Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Taskeng.exe popping up randomly


  • This topic is locked This topic is locked
9 replies to this topic

#1 zanol

zanol

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 07 April 2018 - 12:54 PM

Hello. After being really dumb and clicking on the wrong download button, some virus is running taskeng.exe on my computer, and I cant find where it is. When it started popping up I ran Malwarebytes and Spybot, and the first found some trojans and removed them. However it doesnt seem to be completely removed yet because taskeng.exe is still being run randomly.

 

So I tried a lot of stuff and downloaded Security Task Manager, and when taskeng.exe popped it showed me a very suspicious process running, which I set to quarantine (didnt work immediately because the virulent .exe deletes itself after it runs). The next time taskeng.exe run however it sent me a error message, which appears everytime it pops up now:

 

Windows couldnt find "C:\Users\Giovani\AppData\Roaming\Microsoft\Windows\rwgutgfe\faweesdw.exe".

 

I think that's good news for me but taskeng.exe is still popping randomly and I dont know what is doing it. Help much appreciated

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:14 AM

Posted 07 April 2018 - 03:01 PM

Greetings zanol and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please right click on FRST64, rename it to FRST64english and run a new scan. Copy and paste the contents of both reports in your reply using multiple posts if necessary.

Edited by Oh My!, 07 April 2018 - 03:03 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 zanol

zanol
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 07 April 2018 - 03:23 PM

