 0x1a0c  RDPREFMP - ok
23:36:28.0483 0x1a0c  [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:36:28.0483 0x1a0c  RDPWD - ok
23:36:28.0530 0x1a0c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:36:28.0545 0x1a0c  rdyboost - ok
23:36:28.0639 0x1a0c  [ A436F5E7D80BBDBB0826D0F176D5BEA8, 7862CE61F182C7613E34415C01AC1C228F79A45470CFD1D316DF2BD24EE09E3C ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:36:28.0654 0x1a0c  RegSrvc - ok
23:36:28.0686 0x1a0c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:36:28.0686 0x1a0c  RemoteAccess - ok
23:36:28.0717 0x1a0c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:36:28.0717 0x1a0c  RemoteRegistry - ok
23:36:28.0732 0x1a0c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:36:28.0748 0x1a0c  RFCOMM - ok
23:36:28.0764 0x1a0c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:36:28.0764 0x1a0c  RpcEptMapper - ok
23:36:28.0779 0x1a0c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:36:28.0779 0x1a0c  RpcLocator - ok
23:36:28.0810 0x1a0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
23:36:28.0826 0x1a0c  RpcSs - ok
23:36:28.0857 0x1a0c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:36:28.0857 0x1a0c  rspndr - ok
23:36:28.0920 0x1a0c  [ E57FAC2CDB73F06586ED2ED310B80932, 9BFC866E8AF555810127D1B95D1950BAC645C2553A46620417F6BA19FF5706B7 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
23:36:28.0935 0x1a0c  RSUSBVSTOR - ok
23:36:29.0013 0x1a0c  [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A, AB2615EB7313C02F6311143B27A426042A16925480ECBA6880448BE9818E9A39 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
23:36:29.0029 0x1a0c  RTL8167 - ok
23:36:29.0044 0x1a0c  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
23:36:29.0044 0x1a0c  SamSs - ok
23:36:29.0060 0x1a0c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:36:29.0076 0x1a0c  sbp2port - ok
23:36:29.0107 0x1a0c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:36:29.0122 0x1a0c  SCardSvr - ok
23:36:29.0122 0x1a0c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:36:29.0122 0x1a0c  scfilter - ok
23:36:29.0169 0x1a0c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
23:36:29.0200 0x1a0c  Schedule - ok
23:36:29.0232 0x1a0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:36:29.0232 0x1a0c  SCPolicySvc - ok
23:36:29.0263 0x1a0c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:36:29.0278 0x1a0c  SDRSVC - ok
23:36:29.0294 0x1a0c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:36:29.0310 0x1a0c  secdrv - ok
23:36:29.0310 0x1a0c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
23:36:29.0310 0x1a0c  seclogon - ok
23:36:29.0341 0x1a0c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:36:29.0341 0x1a0c  SENS - ok
23:36:29.0356 0x1a0c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:36:29.0356 0x1a0c  SensrSvc - ok
23:36:29.0403 0x1a0c  [ 255476B54C82A89416EFDF09FD62F107, 000A6F7F15177A08ED4E22DB1C06F9FF0F8D324541A3E7AF7F35123D9CA4122D ] Sentinel64      C:\Windows\System32\Drivers\Sentinel64.sys
23:36:29.0419 0x1a0c  Sentinel64 - ok
23:36:29.0434 0x1a0c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:36:29.0434 0x1a0c  Serenum - ok
23:36:29.0466 0x1a0c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
23:36:29.0481 0x1a0c  Serial - ok
23:36:29.0512 0x1a0c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:36:29.0512 0x1a0c  sermouse - ok
23:36:29.0559 0x1a0c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:36:29.0559 0x1a0c  SessionEnv - ok
23:36:29.0575 0x1a0c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:36:29.0575 0x1a0c  sffdisk - ok
23:36:29.0575 0x1a0c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:36:29.0590 0x1a0c  sffp_mmc - ok
23:36:29.0606 0x1a0c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:36:29.0606 0x1a0c  sffp_sd - ok
23:36:29.0606 0x1a0c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:36:29.0606 0x1a0c  sfloppy - ok
23:36:29.0653 0x1a0c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:36:29.0653 0x1a0c  SharedAccess - ok
23:36:29.0684 0x1a0c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:36:29.0684 0x1a0c  ShellHWDetection - ok
23:36:29.0715 0x1a0c  [ 1BC348CF6BAA90EC8E533EF6E6A69933, 2B26F6EB701F48E092DED6A7B888F24736F2899EE81D54DD4B1E9DF7CFD36E7A ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
23:36:29.0715 0x1a0c  SiSGbeLH - ok
23:36:29.0746 0x1a0c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:36:29.0762 0x1a0c  SiSRaid2 - ok
23:36:29.0778 0x1a0c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:36:29.0794 0x1a0c  SiSRaid4 - ok
23:36:29.0825 0x1a0c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:36:29.0825 0x1a0c  Smb - ok
23:36:29.0857 0x1a0c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:36:29.0872 0x1a0c  SNMPTRAP - ok
23:36:29.0888 0x1a0c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:36:29.0888 0x1a0c  spldr - ok
23:36:29.0935 0x1a0c  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
23:36:29.0966 0x1a0c  Spooler - ok
23:36:30.0075 0x1a0c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:36:30.0200 0x1a0c  sppsvc - ok
23:36:30.0215 0x1a0c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:36:30.0215 0x1a0c  sppuinotify - ok
23:36:30.0231 0x1a0c  sptd - ok
23:36:30.0293 0x1a0c  [ 65BBF4920148C2EE279055DA7228FC7B, 3780947B69277A4AF835D6D45E16AAE5FFC6127763DFE1E2110AB282514CCFDE ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:36:30.0340 0x1a0c  srv - ok
23:36:30.0371 0x1a0c  [ DA939F762A1CCC2D77428621DDBD40A7, D77CA5ADFD121D2E85B0EF3BF6E75C27C60CDC1FAA8909AE8D280E27281F9F37 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:36:30.0371 0x1a0c  srv2 - ok
23:36:30.0387 0x1a0c  [ 3F847C9DC87299516F7DC82FB6572865, 6536C044DF175FA560AE41FA082FB92A3D6FA35752200A7437EA5B5AA9D4590B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:36:30.0403 0x1a0c  srvnet - ok
23:36:30.0434 0x1a0c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:36:30.0434 0x1a0c  SSDPSRV - ok
23:36:30.0449 0x1a0c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:36:30.0449 0x1a0c  SstpSvc - ok
23:36:30.0559 0x1a0c  [ E5C796B621F6FBA8616511063D7F0FFE, 447FA64F552D4B04AD029E01485B4438A70D9B9B98EB49A883D5B17ED4C1D52F ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
23:36:30.0559 0x1a0c  StarWindServiceAE - ok
23:36:30.0590 0x1a0c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:36:30.0590 0x1a0c  stexstor - ok
23:36:30.0637 0x1a0c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:36:30.0652 0x1a0c  stisvc - ok
23:36:30.0668 0x1a0c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:36:30.0668 0x1a0c  swenum - ok
23:36:30.0699 0x1a0c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:36:30.0715 0x1a0c  swprv - ok
23:36:30.0777 0x1a0c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
23:36:30.0824 0x1a0c  SysMain - ok
23:36:30.0855 0x1a0c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:36:30.0855 0x1a0c  TabletInputService - ok
23:36:30.0871 0x1a0c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:36:30.0886 0x1a0c  TapiSrv - ok
23:36:30.0886 0x1a0c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:36:30.0902 0x1a0c  TBS - ok
23:36:30.0980 0x1a0c  [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:36:31.0011 0x1a0c  Tcpip - ok
23:36:31.0136 0x1a0c  [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:36:31.0167 0x1a0c  TCPIP6 - ok
23:36:31.0198 0x1a0c  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:36:31.0198 0x1a0c  tcpipreg - ok
23:36:31.0214 0x1a0c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:36:31.0214 0x1a0c  TDPIPE - ok
23:36:31.0229 0x1a0c  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:36:31.0229 0x1a0c  TDTCP - ok
23:36:31.0245 0x1a0c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:36:31.0245 0x1a0c  tdx - ok
23:36:31.0276 0x1a0c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:36:31.0276 0x1a0c  TermDD - ok
23:36:31.0354 0x1a0c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
23:36:31.0385 0x1a0c  TermService - ok
23:36:31.0417 0x1a0c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:36:31.0417 0x1a0c  Themes - ok
23:36:31.0448 0x1a0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:36:31.0448 0x1a0c  THREADORDER - ok
23:36:31.0463 0x1a0c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:36:31.0463 0x1a0c  TrkWks - ok
23:36:31.0526 0x1a0c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:36:31.0541 0x1a0c  TrustedInstaller - ok
23:36:31.0557 0x1a0c  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:36:31.0557 0x1a0c  tssecsrv - ok
23:36:31.0604 0x1a0c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:36:31.0604 0x1a0c  TsUsbFlt - ok
23:36:31.0619 0x1a0c  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:36:31.0635 0x1a0c  TsUsbGD - ok
23:36:31.0682 0x1a0c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:36:31.0682 0x1a0c  tunnel - ok
23:36:31.0729 0x1a0c  [ B355581A9DA34C92E2DBAFA410D2F829, 2EB97A055CB41898CA9FB7A58C6EEE5653CF18FD54123B346F8A664A3BE62874 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
23:36:31.0744 0x1a0c  TurboB - ok
23:36:31.0839 0x1a0c  [ 6564E84B1522C12EA1C3A181ED03276F, BADCCD3F28149427FEFCB0CF5011A87B0ED32752B81D211A9551983A4BD3699E ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:36:31.0839 0x1a0c  TurboBoost - ok
23:36:31.0854 0x1a0c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:36:31.0854 0x1a0c  uagp35 - ok
23:36:31.0901 0x1a0c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:36:31.0901 0x1a0c  udfs - ok
23:36:31.0932 0x1a0c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:36:31.0932 0x1a0c  UI0Detect - ok
23:36:31.0948 0x1a0c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:36:31.0964 0x1a0c  uliagpkx - ok
23:36:31.0979 0x1a0c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:36:31.0995 0x1a0c  umbus - ok
23:36:32.0010 0x1a0c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:36:32.0010 0x1a0c  UmPass - ok
23:36:32.0042 0x1a0c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:36:32.0042 0x1a0c  upnphost - ok
23:36:32.0088 0x1a0c  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:36:32.0088 0x1a0c  USBAAPL64 - ok
23:36:32.0120 0x1a0c  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829, 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:36:32.0120 0x1a0c  usbccgp - ok
23:36:32.0151 0x1a0c  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:36:32.0151 0x1a0c  usbcir - ok
23:36:32.0166 0x1a0c  [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:36:32.0166 0x1a0c  usbehci - ok
23:36:32.0213 0x1a0c  [ DC96BD9CCB8403251BCF25047573558E, 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:36:32.0213 0x1a0c  usbhub - ok
23:36:32.0229 0x1a0c  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:36:32.0229 0x1a0c  usbohci - ok
23:36:32.0260 0x1a0c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:36:32.0260 0x1a0c  usbprint - ok
23:36:32.0291 0x1a0c  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:36:32.0291 0x1a0c  usbscan - ok
23:36:32.0307 0x1a0c  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:36:32.0307 0x1a0c  USBSTOR - ok
23:36:32.0322 0x1a0c  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:36:32.0322 0x1a0c  usbuhci - ok
23:36:32.0354 0x1a0c  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:36:32.0369 0x1a0c  usbvideo - ok
23:36:32.0400 0x1a0c  [ 70D05EE263568A742D14E1876DF80532, D49D7B60EE30F2398B8B532F4A4C3F17535485F2BDB9B14AB600E2A4E3F12A6B ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
23:36:32.0400 0x1a0c  usb_rndisx - ok
23:36:32.0432 0x1a0c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:36:32.0447 0x1a0c  UxSms - ok
23:36:32.0463 0x1a0c  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
23:36:32.0463 0x1a0c  VaultSvc - ok
23:36:32.0510 0x1a0c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:36:32.0510 0x1a0c  vdrvroot - ok
23:36:32.0556 0x1a0c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:36:32.0588 0x1a0c  vds - ok
23:36:32.0634 0x1a0c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:36:32.0634 0x1a0c  vga - ok
23:36:32.0666 0x1a0c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:36:32.0666 0x1a0c  VgaSave - ok
23:36:32.0712 0x1a0c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:36:32.0744 0x1a0c  vhdmp - ok
