Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015 Ran by User (administrator) on CLAUDIO on 12-07-2015 17:31:38 Running from C:\Users\User\Downloads Loaded Profiles: User (Available Profiles: User) Platform: Windows 8 Pro (X64) OS Language: Português (Brasil) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\osk.exe (Microsoft Corporation) C:\Windows\System32\AtBroker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-12-18] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-3075200918-40492572-906780818-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-03-16] (Glarysoft Ltd) HKU\S-1-5-21-3075200918-40492572-906780818-1001\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-12] (BitTorrent Inc.) HKU\S-1-5-21-3075200918-40492572-906780818-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.) BootExecute: autocheck autochk * GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:52755;https=127.0.0.1:52755 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=sdkw_inner_hp_01_hao123_br HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-3075200918-40492572-906780818-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp SearchScopes: HKU\S-1-5-21-3075200918-40492572-906780818-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-03-17] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-03-17] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 201.55.232.80 201.55.232.75 Tcpip\..\Interfaces\{2FBACFA3-2A09-4F50-9AE9-03CDC4D459AB}: [DhcpNameServer] 201.55.232.80 201.55.232.75 201.6.4.116 Tcpip\..\Interfaces\{4599DE7A-00F7-4476-9DBE-30AD6C4852DE}: [DhcpNameServer] 201.55.232.80 201.55.232.75 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17] CHR Extension: (Earth) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac [2015-06-30] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-22] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-22] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-03-17] () [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation) S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ATTENTION S2 oqyvdedco; "C:\ProgramData\OhogmAgi\akijash.exe" /ts2=1 [X] S2 thjyoejj; "C:\ProgramData\OhogmAgi\akijwsh.exe" -cms [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [2919936 2013-06-02] (Qualcomm Atheros Communications, Inc.) R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek ) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-17] (Avira Operations GmbH & Co. KG) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-03-17] (Glarysoft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-12 17:31 - 2015-07-12 17:31 - 00012861 _____ C:\Users\User\Downloads\FRST.txt 2015-07-12 17:31 - 2015-07-12 17:31 - 00000000 ____D C:\FRST 2015-07-12 17:30 - 2015-07-12 17:30 - 02133504 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2015-07-12 17:26 - 2015-07-12 17:26 - 05234792 _____ (ParetoLogic Inc.) C:\Users\User\Downloads\ParetoLogic PC Health Advisor_pt.exe 2015-07-12 11:13 - 2015-07-12 11:13 - 00016789 _____ C:\Users\User\Downloads\O.Exterminador.do.Futuro.Gênesis.CAM.XVID.DUBLADO-TOM.torrent 2015-07-12 11:11 - 2015-07-12 11:11 - 00018478 _____ C:\Users\User\Downloads\A.Espia.Que.Sabia.de.Menos.2015.HC.HDRip.XviD.Dublado.torrent 2015-07-12 11:11 - 2015-07-12 11:11 - 00014696 _____ C:\Users\User\Downloads\Minions.2015.HDTS.XViD.Dublado.torrent 2015-07-12 11:09 - 2015-07-12 11:09 - 00054675 _____ C:\Users\User\Downloads\Under.the.Dome.S03E01E02.HDTV.x264-LOL.torrent 2015-07-12 11:09 - 