Hey Gary, thanks for answering, I appreciate your work a lot. As you asked, here's FRST.txt on english:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by GIOVANI (administrator) on GIOVANI-PC (07-04-2018 17:22:38)
Running from C:\Users\GIOVANI\Desktop
Loaded Profiles: GIOVANI (Available Profiles: GIOVANI)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Neuber Software) C:\Program Files (x86)\Security Task Manager\TaskMan.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\GIOVANI\Desktop\FRST64english.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-502917991-2354201337-1304795102-1000\...\Run: [uTorrent] => C:\Users\GIOVANI\AppData\Roaming\uTorrent\uTorrent.exe [2148024 2018-02-23] (BitTorrent Inc.)
HKU\S-1-5-21-502917991-2354201337-1304795102-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-02] (Valve Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1C305813-E90F-453E-9579-8002E49689DE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{206D487F-8F5F-45C4-84CA-F66E1EDF0834}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-502917991-2354201337-1304795102-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: ulmmawus.default
FF ProfilePath: C:\Users\GIOVANI\AppData\Roaming\Mozilla\Firefox\Profiles\ulmmawus.default [2018-04-07]
FF NewTabOverride: Mozilla\Firefox\Profiles\ulmmawus.default -> Enabled: uBlock0@raymondhill.net
FF NewTabOverride: Mozilla\Firefox\Profiles\ulmmawus.default -> Enabled: uMatrix@raymondhill.net
FF Extension: (Avira Browser Safety) - C:\Users\GIOVANI\AppData\Roaming\Mozilla\Firefox\Profiles\ulmmawus.default\Extensions\abs@avira.com [2018-02-20]
FF Extension: (HTTPS Everywhere) - C:\Users\GIOVANI\AppData\Roaming\Mozilla\Firefox\Profiles\ulmmawus.default\Extensions\https-everywhere@eff.org.xpi [2018-04-04]
FF Extension: (Avira Password Manager) - C:\Users\GIOVANI\AppData\Roaming\Mozilla\Firefox\Profiles\ulmmawus.default\Extensions\passwordmanager@avira.com.xpi [2018-03-21]
FF Extension: (Avira SafeSearch Plus) - C:\Users\GIOVANI\AppData\Roaming\Mozilla\Firefox\Profiles\ulmmawus.default\Extensions\safesearchplus2@avira.com.xpi [2018-03-28]
FF Extension: (uBlock Origin) - C:\Users\GIOVANI\AppData\Roaming\Mozilla\Firefox\Profiles\ulmmawus.default\Extensions\uBlock0@raymondhill.net.xpi [2018-04-02]
FF Extension: (uMatrix) - C:\Users\GIOVANI\AppData\Roaming\Mozilla\Firefox\Profiles\ulmmawus.default\Extensions\uMatrix@raymondhill.net.xpi [2018-04-07]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\GIOVANI\AppData\Roaming\Mozilla\Firefox\Profiles\ulmmawus.default\features\{c962a4de-39c4-42c6-87c3-abdfdc4d07f8}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-04] [Legacy]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2018-01-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\warsaw.cfg [2018-01-25] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\GIOVANI\AppData\Local\Google\Chrome\User Data\Default [2018-02-21]
CHR Extension: (Documentos) - C:\Users\GIOVANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\GIOVANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-20]
CHR Extension: (YouTube) - C:\Users\GIOVANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-20]
CHR Extension: (Documentos Google off-line) - C:\Users\GIOVANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-20]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\GIOVANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-20]
CHR Extension: (Gmail) - C:\Users\GIOVANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-20]
CHR Extension: (Chrome Media Router) - C:\Users\GIOVANI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-20]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] ()
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-05-12] (Intel Corporation)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-23] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [182544 2018-01-11] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-05-24] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 17672552; C:\Windows\system32\drivers\17672552.sys [255928 2018-04-07] (Malwarebytes)
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [190032 2016-04-04] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [59240 2018-03-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [58816 2018-03-23] (NVIDIA Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [41512 2018-01-11] ()
U3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-07 17:13 - 2018-04-07 17:22 - 000012299 _____ C:\Users\GIOVANI\Desktop\FRST.txt
2018-04-07 17:13 - 2018-04-07 17:13 - 002403328 _____ (Farbar) C:\Users\GIOVANI\Desktop\FRST64english.exe
2018-04-07 14:42 - 2018-04-07 17:22 - 000000000 ____D C:\FRST
2018-04-07 13:49 - 2018-04-07 13:49 - 000018603 _____ C:\ComboFix.txt
2018-04-07 13:42 - 2011-06-26 03:45 - 000256000 _____ C:\Windows\PEV.exe
2018-04-07 13:42 - 2010-11-07 14:20 - 000208896 _____ C:\Windows\MBR.exe
2018-04-07 13:42 - 2009-04-20 01:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-04-07 13:42 - 2000-08-30 21:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-04-07 13:42 - 2000-08-30 21:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-04-07 13:42 - 2000-08-30 21:00 - 000098816 _____ C:\Windows\sed.exe
2018-04-07 13:42 - 2000-08-30 21:00 - 000080412 _____ C:\Windows\grep.exe
2018-04-07 13:42 - 2000-08-30 21:00 - 000068096 _____ C:\Windows\zip.exe
2018-04-07 13:39 - 2018-04-07 13:49 - 000000000 ____D C:\Qoobox
2018-04-07 13:39 - 2018-04-07 13:48 - 000000000 ____D C:\Windows\erdnt
2018-04-07 05:01 - 2018-04-07 05:02 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-04-07 05:01 - 2018-04-07 05:01 - 000001393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-04-07 05:01 - 2018-04-07 05:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-04-07 05:01 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-04-07 04:49 - 2018-04-07 16:50 - 000001184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-07 04:49 - 2018-04-07 16:50 - 000001184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-07 04:45 - 2018-04-07 04:46 - 000186412 _____ C:\Windows\ntbtlog.txt
2018-04-07 04:45 - 2018-04-07 04:45 - 452960453 _____ C:\Windows\MEMORY.DMP
2018-04-07 04:45 - 2018-04-07 04:45 - 000400416 _____ C:\Windows\Minidump\040718-22136-01.dmp
2018-04-07 04:45 - 2018-04-07 04:45 - 000000000 ____D C:\Windows\Minidump
2018-04-07 04:35 - 2018-04-07 04:35 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\17672552.sys
2018-04-07 04:34 - 2018-04-07 04:44 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes' Anti-Malware (portable)
2018-04-07 04:34 - 2018-04-07 04:44 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-07 02:51 - 2018-04-07 14:05 - 000000000 ____D C:\Users\Todos os Usuários\SecTaskMan
2018-04-07 02:51 - 2018-04-07 14:05 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-04-07 02:51 - 2018-04-07 02:51 - 000001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2018-04-07 02:51 - 2018-04-07 02:51 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2018-04-07 02:51 - 2018-04-07 02:51 - 000000000 ____D C:\Program Files (x86)\Security Task Manager
2018-04-07 02:23 - 2018-04-07 04:35 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2018-04-07 02:23 - 2018-04-07 04:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-07 02:23 - 2018-04-07 02:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-07 02:23 - 2018-04-07 02:23 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-07 02:23 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-07 01:45 - 2018-04-07 02:35 - 000003608 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 2796787680
2018-04-07 01:45 - 2018-04-07 01:45 - 000003652 _____ C:\Windows\System32\Tasks\{F54CF69F-5E53-6367-03E6-7CAE550B98EA}
2018-04-07 01:45 - 2018-04-07 01:45 - 000003458 _____ C:\Windows\System32\Tasks\{F0B901CC-D086-8A23-C3E2-16A98EFED208}
2018-04-07 01:45 - 2018-04-07 01:45 - 000000003 _____ C:\Users\GIOVANI\AppData\Local\wbem.ini
2018-04-05 00:48 - 2018-04-05 00:48 - 000000000 ____D C:\Users\GIOVANI\AppData\Local\FalloutNV
2018-04-05 00:29 - 2018-04-05 00:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2018-04-05 00:15 - 2018-04-05 00:15 - 000000000 ____D C:\Program Files (x86)\Mr DJ
2018-04-03 13:32 - 2018-04-03 13:32 - 000000000 ____D C:\Users\GIOVANI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fallout 3 - The Pitt
2018-04-03 13:32 - 2018-04-03 13:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 3 - The Pitt
2018-04-02 16:43 - 2018-04-02 17:14 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2018-04-02 16:42 - 2018-04-02 17:14 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2018-04-02 15:52 - 2018-04-07 01:56 - 000000000 ____D C:\Users\GIOVANI\AppData\Local\CrashDumps
2018-04-02 15:08 - 2018-04-07 01:46 - 000000000 ____D C:\Users\GIOVANI\AppData\Local\NVIDIA
2018-04-02 15:05 - 2018-04-02 15:07 - 000000000 ____D C:\Users\GIOVANI\AppData\Local\NVIDIA Corporation