23:36:32.0759 0x1a0c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:36:32.0775 0x1a0c  viaide - ok
23:36:32.0884 0x1a0c  [ 5F9CBD6D40E32CAEB55DB4A0799EBA72, 2F67D76F8DFC63C4886CDF1F83E012F1FFAE57914DC18338993B2292E1FED008 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
23:36:32.0884 0x1a0c  VMAuthdService - ok
23:36:32.0931 0x1a0c  [ 23B3E571717D59C8B0A6963B79061B57, B41BF84972DE78FDD9FA1D69D0514FEABB238321A29608A5304D97EB6CC02B3F ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
23:36:32.0946 0x1a0c  vmci - ok
23:36:32.0978 0x1a0c  [ 7A65D35A4B6C342B8242018AB9DA3006, 652EA2C93F4ADBF1E9C0363C005C46220AFFAB546D481E4CC97C5F56CF807351 ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
23:36:32.0993 0x1a0c  vmkbd - ok
23:36:33.0024 0x1a0c  [ A3412EC3FF7A5AC2CA3A3951476BFA9C, 8A3D241168205B6B5348F44DF89875067CDD5B29BE8CF14ADA8403225AE2A379 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
23:36:33.0040 0x1a0c  VMnetAdapter - ok
23:36:33.0071 0x1a0c  [ F76AD463DBE8D30CB715A09DF9FF2BE9, 5B2184582496ED0EE8582C6AD3BCF49674690C585439B6F57B43ADC12DF941F6 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
23:36:33.0087 0x1a0c  VMnetBridge - ok
23:36:33.0134 0x1a0c  [ C84A6FA836262BD7CBE611F08B554E8B, 01DBC1DF1B03EA41FE2B61E29C79A3460A491E00A3E3329E80CE722071DC1740 ] VMnetDHCP       C:\Windows\SysWOW64\vmnetdhcp.exe
23:36:33.0149 0x1a0c  VMnetDHCP - ok
23:36:33.0165 0x1a0c  [ 75ABEBF8F9FD94D6E17AB8CCAF1EEABD, 3793482B17772A1E3962D07AE35C86A0331D93B2E7F965355321F3EB9CD3E3B9 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
23:36:33.0165 0x1a0c  VMnetuserif - ok
23:36:33.0305 0x1a0c  [ B30B940E999CC59A701B564A7E359D09, 390BAD5C691EEAC17FC74659169ED1A3937CA2EB8B15842070C25D536CC4AC59 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
23:36:33.0352 0x1a0c  VMUSBArbService - ok
23:36:33.0368 0x1a0c  [ DF89A1667D769377CA5441A6F62F9031, F25A85B2E16AF3EDAFE2BF3534F664563E0CDB3B8B9FB90447781FD0BD8BAB41 ] VMware NAT Service C:\Windows\SysWOW64\vmnat.exe
23:36:33.0383 0x1a0c  VMware NAT Service - ok
23:36:33.0399 0x1a0c  [ E46D38C01BA7E4C914CC9191B15B6DB2, 4A194F06848835318E1A8C80D308AE3B923084BFFD23098022E8B5D508F34F62 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
23:36:33.0399 0x1a0c  vmx86 - ok
23:36:33.0430 0x1a0c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:36:33.0446 0x1a0c  volmgr - ok
23:36:33.0461 0x1a0c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:36:33.0477 0x1a0c  volmgrx - ok
23:36:33.0492 0x1a0c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:36:33.0492 0x1a0c  volsnap - ok
23:36:33.0539 0x1a0c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:36:33.0539 0x1a0c  vsmraid - ok
23:36:33.0555 0x1a0c  [ 7639A7B4A8E5204BB37B479C2D1C8934, 2A35B3A7B20EE3F5888A089D1E46A7FD7B2D86AB36D3401A224F7CD39ABE7F27 ] vsock           C:\Windows\system32\drivers\vsock.sys
23:36:33.0555 0x1a0c  vsock - ok
23:36:33.0664 0x1a0c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:36:33.0711 0x1a0c  VSS - ok
23:36:33.0726 0x1a0c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:36:33.0726 0x1a0c  vwifibus - ok
23:36:33.0742 0x1a0c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:36:33.0742 0x1a0c  vwififlt - ok
23:36:33.0773 0x1a0c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:36:33.0773 0x1a0c  vwifimp - ok
23:36:33.0804 0x1a0c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:36:33.0804 0x1a0c  W32Time - ok
23:36:33.0837 0x1a0c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:36:33.0837 0x1a0c  WacomPen - ok
23:36:33.0883 0x1a0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:36:33.0883 0x1a0c  WANARP - ok
23:36:33.0899 0x1a0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:36:33.0915 0x1a0c  Wanarpv6 - ok
23:36:33.0993 0x1a0c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:36:34.0039 0x1a0c  wbengine - ok
23:36:34.0055 0x1a0c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:36:34.0055 0x1a0c  WbioSrvc - ok
23:36:34.0091 0x1a0c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:36:34.0095 0x1a0c  wcncsvc - ok
23:36:34.0095 0x1a0c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:36:34.0111 0x1a0c  WcsPlugInService - ok
23:36:34.0126 0x1a0c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
23:36:34.0126 0x1a0c  Wd - ok
23:36:34.0204 0x1a0c  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:36:34.0220 0x1a0c  Wdf01000 - ok
23:36:34.0267 0x1a0c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:36:34.0282 0x1a0c  WdiServiceHost - ok
23:36:34.0282 0x1a0c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:36:34.0298 0x1a0c  WdiSystemHost - ok
23:36:34.0314 0x1a0c  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
23:36:34.0329 0x1a0c  WebClient - ok
23:36:34.0345 0x1a0c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:36:34.0345 0x1a0c  Wecsvc - ok
23:36:34.0360 0x1a0c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:36:34.0360 0x1a0c  wercplsupport - ok
23:36:34.0392 0x1a0c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:36:34.0392 0x1a0c  WerSvc - ok
23:36:34.0423 0x1a0c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:36:34.0423 0x1a0c  WfpLwf - ok
23:36:34.0485 0x1a0c  [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
23:36:34.0516 0x1a0c  WimFltr - ok
23:36:34.0532 0x1a0c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:36:34.0532 0x1a0c  WIMMount - ok
23:36:34.0563 0x1a0c  WinDefend - ok
23:36:34.0579 0x1a0c  WinHttpAutoProxySvc - ok
23:36:34.0641 0x1a0c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:36:34.0672 0x1a0c  Winmgmt - ok
23:36:34.0797 0x1a0c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:36:34.0860 0x1a0c  WinRM - ok
23:36:34.0938 0x1a0c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:36:34.0938 0x1a0c  WinUsb - ok
23:36:35.0156 0x1a0c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:36:35.0172 0x1a0c  Wlansvc - ok
23:36:35.0281 0x1a0c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:36:35.0281 0x1a0c  wlcrasvc - ok
23:36:35.0468 0x1a0c  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:36:35.0530 0x1a0c  wlidsvc - ok
23:36:35.0562 0x1a0c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:36:35.0562 0x1a0c  WmiAcpi - ok
23:36:35.0593 0x1a0c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:36:35.0608 0x1a0c  wmiApSrv - ok
23:36:35.0624 0x1a0c  WMPNetworkSvc - ok
23:36:35.0640 0x1a0c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:36:35.0655 0x1a0c  WPCSvc - ok
23:36:35.0671 0x1a0c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:36:35.0671 0x1a0c  WPDBusEnum - ok
23:36:35.0671 0x1a0c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:36:35.0671 0x1a0c  ws2ifsl - ok
23:36:35.0686 0x1a0c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:36:35.0686 0x1a0c  wscsvc - ok
23:36:35.0686 0x1a0c  WSearch - ok
23:36:35.0811 0x1a0c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:36:35.0921 0x1a0c  wuauserv - ok
23:36:35.0937 0x1a0c  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:36:35.0953 0x1a0c  WudfPf - ok
23:36:35.0984 0x1a0c  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:36:35.0999 0x1a0c  WUDFRd - ok
23:36:35.0999 0x1a0c  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:36:36.0015 0x1a0c  wudfsvc - ok
23:36:36.0031 0x1a0c  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:36:36.0046 0x1a0c  WwanSvc - ok
23:36:36.0109 0x1a0c  ================ Scan global ===============================
23:36:36.0124 0x1a0c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:36:36.0155 0x1a0c  [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
23:36:36.0187 0x1a0c  [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
23:36:36.0233 0x1a0c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:36:36.0296 0x1a0c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:36:36.0327 0x1a0c  [ Global ] - ok
23:36:36.0327 0x1a0c  ================ Scan MBR ==================================
23:36:36.0343 0x1a0c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:36:36.0655 0x1a0c  \Device\Harddisk0\DR0 - ok
23:36:36.0655 0x1a0c  ================ Scan VBR ==================================
23:36:36.0670 0x1a0c  [ BEE10DEC61953E7BF6B1937AC53C8236 ] \Device\Harddisk0\DR0\Partition1
23:36:36.0670 0x1a0c  \Device\Harddisk0\DR0\Partition1 - ok
23:36:36.0686 0x1a0c  [ E72F9AED4ABA760EBFBA0968F0C8043F ] \Device\Harddisk0\DR0\Partition2
23:36:36.0686 0x1a0c  \Device\Harddisk0\DR0\Partition2 - ok
23:36:36.0686 0x1a0c  ================ Scan generic autorun ======================
23:36:36.0748 0x1a0c  [ 8B123B4EA20E18758482000149FEF3B4, AA9E5217761D288FD69E4D2FF5F058F3D153B13169744DF8601F0B1949FCE0D3 ] C:\Windows\system32\igfxtray.exe
23:36:36.0748 0x1a0c  IgfxTray - ok
23:36:36.0795 0x1a0c  [ 3433C7D4EA35E9709430CA126C979AFE, AAE4D056FF69DD140675C57E3207883B4310F86111020B177DC6B1E1F73E9943 ] C:\Windows\system32\igfxpers.exe
23:36:36.0811 0x1a0c  Persistence - ok
23:36:36.0811 0x1a0c  ETDCtrl - ok
23:36:36.0935 0x1a0c  [ FD22B00049F775E952371E9C3DAC631B, CBC3BF5DBF3E0D5EA4095F9FE90D8688D43BEF352B657D5EF5D843267ED35388 ] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
23:36:36.0982 0x1a0c  Wireless Console 3 - ok
23:36:37.0107 0x1a0c  [ 30ECFDFE0FAE38B0608A23B444A1A04D, C61EFB59D3ACA2C7345E17099265D62C37F9F34DA026519A58C297350A561945 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
23:36:37.0138 0x1a0c  avgnt - ok
23:36:37.0232 0x1a0c  [ 2D32F0EF950AED6AD007D042676FD39E, 397B1FBDBCE64CA6B34206CC6DA6A484177C94C84C87FB9A5C457B24C7FAA03F ] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
23:36:37.0247 0x1a0c  ATKOSD2 - ok
23:36:37.0279 0x1a0c  [ A2791CF11D1ED52DBCD75D2FFD4D50E7, 9C06378E96430A70BFAF52C35B6D280DEE304D3D7E42FA9E0EECC6FBD3D6FC54 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
23:36:37.0279 0x1a0c  ATKMEDIA - ok
23:36:37.0310 0x1a0c  [ 5AEBF6FA9805C9101220AA4FB4FA17E7, A9B2FC41380211A6C44E839A95676A5BA868CEEBB56D83A780230434C2A20836 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
23:36:37.0310 0x1a0c  HControlUser - ok
23:36:37.0372 0x1a0c  [ AF9688A90020A67F271D54E503F84C26, 538E068126D072F64BE7BC1B5902D20B6755EF7F7B1C3A04F82C9C97BE0AD50E ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
23:36:37.0372 0x1a0c  Avira SystrayStartTrigger - ok
23:36:37.0450 0x1a0c  Dropbox - ok
23:36:37.0559 0x1a0c  [ 56831CF0D755103BB0E7EA141A4895D9, 496A4EA8F84C0A9E79E1267B16B10F60F737F79BECBEECE593416D79F03B1063 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
23:36:37.0575 0x1a0c  SunJavaUpdateSched - ok
23:36:37.0684 0x1a0c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:36:37.0715 0x1a0c  Sidebar - ok
23:36:37.0731 0x1a0c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:36:37.0747 0x1a0c  mctadmin - ok
23:36:37.0778 0x1a0c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:36:37.0793 0x1a0c  Sidebar - ok
23:36:37.0809 0x1a0c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:36:37.0809 0x1a0c  mctadmin - ok
23:36:37.0841 0x1a0c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:36:37.0857 0x1a0c  Sidebar - ok
23:36:37.0872 0x1a0c  ISUSPM - ok
23:36:37.0888 0x1a0c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:36:37.0888 0x1a0c  mctadmin - ok
23:36:37.0982 0x1a0c  [ 64F911CA43AF4099B679CD85759EAC04, 5CC2C654BFA67652F801FCE034DB7441B89BC9A4B8DCE3CEEC67F829C10FE4AD ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
23:36:37.0997 0x1a0c  GoogleChromeAutoLaunch_7B82EAC530586E33232462E738397CCE - ok
23:36:37.0997 0x1a0c  Waiting for KSN requests completion. In queue: 103
23:36:39.0011 0x1a0c  Waiting for KSN requests completion. In queue: 103
23:36:40.0026 0x1a0c  Waiting for KSN requests completion. In queue: 103
23:36:41.0071 0x1a0c  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\WindowsSecurityCenter.exe ( 15.0.26.45 ), 0x41000 ( enabled : updated )
23:36:41.0227 0x1a0c  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.143 ), 0x60000 ( disabled : updated )
23:36:41.0243 0x1a0c  Win FW state via NFP2: enabled ( trusted )
23:36:43.0834 0x1a0c  ============================================================
23:36:43.0834 0x1a0c  Scan finished
23:36:43.0834 0x1a0c  ============================================================
23:36:43.0834 0x1328  Detected object count: 0
23:36:43.0834 0x1328  Actual detected object count: 0
 

