Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unsupported 16-bit application


  • This topic is locked This topic is locked
23 replies to this topic

#1 fabiotosh

fabiotosh

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 12 March 2018 - 04:14 PM

Hi all,

 

When I start my Windows 7, I'm getting a message about an "unsupported 16-bit application", and it's specially weird because the software that it's causing the error is my anti-virus (Avast). As far I could find in Google, probably it's a malware.

 

I hope that you guys can help me! Thx!

 

My log files below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2018 01
Ran by toshiro (administrator) on TOSHIRO-PC (12-03-2018 17:58:26)
Running from C:\Users\toshiro\Downloads
Loaded Profiles: toshiro (Available Profiles: toshiro)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FSPro Labs) C:\Program Files\ML\mylbx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [mylbx] => C:\Program Files\ML\mylbx.exe [2207080 2012-05-24] (FSPro Labs)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-12] (AVAST Software)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Run: [Google Update] => C:\Users\toshiro\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-16] (Google Inc.)
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Run: [Dropbox Update] => C:\Users\toshiro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1768671057-2059275226-2382856247-1000] => coral.ufscar.br:3128
Tcpip\Parameters: [DhcpNameServer] 10.59.128.1
Tcpip\..\Interfaces\{77B3FC98-3BC7-46FA-9864-F9468C3FE254}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A7F5286B-963C-4569-A9C0-21DB6C01E131}: [DhcpNameServer] 10.1.0.1
Tcpip\..\Interfaces\{FEB13DFF-0CD5-4D21-97DE-3B916FE6C132}: [DhcpNameServer] 10.59.128.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180211__yaie
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = 
SearchScopes: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180211__yaie&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-27] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\toshiro\AppData\Roaming\Mozilla\Firefox\Profiles\5nrl30m0.default-1434533844913 [2018-03-12]
FF Homepage: Mozilla\Firefox\Profiles\5nrl30m0.default-1434533844913 -> hxxps://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180211__yaff
FF NewTab: Mozilla\Firefox\Profiles\5nrl30m0.default-1434533844913 -> hxxps://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180211__yaff
FF SearchPlugin: C:\Users\toshiro\AppData\Roaming\Mozilla\Firefox\Profiles\5nrl30m0.default-1434533844913\searchplugins\yahoo-lavasoft.xml [2018-02-11]
FF HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\toshiro\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-19] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: @asperasoft.com/AsperaConnect -> C:\Users\toshiro\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.7.0\npasperaweb_3.7.0.138427.dll [2017-01-23] (Aspera, Inc. )
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\toshiro\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: @talk.google.com/O1DPlugin -> C:\Users\toshiro\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: @tools.google.com/Google Update;version=3 -> C:\Users\toshiro\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: @tools.google.com/Google Update;version=9 -> C:\Users\toshiro\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\toshiro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: gastecnologia.com.br/sf/bb64 -> C:\Users\toshiro\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\toshiro\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\toshiro\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\warsaw.cfg [2018-03-12] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default [2018-03-12]
CHR Extension: (Slides) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-10]
CHR Extension: (YouTube) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-10]
CHR Extension: (Sheets) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-12]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-10]
CHR Extension: (Chrome Media Router) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-12] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-12] (AVAST Software)
S4 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
S4 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
S4 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
S4 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1068376 2017-12-14] (GAS Tecnologia LTDA)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [196648 2018-03-12] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-12] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [199440 2018-03-12] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [343752 2018-03-12] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [57680 2018-03-12] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [215320 2018-03-12] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46968 2018-03-12] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [41832 2017-09-05] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [146656 2018-03-12] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110328 2018-03-12] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84368 2018-03-12] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1026696 2018-03-12] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [460520 2018-03-12] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [205976 2018-03-12] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380528 2018-03-12] (AVAST Software)
R3 DDDriver; C:\windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 dg_ssudbus; C:\windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 FSProFilter; C:\windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs)
S3 libusb0; C:\windows\System32\DRIVERS\libusb0.sys [44480 2013-04-15] (hxxp://libusb-win32.sourceforge.net)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 ssudmdm; C:\windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [116232 2015-03-16] (Oracle Corporation)
R1 wsddfac; C:\windows\System32\drivers\wsddfac.sys [28376 2018-03-12] (GAS Tecnologia)
R1 wsddntf; C:\windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
S1 wsddpp; C:\windows\system32\drivers\wsddpp.sys [44624 2017-12-14] (GAS Tecnologia)
R3 wsddprm; C:\windows\system32\drivers\wsddprm.sys [43608 2017-12-14] (GAS Tecnologia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vdbus; system32\DRIVERS\vdbus.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-12 17:58 - 2018-03-12 17:58 - 000024243 _____ C:\Users\toshiro\Downloads\FRST.txt
2018-03-12 17:58 - 2018-03-12 17:58 - 000000000 ____D C:\FRST
2018-03-12 17:57 - 2018-03-12 17:57 - 002402816 _____ (Farbar) C:\Users\toshiro\Downloads\FRST64.exe
2018-03-12 17:34 - 2018-03-12 17:36 - 000317500 _____ C:\windows\ntbtlog.txt
2018-03-12 17:27 - 2018-03-12 17:27 - 011217568 _____ (Piriform Ltd) C:\Users\toshiro\Downloads\ccsetup540.exe
2018-03-12 17:27 - 2018-03-12 17:27 - 000003870 _____ C:\windows\System32\Tasks\CCleaner Update
2018-03-12 16:15 - 2018-03-12 17:29 - 000000000 ____D C:\windows\Minidump
2018-03-12 16:14 - 2018-03-12 16:13 - 000380768 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2018-03-01 14:56 - 2018-03-01 14:56 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-22 16:51 - 2018-02-22 16:49 - 000611919 _____ C:\Users\toshiro\Downloads\Props etal. 2016_ISME.pdf
2018-02-21 09:08 - 2018-03-12 16:26 - 000000000 ____D C:\Users\toshiro\AppData\Local\Opera Software
2018-02-21 09:08 - 2018-03-12 16:25 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\Opera Software
2018-02-21 09:07 - 2018-03-12 16:26 - 000000000 ____D C:\Program Files\Opera
2018-02-18 14:10 - 2018-02-18 14:10 - 001213287 _____ C:\Users\toshiro\Downloads\Alvares etal. 2014_MZ.pdf
2018-02-11 10:23 - 2018-02-11 10:23 - 000001720 _____ C:\Program Files (x86)\dsengine.cfg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-12 17:55 - 2015-09-20 05:32 - 000000926 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000UA.job
2018-03-12 17:48 - 2009-07-14 01:45 - 000028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-12 17:48 - 2009-07-14 01:45 - 000028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-12 17:42 - 2018-01-31 09:01 - 000004974 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for toshiro-PC-toshiro toshiro-PC
2018-03-12 17:39 - 2017-02-07 12:34 - 000004168 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-03-12 17:37 - 2017-12-13 08:01 - 000000374 _____ C:\windows\system32\Drivers\etc\hosts.ics
2018-03-12 17:37 - 2016-12-27 10:27 - 000028376 _____ (GAS Tecnologia) C:\windows\system32\Drivers\wsddfac.sys
2018-03-12 17:37 - 2009-07-14 02:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-12 17:32 - 2011-12-22 06:28 - 000000000 ____D C:\ProgramData\Sonic
2018-03-12 17:29 - 2015-11-26 15:06 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\TeamViewer
2018-03-12 17:29 - 2015-11-24 20:30 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-12 17:29 - 2012-06-09 13:41 - 000000000 ____D C:\Users\toshiro\Documents\CCleaner
2018-03-12 17:29 - 2012-03-21 17:05 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-12 17:29 - 2009-07-14 00:20 - 000000000 ____D C:\windows\inf
2018-03-12 17:27 - 2012-03-20 15:19 - 000000000 ____D C:\Program Files\CCleaner
2018-03-12 16:55 - 2015-09-20 05:32 - 000000874 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000Core.job
2018-03-12 16:53 - 2014-06-28 02:34 - 000192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2018-03-12 16:42 - 2009-07-14 00:20 - 000000000 ____D C:\windows\system32\NDF
2018-03-12 16:27 - 2009-07-14 02:13 - 000782470 _____ C:\windows\system32\PerfStringBackup.INI
2018-03-12 16:25 - 2017-12-22 16:43 - 000000000 ____D C:\Users\toshiro\AppData\Local\Amazon
2018-03-12 16:13 - 2017-12-22 14:36 - 000215320 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-03-12 16:13 - 2017-11-13 09:52 - 000196648 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-03-12 16:13 - 2017-02-07 12:34 - 000343752 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-03-12 16:13 - 2017-02-07 12:34 - 000227504 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-03-12 16:13 - 2017-02-07 12:34 - 000199440 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-03-12 16:13 - 2017-02-07 12:34 - 000057680 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-03-12 16:13 - 2014-05-02 08:21 - 000046968 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-03-12 16:13 - 2014-01-01 17:50 - 000205976 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-03-12 16:13 - 2013-03-16 11:19 - 000380528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-03-12 16:13 - 2013-03-16 11:19 - 000084368 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-03-12 16:13 - 2012-02-27 23:31 - 001026696 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-03-12 16:13 - 2012-02-27 23:31 - 000460520 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-03-12 16:13 - 2012-02-27 23:31 - 000146656 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-03-12 16:13 - 2012-02-27 23:31 - 000110328 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-03-12 15:16 - 2017-10-16 00:50 - 000003484 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2018-03-10 10:20 - 2012-02-27 09:00 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\PCDr
2018-03-08 23:51 - 2012-02-21 14:51 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\Skype
2018-03-08 18:22 - 2015-02-13 11:22 - 000000426 _____ C:\windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2018-03-07 12:33 - 2012-06-09 13:31 - 000000000 ____D C:\Users\toshiro\Documents\Comprovantes
2018-03-07 10:33 - 2012-03-27 21:26 - 000000000 ___RD C:\Users\toshiro\Dropbox
2018-03-05 19:55 - 2016-10-29 17:47 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\vlc
2018-03-01 14:56 - 2012-03-27 21:23 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\Dropbox
2018-02-28 00:02 - 2017-01-10 06:56 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-27 23:31 - 2014-12-23 12:58 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-24 20:48 - 2015-11-03 15:51 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-22 16:29 - 2018-02-09 10:01 - 000000000 ____D C:\Users\toshiro\Downloads\renew_visa
2018-02-11 11:05 - 2017-07-08 12:01 - 000004482 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-02-11 11:05 - 2012-04-03 00:37 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-02-11 11:05 - 2011-12-22 06:13 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-11 11:05 - 2011-12-22 06:13 - 000000000 ____D C:\windows\system32\Macromed
2018-02-11 11:04 - 2014-08-26 12:25 - 000000000 ____D C:\Users\toshiro\AppData\Local\Adobe
2018-02-11 11:04 - 2011-12-22 06:13 - 000000000 ____D C:\windows\SysWOW64\Macromed
 