2018-04-02 15:03 - 2018-04-02 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-04-02 15:03 - 2018-04-02 15:03 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-02 15:03 - 2018-04-02 15:03 - 000003922 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-02 15:03 - 2018-04-02 15:03 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-02 15:03 - 2018-04-02 15:03 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-02 15:03 - 2018-04-02 15:03 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-02 15:03 - 2018-04-02 15:03 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-02 15:03 - 2018-04-02 15:03 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-02 15:03 - 2018-04-02 15:03 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-02 15:03 - 2018-03-23 22:13 - 002480064 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2018-04-02 15:03 - 2018-03-23 22:13 - 002137024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-04-02 15:03 - 2018-03-23 22:13 - 001310144 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2018-04-02 15:03 - 2018-03-23 22:13 - 000189784 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2018-04-02 15:03 - 2018-03-23 22:13 - 000152408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2018-04-02 15:03 - 2018-03-23 22:13 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-04-02 15:02 - 2018-04-07 12:25 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA
2018-04-02 15:02 - 2018-04-07 12:25 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-02 15:02 - 2018-04-02 15:03 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-04-02 15:02 - 2018-04-02 15:02 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-04-02 15:02 - 2018-04-02 15:02 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-02 15:02 - 2018-03-23 22:13 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-04-02 15:02 - 2018-03-23 20:05 - 000138120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-04-02 15:02 - 2018-03-23 20:02 - 005952392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-04-02 15:02 - 2018-03-23 20:02 - 002596320 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-04-02 15:02 - 2018-03-23 20:02 - 001767824 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-04-02 15:02 - 2018-03-23 20:02 - 000633224 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-04-02 15:02 - 2018-03-23 20:02 - 000451040 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-04-02 15:02 - 2018-03-23 20:02 - 000123840 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-04-02 15:02 - 2018-03-23 20:02 - 000083072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-04-02 15:02 - 2018-03-21 08:22 - 008114212 _____ C:\Windows\system32\nvcoproc.bin
2018-04-02 15:02 - 2017-12-08 19:25 - 000798520 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-04-02 15:02 - 2017-12-08 19:25 - 000490808 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-04-02 15:02 - 2017-12-08 19:24 - 000928568 _____ C:\Windows\system32\vulkan-1.dll
2018-04-02 15:02 - 2017-12-08 19:24 - 000591672 _____ C:\Windows\system32\vulkaninfo.exe
2018-04-02 15:01 - 2018-04-02 15:08 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2018-04-02 15:01 - 2018-04-02 15:08 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-04-02 15:01 - 2018-03-25 13:26 - 035624808 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-04-02 15:01 - 2018-03-25 13:26 - 028204984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-04-02 15:01 - 2018-03-25 13:26 - 017371168 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-04-02 15:01 - 2018-03-25 13:25 - 000997792 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-04-02 15:01 - 2018-03-25 13:25 - 000950120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-04-02 15:01 - 2018-03-25 13:25 - 000625592 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-04-02 15:01 - 2018-03-25 13:25 - 000515672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-04-02 15:01 - 2018-03-25 13:24 - 040278616 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-04-02 15:01 - 2018-03-25 13:24 - 035188992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-04-02 15:01 - 2018-03-25 13:24 - 003914784 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-04-02 15:01 - 2018-03-25 13:24 - 003444152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-04-02 15:01 - 2018-03-25 13:24 - 001985112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439135.dll
2018-04-02 15:01 - 2018-03-25 13:24 - 001683712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439135.dll
2018-04-02 15:01 - 2018-03-25 13:24 - 001137056 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-04-02 15:01 - 2018-03-25 13:24 - 001066584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-04-02 15:01 - 2018-03-25 13:13 - 022887280 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-04-02 15:01 - 2018-03-25 13:13 - 019968176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-04-02 15:01 - 2018-03-25 13:13 - 000505232 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-04-02 15:01 - 2018-03-25 13:13 - 000419672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-04-02 15:01 - 2018-03-25 13:12 - 019854816 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-04-02 15:01 - 2018-03-25 13:12 - 018910896 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-04-02 15:01 - 2018-03-25 13:12 - 016496768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-04-02 15:01 - 2018-03-25 13:12 - 015558928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-04-02 15:01 - 2018-03-25 13:12 - 013571520 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-04-02 15:01 - 2018-03-25 13:12 - 011132384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-04-02 15:01 - 2018-03-25 13:12 - 001153752 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-04-02 15:01 - 2018-03-25 13:12 - 000902096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-04-02 15:01 - 2018-03-25 13:12 - 000182784 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-04-02 15:01 - 2018-03-25 13:12 - 000165136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-04-02 15:01 - 2018-03-25 13:12 - 000159704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-04-02 15:01 - 2018-03-25 13:12 - 000142816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-04-02 15:01 - 2018-03-25 13:11 - 012967056 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-04-02 15:01 - 2018-03-25 13:11 - 011001504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-04-02 15:01 - 2018-03-25 13:11 - 004426120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-04-02 15:01 - 2018-03-25 13:11 - 003919352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-04-02 15:01 - 2018-03-23 22:13 - 001682288 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-04-02 15:01 - 2018-03-23 22:13 - 000226760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-04-02 15:01 - 2018-03-23 22:13 - 000059240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-04-02 15:01 - 2018-03-23 22:13 - 000058816 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2018-04-02 15:01 - 2018-03-23 22:13 - 000045600 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-04-02 15:01 - 2018-03-23 22:13 - 000045511 _____ C:\Windows\system32\nvinfo.pb
2018-04-02 15:01 - 2018-03-23 22:13 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-04-02 15:01 - 2018-03-23 22:13 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-04-02 15:00 - 2018-04-02 15:03 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-04-02 14:59 - 2018-04-02 14:59 - 000000000 ____D C:\NVIDIA
2018-04-02 02:44 - 2018-04-02 02:44 - 000003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-04-02 01:26 - 2018-04-02 02:44 - 000000000 ____D C:\Users\Todos os Usuários\Intel
2018-04-02 01:26 - 2018-04-02 02:44 - 000000000 ____D C:\ProgramData\Intel
2018-04-02 01:26 - 2018-04-02 01:30 - 000003484 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2018-04-02 01:26 - 2018-04-02 01:26 - 000003616 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-04-02 01:26 - 2018-04-02 01:26 - 000003370 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-04-02 01:26 - 2018-01-11 01:25 - 000041512 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2018-04-01 00:49 - 2018-04-01 00:49 - 000002942 _____ C:\Windows\System32\Tasks\{D5D8EB46-6E34-4A71-AFFB-0989FA6AFCC5}
2018-03-31 18:27 - 2018-03-31 18:27 - 000000000 ____D C:\Users\GIOVANI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Left 4 Dead
2018-03-31 18:08 - 2018-03-31 18:08 - 000000000 ____D C:\Windows\Left 4 Dead
2018-03-31 18:07 - 2018-03-31 18:27 - 003752701 _____ C:\Windows\Left 4 Dead Setup Log.txt
2018-03-26 03:13 - 2018-03-31 20:32 - 000000000 ____D C:\Users\GIOVANI\AppData\Local\Fallout3
2018-03-26 03:06 - 2018-03-26 03:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2018-03-26 03:05 - 2018-03-26 03:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2018-03-26 03:05 - 2018-03-26 03:05 - 000000000 ____D C:\Windows\SysWOW64\xlive
2018-03-25 23:06 - 2018-03-25 23:06 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-03-25 02:09 - 2018-03-25 02:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2018-03-23 12:31 - 2018-03-23 12:31 - 000000000 ____D C:\Users\Todos os Usuários\Steam