To continue...



#11 Karmaniak

Karmaniak
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 10 May 2017 - 11:59 AM

Post 2 (and last)

 

 

 

 

2 – Content of the file ESET.txt:

 

C:\Jogos\Bulletstorm\Binaries\Win32\xlive.dll	a variant of Win32/Packed.VMProtect.AAD trojan	cleaned by deleting
C:\Jogos\Fear2\steamclient.dll	a variant of Win32/GameHack.ANF potentially unsafe application	cleaned by deleting
C:\Jogos\L4D2\Left4dead 2 2013\bin\steamclient.dll	Win32/GameHack.ANE potentially unsafe application	cleaned by deleting
C:\ProgramData\Ask\APN-Stub\ATU2\APNIC.dll	a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application	cleaned by deleting
C:\Users\Bruno Pinto Carmo\AppData\Roaming\uTorrent\updates\3.4.2_38429.exe	a variant of Win32/OpenCandy.A potentially unsafe application	cleaned by deleting
D:\BRUNOPINTOCARMO\Backup Set 2016-10-21 232345\Backup Files 2016-10-21 232345\Backup files 3.zip	a variant of Win32/OpenCandy.A potentially unsafe application	deleted
D:\BRUNOPINTOCARMO\Backup Set 2016-11-27 151629\Backup Files 2016-11-27 151629\Backup files 3.zip	a variant of Win32/OpenCandy.A potentially unsafe application	deleted
D:\BRUNOPINTOCARMO\Backup Set 2016-12-05 001601\Backup Files 2016-12-05 001601\Backup files 3.zip	a variant of Win32/OpenCandy.A potentially unsafe application	deleted
D:\BRUNOPINTOCARMO\Backup Set 2016-12-05 001601\Backup Files 2016-12-24 142158\Backup files 1.zip	a variant of Win32/InstallCore.AQK potentially unwanted application,a variant of Win32/InstallMonstr.QJ potentially unwanted application	deleted
D:\BRUNOPINTOCARMO\Backup Set 2016-12-05 001601\Backup Files 2016-12-24 142158\Backup files 4.zip	a variant of Win32/InstallMonstr.QJ potentially unwanted application	deleted
D:\BRUNOPINTOCARMO\Backup Set 2017-04-30 190005\Backup Files 2017-04-30 190005\Backup files 1.zip	a variant of Win32/InstallCore.AQK potentially unwanted application	deleted
D:\BRUNOPINTOCARMO\Backup Set 2017-04-30 190005\Backup Files 2017-04-30 190005\Backup files 3.zip	a variant of Win32/OpenCandy.A potentially unsafe application	deleted
D:\Downloads\Jogos PC\Counter Strike 1.6 (Cracked STEAM) FOR ALL WINDOWS.exe	a variant of Win32/GameHack.ANF potentially unsafe application	cleaned by deleting
D:\Downloads\Jogos PC\Left 4 Dead 2 2013 PC full game 2.1.2.5 MP+SP ^^nosTEAM^^\Left4dead 2 2013 nosTEAM.part1.exe	Win32/GameHack.ANE potentially unsafe application	cleaned by deleting
D:\Downloads\Software\Nero 12 Platinum 12.0.020 + Patch + Key [EC].zip	a variant of Win32/HackTool.Patcher.AD potentially unsafe application	deleted
D:\Downloads\Software\Alcohol 120% 2.0.2.5830 Final Retail+Crack-Admin\Alcohol120_retail_2.0.2.5830.exe	Win32/SmartFileAdvisor.B potentially unwanted application	cleaned by deleting
D:\Downloads\Software\AutoCAD 2013 64-BIT\Licence\xf-adsk2013_x64.exe	a variant of Win32/Keygen.HA potentially unsafe application	deleted
D:\Downloads\Software\BitDefender 2013\BitDefender Total Security 2013 incl. Lifetime Activator\FIX\LBA_2.0BETA5.exe	a variant of MSIL/RiskWare.HackAV.C application	cleaned by deleting
D:\Downloads\Software\Microsoft.Office.Professional.Plus.2013.com.SP1.PT-PT.x86.x64.VL-WiNTeaM\WiNTeaM\Activador\Microsoft Toolkit.exe	a variant of MSIL/HackKMS.G potentially unsafe application	cleaned by deleting
D:\Downloads\Software\Nero 12 Platinum 12.0.020 + Patch + Key [EC]\Patch + Key\Patch [EC].exe	a variant of Win32/HackTool.Patcher.AD potentially unsafe application	cleaned by deleting
D:\Downloads\Software\Nero 7.10.1.0 By M3ZKAL\Nero 7.10.1.0.exe	Win32/Toolbar.AskSBar potentially unwanted application	cleaned by deleting
D:\Downloads\SW\Keygen\KEYGENS FOR PROGRAMS\OO.Defrag.Server-kg.rar	Win32/Keygen.TC potentially unsafe application	deleted
D:\Downloads\SW\Keygen\KEYGENS FOR PROGRAMS\Registry.Mechanic.v6.0.0.750_patch.exe	a variant of Win32/HackTool.Patcher.Y potentially unsafe application	cleaned by deleting
D:\Downloads\SW\Keygen\KEYGENS FOR PROGRAMS\VMware.Prod.Kg.exe	a variant of Win32/Keygen.IH potentially unsafe application	cleaned by deleting
D:\Downloads\SW\Keygen\KEYGENS FOR PROGRAMS\ZoneAlarmKeyGen.exe	a variant of Win32/Keygen.IH potentially unsafe application	cleaned by deleting
D:\Downloads\SW\Keygen\KEYGENS FOR PROGRAMS\UltraISO Premium Edition 8.6.0 Build 1936\UltraISO-Patch.exe	a variant of Win32/HackTool.Patcher.CL potentially unsafe application	cleaned by deleting
D:\Downloads\SW\Windows 7 Sp1 PT-PT + Office 2010 Pro PT + Extras\WIN7.iso	Win32/HackTool.WinActivator.I potentially unsafe application,Win32/CMDOW.143 potentially unsafe application	deleted
D:\Downloads\SW\Windows XP sp3 pt-pt\Windows XP_SP3_SATA PT-PT+Office_2007 Pro PT+Extras!!!\$OEM$\$$\temp\Vistagames.exe	a variant of Win32/Patched.F potentially unsafe application	deleted
 