==================== Files in the root of some directories =======
 
2018-02-11 10:23 - 2018-02-11 10:23 - 000001720 _____ () C:\Program Files (x86)\dsengine.cfg
2012-09-04 23:42 - 2012-09-04 23:42 - 000000005 _____ () C:\Users\toshiro\AppData\Roaming\mbam.context.scan
2012-05-30 21:38 - 2017-11-09 19:01 - 000051712 _____ () C:\Users\toshiro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-27 22:50 - 2012-02-27 22:50 - 000001549 _____ () C:\Users\toshiro\AppData\Local\PDLSetup.20120227.225030.txt
2012-02-27 22:51 - 2012-02-27 22:51 - 000001549 _____ () C:\Users\toshiro\AppData\Local\PDLSetup.20120227.225123.txt
2015-08-25 03:49 - 2015-08-25 03:49 - 000001588 _____ () C:\Users\toshiro\AppData\Local\recently-used.xbel
2017-04-07 19:37 - 2017-04-07 19:37 - 000007666 _____ () C:\Users\toshiro\AppData\Local\Resmon.ResmonCfg
2012-07-07 12:48 - 2012-07-07 12:48 - 000000000 _____ () C:\Users\toshiro\AppData\Local\rx_image32.Cache
2017-05-01 09:50 - 2018-02-08 12:10 - 000166912 _____ () C:\Users\toshiro\AppData\Local\WebpageIcons.db
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-09 10:51
 