2018-03-23 12:31 - 2018-03-23 12:31 - 000000000 ____D C:\ProgramData\Steam
2018-03-23 12:27 - 2018-03-23 12:27 - 000000000 ____D C:\Users\GIOVANI\AppData\Local\Skyrim Special Edition
2018-03-23 12:25 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2018-03-23 12:25 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2018-03-23 12:24 - 2018-03-23 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2018-03-23 12:06 - 2018-03-26 03:07 - 000000000 ____D C:\Program Files (x86)\Bethesda Softworks
2018-03-23 00:18 - 2018-04-04 15:51 - 000000000 ____D C:\Users\GIOVANI\AppData\Local\HearthstoneDeckTracker
2018-03-23 00:18 - 2018-03-23 00:18 - 000000000 ____D C:\Users\GIOVANI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2018-03-22 16:57 - 2018-03-23 00:18 - 000000000 ____D C:\Users\GIOVANI\AppData\Local\SquirrelTemp
2018-03-22 16:57 - 2018-03-22 22:47 - 000000000 ____D C:\Users\GIOVANI\AppData\Roaming\HearthstoneDeckTracker
2018-03-21 16:35 - 2018-03-21 16:35 - 000000000 ____D C:\Users\Todos os Usuários\.mono
2018-03-21 16:35 - 2018-03-21 16:35 - 000000000 ____D C:\ProgramData\.mono
2018-03-21 16:34 - 2018-03-21 16:34 - 000000000 ____D C:\Users\GIOVANI\AppData\LocalLow\Blizzard Entertainment
2018-03-21 16:09 - 2018-04-04 15:27 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2018-03-18 23:09 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2018-03-18 23:09 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2018-03-18 23:09 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2018-03-18 23:09 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2018-03-18 23:09 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2018-03-18 23:09 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2018-03-18 23:09 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2018-03-18 23:09 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2018-03-18 23:09 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2018-03-18 23:09 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2018-03-18 23:09 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2018-03-18 23:09 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2018-03-18 23:09 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2018-03-18 23:09 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2018-03-18 23:09 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2018-03-18 23:09 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2018-03-18 23:09 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2018-03-18 23:09 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2018-03-18 23:09 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2018-03-18 23:09 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2018-03-18 23:09 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2018-03-18 23:09 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2018-03-18 23:09 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2018-03-18 23:09 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2018-03-18 23:09 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2018-03-18 23:09 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2018-03-18 23:09 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2018-03-18 23:09 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2018-03-18 23:09 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2018-03-18 23:09 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2018-03-18 23:09 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2018-03-18 23:09 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2018-03-18 23:09 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2018-03-18 23:09 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2018-03-18 23:09 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2018-03-18 23:09 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2018-03-18 23:09 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2018-03-18 23:09 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2018-03-18 23:09 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2018-03-18 23:09 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2018-03-18 23:09 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2018-03-18 23:09 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2018-03-18 23:09 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2018-03-18 23:09 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2018-03-18 23:09 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2018-03-18 23:09 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2018-03-18 23:09 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2018-03-18 23:09 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2018-03-18 23:09 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2018-03-18 23:09 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2018-03-18 23:09 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2018-03-18 23:09 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2018-03-18 23:09 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2018-03-18 23:09 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2018-03-18 23:09 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2018-03-18 23:09 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2018-03-18 23:09 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2018-03-18 23:09 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2018-03-18 23:09 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2018-03-18 23:09 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2018-03-18 23:09 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2018-03-18 23:09 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2018-03-18 23:09 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2018-03-18 23:09 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2018-03-18 23:09 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2018-03-18 23:09 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2018-03-18 23:09 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2018-03-18 23:09 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2018-03-18 23:09 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2018-03-18 23:09 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2018-03-18 23:09 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2018-03-18 23:09 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2018-03-18 23:09 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2018-03-18 23:09 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2018-03-18 23:09 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2018-03-18 23:09 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2018-03-18 23:09 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2018-03-18 23:09 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2018-03-18 23:09 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2018-03-18 23:09 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2018-03-18 23:09 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2018-03-18 23:09 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2018-03-18 23:09 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2018-03-18 23:09 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2018-03-18 23:09 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2018-03-18 23:09 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2018-03-18 23:09 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2018-03-18 23:09 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2018-03-18 23:09 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2018-03-18 23:08 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2018-03-18 23:08 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2018-03-18 23:08 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2018-03-18 23:08 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2018-03-18 23:08 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2018-03-18 23:08 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2018-03-18 23:08 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2018-03-18 23:08 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2018-03-18 23:08 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2018-03-18 23:08 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2018-03-18 23:08 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2018-03-18 23:08 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2018-03-18 23:08 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2018-03-18 23:08 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2018-03-18 23:08 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2018-03-18 23:08 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2018-03-18 23:08 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2018-03-18 23:08 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2018-03-18 23:08 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2018-03-18 23:08 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2018-03-18 23:08 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2018-03-18 23:08 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2018-03-18 23:08 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2018-03-18 