 

3 – Copy of History Logs from Malwarebytes:

 

Malwarebytes
www.malwarebytes.com

-Detalhes de Relatório-
Data da Verificação: 10/05/17
Hora da Verificação: 17:21
Ficheiro de Relatório: Malwarebytes History Log.txt
Administrador: Sim

-Informação de Software-
Versão: 3.0.6.1469
Versão dos Componentes: 1.0.103
Versão do Pacote de Atualização: 1.0.1911
Licença: Versão de Avaliação Gratuita

-Informação do Sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de Ficheiros: NTFS
Utilizador: BrunoPintoCarmo\Bruno Pinto Carmo

-Resumo da Verificação-
Tipo de Verificação: Verificação de Ameaças
Resultado: Concluída
Objetos Verificados: 395027
Tempo Decorrido: 23 min, 30 s

-Opções de Verificação-
Memória: Ativado
Arranque: Ativado
Sistema de Ficheiros: Ativado
Arquivos: Ativado
Rootkits: Ativado
Heurística: Ativado
PPI: Ativado
MPI: Ativado

-Detalhes da Verificação-
Processo: 0
(Nenhum item malicioso detetado)

Módulo: 0
(Nenhum item malicioso detetado)

Chave de Registo: 0
(Nenhum item malicioso detetado)

Valor de Registo: 0
(Nenhum item malicioso detetado)

Dados de Registo: 0
(Nenhum item malicioso detetado)

Fluxo de Dados: 0
(Nenhum item malicioso detetado)

Pasta: 0
(Nenhum item malicioso detetado)

Ficheiro: 0
(Nenhum item malicioso detetado)

Setor Físico: 0
(Nenhum item malicioso detetado)


(end) 

 