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by toshiro (12-03-2018 17:59:14)
Running from C:\Users\toshiro\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-02-21 17:46:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1768671057-2059275226-2382856247-500 - Administrator - Disabled)
Guest (S-1-5-21-1768671057-2059275226-2382856247-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1768671057-2059275226-2382856247-1022 - Limited - Enabled)
toshiro (S-1-5-21-1768671057-2059275226-2382856247-1000 - Administrator - Enabled) => C:\Users\toshiro
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{FD868C71-6CCF-42E2-B90D-0504AB0036FE}) (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aspera Connect 3.7.0.138427 (HKLM-x32\...\{B6697A31-67BB-412D-A22F-05C3367B8A75}) (Version: 3.7.0.138427 - IBM Corp.) Hidden
Aspera Connect 3.7.0.138427 (HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Aspera Connect 3.7.0.138427) (Version: 3.7.0.138427 - IBM Corp.)
Attune Cytometric Software (HKLM\...\{3EC64233-6B00-4183-B26A-0502F803B968}) (Version: 2.1 - Life Technologies) Hidden
Attune Cytometric Software (HKLM-x32\...\InstallShield_{3EC64233-6B00-4183-B26A-0502F803B968}) (Version: 2.1 - Life Technologies)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.1.56462 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Dropbox) (Version: 44.4.58 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
ImageJ 1.47v (HKLM\...\ImageJ_is1) (Version:  - NIH)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 7 Update 21 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mendeley Desktop 1.6 (HKLM-x32\...\Mendeley Desktop) (Version: 1.6 - Mendeley Ltd.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Lockbox 2.8.5 (HKLM\...\My Lockbox_is1) (Version: 2.8.5 - )
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
Origin90 (HKLM-x32\...\{685A89CB-DF27-42D6-A623-34F40DBBFFB2}) (Version: 9.00.00 - OriginLab Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Python 2.7.12 (64-bit) (HKLM\...\{9DA28CE5-0AA5-429E-86D8-686ED898C666}) (Version: 2.7.12150 - Python Software Foundation)
QGIS Dufour 2.0.1 Dufour (HKLM\...\QGIS Dufour) (Version:  - QGIS Development Team)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.143 - RStudio)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SAP Crystal Reports runtime engine for .NET Framework 4 (64-bit) (HKLM\...\{3CD25975-A787-4E44-9990-DBE887266DF9}) (Version: 13.0.1.220 - SAP)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suporte para Aplicativos Apple (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual MINTEQ (HKLM-x32\...\{8FC4E22A-979B-451B-8815-F582D2F6BA8C}) (Version: 3.11 - KTH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Warsaw 2.3.0.83 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.3.0.83 - GAS Tecnologia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{04A9E854-6F47-4F37-8A10-F896717F0329}\InprocServer32 -> C:\Users\toshiro\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.7.0\npasperaweb64_3.7.0.138427.dll (Aspera, Inc. )
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\toshiro\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{AD17B774-7F87-4141-BB9C-2AEE3841DC4E}\InprocServer32 -> C:\Users\toshiro\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.7.0\npasperaweb64_3.7.0.138427.dll (Aspera, Inc. )
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\toshiro\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ContextMenuHandlers1-x32: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-05-19] (Intel Corporation)
ContextMenuHandlers1-x32: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => c:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-11] (TODO: <Company name>)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-04-10] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-1768671057-2059275226-2382856247-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1768671057-2059275226-2382856247-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1768671057-2059275226-2382856247-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E455E62-5E6F-4527-A0AD-84B0B8DFFD16} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {0FA4AEB6-5259-434B-8704-0197B8A1D347} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19] (Microsoft)
Task: {1D6AA5C7-C568-435D-AACC-B126326E617E} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {1EF6DB20-D897-4361-839F-9C3ED6E7723C} - System32\Tasks\{F7AB7FB5-443C-4658-BDD8-90E98EB28922} => C:\windows\system32\pcalua.exe -a C:\Users\toshiro\Downloads\cs_zbot\zbot_install.exe -d C:\Users\toshiro\Downloads\cs_zbot
Task: {2E73B2B9-0FF3-4583-A364-6B8E4973A238} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-10] (AVAST Software)
Task: {322B8DA9-87BE-44D5-921B-979607D6C820} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000UA => C:\Users\toshiro\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3D0BEF66-561C-477C-A06E-2D0006DE6DBA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {3E275A6C-529A-480B-BB7C-8B2A4A6E5C9A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000Core => C:\Users\toshiro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {3EA32D07-A9C0-4B6A-AEEC-3FA40180FB2B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000Core => C:\Users\toshiro\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {402EE909-C70C-48EA-9ABD-1BF4898FFEA4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {46E531D1-3B87-4590-B55E-022308E752DF} - System32\Tasks\SafeZone scheduled Autoupdate 1458756857 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {531106CD-E91E-4C37-B25D-F2BF2AA5ED15} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {659C6B7C-33A1-4831-8BC0-27346124A7D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6F5E7BE4-65BD-4A39-8509-9E6941FB64E9} - System32\Tasks\Microsoft Office 15 Sync Maintenance for toshiro-PC-toshiro toshiro-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {71662E4E-DBDA-437D-99FC-C9E71B04D7BE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-12] (AVAST Software)
Task: {75AC3B76-CAC6-4251-B622-3FCEF16E8B17} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {76309B55-203E-4A68-A8C6-44E003D0CF4A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {76309B55-203E-4A68-A8C6-44E003D0CF4A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser
Task: {7EC7E681-1F54-4BBB-897C-F35FE0EC48FB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {84B41F86-FBCD-4B77-9ADF-CA1875DB29B0} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\windows\TEMP\is-QG6LD.tmp\corefixer.exe <==== ATTENTION
Task: {94FB2181-725C-4BD7-80F6-829BEFEC4C21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {AB4BEC60-2D09-49AF-ABC5-3BB55C0CA58B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {B143540C-F6E7-4645-891F-4122B93BCC5C} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe
Task: {B7814F9E-7C58-48D2-A620-D63FC0164417} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {BB583E26-A73B-4817-B3C3-7610E1ECFDAE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-11] (Adobe Systems Incorporated)
Task: {C93CCB33-3859-4176-BECA-13125418AA8D} - System32\Tasks\{3A605CB8-FE68-45E0-B20E-0C46C33D950E} => C:\windows\system32\pcalua.exe -a C:\Users\toshiro\Desktop\VirtualBox-4.3.26-98988-Win.exe -d C:\Users\toshiro\Desktop
Task: {C977FBA0-A966-4B29-85B5-0D61739117B1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {CD384F61-B050-4B8D-A96B-808D8DF72534} - System32\Tasks\Install Warsaw CA on Firefox => C:\windows\TEMP\sch_install_ca.bat <==== ATTENTION
Task: {DFB82734-3C75-47DE-B6B7-5CEED3F63C3C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000UA => C:\Users\toshiro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {E52D1713-E0F5-4369-8ED5-EEA145A29EF6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {F6974AEE-E38B-4C97-92B8-2B1F71442796} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DailyGatedCheck
Task: {F6974AEE-E38B-4C97-92B8-2B1F71442796} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(4): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {FC287422-B29A-467F-A572-08BE937DC41F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {FF8EC073-8BF0-4A76-AD28-E5FBA5D0D7BB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000Core.job => C:\Users\toshiro\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000UA.job => C:\Users\toshiro\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-09-15 20:46 - 2011-09-15 20:46 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-12-22 07:44 - 2011-04-10 15:40 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000721624 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-02-28 00:01 - 2018-02-22 00:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-28 00:01 - 2018-02-22 00:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2018-02-11 11:05 - 2018-02-11 11:05 - 031237632 _____ () C:\windows\system32\Macromed\Flash\pepflashplayer64_28_0_0_161.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-12 15:02 - 2018-03-12 15:02 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18031202\algo.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000339672 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2012-06-22 23:59 - 2010-06-30 14:03 - 000051512 _____ () C:\Program Files\ML\fspflt.dll
2012-09-20 21:23 - 2015-11-18 09:04 - 000074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2012-09-20 21:23 - 2015-11-18 09:04 - 000052256 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
2015-02-03 15:44 - 2015-02-03 15:44 - 000169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-12-22 06:12 - 2010-11-06 02:50 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\toshiro\Downloads\Cuellar-Gempeler & Leibold 2018_ISME.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Cuellar-Gempeler & Leibold 2018_ISME.pdf:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\toshiro\Downloads\Endnote 13 win:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\EndNote X5 v15 Cracked - EAT:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\EndNote X7:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Lima-Mendez etal. 2015_Science.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Lima-Mendez etal. 2015_Science.pdf:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\toshiro\Downloads\Louca etal. 2016_Nature_Ecology_Evolution.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Louca etal. 2016_Nature_Ecology_Evolution.pdf:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\toshiro\Downloads\Louca etal. 2016_Science.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Louca etal. 2016_Science.pdf:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\toshiro\Downloads\Presentation1.pptx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Props etal. 2016_ISME.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Props etal. 2016_ISME.pdf:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\toshiro\Downloads\report_thesis.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Documents\FAPROTAX:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Documents\Illumina:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Documents\Manuscripts:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Documents\Mestrado:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Documents\Past:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Documents\PhD:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\batfile\DefaultIcon: %SystemRoot%\SysWow64\imageres.dll,-68 <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\SysWow64\imageres.dll,-68 <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\bb.com.br -> aapj.bb.com.br
IE trusted site: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\gastecnologia.com.br -> cloud.gastecnologia.com.br
IE trusted site: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:34 - 2014-07-09 14:03 - 000000027 ____N C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\toshiro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.59.128.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: Apple Mobile Device => 3
MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: DellUpdate => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SupportAssistAgent => 3
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Dropbox Update => "C:\Users\toshiro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Google Update => "C:\Users\toshiro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\toshiro\AppData\Roaming\Yontoo\YontooDesktop.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{67D27EA1-C187-490F-A2CA-323E06A7EFB7}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{B6DB190A-BC36-4DCE-A042-79E37A7AAAC1}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{753E1536-F804-499E-903B-F08DC276C013}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{35BE7222-0792-482B-8F05-9AE28ACE57CB}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{276A83E9-C816-4314-8825-35BD386F1B7E}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{6D7BA307-7B6E-45FE-8B93-3834DEEDC7EC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{402BC551-236A-4EA7-8426-BA22FA51C4C5}] => (Allow) LPort=2869
FirewallRules: [{646B7694-2688-472B-8929-936A23B4FF8D}] => (Allow) LPort=1900
FirewallRules: [{AA334AB2-B2D5-49DB-B75A-1746DE6A2DC5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{93D4CBED-C495-45ED-9E37-E7D7A67BC701}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{289297BC-075D-445C-A3B6-C08CE21F56E8}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [UDP Query User{67B4DA5D-D440-4DC0-A20C-1088BEB13AC9}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [{F87FA394-E0D2-424F-B424-3721A4DBCC66}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6DF40E31-756F-41A0-A0F4-6E68338AB2DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1290BE27-ECF1-44AF-A826-42F3CBD7F211}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E4E5C04-C13E-4154-A153-60450F956341}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D96DC799-4DAE-4619-B2D3-75CA34C85043}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9A70FA02-C224-48CC-988A-01C5065D6440}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{8FD89953-B0FE-4E4E-BCA0-41929D6D36D0}] => (Allow) C:\Users\toshiro\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C0452018-B4D0-428B-BAB8-11497A798BE0}] => (Allow) C:\Users\toshiro\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{548E0BEF-A2A5-42C6-9512-9EE4FFAA3457}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{38B51345-74AC-4E45-BA83-48E4D95A9F5A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{39B9B37B-1D20-4017-A9EC-6424F77CF667}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Block) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [UDP Query User{FE60B67D-91F7-44C9-AB14-27C4ED806F9D}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Block) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [{2FC70DF2-67C3-4C56-B258-07048157911D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{050D006C-A219-4113-8E2A-94202A57143D}C:\users\toshiro\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\toshiro\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1640757E-9DE8-406A-8149-360DE320B29C}C:\users\toshiro\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\toshiro\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C64AF55D-7068-404A-9DD0-F0CD1681B067}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{99DC8809-6ECF-4172-A0DA-67D09A2F5A3C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{35EC0F56-BBFF-4159-9116-B2FD091D7B54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{DA06CCB5-9692-4857-BE01-4C1517C0AA3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{1B128C03-24D6-4AAB-9FAD-EA6E1C96D154}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{6F347235-3069-41FF-880B-D7F5A2B9BEAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{312ED2BE-0405-4F5F-900C-6C42B213D4A6}C:\program files\imagej\imagej.exe] => (Allow) C:\program files\imagej\imagej.exe
FirewallRules: [UDP Query User{B49C3D42-909A-426B-8734-587FAE9670E7}C:\program files\imagej\imagej.exe] => (Allow) C:\program files\imagej\imagej.exe
FirewallRules: [{D480EE0E-3E12-47EF-B3E7-026859C8CAC8}] => (Block) C:\program files\imagej\imagej.exe
FirewallRules: [{26950B96-5A59-4E60-BECE-318A0F171C96}] => (Block) C:\program files\imagej\imagej.exe
FirewallRules: [{F46D99AF-A2B7-4863-96C6-AF6E25D06FB4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{000F4E82-D716-496A-BFA4-4A5E5746C758}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9E0D37DE-FEF9-4E93-8A5A-9A06BED33782}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C5E9DE67-A1D6-4DFA-AA99-B4F81DFCF32E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B6136C27-1405-4834-A115-A67D027B5BB6}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{2840C401-D606-46D1-BAD3-001119BD0243}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{8B0CCC47-4A59-4F82-AA79-11D5FC4A805A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{579500F3-A28E-4C85-96BB-209BF3FCC87B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{9D61EEE9-EB02-4EA9-8A0B-B354E169670E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C8782A1C-5AB1-428F-80AB-D3228FA483CE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{16026593-899F-4104-87B4-5E6730921469}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C1C0EE24-3180-4251-887A-BEBC2725C025}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3923E2DB-D888-4A14-B9BB-F3179C84C917}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9F07DCC3-4476-407B-B591-49D78A4548F9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{01B0AB92-A325-40AD-9D3E-A8C043AB3BCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0BA2FB39-6A53-48C1-A22B-B68CD1C3C884}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{755FDE30-3701-4DC9-A358-FD703E9120ED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{25133C67-BDEB-45AF-A08F-437CB0B37B7C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{5D3B8F17-D95B-4760-A3FD-7C8342523AA9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{5650A68C-FF12-4BE4-A5C5-CA541D6DE9A4}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{1CAC931C-92C0-49D5-8E11-0FC7F656DBEF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{7526458B-8E5D-4B51-9138-9697675CFC04}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{C183AC73-4C11-46AB-BBA6-5EE5FF30C51B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{83E5F67E-FD48-4E51-B835-8DCA48F1A2DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B07D3B73-7859-4DEA-AE31-8CB127163999}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{92C5AC68-78CF-4217-BB0B-FEDE578BD0BF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A98A0063-B6D2-402A-A761-B29444CB1728}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
25-01-2018 09:07:29 Scheduled Checkpoint
01-02-2018 11:58:59 Scheduled Checkpoint
09-02-2018 11:30:07 Scheduled Checkpoint
17-02-2018 10:19:17 Scheduled Checkpoint
24-02-2018 20:00:04 Scheduled Checkpoint
05-03-2018 14:07:41 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: HP LaserJet P3005
Description: HP LaserJet P3005
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Warsaw - Driver (PP)
Description: Warsaw - Driver (PP)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: wsddpp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Intel® Centrino® WiMAX 6150
Description: Intel® Centrino® WiMAX 6150
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: bpmp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/12/2018 05:37:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/12/2018 05:36:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/12/2018 05:31:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/12/2018 04:30:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/12/2018 04:22:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/12/2018 04:18:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/12/2018 03:54:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/12/2018 02:56:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (03/12/2018 05:52:11 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (03/12/2018 05:45:12 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (03/12/2018 05:39:01 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (03/12/2018 05:37:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error: 
The specified module could not be found.
 
Error: (03/12/2018 05:36:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.
 
Error: (03/12/2018 05:36:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/12/2018 05:36:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (03/12/2018 05:34:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
 
Date: 2012-04-14 01:50:49.253
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2012-04-14 01:50:49.237
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 52%
Total physical RAM: 6051.18 MB
Available physical RAM: 2863.06 MB
Total Virtual: 12100.57 MB
Available Virtual: 8976.98 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:441.15 GB) NTFS
 
\\?\Volume{a2fe4d46-2c7b-11e1-a0f2-806e6f6e6963}\ (Recovery) (Fixed) (Total:14.65 GB) (Free:5.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: C45CE993)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.9 GB) - (Type=07 NTFS)
 

==================== End of Addition.txt ============================ 

 

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:24 AM

Posted 14 March 2018 - 08:16 AM

fabiotosh:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two, but I hope to respond later today.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:24 AM

Posted 14 March 2018 - 11:19 AM

fabiotosh:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Unfortunately, in going over your logs, I see evidence of a software utility, or utilities, used to evade software licensing requirements for one or more programs. You might not be aware of this/these program(s), so I am NOT accusing you of knowingly installing this/these program(s) on your computer.

Bleeping Computer does not condone software piracy. Downloading and using such software, apart from being illegal by infringing on copyrights, is a MAJOR attack vector for malware. If you use such software, it is not a question of "IF" your computer will be infected, but only "WHEN", and by HOW MANY different variants of malware!