23:08 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2018-03-18 23:08 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2018-03-18 23:08 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2018-03-18 23:08 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2018-03-18 23:08 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2018-03-18 23:08 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2018-03-18 23:08 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2018-03-18 23:08 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2018-03-18 23:08 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2018-03-18 23:08 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2018-03-18 23:08 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2018-03-18 23:08 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2018-03-18 23:08 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2018-03-18 23:08 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2018-03-18 23:08 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2018-03-18 23:08 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2018-03-18 23:08 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2018-03-18 23:08 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2018-03-18 23:08 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2018-03-18 23:08 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2018-03-18 23:08 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2018-03-18 23:08 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2018-03-18 23:08 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2018-03-18 23:08 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2018-03-18 23:08 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2018-03-18 23:08 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2018-03-18 23:08 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2018-03-18 23:08 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2018-03-18 23:08 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2018-03-18 23:08 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2018-03-18 23:08 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2018-03-18 23:08 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2018-03-18 23:08 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2018-03-18 23:08 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2018-03-18 23:08 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2018-03-18 23:08 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2018-03-18 23:08 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2018-03-18 23:08 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2018-03-18 23:08 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2018-03-18 23:08 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2018-03-18 23:08 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2018-03-18 23:08 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2018-03-18 23:08 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2018-03-18 23:08 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2018-03-18 23:08 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2018-03-18 23:08 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2018-03-18 23:08 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2018-03-18 23:08 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2018-03-18 23:08 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2018-03-18 23:08 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2018-03-18 23:08 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2018-03-18 23:08 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2018-03-18 23:08 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2018-03-18 23:08 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2018-03-18 23:08 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2018-03-18 23:08 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2018-03-18 23:08 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2018-03-18 23:08 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2018-03-18 23:08 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2018-03-18 23:08 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2018-03-18 23:08 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2018-03-18 23:08 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2018-03-18 23:08 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2018-03-18 23:08 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2018-03-18 23:08 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2018-03-16 12:31 - 2018-03-16 12:31 - 000000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
2018-03-16 12:31 - 2010-06-24 09:23 - 000947304 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtl8192ce.sys
2018-03-16 12:31 - 2009-02-05 02:49 - 000451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
2018-03-14 12:35 - 2018-03-14 12:35 - 000000000 ____D C:\Users\GIOVANI\AppData\Roaming\JAM Software
2018-03-14 12:35 - 2018-03-14 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2018-03-14 12:35 - 2018-03-14 12:35 - 000000000 ____D C:\Program Files (x86)\JAM Software
2018-03-09 12:55 - 2018-03-16 15:10 - 000000000 ____D C:\Users\GIOVANI\Documents\DevC++
2018-03-09 12:49 - 2018-03-09 12:49 - 000000000 ____D C:\Users\GIOVANI\AppData\Roaming\Dev-Cpp
2018-03-09 12:49 - 2018-03-09 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2018-03-09 12:48 - 2018-03-09 12:48 - 000000000 ____D C:\Program Files (x86)\Dev-Cpp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-07 16:02 - 2018-01-03 17:14 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-07 13:55 - 2017-10-21 14:03 - 000000000 ____D C:\Users\GIOVANI\AppData\LocalLow\Mozilla
2018-04-07 13:48 - 2009-07-13 23:34 - 000000215 _____ C:\Windows\system.ini
2018-04-07 13:45 - 2017-11-29 20:54 - 000000000 ____D C:\Users\Todos os Usuários\Temp
2018-04-07 13:45 - 2017-11-29 20:54 - 000000000 ____D C:\ProgramData\Temp
2018-04-07 05:28 - 2017-10-20 18:08 - 000000000 ____D C:\Users\GIOVANI
2018-04-07 05:03 - 2017-10-20 18:08 - 000000000 ____D C:\Users\GIOVANI\AppData\Local\VirtualStore
2018-04-07 05:01 - 2018-02-21 10:49 - 000000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
2018-04-07 05:01 - 2018-02-21 10:49 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-04-07 04:49 - 2017-11-05 17:15 - 000000000 ____D C:\Users\GIOVANI\AppData\Roaming\uTorrent
2018-04-07 04:47 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-07 02:47 - 2009-07-14 00:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-04-05 00:48 - 2017-10-20 20:51 - 000000000 ____D C:\Users\GIOVANI\Documents\My Games
2018-04-05 00:14 - 2017-10-30 00:16 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-04-04 15:09 - 2018-01-26 13:20 - 000000000 ____D C:\Users\GIOVANI\AppData\Local\Battle.net
2018-04-04 14:49 - 2018-01-26 13:18 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-04-03 12:03 - 2009-07-14 01:45 - 000335736 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-02 18:40 - 2017-10-20 19:40 - 000087000 _____ C:\Users\GIOVANI\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-02 15:15 - 2018-01-26 13:27 - 000000000 ____D C:\Program Files (x86)\Diablo III
2018-04-02 15:11 - 2011-04-12 10:40 - 000654272 _____ C:\Windows\system32\prfh0416.dat
2018-04-02 15:11 - 2011-04-12 10:40 - 000124724 _____ C:\Windows\system32\prfc0416.dat
2018-04-02 15:11 - 2009-07-14 02:13 - 001493572 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-02 15:11 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2018-04-02 15:02 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\Help
2018-04-02 14:57 - 2017-10-20 18:24 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2018-04-02 14:57 - 2017-10-20 18:24 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-02 01:26 - 2017-10-20 18:31 - 000000000 ____D C:\Program Files\Intel
2018-03-31 20:02 - 2017-10-20 19:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-31 18:17 - 2017-11-06 11:20 - 000000000 ____D C:\Users\GIOVANI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-03-31 17:42 - 2009-07-14 02:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-03-28 03:30 - 2017-10-21 14:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-28 03:30 - 2017-10-21 14:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-25 21:19 - 2009-07-14 00:20 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-25 13:28 - 2017-10-20 18:31 - 000542056 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2018-03-25 13:28 - 2017-10-20 18:31 - 000447928 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2018-03-22 23:24 - 2017-10-20 19:20 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 16:34 - 2018-01-25 19:43 - 000000000 ____D C:\Users\GIOVANI\AppData\Local\Blizzard
2018-03-21 16:24 - 2017-12-14 19:24 - 000000000 ____D C:\Users\GIOVANI\Documents\MATLAB
2018-03-16 12:34 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
2018-03-14 12:42 - 2018-01-22 20:30 - 000000000 ____D C:\Users\GIOVANI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Files in the root of some directories =======