4.1 – Contents of FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Bruno Pinto Carmo (administrator) on BRUNOPINTOCARMO (10-05-2017 17:48:51)
Running from C:\Users\Bruno Pinto Carmo\Desktop\FRST
Loaded Profiles: UpdatusUser & Bruno Pinto Carmo &  (Available Profiles: UpdatusUser & Bruno Pinto Carmo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Português (Portugal)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(CYPE Ingenieros S.A.) C:\CYPE Ingenieros\Versão 2017\programas\bimserv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(iolo technologies, LLC) C:\Program Files (x86)\System Mechanic\ioloGovernor64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CYPE Ingenieros S.A.) C:\CYPE Ingenieros\Versão 2017\programas\bimservinst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(iOSinstaller.com) C:\Program Files (x86)\iOSinstaller\Updater.exe
() C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Bruno Pinto Carmo\Desktop\FRST\FRST64English.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [912768 2017-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064 2012-09-14] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-04-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28432392 2017-05-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1479254243-496030957-2477417331-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1479254243-496030957-2477417331-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150317\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-1479254243-496030957-2477417331-1002\...\Run: [GoogleChromeAutoLaunch_7B82EAC530586E33232462E738397CCE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-29] (Google Inc.)
HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150642\...\Run: [GoogleChromeAutoLaunch_7B82EAC530586E33232462E738397CCE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-29] (Google Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BIMserver.center.lnk [2017-03-17]
ShortcutTarget: BIMserver.center.lnk -> C:\CYPE Ingenieros\Versão 2017\programas\bimservinst.exe (CYPE Ingenieros S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B26C38EB-19B5-4774-B6A7-51A6BA5C2844}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B26C38EB-19B5-4774-B6A7-51A6BA5C2844}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150317\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150317\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150642\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150642\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150317 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-1479254243-496030957-2477417331-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150317 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-19] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Bruno Pinto Carmo\AppData\Roaming\Mozilla\Firefox\Profiles\GMHJnXtf.default [2015-01-31]
FF Extension: (Avira Browser Safety) - C:\Users\Bruno Pinto Carmo\AppData\Roaming\Mozilla\Firefox\Profiles\GMHJnXtf.default\Extensions\abs@avira.com [2015-01-31] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-03] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-03] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1479254243-496030957-2477417331-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bruno Pinto Carmo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-12] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150642: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bruno Pinto Carmo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-12] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-pt
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default [2017-05-10]
CHR Extension: (Apresentações Google) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Adguard AdBlocker) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-12-25]
CHR Extension: (YouTube) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Speed Booster - Carga Sites Mais Rápido!) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bogglmmbglnfnjdnaabjkphdelhdiomd [2016-08-24]
CHR Extension: (Google Search) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-14]
CHR Extension: (Google Folhas de Cálculo) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Documentos do Google offline) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Proxy de VPN gratuito do Hotspot Shield – Desbloquear sites) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-05-02]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-05-10]
CHR Extension: (Logout 4 All) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmbibbjnobhnbkkmopbnppjphjajdkoh [2016-12-24]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Speedtest by Ookla) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2016-11-03]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2016-08-24]
CHR Extension: (Gmail) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Bruno Pinto Carmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1479254243-496030957-2477417331-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150642\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1119712 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [488920 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [488920 2017-05-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1520680 2017-05-04] (Avira Operations GmbH & Co. KG)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350120 2017-04-11] (Avira Operations GmbH & Co. KG)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 Cype BIM; C:\CYPE Ingenieros\Versão 2017\programas\bimserv.exe [106496 2017-01-27] (CYPE Ingenieros S.A.) [File not signed]
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-01] (Dropbox, Inc.)
R2 iOSinstallerUpdater; C:\Program Files (x86)\iOSinstaller\updater.exe [165376 2015-04-08] (iOSinstaller.com) [File not signed]
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-24] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
S2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems) [File not signed]
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-05-10] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-10] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-10] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-05-10] (Malwarebytes)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
S1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32168 2015-12-09] (EldoS Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-31] (Duplex Secure Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-10 17:23 - 2017-05-10 17:23 - 02429440 _____ (Farbar) C:\Users\Bruno Pinto Carmo\Downloads\FRST64.exe
2017-05-10 17:16 - 2017-05-10 17:16 - 00009250 _____ C:\Users\Bruno Pinto Carmo\Desktop\ESET.txt
2017-05-08 23:14 - 2017-05-08 23:26 - 00000000 ____D C:\123
2017-05-08 23:10 - 2017-05-08 23:21 - 1163947362 _____ C:\Users\Bruno Pinto Carmo\Downloads\libra_images_6.1.7_20151221.0000.11_5.1_cn_b09dac70a0.tgz
2017-05-08 23:09 - 2017-05-08 23:09 - 00000000 ____D C:\Program Files (x86)\QUALCOMM Incorporated
2017-05-08 23:05 - 2017-05-08 23:06 - 11523972 _____ C:\Users\Bruno Pinto Carmo\Downloads\QDLoader HS-USB Driver_64bit_Setup.zip
2017-05-08 23:03 - 2017-05-08 23:03 - 00000000 ____D C:\fastboot
2017-05-07 23:41 - 2017-05-07 23:41 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Bruno Pinto Carmo\Desktop\esetonlinescanner_enu.exe
2017-05-07 23:41 - 2017-05-07 23:41 - 00000000 ____D C:\Users\Bruno Pinto Carmo\AppData\Local\ESET
2017-05-07 23:40 - 2017-05-07 23:41 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Bruno Pinto Carmo\Downloads\esetonlinescanner_enu.exe
2017-05-07 23:37 - 2017-05-07 23:36 - 00218498 _____ C:\Users\Bruno Pinto Carmo\Desktop\TDSSKiller.3.1.0.15_07.05.2017_23.35.39_log.txt
2017-05-07 23:35 - 2017-05-07 23:37 - 00218586 _____ C:\TDSSKiller.3.1.0.15_07.05.2017_23.35.39_log.txt
2017-05-07 23:31 - 2017-05-07 23:31 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Bruno Pinto Carmo\Downloads\tdsskiller.exe
2017-05-07 23:31 - 2017-05-07 23:31 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Bruno Pinto Carmo\Desktop\tdsskiller.exe
2017-05-07 13:37 - 2017-05-07 13:40 - 00002414 _____ C:\Users\Bruno Pinto Carmo\Desktop\Rkill.txt
2017-05-07 13:36 - 2017-05-07 13:36 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bruno Pinto Carmo\Downloads\rkill.exe
2017-05-07 13:36 - 2017-05-07 13:36 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bruno Pinto Carmo\Downloads\rkill (1).com
2017-05-07 13:36 - 2017-05-07 13:36 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bruno Pinto Carmo\Desktop\rkill.exe
2017-05-07 13:36 - 2017-05-07 13:29 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bruno Pinto Carmo\Desktop\rkill.com
2017-05-07 13:29 - 2017-05-07 13:29 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bruno Pinto Carmo\Downloads\rkill.com
2017-05-07 13:29 - 2017-05-07 13:29 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bruno Pinto Carmo\Desktop\rkill.scr
2017-05-07 13:28 - 2017-05-07 13:29 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Bruno Pinto Carmo\Downloads\rkill.scr
2017-05-07 12:15 - 2017-05-10 17:48 - 00000000 ____D C:\Users\Bruno Pinto Carmo\Desktop\FRST
2017-05-07 12:11 - 2017-05-10 17:42 - 00005164 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BrunoPintoCarmo-Bruno Pinto Carmo BrunoPintoCarmo
2017-05-07 11:51 - 2017-05-07 11:51 - 00001100 _____ C:\Users\Bruno Pinto Carmo\Desktop\Cobian Backup 11 - Interface do utilizador.lnk
2017-05-07 00:01 - 2017-05-07 00:01 - 00000020 _____ C:\Users\Bruno Pinto Carmo\defogger_reenable
2017-05-07 00:01 - 2017-05-07 00:00 - 00050477 _____ C:\Users\Bruno Pinto Carmo\Desktop\Defogger.exe
2017-05-07 00:00 - 2017-05-07 00:00 - 00050477 _____ C:\Users\Bruno Pinto Carmo\Downloads\Defogger.exe
2017-05-04 23:24 - 2017-05-04 23:24 - 00003244 _____ C:\Windows\System32\Tasks\{7390BB4B-9018-4CB1-B9E8-28EAC150DB73}
2017-05-04 23:23 - 2017-05-04 23:23 - 00000000 ____D C:\Users\Bruno Pinto Carmo\Downloads\miui
2017-05-04 22:16 - 2017-05-04 22:17 - 52711424 _____ C:\Users\Bruno Pinto Carmo\Downloads\libra_ts_twrp_3_0_2_0.img
2017-05-02 23:11 - 2017-05-07 13:47 - 00000000 ____D C:\FRST
2017-05-02 22:41 - 2017-05-02 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-05-02 22:41 - 2017-05-02 22:41 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-05-02 22:39 - 2017-05-02 22:40 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Bruno Pinto Carmo\Downloads\cbSetup.exe
2017-05-02 20:53 - 2017-05-10 17:21 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-02 20:53 - 2017-05-10 17:20 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-02 20:53 - 2017-05-10 17:18 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-02 20:53 - 2017-05-10 17:18 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-02 20:53 - 2017-05-10 17:18 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-02 20:53 - 2017-05-02 20:53 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-02 20:53 - 2017-05-02 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-02 20:53 - 2017-05-02 20:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-02 20:53 - 2017-05-02 20:53 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-02 20:53 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-02 20:52 - 2017-05-02 20:52 - 60107896 _____ (Malwarebytes ) C:\Users\Bruno Pinto Carmo\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-02 20:42 - 2017-05-02 20:42 - 00000000 ____D C:\Users\Bruno Pinto Carmo\AppData\Local\VMware
2017-05-02 20:36 - 2017-05-02 20:36 - 00001278 _____ C:\Users\Bruno Pinto Carmo\Desktop\Free Disk Explorer.lnk
2017-05-02 20:36 - 2017-05-02 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Disk Explorer
2017-05-02 20:36 - 2017-05-02 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-02 20:36 - 2017-05-02 20:36 - 00000000 ____D C:\Program Files (x86)\HLP Software
2017-05-02 20:35 - 2017-05-02 20:35 - 00737248 _____ (HLP SOFTWARE ) C:\Users\Bruno Pinto Carmo\Downloads\free-disk-explorer.exe
2017-05-02 20:22 - 2017-05-02 20:22 - 00000000 _____ C:\Users\Bruno Pinto Carmo\Downloads\Baixaki_free-disk-explorer.exe
2017-05-01 15:49 - 2017-05-01 15:49 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-04-30 18:11 - 2017-04-30 18:11 - 00005966 _____ C:\Users\Bruno Pinto Carmo\Downloads\millenniumbcp (28).pdf
2017-04-30 11:41 - 2017-04-30 11:41 - 00396469 _____ C:\Users\Bruno Pinto Carmo\Downloads\Férias Abril 2017_CC (1).xlsx
2017-04-24 12:52 - 2017-04-24 12:52 - 03109123 _____ C:\Users\Bruno Pinto Carmo\Downloads\Guia_Tecnico_22_3aGeracaoAQS_vs03 (1).pdf
2017-04-24 12:46 - 2017-04-24 12:46 - 03109123 _____ C:\Users\Bruno Pinto Carmo\Downloads\Guia_Tecnico_22_3aGeracaoAQS_vs03.pdf
2017-04-22 14:20 - 2017-04-22 14:20 - 00006080 _____ C:\Users\Bruno Pinto Carmo\Downloads\millenniumbcp (27).pdf
2017-04-22 14:19 - 2017-04-22 14:19 - 00005883 _____ C:\Users\Bruno Pinto Carmo\Downloads\millenniumbcp (26).pdf
2017-04-22 14:18 - 2017-04-22 14:18 - 00005881 _____ C:\Users\Bruno Pinto Carmo\Downloads\millenniumbcp (25).pdf
2017-04-22 14:17 - 2017-04-22 14:17 - 00005859 _____ C:\Users\Bruno Pinto Carmo\Downloads\millenniumbcp (24).pdf
2017-04-22 14:13 - 2017-04-22 14:13 - 00005842 _____ C:\Users\Bruno Pinto Carmo\Downloads\millenniumbcp (23).pdf
2017-04-22 13:26 - 2017-04-22 13:26 - 00001138 _____ C:\Users\Public\Desktop\Avira Connect.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-10 17:13 - 2011-02-19 05:45 - 00734502 _____ C:\Windows\system32\prfh0816.dat
2017-05-10 17:13 - 2011-02-19 05:45 - 00157320 _____ C:\Windows\system32\prfc0816.dat
2017-05-10 17:13 - 2009-07-14 06:13 - 01692800 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-10 17:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-05-10 17:12 - 2016-10-24 21:15 - 00000412 _____ C:\Windows\Tasks\update-sys.job
2017-05-10 17:12 - 2016-10-24 21:15 - 00000412 _____ C:\Windows\Tasks\update-S-1-5-21-1479254243-496030957-2477417331-1002.job
2017-05-10 17:10 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-10 17:10 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-08 23:03 - 2017-03-19 12:03 - 00000000 ____D C:\Xiaomi
2017-05-07 23:14 - 2015-01-31 05:51 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2017-05-07 23:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-07 19:00 - 2015-02-01 05:16 - 00000000 ____D C:\Users\UpdatusUser
2017-05-07 00:01 - 2015-01-31 05:51 - 00000000 ____D C:\Users\Bruno Pinto Carmo
2017-05-06 13:31 - 2015-01-31 13:52 - 00000000 ____D C:\Users\Bruno Pinto Carmo\AppData\Roaming\uTorrent
2017-05-06 13:27 - 2016-10-24 21:15 - 00000059 _____ C:\Users\Bruno Pinto Carmo\AppData\Local\UserProducts.xml
2017-05-06 13:27 - 2016-10-24 21:15 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2017-05-06 09:10 - 2016-10-24 21:15 - 00003310 _____ C:\Windows\System32\Tasks\update-S-1-5-21-1479254243-496030957-2477417331-1002
2017-05-06 02:40 - 2016-07-28 13:34 - 00000000 ____D C:\stremio-cache
2017-05-06 01:13 - 2015-05-31 13:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-04 23:25 - 2017-03-12 14:44 - 00000000 ____D C:\Users\Bruno Pinto Carmo\AppData\Roaming\Xiaomi
2017-05-04 20:42 - 2017-03-17 01:10 - 00000000 ____D C:\android-sdk-windows
2017-05-04 19:52 - 2015-01-31 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-05-02 22:53 - 2015-11-03 17:10 - 00000000 ____D C:\Users\Bruno Pinto Carmo\Desktop\TRANSPORTE
2017-05-02 21:06 - 2015-01-31 15:11 - 00000000 ____D C:\Program Files (x86)\Nero
2017-05-02 20:42 - 2016-02-16 22:10 - 00000000 ____D C:\Users\Bruno Pinto Carmo\AppData\Roaming\VMware
2017-05-02 20:37 - 2015-08-16 23:17 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-05-02 20:35 - 2015-08-16 23:21 - 00000000 ___RD C:\Users\Bruno Pinto Carmo\Dropbox
2017-05-02 17:07 - 2016-12-18 17:46 - 00003108 _____ C:\Windows\System32\Tasks\iolo Process Governor
2017-05-02 17:07 - 2016-12-18 17:46 - 00000000 ____D C:\ProgramData\ioloGovernor
2017-04-30 16:45 - 2011-04-13 03:33 - 00003440 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 16:45 - 2011-04-13 03:33 - 00003312 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-22 13:26 - 2015-01-31 13:44 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-19 02:09 - 2016-07-23 12:37 - 00000000 ____D C:\Users\Bruno Pinto Carmo\AppData\Roaming\stremio
2017-04-19 00:46 - 2015-01-31 13:32 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-19 00:46 - 2011-04-13 03:33 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-18 20:37 - 2015-05-31 13:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-18 20:07 - 2016-12-18 17:46 - 00001948 _____ C:\Users\Public\Desktop\System Mechanic.lnk
2017-04-18 20:07 - 2016-12-18 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2017-04-18 20:06 - 2016-12-18 17:46 - 00000000 ____D C:\Program Files (x86)\System Mechanic
2017-04-18 19:56 - 2016-12-18 17:41 - 00000000 ____D C:\ProgramData\iolo
2017-04-18 19:55 - 2016-12-18 17:46 - 00004018 _____ C:\Windows\System32\Tasks\ioloTUDsDownloader
2017-04-18 19:55 - 2016-12-18 17:46 - 00003872 _____ C:\Windows\System32\Tasks\ioloToaster
2017-04-18 19:37 - 2016-08-09 15:56 - 00000000 ____D C:\Users\Bruno Pinto Carmo\AppData\Roaming\Kodi
2017-04-18 19:25 - 2016-10-24 21:15 - 00003308 _____ C:\Windows\System32\Tasks\update-sys
2017-04-15 21:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2016-10-24 21:15 - 2016-10-24 21:15 - 0000003 _____ () C:\Users\Bruno Pinto Carmo\AppData\Local\updater.log
2016-10-24 21:15 - 2017-05-06 13:27 - 0000059 _____ () C:\Users\Bruno Pinto Carmo\AppData\Local\UserProducts.xml
2011-04-13 03:48 - 2010-07-07 00:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2015-04-12 00:32 - 2015-04-12 00:32 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-02-01 05:36 - 2015-02-01 05:37 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-02-01 05:36 - 2015-02-01 05:36 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㈮㬸嘠䙄㠠ㄮ⸱㈲⸹㐲㬰圠湩潤獷㜠䠠浯⁥牐浥畩㭭匠牥楶散倠捡㬱倠牯畴慧㭬㘠攱㐵攵㌶㠳㈱㈲っ㡦㝡㕥㘲㥡㔶愸㐸㠵㌳㠳㭤〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱倠㭔䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬰ㄠ※㬱朠潯汧⁥档潲敭※㬱㜠㔳扥㐲晦摦㐴㈶戶昲愰㌴摢晣ぢ扡㥣㈲〲搶㭤〠)r Des瘱疘o耀Taerdl.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION

LastRegBack: 2017-05-07 15:00

==================== End of FRST.txt ============================

 

 