I am going to ask you to remove any and all software that you do not own, and to uninstall the software that is evading licensing requirements. If you are not aware of these software utility, or utilities, then you will have to accept, that as a part of my "fix" for your computer, the disinfection scripts and utilities will remove/disable any, and all, such software, tasks, etc., designed to evade legal software licencing requirements detected in the scan logs. Some of the anti-malware tools that I use will automatically quarantine software "cracks", without notice, so if you are not willing to take the chance of one or more "cracked" programs being disabled, please let me know right away.

If is agreeable to you to uninstall the "cracked" sofware, then after you have uninstalled any illicit software, please run the following scan for me.

If it is not agreeable to you, then please let me know and I will conclude your topic.

.

:step2: ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please copy and paste the content of CKFiles.txt into your next reply.

.

:step3: Please run a fresh FRST scan. Please copy and paste the contents of both the "FRST.txt" and "Addition.txt" scan logs into your next reply, or replies. Sometimes, when the FRST logs are large, you have to post each log individually.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 fabiotosh

fabiotosh
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 15 March 2018 - 02:29 PM

Dear Phil,

 

I wasn't aware about the softwares/utilities. So, it's ok for me to remove it in order to clean my computer.

First log of the CKScanner (see below) showed some programs/softwares that for sure are not risky: warsaw (it's a bank app), qgis dofour, r, rstudio and python27. 

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\diebold\warsaw\windivert.dll
c:\program files\qgis dufour\apps\python27\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\qgis dufour\apps\python27\lib\site-packages\numpy\f2py\crackfortran.pyc
c:\program files\r\r-3.3.1\library\survival\tests\data.cracks
c:\program files\rstudio\bin\msys-ssh-1000-18\ssh-keygen.exe
c:\python27\lib\site-packages\numpy\f2py\crackfortran.py
c:\python27\lib\site-packages\numpy\f2py\crackfortran.pyc
c:\users\toshiro\documents\programas\origin\crack\install_info.txt
c:\users\toshiro\documents\programas\origin\crack\install_license.cmd
c:\users\toshiro\documents\programas\origin\crack\ok9.dll
c:\users\toshiro\documents\programas\origin\crack\ok9_64.dll
c:\users\toshiro\documents\programas\origin\crack\orglab.lic
c:\users\toshiro\documents\programas\origin_pro_8.0\crack.rar
c:\users\toshiro\documents\programas\origin_pro_8.0\crack\ok80.dll
c:\users\toshiro\documents\programas\origin_pro_8.0\crack\orglab.lic
c:\users\toshiro\documents\programas\origin_pro_8.0\crack\readme.txt
c:\users\toshiro\downloads\endnote x5 v15 cracked - eat\eat.nfo
c:\users\toshiro\downloads\endnote x5 v15 cracked - eat\eat.nfo.txt
c:\users\toshiro\downloads\endnote x5 v15 cracked - eat\enx5inst_v15.0.0.5478.exe
c:\users\toshiro\downloads\endnote x5 v15 cracked - eat\file_id.diz
c:\users\toshiro\downloads\endnote x5 v15 cracked - eat\crack\endnote.exe
c:\users\toshiro\downloads\endnote x7\info serial crack.txt
c:\users\toshiro\downloads\endnote x7\crack\endnote.exe
scanner sequence 3.ZZ.11.JRAPUZ
 ----- EOF ----- 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2018 01
Ran by toshiro (administrator) on TOSHIRO-PC (15-03-2018 16:20:36)
Running from C:\Users\toshiro\Downloads
Loaded Profiles: toshiro (Available Profiles: toshiro)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(FSPro Labs) C:\Program Files\ML\mylbx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dropbox, Inc.) C:\Users\toshiro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\toshiro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\toshiro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [mylbx] => C:\Program Files\ML\mylbx.exe [2207080 2012-05-24] (FSPro Labs)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-12] (AVAST Software)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [221216 2015-11-18] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Run: [Google Update] => C:\Users\toshiro\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-16] (Google Inc.)
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Run: [Dropbox Update] => C:\Users\toshiro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-1768671057-2059275226-2382856247-1000] => coral.ufscar.br:3128
Tcpip\Parameters: [DhcpNameServer] 10.59.128.1
Tcpip\..\Interfaces\{77B3FC98-3BC7-46FA-9864-F9468C3FE254}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A7F5286B-963C-4569-A9C0-21DB6C01E131}: [DhcpNameServer] 10.1.0.1
Tcpip\..\Interfaces\{FEB13DFF-0CD5-4D21-97DE-3B916FE6C132}: [DhcpNameServer] 10.59.128.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180211__yaie
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = 
SearchScopes: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180211__yaie&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-27] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\toshiro\AppData\Roaming\Mozilla\Firefox\Profiles\5nrl30m0.default-1434533844913 [2018-03-12]
FF Homepage: Mozilla\Firefox\Profiles\5nrl30m0.default-1434533844913 -> hxxps://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180211__yaff
FF NewTab: Mozilla\Firefox\Profiles\5nrl30m0.default-1434533844913 -> hxxps://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180211__yaff
FF SearchPlugin: C:\Users\toshiro\AppData\Roaming\Mozilla\Firefox\Profiles\5nrl30m0.default-1434533844913\searchplugins\yahoo-lavasoft.xml [2018-02-11]
FF HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\toshiro\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-19] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: @asperasoft.com/AsperaConnect -> C:\Users\toshiro\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.7.0\npasperaweb_3.7.0.138427.dll [2017-01-23] (Aspera, Inc. )
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\toshiro\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: @talk.google.com/O1DPlugin -> C:\Users\toshiro\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: @tools.google.com/Google Update;version=3 -> C:\Users\toshiro\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: @tools.google.com/Google Update;version=9 -> C:\Users\toshiro\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\toshiro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: gastecnologia.com.br/sf/bb64 -> C:\Users\toshiro\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\toshiro\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\toshiro\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\warsaw.cfg [2018-03-15] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default [2018-03-15]
CHR Extension: (Slides) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-10]
CHR Extension: (YouTube) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-10]
CHR Extension: (Sheets) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-12]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-10]
CHR Extension: (Chrome Media Router) - C:\Users\toshiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-12] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-12] (AVAST Software)
S4 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
S4 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
S4 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
S4 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1068376 2017-12-14] (GAS Tecnologia LTDA)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [196648 2018-03-12] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [227504 2018-03-12] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [199440 2018-03-12] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [343752 2018-03-12] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [57680 2018-03-12] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [215320 2018-03-12] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46968 2018-03-12] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [41832 2017-09-05] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [146656 2018-03-12] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [110328 2018-03-12] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [84368 2018-03-12] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1026696 2018-03-12] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [460520 2018-03-12] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [205976 2018-03-12] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380528 2018-03-12] (AVAST Software)
R3 DDDriver; C:\windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 dg_ssudbus; C:\windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 FSProFilter; C:\windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs)
S3 libusb0; C:\windows\System32\DRIVERS\libusb0.sys [44480 2013-04-15] (hxxp://libusb-win32.sourceforge.net)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 ssudmdm; C:\windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 VBoxUSB; C:\windows\System32\Drivers\VBoxUSB.sys [116232 2015-03-16] (Oracle Corporation)
R1 wsddfac; C:\windows\System32\drivers\wsddfac.sys [28376 2018-03-15] (GAS Tecnologia)
R1 wsddntf; C:\windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
S1 wsddpp; C:\windows\system32\drivers\wsddpp.sys [44624 2017-12-14] (GAS Tecnologia)
R3 wsddprm; C:\windows\system32\drivers\wsddprm.sys [43608 2017-12-14] (GAS Tecnologia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vdbus; system32\DRIVERS\vdbus.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-15 16:20 - 2018-03-15 16:21 - 000024588 _____ C:\Users\toshiro\Downloads\FRST.txt
2018-03-15 16:18 - 2018-03-15 16:19 - 000000000 ____D C:\Users\toshiro\Downloads\bleeping_computer
2018-03-15 16:17 - 2018-03-15 16:17 - 000001667 _____ C:\Users\toshiro\Downloads\ckfiles.txt
2018-03-15 14:45 - 2018-03-15 14:46 - 000468480 _____ () C:\Users\toshiro\Downloads\CKScanner.exe
2018-03-14 10:29 - 2017-03-04 13:22 - 002354711 _____ C:\Users\toshiro\Desktop\Design & Data Experiment 2014.xlsx
2018-03-14 10:19 - 2018-03-14 11:01 - 000015446 _____ C:\Users\toshiro\Desktop\metadata_arena.xlsx
2018-03-14 09:22 - 2015-02-23 07:26 - 016353945 _____ C:\Users\toshiro\Desktop\Design Transplant.pptx
2018-03-14 09:17 - 2018-02-11 14:55 - 000334058 _____ C:\Users\toshiro\Desktop\Eco-Evo Transplant 2014.xlsx
2018-03-14 09:15 - 2018-03-14 09:15 - 000024802 _____ C:\Users\toshiro\Desktop\Plate3_tp2014_final.xlsx
2018-03-14 09:15 - 2018-03-14 09:15 - 000024714 _____ C:\Users\toshiro\Desktop\Plate2_tp2014_final.xlsx
2018-03-14 09:15 - 2018-03-14 09:15 - 000024576 _____ C:\Users\toshiro\Desktop\Plate1_tp2014_final.xlsx
2018-03-13 22:12 - 2018-03-13 22:16 - 000000000 ____D C:\Users\toshiro\Desktop\Pendrive
2018-03-13 14:55 - 2018-03-13 18:33 - 000063071 _____ C:\Users\toshiro\Desktop\metadata_variables_original.xlsx
2018-03-13 14:44 - 2018-03-07 10:33 - 000014391 _____ C:\Users\toshiro\Desktop\CODES FOR THE FCM ANALYSES.xlsx
2018-03-13 13:37 - 2018-02-20 08:07 - 001494005 _____ C:\Users\toshiro\Downloads\Souffreau etal. 2018_Environmental_Microbiology_preprint.pdf
2018-03-13 09:42 - 2018-03-13 09:42 - 000280388 _____ C:\Users\toshiro\Downloads\Prosser etal. 2007_Nature_Microbiology.pdf
2018-03-12 17:58 - 2018-03-15 16:20 - 000000000 ____D C:\FRST
2018-03-12 17:57 - 2018-03-12 17:57 - 002402816 _____ (Farbar) C:\Users\toshiro\Downloads\FRST64.exe
2018-03-12 17:34 - 2018-03-12 17:36 - 000317500 _____ C:\windows\ntbtlog.txt
2018-03-12 17:27 - 2018-03-14 17:28 - 000004128 _____ C:\windows\System32\Tasks\CCleaner Update
2018-03-12 16:15 - 2018-03-12 17:29 - 000000000 ____D C:\windows\Minidump
2018-03-12 16:14 - 2018-03-12 16:13 - 000380768 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2018-03-01 14:56 - 2018-03-01 14:56 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-22 16:51 - 2018-02-22 16:49 - 000611919 _____ C:\Users\toshiro\Downloads\Props etal. 2016_ISME.pdf
2018-02-21 09:08 - 2018-03-12 16:26 - 000000000 ____D C:\Users\toshiro\AppData\Local\Opera Software
2018-02-21 09:08 - 2018-03-12 16:25 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\Opera Software
2018-02-21 09:07 - 2018-03-12 16:26 - 000000000 ____D C:\Program Files\Opera
2018-02-18 14:10 - 2018-02-18 14:10 - 001213287 _____ C:\Users\toshiro\Downloads\Alvares etal. 2014_MZ.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-15 15:55 - 2015-09-20 05:32 - 000000926 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000UA.job
2018-03-15 12:41 - 2018-01-31 09:01 - 000004974 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for toshiro-PC-toshiro toshiro-PC
2018-03-15 12:28 - 2009-07-14 01:45 - 000028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-15 12:28 - 2009-07-14 01:45 - 000028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-15 09:38 - 2012-02-27 09:00 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\PCDr
2018-03-15 09:36 - 2017-10-16 00:50 - 000003484 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2018-03-15 08:42 - 2017-12-13 08:01 - 000000374 _____ C:\windows\system32\Drivers\etc\hosts.ics
2018-03-15 08:42 - 2016-12-27 10:27 - 000028376 _____ (GAS Tecnologia) C:\windows\system32\Drivers\wsddfac.sys
2018-03-15 08:40 - 2009-07-14 02:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-15 08:39 - 2009-07-14 00:20 - 000000000 ____D C:\windows\inf
2018-03-14 16:55 - 2015-09-20 05:32 - 000000874 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000Core.job
2018-03-14 15:33 - 2012-02-21 14:46 - 000000000 ____D C:\Users\toshiro
2018-03-14 15:07 - 2014-05-01 11:55 - 000000000 ____D C:\Program Files\OriginLab
2018-03-14 15:07 - 2013-05-17 04:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab
2018-03-14 15:07 - 2011-12-22 06:09 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-14 14:27 - 2013-10-25 12:42 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\RStudio
2018-03-14 14:27 - 2013-10-25 09:55 - 000000000 ____D C:\Users\toshiro\AppData\Local\RStudio-Desktop
2018-03-14 14:09 - 2017-05-01 09:50 - 000167936 _____ C:\Users\toshiro\AppData\Local\WebpageIcons.db
2018-03-14 09:14 - 2012-03-27 21:26 - 000000000 ___RD C:\Users\toshiro\Dropbox
2018-03-14 08:32 - 2009-07-14 02:13 - 000782470 _____ C:\windows\system32\PerfStringBackup.INI
2018-03-13 22:15 - 2017-02-07 12:34 - 000004168 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-03-13 22:15 - 2009-07-14 00:20 - 000000000 ____D C:\windows\system32\NDF
2018-03-13 10:01 - 2015-11-24 20:30 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-13 09:53 - 2015-11-26 15:06 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\TeamViewer
2018-03-13 08:24 - 2011-12-22 06:28 - 000000000 ____D C:\ProgramData\Sonic
2018-03-12 17:59 - 2012-02-27 23:30 - 000000000 ____D C:\ProgramData\AVAST Software
2018-03-12 17:29 - 2012-06-09 13:41 - 000000000 ____D C:\Users\toshiro\Documents\CCleaner
2018-03-12 17:29 - 2012-03-21 17:05 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-03-12 17:27 - 2012-03-20 15:19 - 000000000 ____D C:\Program Files\CCleaner
2018-03-12 16:53 - 2014-06-28 02:34 - 000192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2018-03-12 16:25 - 2017-12-22 16:43 - 000000000 ____D C:\Users\toshiro\AppData\Local\Amazon
2018-03-12 16:13 - 2017-12-22 14:36 - 000215320 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-03-12 16:13 - 2017-11-13 09:52 - 000196648 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-03-12 16:13 - 2017-02-07 12:34 - 000343752 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-03-12 16:13 - 2017-02-07 12:34 - 000227504 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-03-12 16:13 - 2017-02-07 12:34 - 000199440 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-03-12 16:13 - 2017-02-07 12:34 - 000057680 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-03-12 16:13 - 2014-05-02 08:21 - 000046968 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-03-12 16:13 - 2014-01-01 17:50 - 000205976 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-03-12 16:13 - 2013-03-16 11:19 - 000380528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-03-12 16:13 - 2013-03-16 11:19 - 000084368 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-03-12 16:13 - 2012-02-27 23:31 - 001026696 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-03-12 16:13 - 2012-02-27 23:31 - 000460520 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-03-12 16:13 - 2012-02-27 23:31 - 000146656 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-03-12 16:13 - 2012-02-27 23:31 - 000110328 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-03-08 23:51 - 2012-02-21 14:51 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\Skype
2018-03-08 18:22 - 2015-02-13 11:22 - 000000426 _____ C:\windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2018-03-07 12:33 - 2012-06-09 13:31 - 000000000 ____D C:\Users\toshiro\Documents\Comprovantes
2018-03-05 19:55 - 2016-10-29 17:47 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\vlc
2018-03-01 14:56 - 2012-03-27 21:23 - 000000000 ____D C:\Users\toshiro\AppData\Roaming\Dropbox
2018-02-28 00:02 - 2017-01-10 06:56 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-27 23:31 - 2014-12-23 12:58 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-24 20:48 - 2015-11-03 15:51 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-22 16:29 - 2018-02-09 10:01 - 000000000 ____D C:\Users\toshiro\Downloads\renew_visa
 