2018-04-07 01:45 - 2018-04-07 01:45 - 000000003 _____ () C:\Users\GIOVANI\AppData\Local\wbem.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 12:12

==================== End of FRST.txt ============================



#4 zanol

zanol
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 07 April 2018 - 03:24 PM

And Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by GIOVANI (07-04-2018 17:22:53)
Running from C:\Users\GIOVANI\Desktop
Windows 7 Professional Service Pack 1 (X64) (2017-10-20 21:08:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-502917991-2354201337-1304795102-500 - Administrator - Disabled)
Convidado (S-1-5-21-502917991-2354201337-1304795102-501 - Limited - Disabled)
GIOVANI (S-1-5-21-502917991-2354201337-1304795102-1000 - Administrator - Enabled) => C:\Users\GIOVANI

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-502917991-2354201337-1304795102-1000\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0416-1000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version:  - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}) (Version:  - Microsoft) Hidden
Adobe Reader XI - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Ashampoo Burning Studio 15 v.15.0.0 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.0 - Ashampoo GmbH & Co. KG)
Atualizações da NVIDIA 31.1.10.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.1.10.0 - NVIDIA Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
biohazard 4 (HKLM-x32\...\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}) (Version: 1.00.0000 - CAPCOM)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Fallout 3 - The Pitt (HKLM-x32\...\Fallout 3 - The Pitt) (Version:  - )
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout New Vegas Ultimate Edition version 1.4.0.525 (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version: 1.4.0.525 - Mr DJ)
Git version 2.16.1.4 (HKLM\...\Git_is1) (Version: 2.16.1.4 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® Computing Improvement Program (HKLM\...\{699E6891-25C3-443A-9B8E-80C74F0172C8}) (Version: 2.1.03413 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
K-Lite Mega Codec Pack 11.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.5 - )
Left 4 Dead (HKLM-x32\...\Left 4 Dead) (Version:  - Valve)
Malwarebytes versão 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
NVIDIA Driver de áudio HD 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA Driver de controle do 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Driver de gráficos 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Painel de controle da NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7818 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0159 - REALTEK Semiconductor Corp.)
Security Task Manager 2.1k (HKLM-x32\...\Security Task Manager) (Version: 2.1k - Neuber Software)
Spotify (HKU\S-1-5-21-502917991-2354201337-1304795102-1000\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls III - Morrowind GotY (HKLM-x32\...\1435828767_is1) (Version: 2.0.0.7 - GOG.com)
The Elder Scrolls V Skyrim - Special Edition (HKLM-x32\...\The Elder Scrolls V Skyrim - Special Edition_is1) (Version:  - )
TreeSize Free V4.1.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.1.2 - JAM Software)
UltraISO Premium V9.7 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-502917991-2354201337-1304795102-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-12-31] ()
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-05-12] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C1BA8DA-0053-4C51-9CA0-0DFBA0637D78} - System32\Tasks\{D5D8EB46-6E34-4A71-AFFB-0989FA6AFCC5} => D:\Jogos\Left 4 Dead\left4dead.exe [2008-11-22] ()
Task: {11C17226-F7B9-4A01-B403-6C86DBA3EC1D} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {165FF895-66A1-48D1-A493-5CB26E7D0091} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-23] (NVIDIA Corporation)
Task: {1AAD4767-BAB3-4F7B-97B0-AEAA3629D96E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-23] (NVIDIA Corporation)
Task: {38AA542F-05B7-42C9-8FB0-C6CBFE2647EA} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {438590CD-2092-49A8-A924-10AC186C020C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-20] (Google Inc.)
Task: {442E8258-F7B1-49FA-95C8-2F3BBCAA0186} - System32\Tasks\{F0B901CC-D086-8A23-C3E2-16A98EFED208} => C:\Users\GIOVANI\AppData\Roaming\POdsP.exe <==== ATTENTION
Task: {4B4239FB-73B5-40CC-AC63-973365FDA894} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-23] (NVIDIA Corporation)
Task: {51F6434B-B074-47DB-B0D7-E51FD4AC2C02} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-23] (NVIDIA Corporation)
Task: {53AE78F4-E915-4F8E-9A24-E04F449303E2} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-23] (NVIDIA Corporation)
Task: {5EE2EAF9-F5FA-49DB-9206-315BCCA670AF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-23] (NVIDIA Corporation)
Task: {6335BBAD-242C-435B-A434-65B7DB7326CB} - System32\Tasks\Opera scheduled Autoupdate 2796787680 => C:\Windows\system32\cmd.exe /c start "" "C:\Users\GIOVANI\AppData\Roaming\Microsoft\Windows\rwgutgfe\faweesdw.exe"
Task: {660F6EAC-2B88-49E5-A706-E3AD3BF00EB3} - System32\Tasks\{F54CF69F-5E53-6367-03E6-7CAE550B98EA} => C:\Program Files (x86)\KoESfOKmAYaAL.exe <==== ATTENTION
Task: {6C02CCA9-D874-47B0-8950-2B3646002643} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\Windows\TEMP\is-IVV0J.tmp\corefixer.exe <==== ATTENTION
Task: {791FE303-A0DA-48F5-82A0-A52CEF1612EA} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {832933D8-DF2A-4E1F-A63C-6FAA9A99696B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-23] (NVIDIA Corporation)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {A750D8D9-BF28-4596-9FFD-B6A214609964} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {FDAAD9B3-F59B-4D46-BF62-A0F1571F2D1E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-23] (NVIDIA Corporation)
Task: {FF98F6AC-7423-4B4F-AB71-53A328EC162A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-02 15:03 - 2018-03-23 22:13 - 000544192 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2018-04-02 15:02 - 2018-03-23 20:02 - 000135136 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-02 15:03 - 2018-03-23 22:13 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-01-11 01:25 - 2018-01-11 01:25 - 000182544 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2017-12-31 22:07 - 2017-12-31 22:07 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-04-02 15:03 - 2018-03-23 22:13 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-07 05:01 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2018-04-07 05:01 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2018-04-07 05:01 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-04-07 05:01 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2018-01-03 17:16 - 2018-01-10 23:05 - 000784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-01-03 17:16 - 2016-08-31 22:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-01-03 17:16 - 2016-08-31 22:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-01-03 17:16 - 2016-08-31 22:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-01-03 17:16 - 2018-04-02 20:34 - 002631968 _____ () C:\Program Files (x86)\Steam\video.dll
2018-01-03 17:16 - 2017-12-19 22:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-01-03 17:16 - 2017-12-19 22:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-01-03 17:16 - 2017-12-19 22:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-01-03 17:16 - 2017-12-19 22:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-01-03 17:16 - 2017-12-19 22:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-01-03 17:16 - 2018-04-02 20:34 - 000977184 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-01-03 17:16 - 2016-07-04 19:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-01-03 17:17 - 2017-09-06 23:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-01-03 17:17 - 2017-12-13 18:16 - 071471392 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-01-03 17:16 - 2015-09-24 20:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2018-04-07 13:48 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-502917991-2354201337-1304795102-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: PowerDVD15Agent => "C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Spotify => C:\Users\GIOVANI\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\GIOVANI\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: uTorrent => "C:\Users\GIOVANI\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{67406FD6-F49A-4C10-84CD-625B6FF70EC3}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [UDP Query User{159FC132-721D-4D92-8269-E62EF69E8E5B}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [{CD58B25C-88CE-4ECE-A225-52DB5548D923}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{51DFDAA6-9FBD-4AD1-8933-8ECA203078B8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4BF2764B-79AA-4E58-ABE1-A4F72F127DB6}] => (Allow) C:\Users\GIOVANI\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{553C31F2-249C-4A92-8DE7-0763D70F3B42}] => (Allow) C:\Users\GIOVANI\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{2ECD6498-E602-4EB0-A7C5-9B1082033B8C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0783B8F3-0F73-4F71-910F-53F654715304}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{836EBC29-AD38-4203-8FC0-399860C1F9C5}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{C357F8F8-FE5B-4261-B4B3-44B0481972E7}C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\matlab production server\r2015a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{0163F224-5E53-4B77-8D51-A84595032BF6}C:\users\giovani\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\giovani\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{368BADF5-7D16-4D24-9202-5BC65A8C47C8}C:\users\giovani\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\giovani\appdata\roaming\spotify\spotify.exe
FirewallRules: [{217B5FA5-3C89-4943-9CC3-0F6D103422D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA8AACB0-0AC2-4CCA-A6E6-E4C0D302871A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8ECB718E-AB64-4917-8F0B-912B75FD6E18}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EBE9532E-2BA3-4E7A-9091-9285E7230945}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4B5DF819-0D70-43C8-ACB3-F13C568C7203}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{02CE08B7-3744-4114-847F-E1D6F79DF8C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [TCP Query User{20A4B24C-6601-429E-9711-BC98DF501410}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Block) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{70DFBD7E-9BB7-46B1-BF14-273B11E9C70D}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Block) C:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{54F26B43-F72A-4722-AB5F-50C3834216EB}D:\portal 2\portal 2\portal2.exe] => (Allow) D:\portal 2\portal 2\portal2.exe
FirewallRules: [UDP Query User{4DB5EAF7-D553-4C3E-A741-A6F6BAE12415}D:\portal 2\portal 2\portal2.exe] => (Allow) D:\portal 2\portal 2\portal2.exe
FirewallRules: [TCP Query User{E4D88704-F45B-44C5-AB12-91F39DA35553}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{F1EB937E-20CD-40A4-9FDB-E13D9193C663}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{A1B56850-A5C0-468D-B849-88195A865FF9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{BB329207-54D1-4AAC-8F71-7E6E68314486}D:\jogos\left 4 dead\left4dead.exe] => (Allow) D:\jogos\left 4 dead\left4dead.exe
FirewallRules: [UDP Query User{EADDC889-80AA-4D3E-A142-59EBC461DDBB}D:\jogos\left 4 dead\left4dead.exe] => (Allow) D:\jogos\left 4 dead\left4dead.exe
FirewallRules: [{E59968AD-6BB8-4D07-99D7-4321C783643E}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{17B210CA-FB29-47DC-801E-75E66E023667}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{D8413F71-6EE2-435B-9197-ABD11A7645B1}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{FF5D2E49-72E1-4E2C-9CA9-108E0491C841}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{E8BA6F57-59CB-4044-978F-A23EA235274A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D9A9B6CC-7821-4DD2-AF20-36967BC7B7F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F00ECFC0-E58C-4233-9F53-8166CC98F19C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2A0C6BB0-A2E1-4A8E-961A-384F003CD027}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{0C45C009-DE59-470F-8A5B-52FF1283DFA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CC39F85A-6B48-40FE-B2E6-940A06995E38}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{58CD3B27-26CA-4ED3-98ED-B6273C8134E4}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
FirewallRules: [{7D76D1EE-C899-42C7-93F3-8DBE19A483AB}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