4.2 – Contents of Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Bruno Pinto Carmo (10-05-2017 17:50:03)
Running from C:\Users\Bruno Pinto Carmo\Desktop\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2015-01-31 04:51:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1479254243-496030957-2477417331-500 - Administrator - Disabled)
Bruno Pinto Carmo (S-1-5-21-1479254243-496030957-2477417331-1002 - Administrator - Enabled) => C:\Users\Bruno Pinto Carmo
Convidado (S-1-5-21-1479254243-496030957-2477417331-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1479254243-496030957-2477417331-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-1479254243-496030957-2477417331-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS K3 Series ScreenSaver (HKLM-x32\...\ASUS K3 Series ScreenSaver) (Version: 1.0.0002 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0030 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1025 - DsNET Corp)
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.12.0 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.26.48 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{897e4d08-9554-48e9-ba07-ce6040867fa3}) (Version: 1.2.83.46341 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.83.46341 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version:  - Oberon Media Inc.)
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6) (Version:  - )
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CYPE Ingenieros Versão 2017 (Portugues) (HKLM-x32\...\CYPE Ingenieros Versão 2017 (Portugues)) (Version: Versão 2017 - CYPE Ingenieros)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 25.4.28 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ETDWare PS/2-X64 8.0.5.0_WHQL (HKLM\...\Elantech) (Version: 8.0.5.0 - ELAN Microelectronic Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Ferramentas de Verificação do Microsoft Office 2013 - Português (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Free Disk Explorer 1.0 (HKLM-x32\...\{F04E160F-07D2-48F9-BAB9-957E7D25B6AC}_is1) (Version: 1.0 - HLP SOFTWARE)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Importação do SketchUp (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
iOSinstaller (HKLM-x32\...\iOSinstaller) (Version:  - iosinstaller.com)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-1479254243-496030957-2477417331-1002\...\Kodi) (Version:  - XBMC-Foundation)
Kodi (HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150642\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes versão 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4 (HKLM-x32\...\{C5564379-582D-457A-9E68-A9E7C1F1C4EC}_is1) (Version: 1.4 - Sam Rodberg)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
NVIDIA Graphics Driver 268.56 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.56 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Qualcomm USB Drivers For Windows (HKLM-x32\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.00.25 - QUALCOMM Incorporated)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6373 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Sentinel Protection Installer 7.6.8 (HKLM-x32\...\{25F63CE2-4482-4926-9583-FE7A04E11F96}) (Version: 7.6.8 - SafeNet, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Stremio (HKU\S-1-5-21-1479254243-496030957-2477417331-1002\...\Stremio) (Version: 3.6.2 - Smart Code Ltd.)
Stremio (HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150642\...\Stremio) (Version: 3.6.2 - Smart Code Ltd.)
Suporte para Aplicações Apple (32-bits) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Suporte para Aplicações Apple (64-bits) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
System Mechanic (HKLM-x32\...\InstallShield_{DD0DFA41-5139-45D0-986C-3C1A5C648CAA}) (Version: 16.5.2.214 - iolo technologies, LLC)
System Mechanic (x32 Version: 16.5.2.214 - iolo technologies, LLC) Hidden
Unity Web Player (HKU\S-1-5-21-1479254243-496030957-2477417331-1002\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150642\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.2.00000 - VMware, Inc.)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1479254243-496030957-2477417331-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1479254243-496030957-2477417331-1002_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1479254243-496030957-2477417331-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00495BD5-7E85-4408-ABFC-76753D01A531} - System32\Tasks\ioloToaster => C:\Program Files (x86)\System Mechanic\ioloToaster.exe [2017-04-11] (iolo technologies, LLC)
Task: {0269EC6B-1771-405C-85B2-6F2FA7E52F78} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-06] (Dropbox, Inc.)
Task: {0C5AF15B-B0C2-4841-BBA6-2A388667BE61} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {0FDA61EB-966D-4F8E-AFD6-16538ACEF802} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {1A858186-B1F7-493C-8199-DB93D8B6FF8A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {1AAC29C3-FFF7-4C1B-BE70-46670367C606} - System32\Tasks\ioloSmartUpdater => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-04-11] (iolo technologies, LLC)
Task: {2E94AB1B-341E-49A2-B798-4CF80BF1F723} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {3223776C-B704-4DCA-BC18-C8C88E6E93A0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {4201AE9E-F99B-4C5C-91F3-F26A4CB68BCD} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\System Mechanic\iologovernor64.exe [2017-04-11] (iolo technologies, LLC)
Task: {515D7D25-4CE5-497B-86E0-260A214A16B6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-06] (Dropbox, Inc.)
Task: {54EF7F71-7591-427F-9A6A-91C86FC6E454} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\System Mechanic\SystemMechanic.exe [2017-04-11] (iolo technologies, LLC)
Task: {5D11B2BD-1165-4FA0-9E81-40E362917828} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {60F398C6-F009-4FEB-B4EF-955537F134F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {689B30B3-C9B2-4914-8BA6-3BAFE6F785B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe 
Task: {7F79B89E-0A6C-4112-911A-3B41ABDBA9D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {84A77F86-B445-48DE-B57F-B89B693CD5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9D1C6BB6-CFBF-48DB-BCD3-DF0B14CAE9A3} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {AA8CCEBF-BF53-442F-A785-A945302A19D6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BrunoPintoCarmo-Bruno Pinto Carmo BrunoPintoCarmo => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {AEB3A1BE-0465-4BB2-8C59-754B7EEC887D} - System32\Tasks\ioloTUDsDownloader => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-04-11] (iolo technologies, LLC)
Task: {B531031D-69BE-4E82-A69B-C830EA0DA5FC} - System32\Tasks\update-S-1-5-21-1479254243-496030957-2477417331-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {B7FFFD0A-1AAF-4FCC-9B37-2F0DCFBD3BE0} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14] (ASUSTek Computer Inc.)
Task: {BB6FAA2C-3007-4581-B5B3-27817CBD620E} - System32\Tasks\{7390BB4B-9018-4CB1-B9E8-28EAC150DB73} => pcalua.exe -a "C:\Users\Bruno Pinto Carmo\Downloads\miui\MiUsbDriver.exe" -d "C:\Users\Bruno Pinto Carmo\Downloads\miui"
Task: {C31DBCC6-DBC8-49F4-A29D-322C06E224F6} - System32\Tasks\{11EFA0E7-7B2B-4836-ACDF-EF36EB383F00} => pcalua.exe -a "C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe" -d "C:\Program Files (x86)\iOSinstaller"
Task: {CC7481F7-8876-42D0-A0DA-C7682689FD8C} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {D107590C-C2B5-435B-926A-0AC6996D509C} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1479254243-496030957-2477417331-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2016-05-15 16:28 - 2016-01-22 16:57 - 00089008 _____ () C:\Windows\System32\cpwmon64.dll
2015-02-01 05:29 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-04-03 04:21 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-05-31 08:01 - 2011-01-27 01:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-09-24 01:53 - 2010-09-24 01:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2011-05-02 23:13 - 2011-05-02 23:13 - 00340240 _____ () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
2017-05-02 20:53 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-05-02 20:53 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-17 00:14 - 2017-01-24 14:42 - 00126976 _____ () C:\CYPE Ingenieros\Versão 2017\programas\entograf.dll
2017-03-17 00:12 - 2017-01-25 19:23 - 01224704 _____ () C:\CYPE Ingenieros\Versão 2017\programas\componen.dll
2017-03-17 00:19 - 2017-01-25 19:23 - 00593920 _____ () C:\CYPE Ingenieros\Versão 2017\programas\panelwin.dll
2017-03-17 00:12 - 2016-12-20 11:58 - 00028672 _____ () C:\CYPE Ingenieros\Versão 2017\programas\cypemem.dll
2017-03-17 00:12 - 2016-10-18 14:01 - 00098304 _____ () C:\CYPE Ingenieros\Versão 2017\programas\cypemsgs.dll
2017-03-17 00:12 - 2016-10-16 07:34 - 00094208 _____ () C:\CYPE Ingenieros\Versão 2017\programas\cypemath.dll
2017-03-17 00:12 - 2016-10-19 16:00 - 00065536 _____ () C:\CYPE Ingenieros\Versão 2017\programas\cypestr.dll
2017-03-17 00:10 - 2017-01-23 12:11 - 01724416 _____ () C:\CYPE Ingenieros\Versão 2017\programas\basicwin.dll
2017-03-17 00:12 - 2016-10-16 07:37 - 00020480 _____ () C:\CYPE Ingenieros\Versão 2017\programas\contaux.dll
2017-03-17 00:15 - 2016-10-24 18:09 - 00102400 _____ () C:\CYPE Ingenieros\Versão 2017\programas\imagnwin.dll
2017-03-17 00:14 - 2016-10-16 07:37 - 00020480 _____ () C:\CYPE Ingenieros\Versão 2017\programas\esapp.dll
2017-03-17 00:07 - 2016-10-16 07:34 - 00114688 _____ () C:\CYPE Ingenieros\Versão 2017\programas\arrays.dll
2017-03-17 00:07 - 2016-10-16 07:34 - 00020480 _____ () C:\CYPE Ingenieros\Versão 2017\programas\atexit.dll
2017-03-17 00:19 - 2017-01-23 12:12 - 01433600 _____ () C:\CYPE Ingenieros\Versão 2017\programas\proglib.dll
2017-03-17 00:10 - 2017-01-26 19:05 - 00933888 _____ () C:\CYPE Ingenieros\Versão 2017\programas\basicos2.dll
2017-03-17 00:12 - 2017-01-26 17:54 - 00167936 _____ () C:\CYPE Ingenieros\Versão 2017\programas\cyassert.dll
2017-03-17 00:13 - 2017-01-23 12:11 - 00348160 _____ () C:\CYPE Ingenieros\Versão 2017\programas\dllinsta.dll
2017-03-17 00:19 - 2016-12-20 11:58 - 00114688 _____ () C:\CYPE Ingenieros\Versão 2017\programas\objcom.dll
2017-03-17 00:22 - 2016-10-16 07:34 - 00032768 _____ () C:\CYPE Ingenieros\Versão 2017\programas\unicode.dll
2017-03-17 00:10 - 2017-01-26 14:35 - 01228800 _____ () C:\CYPE Ingenieros\Versão 2017\programas\basicos.dll
2017-03-17 00:22 - 2016-10-16 07:33 - 00020480 _____ () C:\CYPE Ingenieros\Versão 2017\programas\textomsg.dll
2017-03-17 00:07 - 2016-12-20 11:58 - 00045056 _____ () C:\CYPE Ingenieros\Versão 2017\programas\arrorden.dll
2017-03-17 00:22 - 2016-10-16 07:34 - 00020480 _____ () C:\CYPE Ingenieros\Versão 2017\programas\sinpastilla.dll
2017-03-17 00:12 - 2017-01-23 13:09 - 00045056 _____ () C:\CYPE Ingenieros\Versão 2017\programas\cypefile.dll
2017-03-17 00:12 - 2017-01-18 10:01 - 00155648 _____ () C:\CYPE Ingenieros\Versão 2017\programas\cypedir.dll
2017-03-17 00:22 - 2017-01-18 10:01 - 00024576 _____ () C:\CYPE Ingenieros\Versão 2017\programas\verswin.dll
2017-03-17 00:14 - 2016-12-20 11:58 - 00020480 _____ () C:\CYPE Ingenieros\Versão 2017\programas\env.dll
2017-03-17 00:14 - 2016-11-09 15:02 - 00024576 _____ () C:\CYPE Ingenieros\Versão 2017\programas\entobase.dll
2017-03-17 00:17 - 2016-10-27 09:35 - 00032768 _____ () C:\CYPE Ingenieros\Versão 2017\programas\mnbimserv.dll
2017-03-17 00:12 - 2016-10-16 07:34 - 00020480 _____ () C:\CYPE Ingenieros\Versão 2017\programas\callback.dll
2017-03-17 00:11 - 2017-01-23 12:14 - 00102400 _____ () C:\CYPE Ingenieros\Versão 2017\programas\bimui.dll
2017-03-17 00:11 - 2017-01-23 12:14 - 01052672 _____ () C:\CYPE Ingenieros\Versão 2017\programas\bimservice.dll
2017-03-17 00:12 - 2017-01-24 14:41 - 00094208 _____ () C:\CYPE Ingenieros\Versão 2017\programas\cypeio.dll
2017-03-17 00:12 - 2017-01-18 10:02 - 02256896 _____ () C:\CYPE Ingenieros\Versão 2017\programas\contcype.dll
2017-03-17 00:16 - 2017-01-18 10:01 - 00540672 _____ () C:\CYPE Ingenieros\Versão 2017\programas\jpg.dll
2017-03-17 00:17 - 2016-12-16 15:33 - 00053248 _____ () C:\CYPE Ingenieros\Versão 2017\programas\mnbimservinst.dll
2017-03-17 00:22 - 2017-01-18 10:01 - 00028672 _____ () C:\CYPE Ingenieros\Versão 2017\programas\sincro.dll
2017-03-17 00:22 - 2017-01-26 19:05 - 00352256 _____ () C:\CYPE Ingenieros\Versão 2017\programas\splash.dll
2017-03-17 00:22 - 2017-01-23 12:11 - 00077824 _____ () C:\CYPE Ingenieros\Versão 2017\programas\tabla.dll