==================== Files in the root of some directories =======
 
2018-02-11 10:23 - 2018-02-11 10:23 - 000001720 _____ () C:\Program Files (x86)\dsengine.cfg
2012-09-04 23:42 - 2012-09-04 23:42 - 000000005 _____ () C:\Users\toshiro\AppData\Roaming\mbam.context.scan
2012-05-30 21:38 - 2017-11-09 19:01 - 000051712 _____ () C:\Users\toshiro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-27 22:50 - 2012-02-27 22:50 - 000001549 _____ () C:\Users\toshiro\AppData\Local\PDLSetup.20120227.225030.txt
2012-02-27 22:51 - 2012-02-27 22:51 - 000001549 _____ () C:\Users\toshiro\AppData\Local\PDLSetup.20120227.225123.txt
2015-08-25 03:49 - 2015-08-25 03:49 - 000001588 _____ () C:\Users\toshiro\AppData\Local\recently-used.xbel
2017-04-07 19:37 - 2017-04-07 19:37 - 000007666 _____ () C:\Users\toshiro\AppData\Local\Resmon.ResmonCfg
2012-07-07 12:48 - 2012-07-07 12:48 - 000000000 _____ () C:\Users\toshiro\AppData\Local\rx_image32.Cache
2017-05-01 09:50 - 2018-03-14 14:09 - 000167936 _____ () C:\Users\toshiro\AppData\Local\WebpageIcons.db
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-09 10:51
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by toshiro (15-03-2018 16:21:41)
Running from C:\Users\toshiro\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-02-21 17:46:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1768671057-2059275226-2382856247-500 - Administrator - Disabled)
Guest (S-1-5-21-1768671057-2059275226-2382856247-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1768671057-2059275226-2382856247-1022 - Limited - Enabled)
toshiro (S-1-5-21-1768671057-2059275226-2382856247-1000 - Administrator - Enabled) => C:\Users\toshiro
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{FD868C71-6CCF-42E2-B90D-0504AB0036FE}) (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aspera Connect 3.7.0.138427 (HKLM-x32\...\{B6697A31-67BB-412D-A22F-05C3367B8A75}) (Version: 3.7.0.138427 - IBM Corp.) Hidden
Aspera Connect 3.7.0.138427 (HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Aspera Connect 3.7.0.138427) (Version: 3.7.0.138427 - IBM Corp.)
Attune Cytometric Software (HKLM\...\{3EC64233-6B00-4183-B26A-0502F803B968}) (Version: 2.1 - Life Technologies) Hidden
Attune Cytometric Software (HKLM-x32\...\InstallShield_{3EC64233-6B00-4183-B26A-0502F803B968}) (Version: 2.1 - Life Technologies)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Digital Delivery (HKLM-x32\...\{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}) (Version: 1.7.4502.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.1.56462 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Dropbox) (Version: 44.4.58 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
ImageJ 1.47v (HKLM\...\ImageJ_is1) (Version:  - NIH)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 7 Update 21 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mendeley Desktop 1.6 (HKLM-x32\...\Mendeley Desktop) (Version: 1.6 - Mendeley Ltd.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Lockbox 2.8.5 (HKLM\...\My Lockbox_is1) (Version: 2.8.5 - )
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF24 Creator 7.4.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Python 2.7.12 (64-bit) (HKLM\...\{9DA28CE5-0AA5-429E-86D8-686ED898C666}) (Version: 2.7.12150 - Python Software Foundation)
QGIS Dufour 2.0.1 Dufour (HKLM\...\QGIS Dufour) (Version:  - QGIS Development Team)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
RStudio (HKLM-x32\...\RStudio) (Version: 1.0.143 - RStudio)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SAP Crystal Reports runtime engine for .NET Framework 4 (64-bit) (HKLM\...\{3CD25975-A787-4E44-9990-DBE887266DF9}) (Version: 13.0.1.220 - SAP)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Suporte para Aplicativos Apple (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual MINTEQ (HKLM-x32\...\{8FC4E22A-979B-451B-8815-F582D2F6BA8C}) (Version: 3.11 - KTH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Warsaw 2.3.0.83 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.3.0.83 - GAS Tecnologia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{04A9E854-6F47-4F37-8A10-F896717F0329}\InprocServer32 -> C:\Users\toshiro\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.7.0\npasperaweb64_3.7.0.138427.dll (Aspera, Inc. )
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\toshiro\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{AD17B774-7F87-4141-BB9C-2AEE3841DC4E}\InprocServer32 -> C:\Users\toshiro\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.7.0\npasperaweb64_3.7.0.138427.dll (Aspera, Inc. )
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\toshiro\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ContextMenuHandlers1-x32: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-05-19] (Intel Corporation)
ContextMenuHandlers1-x32: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => c:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-11] (TODO: <Company name>)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2011-04-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-04-10] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-12] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-1768671057-2059275226-2382856247-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1768671057-2059275226-2382856247-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1768671057-2059275226-2382856247-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\toshiro\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E455E62-5E6F-4527-A0AD-84B0B8DFFD16} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {0FA4AEB6-5259-434B-8704-0197B8A1D347} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19] (Microsoft)
Task: {1D6AA5C7-C568-435D-AACC-B126326E617E} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {1EF6DB20-D897-4361-839F-9C3ED6E7723C} - System32\Tasks\{F7AB7FB5-443C-4658-BDD8-90E98EB28922} => C:\windows\system32\pcalua.exe -a C:\Users\toshiro\Downloads\cs_zbot\zbot_install.exe -d C:\Users\toshiro\Downloads\cs_zbot
Task: {2E73B2B9-0FF3-4583-A364-6B8E4973A238} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-10] (AVAST Software)
Task: {322B8DA9-87BE-44D5-921B-979607D6C820} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000UA => C:\Users\toshiro\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3D0BEF66-561C-477C-A06E-2D0006DE6DBA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {3E275A6C-529A-480B-BB7C-8B2A4A6E5C9A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000Core => C:\Users\toshiro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {3EA32D07-A9C0-4B6A-AEEC-3FA40180FB2B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000Core => C:\Users\toshiro\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {402EE909-C70C-48EA-9ABD-1BF4898FFEA4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {46E531D1-3B87-4590-B55E-022308E752DF} - System32\Tasks\SafeZone scheduled Autoupdate 1458756857 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {659C6B7C-33A1-4831-8BC0-27346124A7D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6F5E7BE4-65BD-4A39-8509-9E6941FB64E9} - System32\Tasks\Microsoft Office 15 Sync Maintenance for toshiro-PC-toshiro toshiro-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {71662E4E-DBDA-437D-99FC-C9E71B04D7BE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-12] (AVAST Software)
Task: {75AC3B76-CAC6-4251-B622-3FCEF16E8B17} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {76309B55-203E-4A68-A8C6-44E003D0CF4A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {76309B55-203E-4A68-A8C6-44E003D0CF4A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser
Task: {7EC7E681-1F54-4BBB-897C-F35FE0EC48FB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {84B41F86-FBCD-4B77-9ADF-CA1875DB29B0} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\windows\TEMP\is-QG6LD.tmp\corefixer.exe <==== ATTENTION
Task: {94FB2181-725C-4BD7-80F6-829BEFEC4C21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {AB4BEC60-2D09-49AF-ABC5-3BB55C0CA58B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {B143540C-F6E7-4645-891F-4122B93BCC5C} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe
Task: {B7814F9E-7C58-48D2-A620-D63FC0164417} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {BB583E26-A73B-4817-B3C3-7610E1ECFDAE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-11] (Adobe Systems Incorporated)
Task: {C93CCB33-3859-4176-BECA-13125418AA8D} - System32\Tasks\{3A605CB8-FE68-45E0-B20E-0C46C33D950E} => C:\windows\system32\pcalua.exe -a C:\Users\toshiro\Desktop\VirtualBox-4.3.26-98988-Win.exe -d C:\Users\toshiro\Desktop
Task: {C977FBA0-A966-4B29-85B5-0D61739117B1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
Task: {CD384F61-B050-4B8D-A96B-808D8DF72534} - System32\Tasks\Install Warsaw CA on Firefox => C:\windows\TEMP\sch_install_ca.bat <==== ATTENTION
Task: {DFB82734-3C75-47DE-B6B7-5CEED3F63C3C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000UA => C:\Users\toshiro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {E52D1713-E0F5-4369-8ED5-EEA145A29EF6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {F6974AEE-E38B-4C97-92B8-2B1F71442796} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DailyGatedCheck
Task: {F6974AEE-E38B-4C97-92B8-2B1F71442796} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(4): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {FC287422-B29A-467F-A572-08BE937DC41F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {FF8EC073-8BF0-4A76-AD28-E5FBA5D0D7BB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000Core.job => C:\Users\toshiro\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1768671057-2059275226-2382856247-1000UA.job => C:\Users\toshiro\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-09-15 20:46 - 2011-09-15 20:46 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-12-22 07:44 - 2011-04-10 15:40 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000721624 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000912088 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000341720 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000326872 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2018-02-28 00:01 - 2018-02-22 00:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-28 00:01 - 2018-02-22 00:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-15 08:37 - 2018-03-15 08:37 - 005800080 _____ () C:\Program Files\AVAST Software\Avast\defs\18031500\algo.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000756952 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000964824 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000475352 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-03-12 16:13 - 2018-03-12 16:13 - 000339672 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2012-06-22 23:59 - 2010-06-30 14:03 - 000051512 _____ () C:\Program Files\ML\fspflt.dll
2012-09-20 21:23 - 2015-11-18 09:04 - 000074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2012-09-20 21:23 - 2015-11-18 09:04 - 000052256 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
2015-02-03 15:44 - 2015-02-03 15:44 - 000169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-12-22 06:12 - 2010-11-06 02:50 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2018-03-01 14:56 - 2018-02-26 08:24 - 000746312 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-03-01 14:56 - 2018-02-26 08:24 - 002079048 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-01-24 17:17 - 2018-02-26 08:24 - 000100312 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000018896 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\select.pyd
2018-01-24 17:17 - 2018-02-26 08:26 - 000020808 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000035808 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000694232 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000021856 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000130520 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 001856864 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000022880 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-03-01 14:56 - 2018-02-26 08:24 - 000145880 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-03-01 14:56 - 2018-02-26 08:24 - 000116696 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2018-01-24 17:17 - 2018-02-26 08:24 - 000105944 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32api.pyd