31-03-2018 20:02:13 Installed Fallout 3
02-04-2018 01:25:31 Intel® Driver & Support Assistant
02-04-2018 14:56:50 Intel® Driver & Support Assistant
07-04-2018 04:31:36 Mover o arquivo para quarentena: COM Surrogate
07-04-2018 04:44:21 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2018 02:15:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Users\GIOVANI\Desktop\autoruns\Autoruns.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/07/2018 02:15:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Users\GIOVANI\Desktop\autoruns\autorunsc.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/07/2018 04:49:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/07/2018 02:46:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Users\GIOVANI\Desktop\autoruns\Autoruns.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/07/2018 02:45:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Users\GIOVANI\Desktop\autoruns\autorunsc.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/07/2018 02:45:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Users\GIOVANI\Desktop\autoruns\Autoruns.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/07/2018 02:44:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Users\GIOVANI\Desktop\autoruns\Autoruns.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/07/2018 02:44:13 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Falha na geração de contexto de ativação para "C:\Users\GIOVANI\Desktop\autoruns\autorunsc.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


System errors:
=============
Error: (04/07/2018 01:56:26 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: Não é possível iniciar o servidor DCOM: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. O erro:
"2"
Aconteceu ao iniciar este comando:
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/07/2018 01:56:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: O servidor {995C996E-D918-4A8C-A302-45719A6F4EA7} não se registrou com o DCOM dentro do tempo limite requerido.

Error: (04/07/2018 01:48:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/07/2018 01:47:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys foi impedido de carregar devido a uma incompatibilidade com este sistema. Contate o fornecedor do software para obter uma versão compatível do driver.

Error: (04/07/2018 01:45:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (04/07/2018 01:41:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Spybot-S&D 2 Updating Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos: Reiniciar o serviço.

Error: (04/07/2018 01:41:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Spybot-S&D 2 Scanner Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos: Reiniciar o serviço.

Error: (04/07/2018 04:49:05 AM) (Source: DCOM) (EventID: 10016) (User: GIOVANI-PC)
Description: As configurações de permissão Específico do aplicativo não concedem permissãoLocal Ativação para o aplicativo de Servidor COM com CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
 e APPID
{9209B1A6-964A-11D0-9372-00A0C9034910}
 ao usuárioGIOVANI-PC\GIOVANI SID (S-1-5-21-502917991-2354201337-1304795102-1000) do endereço LocalHost (Usando LRPC). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.