2015-07-12 11:09 - 00024308 _____ C:\Users\User\Downloads\Under.the.Dome.S03E03.HDTV.x264-LOL.torrent 2015-07-12 11:09 - 2015-07-12 11:09 - 00000804 _____ C:\Users\User\Downloads\Under.the.Dome.S03E04.HDTV.x264-LOL (1).torrent 2015-07-08 22:55 - 2015-07-08 22:55 - 00019818 _____ C:\Users\User\Downloads\Primo GPS 2013.torrent 2015-07-08 07:31 - 2015-07-08 23:42 - 00000000 ____D C:\Program Files (x86)\baidu 2015-07-08 07:31 - 2015-07-08 08:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Baidu 2015-07-08 07:31 - 2015-07-08 07:31 - 00000000 ____D C:\Users\User\AppData\Local\MiniService 2015-07-08 07:31 - 2015-07-08 07:31 - 00000000 ____D C:\Users\Todos os Usuários\Baidu 2015-07-08 07:31 - 2015-07-08 07:31 - 00000000 ____D C:\ProgramData\Baidu 2015-07-06 08:43 - 2015-07-06 08:43 - 00001968 _____ C:\Users\User\Downloads\Meu Passado Me Condena 2 HDTS XviD Nacional.avi.torrent 2015-07-04 00:49 - 2015-07-04 00:49 - 00000000 ____D C:\Users\User\Downloads\CF-Auto-Root-klte-klteduosub-smg900md 2015-07-03 22:16 - 2015-07-03 22:25 - 274180792 _____ C:\Users\User\Downloads\cm-12.1-20150703-NIGHTLY-klte.zip 2015-07-03 19:09 - 2015-07-03 19:10 - 2551521450 _____ C:\Users\User\Downloads\G900FDXXU1BNL9_G900FDOXE1BNL9_G900FDXXU1BNL9_HOME.tar.md5 2015-07-03 18:29 - 2015-07-03 18:29 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-07-03 18:18 - 2015-07-03 18:25 - 275205019 _____ C:\Users\User\Downloads\cm-12.1-20150703-NIGHTLY-kltechnduo.zip 2015-07-03 18:10 - 2015-07-03 18:10 - 25812155 _____ C:\Users\User\Downloads\CF-Auto-Root-klte-klteduosub-smg900md.zip 2015-07-03 17:52 - 2015-07-03 17:53 - 13721600 _____ C:\Users\User\Downloads\openrecovery-twrp-2.8.4.0-klte.tar 2015-07-03 17:44 - 2015-07-03 17:45 - 13721600 _____ C:\Users\User\Downloads\openrecovery-twrp-2.8.5.0-gt-klte.tar 2015-07-03 09:40 - 2015-07-03 09:40 - 00018698 _____ C:\Users\User\Downloads\Jogos.Vorazes.A.Esperanca.Parte.1.2015.BDRip.XviD.Dual.Audio-MVP.torrent 2015-07-03 09:35 - 2015-07-03 09:35 - 00184914 _____ C:\Users\User\Downloads\Dragoes.de.Camelot.2015.720p.BRRip.x264-iFT.DUAL-CS.torrent 2015-06-30 10:25 - 2015-06-30 10:25 - 00000000 _____ C:\Windows\SysWOW64\Number of results 2015-06-30 10:13 - 2015-07-08 22:52 - 00006104 _____ C:\Windows\setupact.log 2015-06-30 10:13 - 2015-06-30 10:13 - 00000000 _____ C:\Windows\setuperr.log 2015-06-30 10:05 - 2015-07-03 08:32 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-30 10:05 - 2015-06-30 10:06 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-30 10:05 - 2015-06-30 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-30 10:05 - 2015-06-30 10:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-06-30 10:05 - 2015-06-30 10:05 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes 2015-06-30 10:05 - 2015-06-30 10:05 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-30 10:05 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-30 10:05 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-30 10:05 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-30 10:04 - 2015-06-30 10:04 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.6.1022.exe 2015-06-30 09:53 - 2015-06-30 09:53 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol 2015-06-30 09:53 - 2015-06-30 09:53 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-06-30 09:50 - 2015-06-30 10:38 - 00000008 _____ C:\END 2015-06-30 09:50 - 2015-06-30 09:50 - 00000045 _____ C:\user.js 2015-06-30 09:50 - 2015-06-30 09:50 - 00000000 _____ C:\Windows\prleth.sys 2015-06-30 09:50 - 2015-06-30 09:50 - 00000000 _____ C:\Windows\hgfs.sys 2015-06-30 09:21 - 2015-06-30 09:21 - 00004528 _____ C:\Windows\SysWOW64\Lepfibs.ini 2015-06-30 09:21 - 2015-06-30 09:21 - 00002216 _____ C:\Windows\SysWOW64\LepfibsOff.ini 2015-06-30 09:21 - 2015-06-30 09:21 - 00002216 _____ C:\Windows\system32\LepfibsOff.ini 2015-06-30 09:20 - 2015-06-30 09:25 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-30 09:20 - 2015-06-30 09:21 - 00000000 ____D C:\Users\Todos os Usuários\OhogmAgi 2015-06-30 09:20 - 2015-06-30 09:21 - 00000000 ____D C:\ProgramData\OhogmAgi 2015-06-30 09:20 - 2015-06-30 09:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Opera Software 2015-06-30 09:20 - 2015-06-30 09:20 - 00000000 ____D C:\Users\User\AppData\Local\Opera Software 2015-06-30 09:19 - 2015-07-08 23:43 - 00000000 ____D C:\Users\Todos os Usuários\ToolsUpdatePlatform 2015-06-30 09:19 - 2015-07-08 23:43 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform 2015-06-30 09:19 - 2015-07-03 09:19 - 00000000 ____D C:\Program Files (x86)\cecea3d5-3cfb-47ed-a074-c0d5128c78a1 2015-06-30 09:19 - 2015-07-03 09:19 - 00000000 ____D C:\Program Files (x86)\ae591690-ff34-4960-a80b-95c5a8a830f4 2015-06-30 09:19 - 2015-06-30 09:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader 2015-06-30 09:19 - 2015-06-30 09:19 - 00003900 _____ C:\Windows\System32\Tasks\YTDownloaderUpd 2015-06-30 09:19 - 2015-06-30 09:19 - 00003578 _____ C:\Windows\System32\Tasks\YTDownloader 2015-06-30 09:19 - 2015-06-30 09:19 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-06-30 09:19 - 2015-06-30 09:19 - 00000000 ____D C:\Users\User\AppData\Local\globalUpdate 2015-06-30 09:19 - 2015-06-30 09:19 - 00000000 ____D C:\Users\Public\Documents\PC Faster 2015-06-30 09:19 - 2015-06-30 09:19 - 00000000 ____D C:\Users\Public\Documents\Guid 2015-06-30 09:19 - 2015-06-30 09:19 - 00000000 ____D C:\Users\Public\Documents\Baidu 2015-06-30 09:19 - 2012-07-26 02:26 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-06-30 09:18 - 2015-06-30 09:18 - 00000000 ____D C:\Users\User\AppData\Local\CrashRpt 2015-06-30 09:18 - 2015-01-20 13:13 - 34334796 _____ C:\Users\User\Desktop\CF-Auto-Root-klte-klteduosub-smg900md.tar.md5 2015-06-30 09:18 - 2015-01-20 13:13 - 00943616 _____ (Samsung Electronics Co., Ltd.) C:\Users\User\Desktop\Odin3-v3.07.exe 2015-06-30 09:18 - 2015-01-20 13:13 - 00159744 _____ (TmaxSoft Co., Ltd) C:\Users\User\Desktop\tmax.dll 2015-06-30 09:18 - 2015-01-20 13:13 - 00102400 _____ C:\Users\User\Desktop\zlib.dll 2015-06-30 09:18 - 2015-01-20 13:13 - 00000706 _____ C:\Users\User\Desktop\Odin3.ini 2015-06-30 09:16 - 2015-06-30 09:16 - 00000000 ____D C:\Users\Todos os Usuários\Samsung 2015-06-30 09:16 - 2015-06-30 09:16 - 00000000 ____D C:\ProgramData\Samsung 2015-06-30 09:16 - 2015-06-30 09:16 - 00000000 ____D C:\Program Files\SAMSUNG 2015-06-26 02:16 - 2015-06-26 02:16 - 01730304 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2015-06-26 02:16 - 2015-06-26 02:16 - 01011448 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll 2015-06-15 21:08 - 2015-06-15 21:08 - 00000705 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLAUDIO.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-12 17:32 - 2015-03-17 21:18 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent 2015-07-12 17:24 - 2015-03-17 16:50 - 00000000 ____D C:\Users\User\AppData\Roaming\ClassicShell 2015-07-12 17:13 - 2015-03-17 16:56 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-12 17:05 - 2015-03-17 16:37 - 01141231 _____ C:\Windows\WindowsUpdate.log 2015-07-12 17:00 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\sru 2015-07-12 11:13 - 2015-03-17 16:56 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-11 23:27 - 2015-03-17 16:43 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3075200918-40492572-906780818-1001 2015-07-11 23:21 - 2012-07-26 07:33 - 00762618 _____ C:\Windows\system32\prfh0416.dat 2015-07-11 23:21 - 2012-07-26 07:33 - 00154410 _____ C:\Windows\system32\prfc0416.dat 2015-07-11 23:21 - 2012-07-26 04:28 - 01765682 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-11 23:18 - 2015-03-17 16:58 - 00000344 _____ C:\Windows\Tasks\GlaryInitialize 5.job 2015-07-11 23:17 - 2015-03-17 16:58 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5 2015-07-11 23:16 - 2015-05-15 19:45 - 00201300 _____ C:\Windows\PFRO.log 2015-07-11 23:16 - 2012-07-26 04:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-11 23:16 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-07-11 04:53 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\AUInstallAgent 2015-07-08 23:00 - 2012-07-26 04:59 - 00000000 ____D C:\Windows\CbsTemp 2015-07-07 21:14 - 2015-03-17 16:57 - 00002486 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-06 18:34 - 2015-03-22 10:24 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-06 18:34 - 2015-03-22 10:24 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-03 09:19 - 2012-07-26 07:36 - 00000000 ____D C:\Windows\SKB 2015-07-03 08:38 - 2015-04-28 08:32 - 00000000 ____D C:\Users\User\AppData\Roaming\ZhiYun 2015-06-30 10:03 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files\Common Files\System 2015-06-30 09:50 - 2015-05-29 05:30 - 00002635 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2015-06-30 09:50 - 2015-03-17 16:38 - 00001700 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-24 21:34 - 2015-05-10 19:43 - 00160768 ___SH C:\Users\User\Downloads\Thumbs.db 2015-06-22 08:21 - 2015-03-17 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-06-22 08:20 - 2015-03-17 17:07 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-22 08:20 - 2015-03-17 17:07 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-06-22 08:10 - 2015-03-17 17:12 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2015-06-22 08:10 - 2015-03-17 17:12 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-22 08:10 - 2015-03-17 17:07 - 00000000 ____D C:\Users\Todos os Usuários\Avira 2015-06-22 08:10 - 2015-03-17 17:07 - 00000000 ____D C:\ProgramData\Avira 2015-06-22 08:10 - 2015-03-17 17:07 - 00000000 ____D C:\Program Files (x86)\Avira 2015-06-22 08:08 - 2015-03-30 09:16 - 00430872 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-17 08:35 - 2015-03-22 10:14 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-17 08:35 - 2015-03-22 10:14 - 00000000 ____D C:\Windows\system32\appraiser ==================== Files in the root of some directories ======= 2015-03-18 10:09 - 2015-03-18 10:09 - 0000001 _____ () C:\Users\User\AppData\Local\llftool.4.30.agreement Some files in TEMP: ==================== C:\Users\User\AppData\Local\Temp\1435667003.exe C:\Users\User\AppData\Local\Temp\1436409814.exe C:\Users\User\AppData\Local\Temp\avgnt.exe C:\Users\User\AppData\Local\Temp\spark_install.exe C:\Users\User\AppData\Local\Temp\SpOrder.dll C:\Users\User\AppData\Local\Temp\Uninstall.exe C:\Users\User\AppData\Local\Temp\UninstallModule.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-10 03:00 ==================== End of log ============================