2018-01-24 17:17 - 2018-02-26 08:26 - 000022872 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000063312 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000024536 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000077120 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-03-01 14:56 - 2018-02-26 08:24 - 000020952 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000124888 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32file.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000116184 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-03-01 14:56 - 2018-02-26 08:24 - 000392664 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2018-01-24 17:17 - 2018-02-26 08:26 - 000392520 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2018-01-24 17:17 - 2018-02-26 08:26 - 000026464 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000024024 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000175576 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32gui.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000030168 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000043480 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32process.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000026072 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32job.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000048600 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32service.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000057816 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000021840 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2018-01-24 17:17 - 2018-02-26 08:27 - 000023376 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000022864 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2018-01-24 17:17 - 2018-02-26 08:26 - 000066400 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 001798464 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000084944 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\sip.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 001959232 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 003863880 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000155472 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000521544 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000051024 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000043336 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000131400 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000219984 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000204104 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2018-01-24 17:17 - 2018-02-26 08:27 - 000025440 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000060888 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32print.pyd
2018-01-24 17:17 - 2018-02-26 08:27 - 000054616 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000024024 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32profile.pyd
2018-01-24 17:17 - 2018-02-26 08:26 - 000022880 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000028632 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\win32ts.pyd
2018-01-24 17:17 - 2018-02-26 08:26 - 000022368 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-01-24 17:17 - 2018-02-26 08:26 - 000021856 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2018-01-24 17:17 - 2018-02-26 08:27 - 000022368 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000027496 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-01-24 17:17 - 2018-02-26 08:24 - 000349144 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-01-24 17:17 - 2018-02-26 08:27 - 000023904 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000025432 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-03-01 14:56 - 2018-02-26 08:24 - 000036312 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\librsync.dll
2018-01-24 17:17 - 2018-02-26 08:26 - 000021856 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000181064 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-01-24 17:17 - 2018-02-26 08:26 - 000030544 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000024384 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-03-01 14:56 - 2018-02-26 08:26 - 001638208 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-01-24 17:17 - 2018-02-26 08:26 - 000026464 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000546632 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000359744 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-03-01 14:56 - 2018-02-26 08:26 - 000038216 _____ () C:\Users\toshiro\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2018-02-22 13:57 - 2018-02-22 13:57 - 024028656 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2018-02-11 19:53 - 2018-02-11 19:53 - 000392688 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2017-07-31 19:31 - 2017-07-31 19:31 - 072940016 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\toshiro\Desktop\CODES FOR THE FCM ANALYSES.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Desktop\CODES FOR THE FCM ANALYSES.xlsx:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\toshiro\Desktop\Daphnia magna transplant 1.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Desktop\Design & Data Experiment 2014.xlsx:com.dropbox.attributes [260]
AlternateDataStreams: C:\Users\toshiro\Desktop\Design Transplant.pptx:com.dropbox.attributes [260]
AlternateDataStreams: C:\Users\toshiro\Desktop\Eco-Evo Transplant 2014.xlsx:com.dropbox.attributes [260]
AlternateDataStreams: C:\Users\toshiro\Desktop\Eco-Evo Transplant 2014.xlsx:com.dropbox.attrs [56]
AlternateDataStreams: C:\Users\toshiro\Desktop\Final Transplant.docx:com.dropbox.attributes [260]
AlternateDataStreams: C:\Users\toshiro\Downloads\Cuellar-Gempeler & Leibold 2018_ISME.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Cuellar-Gempeler & Leibold 2018_ISME.pdf:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\toshiro\Downloads\functional_slides.pptx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Lima-Mendez etal. 2015_Science.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Lima-Mendez etal. 2015_Science.pdf:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\toshiro\Downloads\Louca etal. 2016_Nature_Ecology_Evolution.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Louca etal. 2016_Nature_Ecology_Evolution.pdf:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\toshiro\Downloads\Louca etal. 2016_Science.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Louca etal. 2016_Science.pdf:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\toshiro\Downloads\Props etal. 2016_ISME.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Props etal. 2016_ISME.pdf:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\toshiro\Downloads\report_thesis.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Souffreau etal. 2018_Environmental_Microbiology_preprint.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Downloads\Souffreau etal. 2018_Environmental_Microbiology_preprint.pdf:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\toshiro\Documents\FAPROTAX:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Documents\Illumina:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Documents\Manuscripts:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Documents\Mestrado:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Documents\Past:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\toshiro\Documents\PhD:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\batfile\DefaultIcon: %SystemRoot%\SysWow64\imageres.dll,-68 <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\SysWow64\imageres.dll,-68 <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\bb.com.br -> aapj.bb.com.br
IE trusted site: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\gastecnologia.com.br -> cloud.gastecnologia.com.br
IE trusted site: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:34 - 2014-07-09 14:03 - 000000027 ____N C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\toshiro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.59.128.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: Apple Mobile Device => 3
MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: DellUpdate => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SupportAssistAgent => 3
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Dropbox Update => "C:\Users\toshiro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Google Update => "C:\Users\toshiro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\toshiro\AppData\Roaming\Yontoo\YontooDesktop.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{67D27EA1-C187-490F-A2CA-323E06A7EFB7}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{B6DB190A-BC36-4DCE-A042-79E37A7AAAC1}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{753E1536-F804-499E-903B-F08DC276C013}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{35BE7222-0792-482B-8F05-9AE28ACE57CB}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{276A83E9-C816-4314-8825-35BD386F1B7E}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{6D7BA307-7B6E-45FE-8B93-3834DEEDC7EC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{402BC551-236A-4EA7-8426-BA22FA51C4C5}] => (Allow) LPort=2869
FirewallRules: [{646B7694-2688-472B-8929-936A23B4FF8D}] => (Allow) LPort=1900
FirewallRules: [{AA334AB2-B2D5-49DB-B75A-1746DE6A2DC5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{93D4CBED-C495-45ED-9E37-E7D7A67BC701}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{289297BC-075D-445C-A3B6-C08CE21F56E8}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [UDP Query User{67B4DA5D-D440-4DC0-A20C-1088BEB13AC9}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Allow) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [{F87FA394-E0D2-424F-B424-3721A4DBCC66}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6DF40E31-756F-41A0-A0F4-6E68338AB2DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1290BE27-ECF1-44AF-A826-42F3CBD7F211}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E4E5C04-C13E-4154-A153-60450F956341}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D96DC799-4DAE-4619-B2D3-75CA34C85043}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9A70FA02-C224-48CC-988A-01C5065D6440}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{8FD89953-B0FE-4E4E-BCA0-41929D6D36D0}] => (Allow) C:\Users\toshiro\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C0452018-B4D0-428B-BAB8-11497A798BE0}] => (Allow) C:\Users\toshiro\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{548E0BEF-A2A5-42C6-9512-9EE4FFAA3457}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{38B51345-74AC-4E45-BA83-48E4D95A9F5A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{39B9B37B-1D20-4017-A9EC-6424F77CF667}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Block) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [UDP Query User{FE60B67D-91F7-44C9-AB14-27C4ED806F9D}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Block) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [{2FC70DF2-67C3-4C56-B258-07048157911D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{050D006C-A219-4113-8E2A-94202A57143D}C:\users\toshiro\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\toshiro\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1640757E-9DE8-406A-8149-360DE320B29C}C:\users\toshiro\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\toshiro\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C64AF55D-7068-404A-9DD0-F0CD1681B067}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{99DC8809-6ECF-4172-A0DA-67D09A2F5A3C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{35EC0F56-BBFF-4159-9116-B2FD091D7B54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{DA06CCB5-9692-4857-BE01-4C1517C0AA3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{1B128C03-24D6-4AAB-9FAD-EA6E1C96D154}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{6F347235-3069-41FF-880B-D7F5A2B9BEAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{312ED2BE-0405-4F5F-900C-6C42B213D4A6}C:\program files\imagej\imagej.exe] => (Allow) C:\program files\imagej\imagej.exe
FirewallRules: [UDP Query User{B49C3D42-909A-426B-8734-587FAE9670E7}C:\program files\imagej\imagej.exe] => (Allow) C:\program files\imagej\imagej.exe
FirewallRules: [{D480EE0E-3E12-47EF-B3E7-026859C8CAC8}] => (Block) C:\program files\imagej\imagej.exe
FirewallRules: [{26950B96-5A59-4E60-BECE-318A0F171C96}] => (Block) C:\program files\imagej\imagej.exe
FirewallRules: [{F46D99AF-A2B7-4863-96C6-AF6E25D06FB4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{000F4E82-D716-496A-BFA4-4A5E5746C758}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9E0D37DE-FEF9-4E93-8A5A-9A06BED33782}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C5E9DE67-A1D6-4DFA-AA99-B4F81DFCF32E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B6136C27-1405-4834-A115-A67D027B5BB6}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{2840C401-D606-46D1-BAD3-001119BD0243}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{8B0CCC47-4A59-4F82-AA79-11D5FC4A805A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{579500F3-A28E-4C85-96BB-209BF3FCC87B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{9D61EEE9-EB02-4EA9-8A0B-B354E169670E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C8782A1C-5AB1-428F-80AB-D3228FA483CE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{16026593-899F-4104-87B4-5E6730921469}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C1C0EE24-3180-4251-887A-BEBC2725C025}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3923E2DB-D888-4A14-B9BB-F3179C84C917}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9F07DCC3-4476-407B-B591-49D78A4548F9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{01B0AB92-A325-40AD-9D3E-A8C043AB3BCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0BA2FB39-6A53-48C1-A22B-B68CD1C3C884}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{755FDE30-3701-4DC9-A358-FD703E9120ED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{25133C67-BDEB-45AF-A08F-437CB0B37B7C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{5D3B8F17-D95B-4760-A3FD-7C8342523AA9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{5650A68C-FF12-4BE4-A5C5-CA541D6DE9A4}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{1CAC931C-92C0-49D5-8E11-0FC7F656DBEF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{7526458B-8E5D-4B51-9138-9697675CFC04}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{C183AC73-4C11-46AB-BBA6-5EE5FF30C51B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{83E5F67E-FD48-4E51-B835-8DCA48F1A2DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B07D3B73-7859-4DEA-AE31-8CB127163999}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{92C5AC68-78CF-4217-BB0B-FEDE578BD0BF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A98A0063-B6D2-402A-A761-B29444CB1728}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0ADCBE56-D414-41C6-8CFA-466261FCE912}] => (Allow) C:\Program Files (x86)\Steam\steam.exe
FirewallRules: [{AD6C31DC-32CD-4418-B7CD-94050985AA88}] => (Allow) C:\Program Files (x86)\Steam\steam.exe
 