CodeIntegrity:
===================================

Date: 2018-04-07 13:47:33.776
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-07 13:47:33.760
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 48%
Total physical RAM: 4061.88 MB
Available physical RAM: 2102.88 MB
Total Virtual: 8121.95 MB
Available Virtual: 4867.02 MB

==================== Drives ================================

Drive c: (SO) (Fixed) (Total:195.21 GB) (Free:88.28 GB) NTFS
Drive d: (DADOS) (Fixed) (Total:270.45 GB) (Free:113.86 GB) NTFS

\\?\Volume{7208cc3f-b5d8-11e7-9eaa-806e6f6e6963}\ (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 54313A46)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:14 AM

Posted 07 April 2018 - 04:17 PM

Thank you for the reports.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CreateRestorePoint:
CloseProcesses:
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
2018-04-07 01:45 - 2018-04-07 01:45 - 000000003 _____ C:\Users\GIOVANI\AppData\Local\wbem.ini
2018-04-07 13:48 - 2009-07-13 23:34 - 000000215 _____ C:\Windows\system.ini
Task: {442E8258-F7B1-49FA-95C8-2F3BBCAA0186} - System32\Tasks\{F0B901CC-D086-8A23-C3E2-16A98EFED208} => C:\Users\GIOVANI\AppData\Roaming\POdsP.exe
C:\Users\GIOVANI\AppData\Roaming\POdsP.exe
Task: {6335BBAD-242C-435B-A434-65B7DB7326CB} - System32\Tasks\Opera scheduled Autoupdate 2796787680 => C:\Windows\system32\cmd.exe /c start "" "C:\Users\GIOVANI\AppData\Roaming\Microsoft\Windows\rwgutgfe\faweesdw.exe"
C:\Users\GIOVANI\AppData\Roaming\Microsoft\Windows\rwgutgfe
Task: {660F6EAC-2B88-49E5-A706-E3AD3BF00EB3} - System32\Tasks\{F54CF69F-5E53-6367-03E6-7CAE550B98EA} => C:\Program Files (x86)\KoESfOKmAYaAL.exe
Task: {6C02CCA9-D874-47B0-8950-2B3646002643} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\Windows\TEMP\is-IVV0J.tmp\corefixer.exe
C:\Program Files (x86)\KoESfOKmAYaAL.exe
C:\Windows\TEMP\is-IVV0J.tmp
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2018-01-25]
FF ExtraCheck: C:\Program Files\mozilla firefox\warsaw.cfg [2018-01-25]
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 zanol

zanol
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 07 April 2018 - 05:37 PM

The logfix:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by GIOVANI (07-04-2018 18:34:43) Run:1
Running from C:\Users\GIOVANI\Desktop
Loaded Profiles: GIOVANI (Available Profiles: GIOVANI)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
2018-04-07 01:45 - 2018-04-07 01:45 - 000000003 _____ C:\Users\GIOVANI\AppData\Local\wbem.ini
2018-04-07 13:48 - 2009-07-13 23:34 - 000000215 _____ C:\Windows\system.ini
Task: {442E8258-F7B1-49FA-95C8-2F3BBCAA0186} - System32\Tasks\{F0B901CC-D086-8A23-C3E2-16A98EFED208} => C:\Users\GIOVANI\AppData\Roaming\POdsP.exe
C:\Users\GIOVANI\AppData\Roaming\POdsP.exe
Task: {6335BBAD-242C-435B-A434-65B7DB7326CB} - System32\Tasks\Opera scheduled Autoupdate 2796787680 => C:\Windows\system32\cmd.exe /c start "" "C:\Users\GIOVANI\AppData\Roaming\Microsoft\Windows\rwgutgfe\faweesdw.exe"
C:\Users\GIOVANI\AppData\Roaming\Microsoft\Windows\rwgutgfe
Task: {660F6EAC-2B88-49E5-A706-E3AD3BF00EB3} - System32\Tasks\{F54CF69F-5E53-6367-03E6-7CAE550B98EA} => C:\Program Files (x86)\KoESfOKmAYaAL.exe
Task: {6C02CCA9-D874-47B0-8950-2B3646002643} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\Windows\TEMP\is-IVV0J.tmp\corefixer.exe
C:\Program Files (x86)\KoESfOKmAYaAL.exe
C:\Windows\TEMP\is-IVV0J.tmp
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2018-01-25]
FF ExtraCheck: C:\Program Files\mozilla firefox\warsaw.cfg [2018-01-25]
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
C:\Users\GIOVANI\AppData\Local\wbem.ini => moved successfully
C:\Windows\system.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{442E8258-F7B1-49FA-95C8-2F3BBCAA0186}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{442E8258-F7B1-49FA-95C8-2F3BBCAA0186}" => removed successfully
C:\Windows\System32\Tasks\{F0B901CC-D086-8A23-C3E2-16A98EFED208} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F0B901CC-D086-8A23-C3E2-16A98EFED208}" => removed successfully
"C:\Users\GIOVANI\AppData\Roaming\POdsP.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6335BBAD-242C-435B-A434-65B7DB7326CB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6335BBAD-242C-435B-A434-65B7DB7326CB}" => removed successfully
C:\Windows\System32\Tasks\Opera scheduled Autoupdate 2796787680 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 2796787680" => removed successfully
C:\Users\GIOVANI\AppData\Roaming\Microsoft\Windows\rwgutgfe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{660F6EAC-2B88-49E5-A706-E3AD3BF00EB3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{660F6EAC-2B88-49E5-A706-E3AD3BF00EB3}" => removed successfully
C:\Windows\System32\Tasks\{F54CF69F-5E53-6367-03E6-7CAE550B98EA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F54CF69F-5E53-6367-03E6-7CAE550B98EA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6C02CCA9-D874-47B0-8950-2B3646002643}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C02CCA9-D874-47B0-8950-2B3646002643}" => removed successfully
C:\Windows\System32\Tasks\Rerun Warsaw's CoreFixer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Rerun Warsaw's CoreFixer" => removed successfully
"C:\Program Files (x86)\KoESfOKmAYaAL.exe" => not found
"C:\Windows\TEMP\is-IVV0J.tmp" => not found
C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js => moved successfully
C:\Program Files\mozilla firefox\warsaw.cfg => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 92399514 B
Java, Flash, Steam htmlcache => 36508210 B
Windows/system/drivers => 608 B
Edge => 0 B
Chrome => 13344088 B
Firefox => 44318283 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 0 B
GIOVANI => 115480588 B

RecycleBin => 99097 B
EmptyTemp: => 288.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:35:23 ====



#7 zanol

zanol
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 07 April 2018 - 06:02 PM

About my pc performance the taskeng.exe pop ups stopped, so thanks a lot, especially because you guys do it for free :)



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:14 AM

Posted 07 April 2018 - 06:44 PM

Great to hear. :thumbsup2:

Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:14 AM

Posted 10 April 2018 - 12:50 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:14 AM

Posted 13 April 2018 - 09:58 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users