2017-03-17 00:17 - 2017-01-23 12:11 - 00024576 _____ () C:\CYPE Ingenieros\Versão 2017\programas\matrices.dll
2017-03-17 00:22 - 2016-10-16 07:34 - 00020480 _____ () C:\CYPE Ingenieros\Versão 2017\programas\utunicode.dll
2017-03-17 00:19 - 2017-01-26 19:05 - 01060864 _____ () C:\CYPE Ingenieros\Versão 2017\programas\paneles.dll
2017-03-17 00:12 - 2016-10-16 07:34 - 00020480 _____ () C:\CYPE Ingenieros\Versão 2017\programas\cypedgen.dll
2017-04-19 00:46 - 2017-03-29 03:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-19 00:46 - 2017-03-29 03:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-05-02 20:36 - 2017-05-01 15:44 - 00870720 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-05-02 20:36 - 2017-04-13 00:43 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-05-02 20:36 - 2017-04-13 00:43 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-05-02 20:36 - 2017-04-13 00:43 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-05-02 20:35 - 2017-05-01 15:48 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-05-02 20:36 - 2017-04-13 00:44 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-05-02 20:36 - 2017-04-13 00:43 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-05-02 20:35 - 2017-05-01 15:48 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-05-02 20:35 - 2017-05-01 15:48 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-05-02 20:36 - 2017-04-13 00:43 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-05-02 20:36 - 2017-04-13 00:44 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-05-02 20:36 - 2017-04-13 00:43 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-05-02 20:36 - 2017-04-13 00:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-05-02 20:36 - 2017-05-01 15:49 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-05-02 20:36 - 2017-04-13 00:43 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-05-02 20:36 - 2017-04-13 00:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-05-02 20:36 - 2017-05-01 15:49 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-05-02 20:36 - 2017-05-01 15:49 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-05-02 20:35 - 2017-05-01 15:48 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-02 20:36 - 2017-04-13 00:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-05-02 20:35 - 2017-05-01 15:48 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-02 20:36 - 2017-05-01 15:49 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-05-02 20:36 - 2017-04-13 00:44 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-05-02 20:36 - 2017-05-01 15:49 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-05-02 20:36 - 2017-05-01 15:49 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-05-02 20:36 - 2017-05-01 15:49 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-05-02 20:36 - 2017-05-01 15:49 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-05-02 20:36 - 2017-05-01 15:49 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-05-02 20:36 - 2017-04-13 00:46 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-05-02 20:36 - 2017-05-01 15:49 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-05-02 20:36 - 2017-04-13 00:37 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-05-02 20:36 - 2017-05-01 15:48 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-05-02 20:36 - 2017-05-01 15:49 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-05-02 20:36 - 2017-04-13 00:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-05-02 20:36 - 2017-04-13 00:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-05-02 20:36 - 2017-05-01 15:48 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-05-02 20:36 - 2017-05-01 15:49 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-05-02 20:36 - 2017-05-01 15:48 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2012-10-01 19:56 - 2012-10-01 19:56 - 00196224 _____ () C:\Program Files (x86)\Microsoft Office\Office15\IEAWSDC.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1479254243-496030957-2477417331-1002\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1479254243-496030957-2477417331-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Bruno Pinto Carmo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1479254243-496030957-2477417331-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05102017172150642\Control Panel\Desktop\\Wallpaper -> C:\Users\Bruno Pinto Carmo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdAppMgrSvc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AFBAgent => 2
MSCONFIG\Services: AntiVirSchedulerService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: Update service => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMnetDHCP => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMware NAT Service => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Bruno Pinto Carmo\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: uTorrent => "C:\Users\Bruno Pinto Carmo\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50D76052-134E-46DB-AF8E-63827F883C0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}] => (Allow) LPort=2869
FirewallRules: [{B827E1C7-5A7A-484C-9653-2FE388A8B888}] => (Allow) LPort=1900
FirewallRules: [{25BDD843-A815-48A8-A216-66D065687049}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}] => (Allow) LPort=5353
FirewallRules: [{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}] => (Allow) LPort=8182
FirewallRules: [{188B2D9F-B7F1-4759-961A-70EB3D1F75FB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{8AD2AFAE-95A4-4F92-A328-443B3DB3F080}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{C26F8362-50C5-473F-B76D-56D1CE6CD3F2}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{0C24D9AE-E5C7-4721-A425-C25615DCB13B}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{2B179061-C3EE-41E6-B8E4-E0CFF8925D5F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{41A93DF8-8372-4F94-8B96-6F1073ADF8C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{A490ADA7-C968-4F4C-9460-95A933098529}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5777CABD-42F1-42CD-9B5E-57A9CFFFC709}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{1CAB0E5A-26E2-4FFA-AB59-105CE5FC9502}C:\jogos\l4d2\left4dead 2 2013\left4dead2.exe] => (Allow) C:\jogos\l4d2\left4dead 2 2013\left4dead2.exe
FirewallRules: [UDP Query User{D0EECEBC-4E16-4CBF-BEF8-6A6CD99241A3}C:\jogos\l4d2\left4dead 2 2013\left4dead2.exe] => (Allow) C:\jogos\l4d2\left4dead 2 2013\left4dead2.exe
FirewallRules: [TCP Query User{04415A4F-2737-4923-A590-F6FB46554BFD}C:\jogos\counter-strike 1.6\hl.exe] => (Allow) C:\jogos\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{00C207B7-BA68-47DB-9679-C3D0BC1ED17F}C:\jogos\counter-strike 1.6\hl.exe] => (Allow) C:\jogos\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{1AEE2E52-2D50-46DE-BA65-4729DFECC1C1}C:\jogos\counter-strike 1.6\hl.exe] => (Allow) C:\jogos\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{E7F44F02-2D9D-4CF1-AB63-700F888D962A}C:\jogos\counter-strike 1.6\hl.exe] => (Allow) C:\jogos\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{E7C849C3-A932-40AB-A432-D3CA6FBBDD6C}C:\jogos\f.e.a.r. 3\f.e.a.r. 3.exe] => (Block) C:\jogos\f.e.a.r. 3\f.e.a.r. 3.exe
FirewallRules: [UDP Query User{402B295F-1530-47FB-908F-1D768F16224E}C:\jogos\f.e.a.r. 3\f.e.a.r. 3.exe] => (Block) C:\jogos\f.e.a.r. 3\f.e.a.r. 3.exe
FirewallRules: [{3631048E-F108-4F87-AB42-DE0F258B9661}] => (Allow) LPort=50248
FirewallRules: [TCP Query User{1E5E95C5-D7B6-471A-BCE3-0AEED3181E13}C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A4715401-9015-4123-9DAF-CB43AD8157D1}C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{6FDBBF30-7501-48C2-A987-1C8DE6E6CB47}C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{AB94B517-1499-47F5-8215-4AB1CC85E38A}C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{21FA0628-345D-4B04-9A90-9714D9B02FAE}C:\users\bruno pinto carmo\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{528A1B75-4ECB-4B93-A3C5-0A62310C0DED}C:\users\bruno pinto carmo\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\popcorn time\nw.exe
FirewallRules: [{B63E64BB-275E-4A7D-B331-EA1479C45CC8}] => (Allow) C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe
FirewallRules: [{745E189F-1DEB-4F94-A638-7992D462F6E9}] => (Allow) C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe
FirewallRules: [{FF0F7900-5F3C-4A86-995D-2CEA0D955AC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EDE011E9-62AA-4B5C-9BCE-7EFB987168B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E1596B3-91C2-4E1C-B3CF-9817565CA12C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DCAC768C-6EA7-4B12-9515-10C34C46A6C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4348F2B0-BC1A-4BA9-8BB1-70A7D56E9F5D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{22549AA1-09E2-453F-9B17-C60BBDF0AA08}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{BE538F94-EA3D-4049-809A-F647BE76CD1E}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{D00DAB0F-494C-426C-A438-8BA556C044D6}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{D6138E4C-6E7B-4C61-9EF4-D17795C451F2}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{75A5D902-63CB-4818-9BD7-C1ABB46559F6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{ECA852EF-D663-48F3-AC0F-4E268E342E28}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{C1A9D4BA-CAD7-46D5-A201-ACB53488CAC6}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{EE02B55B-6C26-48CB-8E4F-60795D822024}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [TCP Query User{3C3F493B-9F94-4C23-978B-605B9B716E84}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{355D08C8-1708-4D43-A2E7-4390591316B7}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [TCP Query User{F32255B1-1F74-4EB2-9FFB-9E9DF6136815}C:\users\bruno pinto carmo\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [UDP Query User{151152BD-8432-43C0-B97F-0DF944F6C2CB}C:\users\bruno pinto carmo\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\bruno pinto carmo\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [TCP Query User{11ACB04D-74B2-4955-A35F-23B5D62C1583}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{6F079DF9-5E63-48D5-935D-6FC8D3F1DFE7}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{74D3C280-3865-4F75-806F-61AEB9911D57}C:\users\bruno pinto carmo\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe] => (Allow) C:\users\bruno pinto carmo\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe
FirewallRules: [UDP Query User{F4EE8BC7-E32D-432D-9AE0-0FF78CDD4DEF}C:\users\bruno pinto carmo\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe] => (Allow) C:\users\bruno pinto carmo\appdata\roaming\kodi\userdata\addon_data\program.plexus\acestream\ace_engine.exe
FirewallRules: [{1E3C9489-D054-4DE4-851C-BDB3CC3FD59B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{62B0570D-2F36-4897-80B4-DD40E09864C5}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{EB9E95A8-B589-4675-AD02-450006E0F5C8}] => (Allow) C:\Jogos\Counter-Strike 1.6\cstrike.exe
FirewallRules: [{315FEC03-0BAF-4013-A188-5DB46FB554F7}] => (Allow) C:\Jogos\Counter-Strike 1.6\cstrike.exe
FirewallRules: [{608E6BF8-2BA4-49D8-9D6E-9932924B260C}] => (Allow) C:\Jogos\Counter-Strike 1.6\cstrike.exe
FirewallRules: [{2BBE6A05-756E-4B0B-B521-C5BC118EDC85}] => (Allow) C:\Jogos\Counter-Strike 1.6\cstrike.exe
FirewallRules: [TCP Query User{716EE133-F27B-43B7-84B8-186A9187B312}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{AB721101-2EA0-4562-A4C4-A498F0EF415B}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{1833B735-016A-43D1-BFD6-38C2759E6C76}C:\cype ingenieros\versão 2017\programas\cype 2017 (português).exe] => (Allow) C:\cype ingenieros\versão 2017\programas\cype 2017 (português).exe
FirewallRules: [UDP Query User{A99097FD-97E0-4FA4-9E1F-264E03569276}C:\cype ingenieros\versão 2017\programas\cype 2017 (português).exe] => (Allow) C:\cype ingenieros\versão 2017\programas\cype 2017 (português).exe
FirewallRules: [{A13DE8FE-4FA4-4970-8930-B3805F42D58D}] => (Allow) C:\CYPE Ingenieros\Versão 2017\programas\bimserv.exe
FirewallRules: [{01586392-2E77-4E4C-A33F-2AB78FC98368}] => (Allow) C:\CYPE Ingenieros\Versão 2017\programas\bimserv.exe
FirewallRules: [{E298BBAA-FF0B-4E13-9EF0-54238BBEB597}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{519CC5C7-58EF-4603-B39F-40543E92CE77}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{CE23BC65-4966-4E35-BFA9-683F7A839419}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Restore Points =========================