==================== Restore Points =========================
 
01-02-2018 11:58:59 Scheduled Checkpoint
09-02-2018 11:30:07 Scheduled Checkpoint
17-02-2018 10:19:17 Scheduled Checkpoint
24-02-2018 20:00:04 Scheduled Checkpoint
05-03-2018 14:07:41 Scheduled Checkpoint
13-03-2018 11:03:56 Scheduled Checkpoint
14-03-2018 15:30:26 Removed Steam
 
==================== Faulty Device Manager Devices =============
 
Name: HP LaserJet P3005
Description: HP LaserJet P3005
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Warsaw - Driver (PP)
Description: Warsaw - Driver (PP)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: wsddpp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Intel® Centrino® WiMAX 6150
Description: Intel® Centrino® WiMAX 6150
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: bpmp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/15/2018 08:41:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/15/2018 08:31:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/14/2018 03:27:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/14/2018 08:28:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/13/2018 10:06:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/13/2018 08:23:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/12/2018 05:37:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/12/2018 05:36:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (03/15/2018 04:10:02 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (03/15/2018 03:52:44 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (03/15/2018 02:40:02 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (03/15/2018 02:33:25 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (03/15/2018 02:29:37 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (03/15/2018 02:20:11 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (03/15/2018 01:09:05 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (03/15/2018 11:43:50 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
 
CodeIntegrity:
===================================
 
Date: 2012-04-14 01:50:49.253
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2012-04-14 01:50:49.237
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 73%
Total physical RAM: 6051.18 MB
Available physical RAM: 1627.01 MB
Total Virtual: 12100.57 MB
Available Virtual: 7728.39 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:440.17 GB) NTFS
 
\\?\Volume{a2fe4d46-2c7b-11e1-a0f2-806e6f6e6963}\ (Recovery) (Fixed) (Total:14.65 GB) (Free:5.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: C45CE993)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:24 AM

Posted 15 March 2018 - 03:30 PM

fabiotosh:

Thank you for running CKScanner for me, which does report any possible suspicious files that could be "cracks." The reason why Bleeping Computer does not support software piracy is because it is a MAJOR attack for malware, and so persons who download and use it, are exposing their computers, and their data, to huge risks, apart from copyright and other legal issues.

NOTICE: Be notified that the anti-malware tools and scripts that I will run to disinfect your computer will remove any illegal software that I/they detect, without notice. In so doing, those tools/scripts might render your computer unbootable, if you have not uninstalled the illegal software in advance of running the tools and scripts.

.

:step1: The computer has Spybot Search & Destroy installed. This program is no longer recommended by Bleeping Computer. Please see this link for more information. Please let me know if you are going to keep it.

.

