Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01 Ran by ana (administrator) on ANA-PC (04-08-2015 19:33:02) Running from C:\Users\ana\Downloads Loaded Profiles: ana (Available Profiles: ana) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Português (Brasil) Internet Explorer Version 11 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-29] (Avast Software s.r.o.) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [509752 2015-06-24] (GAS Tecnologia LTDA) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2015-06-02] (Banco do Brasil) Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco) HKU\S-1-5-21-3024559318-4229410373-216696217-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4810520 2014-09-25] (Piriform Ltd) HKU\S-1-5-21-3024559318-4229410373-216696217-1000\...\Run: [Google Update] => C:\Users\ana\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-12] (Google Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-29] (Avast Software s.r.o.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ana\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ana\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ana\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-3024559318-4229410373-216696217-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3024559318-4229410373-216696217-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/pt-br/?ocid=U218DHP&pc=U218 HKU\S-1-5-21-3024559318-4229410373-216696217-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal HKU\S-1-5-21-3024559318-4229410373-216696217-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms} SearchScopes: HKU\S-1-5-21-3024559318-4229410373-216696217-1000 -> DefaultScope Web URL = http://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3024559318-4229410373-216696217-1000 -> Web URL = http://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3024559318-4229410373-216696217-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3024559318-4229410373-216696217-1000 -> {163C4BC3-E87E-4B39-81F8-DC625E27CAF0} URL = http://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms} BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-01] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-29] (Avast Software s.r.o.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2015-06-02] (Banco do Brasil) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-01] (Oracle Corporation) Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1889664 2015-06-02] (Banco do Brasil) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Hosts: 127.0.0.1 validation.sls.microsoft.com Tcpip\Parameters: [DhcpNameServer] 189.6.0.73 189.6.0.78 Tcpip\..\Interfaces\{095A827D-7AB4-475E-BBA8-F925AECE8E89}: [DhcpNameServer] 189.6.0.73 189.6.0.78 Tcpip\..\Interfaces\{DD9B7CBF-1589-49DA-92B8-434007707008}: [DhcpNameServer] 172.20.10.1 FireFox: ======== FF ProfilePath: C:\Users\ana\AppData\Roaming\Mozilla\Firefox\Profiles\se3l7fcn.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-20] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-01] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-01] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3024559318-4229410373-216696217-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-3024559318-4229410373-216696217-1000: @talk.google.com/O1DPlugin -> C:\Users\ana\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-3024559318-4229410373-216696217-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ana\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.) FF Plugin HKU\S-1-5-21-3024559318-4229410373-216696217-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ana\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.) FF Plugin HKU\S-1-5-21-3024559318-4229410373-216696217-1000: gastecnologia.com.br/sf/bb -> C:\Users\ana\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-3024559318-4229410373-216696217-1000: gastecnologia.com.br/sf/cef -> C:\Users\ana\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-16] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-3024559318-4229410373-216696217-1000: gastecnologia.com.br/sf/uni -> C:\Users\ana\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia) FF Plugin ProgramFiles/Appdata: C:\Users\ana\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\ana\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2015-01-27] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-01-27] FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-03-22] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-27] FF HKU\S-1-5-21-3024559318-4229410373-216696217-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\ana\AppData\Local\GAS Tecnologia\GBBD\bb\xpi FF Extension: GBBD Banco do Brasil - C:\Users\ana\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-05-11] FF HKU\S-1-5-21-3024559318-4229410373-216696217-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\ana\AppData\Local\GAS Tecnologia\GBBD\cef\xpi FF Extension: GBBD Caixa Economica Federal - C:\Users\ana\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2014-12-16] FF HKU\S-1-5-21-3024559318-4229410373-216696217-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\ana\AppData\Local\GAS Tecnologia\GBBD\uni\xpi FF Extension: Guardião - Itaú 30 horas - C:\Users\ana\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2015-01-20] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-13] Chrome: ======= CHR Profile: C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-02] CHR Extension: (Google Drive) - C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14] CHR Extension: (YouTube) - C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14] CHR Extension: (Google Search) - C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14] CHR Extension: (GBBD Banco do Brasil) - C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkafhcogdnfhkmiepeebkkdbdphnjfll [2015-04-14] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02] CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2014-07-27] CHR Extension: (Gmail) - C:\Users\ana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-29] CHR HKU\S-1-5-21-3024559318-4229410373-216696217-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\ana\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2014-07-26] CHR HKU\S-1-5-21-3024559318-4229410373-216696217-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\ana\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [Not Found] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-29] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-06-29] (Avast Software) R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [579896 2015-04-29] (GAS Tecnologia) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe [114288 2014-09-24] (Mozilla Foundation) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S2 RealPlayer Cloud Service; C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-18] (RealNetworks, Inc.) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5613328 2015-07-29] (TeamViewer GmbH) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [509752 2015-06-24] (GAS Tecnologia LTDA) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-29] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-29] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-06-29] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-29] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-29] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-06-29] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-29] () R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.) R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [46552 2015-01-13] (GAS Tecnologia) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-03-13] (GAS Tecnologia) R3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2596352 2006-12-18] (Intel® Corporation) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-06-29] (Avast Software) R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-04-01] (Basil) S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-04 19:30 - 2015-08-04 19:32 - 00032051 _____ C:\Users\ana\Downloads\Addition.txt 2015-08-04 19:27 - 2015-08-04 19:33 - 00019085 _____ C:\Users\ana\Downloads\FRST.txt 2015-08-04 19:26 - 2015-08-04 19:33 - 00000000 ____D C:\FRST 2015-08-04 19:26 - 2015-08-04 19:26 - 01673728 _____ (Farbar) C:\Users\ana\Downloads\FRST.exe 2015-08-04 16:14 - 2015-08-04 16:16 - 03522334 _____ (Nicolas Coolman ) C:\Users\ana\Downloads\ZHPFix.exe 2015-08-04 16:01 - 2015-08-04 16:01 - 00084904 _____ C:\Users\ana\AppData\Local\GDIPFONTCACHEV1.DAT 2015-08-04 15:49 - 2015-08-04 15:49 - 00061835 _____ C:\Users\ana\Desktop\ZHPDiag.txt 2015-08-04 14:28 - 2015-08-04 14:46 - 00000000 ____D C:\Users\ana\AppData\Roaming\ZHP 2015-08-04 14:28 - 2015-08-04 14:28 - 00000816 _____ C:\Users\ana\Desktop\ZHPDiag.lnk 2015-08-04 14:15 - 2015-08-04 14:16 - 01857536 _____ C:\Users\ana\Downloads\ZHPDiag3.exe 2015-08-04 13:40 - 2015-08-04 13:40 - 00004150 _____ C:\Windows\PFRO.log 2015-08-04 12:19 - 2015-08-04 12:26 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-04 12:19 - 2015-08-04 12:22 - 00001020 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-04 12:19 - 2015-08-04 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-04 12:18 - 2015-06-18 09:48 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-04 12:18 - 2015-06-18 09:47 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-04 12:18 - 2015-06-18 09:47 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-04 