30-04-2017 19:00:42 Cópia de Segurança do Windows
06-05-2017 13:41:49 Restore Point Created by FRST
06-05-2017 17:31:48 Restore Point Created by FRST
07-05-2017 00:08:25 Restore Point Created by FRST
07-05-2017 12:19:48 Restore Point Created by FRST
07-05-2017 13:43:20 Restore Point Created by FRST
07-05-2017 13:47:04 Restore Point Created by FRST
07-05-2017 19:00:11 Cópia de Segurança do Windows
08-05-2017 23:08:39 Installed Qualcomm USB Drivers For Windows.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2017 07:10:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objecto Escritor de Sistema.

Details:
AddWin32ServiceFiles: Unable to back up image of service Update service since QueryServiceConfig API failed

System Error:
O sistema não conseguiu localizar o ficheiro especificado.
.

Error: (05/07/2017 07:10:26 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: A cópia de segurança não teve êxito. O erro é: Não existe espaço suficiente nesta unidade para guardar a cópia de segurança. Liberte espaço eliminando cópias de segurança antigas e ficheiros desnecessários ou altere as definições de cópia de segurança. (0x81000005).

Error: (05/07/2017 07:00:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objecto Escritor de Sistema.

Details:
AddWin32ServiceFiles: Unable to back up image of service Update service since QueryServiceConfig API failed

System Error:
O sistema não conseguiu localizar o ficheiro especificado.
.

Error: (05/07/2017 07:00:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha nos Serviços de Criptografia ao processar a chamada OnIdentity() no Objecto Escritor de Sistema.

Details:
AddWin32ServiceFiles: Unable to back up image of service Update service since QueryServiceConfig API failed

System Error:
O sistema não conseguiu localizar o ficheiro especificado.
.

Error: (05/07/2017 01:43:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópia Sombra de Volumes: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Este é muitas vezes causado por definições de segurança incorrectas no processo do escritor ou requerente.


Operação:
   A Recolher Dados de Escritor

Contexto:
   ID de Classe de Escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome de Escritor: System Writer
   ID de Instância de Escritor: {5c7d0008-8240-4075-aa21-b092cc4a069f}

Error: (05/07/2017 12:08:23 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópia Sombra de Volumes: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Este é muitas vezes causado por definições de segurança incorrectas no processo do escritor ou requerente.


Operação:
   A Recolher Dados de Escritor

Contexto:
   ID de Classe de Escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome de Escritor: System Writer
   ID de Instância de Escritor: {b9b29733-16b9-4110-afd3-0b26a279b298}

Error: (05/06/2017 01:41:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópia Sombra de Volumes: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Este é muitas vezes causado por definições de segurança incorrectas no processo do escritor ou requerente.


Operação:
   A Recolher Dados de Escritor

Contexto:
   ID de Classe de Escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome de Escritor: System Writer
   ID de Instância de Escritor: {5eb29b23-3d7b-43f6-b53f-58e0961f96fe}

Error: (05/03/2017 01:07:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópia Sombra de Volumes: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Este é muitas vezes causado por definições de segurança incorrectas no processo do escritor ou requerente.


Operação:
   A Recolher Dados de Escritor

Contexto:
   ID de Classe de Escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome de Escritor: System Writer
   ID de Instância de Escritor: {44243ff0-e560-4560-8084-bf914fa52a4e}

Error: (05/02/2017 11:02:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópia Sombra de Volumes: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Este é muitas vezes causado por definições de segurança incorrectas no processo do escritor ou requerente.


Operação:
   A Recolher Dados de Escritor

Contexto:
   ID de Classe de Escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome de Escritor: System Writer
   ID de Instância de Escritor: {44243ff0-e560-4560-8084-bf914fa52a4e}

Error: (05/02/2017 08:15:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa avscan.exe versão 15.0.25.170 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo do Centro de Acção.

ID do Processo: a84

Hora de Início: 01d2c377fd629f07

Hora de Fim: 60000

Caminho da Aplicação: c:\program files (x86)\avira\antivir desktop\avscan.exe

ID do Relatório: 84bd8a47-2f6b-11e7-ba53-005056c00008


System errors:
=============
Error: (05/10/2017 05:11:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Foi atingido o tempo limite (30000 milissegundos) ao aguardar por uma resposta de transacção por parte do serviço Avira.ServiceHost.

Error: (05/07/2017 11:44:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro: 
O carregamento deste controlador foi bloqueado

Error: (05/07/2017 11:44:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: O carregamento de \??\C:\Users\BRUNOP~1\AppData\Local\Temp\ehdrv.sys foi bloqueado devido a incompatibilidade com este sistema. Contacte o fabricante de software para obter uma versão compatível do controlador.

Error: (05/07/2017 11:44:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro: 
O carregamento deste controlador foi bloqueado

Error: (05/07/2017 11:44:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: O carregamento de \??\C:\Users\BRUNOP~1\AppData\Local\Temp\ehdrv.sys foi bloqueado devido a incompatibilidade com este sistema. Contacte o fabricante de software para obter uma versão compatível do controlador.

Error: (05/07/2017 11:44:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro: 
O carregamento deste controlador foi bloqueado

Error: (05/07/2017 11:44:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: O carregamento de \??\C:\Users\BRUNOP~1\AppData\Local\Temp\ehdrv.sys foi bloqueado devido a incompatibilidade com este sistema. Contacte o fabricante de software para obter uma versão compatível do controlador.

Error: (05/07/2017 11:44:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro: 
O carregamento deste controlador foi bloqueado

Error: (05/07/2017 11:44:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: O carregamento de \??\C:\Users\BRUNOP~1\AppData\Local\Temp\ehdrv.sys foi bloqueado devido a incompatibilidade com este sistema. Contacte o fabricante de software para obter uma versão compatível do controlador.

Error: (05/07/2017 11:44:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço eapihdrv falhou o arranque devido ao seguinte erro: 
O carregamento deste controlador foi bloqueado


CodeIntegrity:
===================================
  Date: 2017-05-08 23:37:22.456
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 23:37:22.446
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 23:31:16.699
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 23:31:16.689
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 23:12:24.181
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 23:12:24.167
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 23:12:23.723
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-08 23:12:23.702
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\qcusbser.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 23:13:45.497
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rawdsk3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 23:13:45.435
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rawdsk3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 54%
Total physical RAM: 6055.79 MB
Available physical RAM: 2781.79 MB
Total Virtual: 12109.77 MB
Available Virtual: 7699.3 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:238.47 GB) (Free:89.34 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:332.7 GB) (Free:10.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 38601C96)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=238.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=332.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

I think this is all the information you have requested for now. There may be the case I am missing something. If so, please advise.

 

Thank you for your help, and have a great (deserved) day.

 

Best regards,

Bruno



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,728 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:15 AM

Posted 10 May 2017 - 12:40 PM

Bruno:

Thank you for your logs.

Please, PLEASE, do not use code boxes or quote boxes when copying and pasting logs and reports. I almost went blind trying to read your logs!  :wacko: 

.

:step1: Unfortunately, in going over your most recent logs, I see evidence of a software utility, or utilities, used to evade software licensing requirements for one or more programs. You might not be aware of this program, so I am NOT accusing you of knowingly installing this on your computer.

Bleeping Computer does not condone software piracy.  Downloading and using such software, apart from being illegal by infringing on copyrights, is a MAJOR attack vector for malware.  If you use such software, it is not a question of "IF" your computer will be infected, but only "WHEN", and by HOW MANY different variants of malware!

 

I am going to have to ask you to remove any and all software that you do not own, and to remove the software that is evading licensing requirements. If you are not aware of that software utility, or utilities, then you must agree, that as a part of my next "fix" for your computer, I will remove/disable any, and all, such software, tasks, etc., designed to evade legal software licencing requirements that I detect in the scan, fix, and detection logs.

If that is agreeable to you, then after you have uninstalled any illicit software, please run the following scan for me.


.


:step2: ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please copy and paste the content of CKFiles.txt into your next reply.

.

:step3: Please run a fresh FRST scan. Please copy and paste the contents of both the "FRST.txt" and "Addition.txt" scan logs into your next reply.

.


Again, please, do not use code or quote boxes. Just paste the logs DIRECTLY into the "Reply" screen.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,728 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:15 AM

Posted 13 May 2017 - 09:59 AM

Bruno:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,728 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:15 AM

Posted 15 May 2017 - 12:14 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users