:step2: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

Start::
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\toshiro\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => not found
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: gastecnologia.com.br/sf/bb64 -> C:\Users\toshiro\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [No File]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vdbus; system32\DRIVERS\vdbus.sys [X]
Task: {531106CD-E91E-4C37-B25D-F2BF2AA5ED15} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
C:\Program Files\KMSpico
File: C:\Windows\SysWow64\imageres.dll
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\toshiro\AppData\Roaming\Yontoo\YontooDesktop.exe"
FirewallRules: [{B6136C27-1405-4834-A115-A67D027B5BB6}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{2840C401-D606-46D1-BAD3-001119BD0243}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{1CAC931C-92C0-49D5-8E11-0FC7F656DBEF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{7526458B-8E5D-4B51-9138-9697675CFC04}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
Folder: C:\Combofix
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:24 AM

Posted 16 March 2018 - 03:26 PM

fabiotosh:
 
Thank you for your Private Message (PM), which stated:
 



Dear Phil,

I"m sending this message because I got a little bit scared about the next steps. I want to uninstall the software that's related to the cracks. Which software should I uninstall?

thanks for all the help!

best,
fabiotosh

 
All help is offered in these public forums, which is why I have posted your PM, so that anyone who is reviewing this thread knows the reason for my response.
 
This is the program that I want you to uninstall.  What you do, after your topic is closed, is your business, but using "cracks" and "keygens" is a surefire way to reinfect your comupter.  Some of these programs bring along others, so I can't effectively disinfect your computer with them present.  The persons who develop these "cracks" and "keygens" don't do it out of the goodness of their hearts!
 

KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )

 
In my experience, some people, unfortunately, do edit the logs we request to remove entries that they know are illegal.  The problem is that if they do that, and we remove its critical registry entries and program folders with a FRST "fixlist" script, when the program is still installed, it won't work properly and the partial removal of the program could completely destabilize your computer; hence, the reason for my warning.
 
The program KMSpico does not appear in your second set of your FRST logs as an "Installed Program", but the firewall rules remain, which led me to be super cautious, just in case you had not uninstalled it, but rather just deleted that line from the FRST "Addition.txt - Installed Programs" log file entries.
 
You also did not state that you had uninstalled any programs, so that made me concerned.  I do not want to do any harm to your computer.  I am here to help you.  So, if you have not uninstalled that program, please do so BEFORE running the FRST "fixlist" script.  That is the only "crack" program that my FRST "fixlist" script is targeting.
 
All of that said, you can simply tell me that you do not want to remove that "crack" program, and I will conclude your topic.  It is, after all, your computer, and we are not the "Internet Police."  It makes no difference to me, personally, whether you run "cracked" programs, but to disinfect your computer effectively, I have to get rid of such programs, as will some of the other standard anti-malware tools that I will use later on, if you wish to continue.
 
Thank you and have a great day.
 
Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:24 AM

Posted 19 March 2018 - 12:28 PM

fabiotosh:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to me or to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#8 fabiotosh

fabiotosh
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 19 March 2018 - 02:17 PM

Dear Phil,

 

Sorry for the delay.

 

"The program KMSpico does not appear in your second set of your FRST logs as an "Installed Program", but the firewall rules remain, which led me to be super cautious, just in case you had not uninstalled it, but rather just deleted that line from the FRST "Addition.txt - Installed Programs" log file entries."

 

I uninstalled it through Control Panel. Why there is still a firewall rule? Should I do something else to remove it completely? (I want to make sure that I removed it before proceed).



#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:24 AM

Posted 20 March 2018 - 10:11 AM

fabiotosh:

 

Thank you for your post.  A lot of those "crack" and "keygen" programs do not uninstall cleanly.  If you have uninstalled KMSpico from the Control Panel, then my FRST "fixlist" script will simply remove its four Firewall Rules and delete the program's folder, if it still exists.  There should be no danger to your computer.

 

Please run the FRST "fixlist" script.  Copy and paste the contents of the "fixlog.txt" file, which will be created after the "fix" is run, into your next reply.

 

Thank you and have a great day.

 

Regards,

-Phil

 

 


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 fabiotosh

fabiotosh
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 20 March 2018 - 03:27 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by toshiro (20-03-2018 17:20:20) Run:1
Running from C:\Users\toshiro\Downloads
Loaded Profiles: toshiro (Available Profiles: toshiro)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\toshiro\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => not found
FF Plugin HKU\S-1-5-21-1768671057-2059275226-2382856247-1000: gastecnologia.com.br/sf/bb64 -> C:\Users\toshiro\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [No File]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vdbus; system32\DRIVERS\vdbus.sys [X]
Task: {531106CD-E91E-4C37-B25D-F2BF2AA5ED15} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
C:\Program Files\KMSpico
File: C:\Windows\SysWow64\imageres.dll
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\toshiro\AppData\Roaming\Yontoo\YontooDesktop.exe"
FirewallRules: [{B6136C27-1405-4834-A115-A67D027B5BB6}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{2840C401-D606-46D1-BAD3-001119BD0243}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{1CAC931C-92C0-49D5-8E11-0FC7F656DBEF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{7526458B-8E5D-4B51-9138-9697675CFC04}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
Folder: C:\Combofix
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\SOFTWARE\Policies\Google" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found
"HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\Software\Mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}" => removed successfully
"HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\Software\MozillaPlugins\gastecnologia.com.br/sf/bb64" => removed successfully
"C:\Users\toshiro\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll" => not found
"HKLM\System\CurrentControlSet\Services\WinDefend" => removed successfully
WinDefend => service removed successfully
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
"HKLM\System\CurrentControlSet\Services\vdbus" => removed successfully
vdbus => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{531106CD-E91E-4C37-B25D-F2BF2AA5ED15} => could not remove. Access Denied.
"C:\windows\System32\Tasks\AutoPico Daily Restart" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => could not remove. Access Denied.
"C:\Program Files\KMSpico" => not found
 
========================= File: C:\Windows\SysWow64\imageres.dll ========================
 
C:\Windows\SysWow64\imageres.dll
File is digitally signed
MD5: 827CB0D6C3F8057EA037FF271F8E9795
Creation and modification date: 2009-07-13 20:42 - 2009-07-13 22:06
Size: 020268032
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: imageres
Original Name: imageres.DLL
Product: Microsoft® Windows® Operating System
Description: Windows Image Resource
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Version: 6.1.7600.16385
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End of File: ======
 
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yontoo Desktop" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6136C27-1405-4834-A115-A67D027B5BB6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2840C401-D606-46D1-BAD3-001119BD0243}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1CAC931C-92C0-49D5-8E11-0FC7F656DBEF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7526458B-8E5D-4B51-9138-9697675CFC04}" => removed successfully
 
========================= Folder: C:\Combofix ========================
 
not found.
 
====== End of Folder: ======
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-03-2018 17:24:14)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{531106CD-E91E-4C37-B25D-F2BF2AA5ED15} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => could not remove. Access Denied.
 
==== End of Fixlog 17:24:14 ====


#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:24 AM

Posted 21 March 2018 - 11:29 AM

fabiotosh:
 
Thank you for your post and for copying and pasting the results of the FRST "fixlog.txt" file.  That looks great! :thumbup2:
 
OK, so we have removed what FRST detected, let's move on to some standard anti-malware scans to see what else might be lurking in your computer.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.
Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.
  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
The Scan log is available through Reports (double-click the appropriate scan log) or you can just double-click the "Last Scan" entry on the Dashboard. Click "Export"., and then select "Copy to Clipboard". Next, please paste the contents of the log into your next reply.

.

:step3: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.
  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
.

Thank you and have a great day.

Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#12 fabiotosh

fabiotosh
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 21 March 2018 - 11:48 AM

Hi Phil,

 

I had to stop already in the first step. Is there another way to disable my anti-virus? Because I can't access my Avast. It was exactly the "behavior" of my anti-virus, showing an alert that can't run since it's "unsupported 16-bit application" that let me thought about a possible infection. 

 

I also tried to turnoff through msconfig, but didn't work. It keeps running in the background (at least, says so).

 

thanks again!



#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:24 AM

Posted 21 March 2018 - 01:22 PM

fabiotosh:

 

Thank you for your post.  Sorry for the delay in responding, but I have eight users that I am helping.  :busy:

 

Please see this link for information on how to disable Avast.  It sounds like your installation might be corrupted, so uninstalling it might be the best way to proceed, if you cannot access the menus in Avast, as stipulated by the post that I linked you to.

 

You could then reinstall Avast after the ESET scan completes.

 

I hope this helps.  Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 fabiotosh

fabiotosh
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 22 March 2018 - 08:25 AM

Hi Phil, 

 

Nothing was found by the Malwarebytes and I didn't proceed with the cleaning process of Adwcleaner. Thanks again!

 

ESET log file:

 

C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO10.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO4.zip Win32/Bagle.gen.zip worm
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application cleaned by deleting
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application cleaned by deleting
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO10.zip Win32/Bagle.gen.zip worm cleaned by deleting
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO4.zip Win32/Bagle.gen.zip worm cleaned by deleting
 
# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 22 13:09:46 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-20.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\AVG Secure Search
PUP.Optional.CouponMarvel, C:\Users\toshiro\AppData\Local\lollipop
 
 
***** [ Files ] *****
 
PUP.Optional.Legacy, C:\Users\toshiro\AppData\Roaming\Mozilla\Firefox\Profiles\5nrl30m0.default-1434533844913\searchplugins\yahoo-lavasoft.xml
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\Software\BI
PUP.Optional.Legacy, [Key] - HKCU\Software\BI
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1768671057-2059275226-2382856247-1000\Software\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:24 AM

Posted 22 March 2018 - 08:57 AM

fabiotosh:
 
Thank you for your post and for the logs.  ESET found some "nasties", which had already been identified by Spybot Search & Destroy.  You should consult this topic by quietman7, one of the foremost computer security experts here at Bleeping Computer, concerning Spybot Search & Destroy.
 
Please proceed with the "Clean" process in AdwCleaner and copy and paste the "Clean" log into your next reply.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users