12:15 - 2015-08-04 12:16 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\ana\Downloads\mbam-setup-sem-2.1.6.1022.exe 2015-08-04 11:28 - 2015-08-04 13:41 - 00000302 _____ C:\Windows\Tasks\At1.job 2015-08-04 10:11 - 2015-08-04 10:12 - 00139112 _____ C:\Windows\Minidump\080415-32203-01.dmp 2015-08-04 10:11 - 2015-08-04 10:11 - 146141033 _____ C:\Windows\MEMORY.DMP 2015-08-03 16:07 - 2015-08-03 16:07 - 00001517 _____ C:\Users\ana\Desktop\NF Pneus BR 2015-08-03 16:06 - 2015-08-03 16:06 - 00001509 _____ C:\Users\ana\Desktop\NF Leao e Leao 2015-08-03 06:59 - 2015-08-04 13:41 - 00000448 _____ C:\Windows\setupact.log 2015-08-03 06:59 - 2015-08-03 06:59 - 00000000 _____ C:\Windows\setuperr.log 2015-08-03 06:58 - 2015-08-03 06:58 - 00339568 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-31 12:01 - 2015-07-31 12:01 - 00000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-07-31 12:01 - 2015-07-31 12:01 - 00000877 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-07-29 20:11 - 2015-07-29 20:11 - 03099648 _____ C:\Users\ana\Downloads\Sailun PSR-TBR Price List 2015 06 26 (1).xls 2015-07-29 20:08 - 2015-07-29 20:23 - 03219456 _____ C:\Users\ana\Downloads\Sailun PSR-TBR Price List 2015 06 26.xls 2015-07-29 19:14 - 2015-07-29 19:15 - 08376832 _____ C:\Users\ana\Downloads\Triangle Price List 2015.06.18 Brazil.xls 2015-07-27 00:22 - 2015-07-27 00:23 - 00000000 ___HD C:\Windows\msdownld.tmp 2015-07-27 00:16 - 2015-07-27 00:16 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-07-27 00:16 - 2015-07-27 00:16 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-27 00:16 - 2015-07-27 00:16 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-07-27 00:16 - 2015-07-27 00:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-07-27 00:16 - 2015-07-27 00:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2015-07-27 00:16 - 2015-07-27 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-07-27 00:16 - 2015-07-27 00:16 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2015-07-27 00:16 - 2015-07-27 00:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2015-07-27 00:16 - 2015-07-27 00:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-07-27 00:16 - 2015-07-27 00:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-07-27 00:16 - 2015-07-27 00:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2015-07-27 00:16 - 2015-07-27 00:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-07-27 00:16 - 2015-07-27 00:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2015-07-27 00:16 - 2015-07-27 00:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2015-07-27 00:16 - 2015-07-27 00:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-07-27 00:16 - 2015-07-27 00:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-07-27 00:16 - 2015-07-27 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-07-22 17:43 - 2015-07-22 17:44 - 00368494 _____ C:\Users\ana\Downloads\Ebook-Curso-Linux-Ubuntu-v-1.0.zip 2015-07-22 14:06 - 2015-07-22 14:06 - 00000106 _____ C:\Users\ana\Desktop\doc franca.txt 2015-07-21 12:09 - 2015-07-21 12:09 - 00000000 ____D C:\Users\ana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas Secretaria da Fazenda 2015-07-20 07:40 - 2015-06-29 11:08 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-07-16 08:11 - 2015-07-20 07:17 - 00000000 ____D C:\Program Files\GUM5F67.tmp 2015-07-13 15:30 - 2015-07-13 15:30 - 00818176 _____ C:\Users\ana\Downloads\Máscara de Câmbio ATTR002 Balanço.xls 2015-07-10 22:18 - 2015-07-10 22:19 - 01746134 _____ C:\Users\ana\Downloads\Outlook.com.zip 2015-07-10 11:37 - 2015-07-10 11:37 - 00044970 _____ C:\Users\ana\Downloads\ATLANTICO SUL - D.I 15.1183394-9 - 10.07.2015.xlsx 2015-07-06 18:19 - 2015-07-06 18:19 - 00031448 _____ (Basil) C:\Windows\system32\WinDivert32.sys 2015-07-06 18:19 - 2015-07-06 18:19 - 00031032 _____ (Basil) C:\Windows\system32\WinDivert.dll 2015-07-06 17:21 - 2015-07-06 17:24 - 00000000 ____D C:\Users\Todos os Usuários\Temp 2015-07-06 17:21 - 2015-07-06 17:24 - 00000000 ____D C:\ProgramData\Temp 2015-07-06 17:20 - 2015-07-06 17:20 - 03213368 _____ (Banco Itaú) C:\Users\ana\Downloads\DiagnosticoItau (1).exe 2015-07-06 15:08 - 2015-07-06 15:08 - 00006723 _____ C:\Users\ana\Downloads\53150772577083000197550000000041491063038056-procNfe.xml 2015-07-06 15:05 - 2015-07-06 15:05 - 00000000 ____D C:\database 2015-07-06 15:04 - 2015-08-03 15:24 - 00002473 _____ C:\Users\ana\Desktop\Emissor de Nota Fiscal Eletronica (NF-e) 3.10.lnk 2015-07-06 15:04 - 2015-07-06 15:04 - 00000000 ____D C:\log 2015-07-06 15:01 - 2015-07-06 15:01 - 00005390 _____ C:\Users\ana\Downloads\emissorNFe (1).jnlp 2015-07-06 10:02 - 2015-07-06 10:02 - 01663488 _____ C:\Users\ana\Downloads\apresentacao_quesito_cor_mec_monica.ppt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-04 19:30 - 2009-07-14 01:34 - 00024864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-04 19:30 - 2009-07-14 01:34 - 00024864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-04 19:15 - 2014-10-18 12:12 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-04 19:10 - 2014-10-25 15:33 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-04 18:54 - 2015-03-03 15:12 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024559318-4229410373-216696217-1000UA.job 2015-08-04 17:58 - 2015-07-03 19:12 - 01576330 _____ C:\Windows\WindowsUpdate.log 2015-08-04 13:41 - 2015-03-06 19:54 - 00000342 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2015-08-04 13:41 - 2014-10-25 15:33 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-04 13:41 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-04 13:40 - 2014-03-13 12:17 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2015-08-04 13:40 - 2014-03-13 12:17 - 00000000 ____D C:\ProgramData\GbPlugin 2015-08-04 12:22 - 2015-01-14 21:06 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-08-04 12:06 - 2015-06-18 08:09 - 00007602 _____ C:\Users\ana\AppData\Local\Resmon.ResmonCfg 2015-08-04 10:11 - 2015-04-24 19:40 - 00000000 ____D C:\Windows\Minidump 2015-08-04 10:09 - 2009-07-14 01:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-04 08:58 - 2015-03-03 15:12 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024559318-4229410373-216696217-1000Core.job 2015-08-03 15:37 - 2014-03-10 10:14 - 00000000 ____D C:\Users\ana\AppData\Roaming\TeamViewer 2015-08-03 08:42 - 2014-03-13 12:17 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia 2015-08-03 08:42 - 2014-03-13 12:17 - 00000000 ____D C:\ProgramData\GAS Tecnologia 2015-08-02 16:00 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\LogFiles 2015-08-02 13:24 - 2011-02-04 14:58 - 00000000 ____D C:\Windows\Panther 2015-07-31 12:02 - 2014-03-10 10:15 - 00000000 ____D C:\Program Files\TeamViewer 2015-07-30 19:15 - 2014-03-02 21:04 - 00002087 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-27 00:32 - 2015-03-11 15:06 - 00000000 __SHD C:\Users\ana\AppData\Local\EmieUserList 2015-07-27 00:32 - 2015-03-11 15:06 - 00000000 __SHD C:\Users\ana\AppData\Local\EmieSiteList 2015-07-27 00:32 - 2015-03-11 15:06 - 00000000 __SHD C:\Users\ana\AppData\Local\EmieBrowserModeList 2015-07-27 00:24 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\pt-BR 2015-07-20 10:37 - 2011-02-04 14:30 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-20 10:37 - 2009-07-14 05:31 - 00705268 _____ C:\Windows\system32\prfh0416.dat 2015-07-20 10:37 - 2009-07-14 05:31 - 00147108 _____ C:\Windows\system32\prfc0416.dat 2015-07-20 09:15 - 2014-10-18 12:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-07-20 09:15 - 2014-10-18 12:12 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-07-20 08:15 - 2014-03-22 22:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-07-20 07:41 - 2015-06-29 11:16 - 00001963 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-07-20 07:36 - 2014-02-27 09:09 - 00000000 ____D C:\Users\ana 2015-07-20 07:16 - 2015-06-29 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-07-20 07:16 - 2014-10-19 21:05 - 00000000 ____D C:\Users\ana\AppData\Roaming\vlc 2015-07-20 07:16 - 2014-03-02 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-20 07:16 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\wfp 2015-07-20 07:16 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\registration 2015-07-16 08:06 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\AppCompat 2015-07-10 08:44 - 2014-02-28 11:06 - 00000000 ____D C:\Users\ana\Desktop\Sekona 2015-07-06 17:24 - 2014-03-13 12:16 - 00011807 _____ C:\Users\ana\Downloads\Instalação do Guardião Itaú 30 horas.log ==================== Files in the root of some directories ======= 2014-12-22 10:23 - 2015-01-20 12:50 - 0033114 _____ () C:\Users\ana\AppData\Roaming\unins000.dat 2015-01-20 12:49 - 2015-01-20 12:45 - 0720082 _____ () C:\Users\ana\AppData\Roaming\unins000.exe 2015-05-11 13:17 - 2015-05-11 13:17 - 0017797 _____ () C:\Users\ana\AppData\Roaming\unins001.dat 2015-05-11 13:17 - 2015-05-11 13:17 - 0815826 _____ () C:\Users\ana\AppData\Roaming\unins001.exe 2014-07-17 11:36 - 2014-07-17 11:36 - 0015826 _____ () C:\Users\ana\AppData\Roaming\unins002.dat 2014-07-17 11:36 - 2014-07-17 11:36 - 0730322 _____ () C:\Users\ana\AppData\Roaming\unins002.exe 2015-06-18 08:09 - 2015-08-04 12:06 - 0007602 _____ () C:\Users\ana\AppData\Local\Resmon.ResmonCfg Files to move or delete: ==================== C:\Windows\Tasks\At1.job ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-13 08:00 ==================== End of log ============================