Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01 Ran by nathane (administrator) on NATANE (21-10-2015 23:06:47) Running from C:\Users\nathane\Downloads Loaded Profiles: nathane (Available Profiles: nathane) Platform: Windows 7 Ultimate (X64) Language: Português (Brasil) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Baidu Inc.) C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows\WER\wermgr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Frontend.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe (Microsoft Corporation) C:\Users\nathane\Downloads\matheus\programas\Microsoft Office 2010\ProfessionalPlus.exe (Microsoft Corporation) C:\Users\nathane\AppData\Local\Temp\OWPDA4D.tmp\setup.exe (Microsoft Corporation) C:\Users\nathane\AppData\Local\Temp\ose00000.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated) HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [155864 2013-12-10] (Realtek Semiconductor Corp.) HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters). HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [wermgr] => C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [6786560 2015-01-09] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-609318736-340572046-362664169-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3761424 2014-11-10] (Disc Soft Ltd) HKU\S-1-5-21-609318736-340572046-362664169-1001\...\Run: [uTorrent] => C:\Users\nathane\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-08] (BitTorrent Inc.) HKU\S-1-5-21-609318736-340572046-362664169-1001\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [5693544 2015-08-07] (FreeDownloadManager.ORG) HKU\S-1-5-21-609318736-340572046-362664169-1001\...\MountPoints2: {2166e508-567d-11e5-8281-c8cbb8c38f63} - "D:\LGAutoRun.exe" HKU\S-1-5-21-609318736-340572046-362664169-1001\...\MountPoints2: {45b1a370-478c-11e5-8264-c8cbb8c38f63} - "G:\LG_PC_Programs.exe" HKU\S-1-5-21-609318736-340572046-362664169-1001\...\MountPoints2: {8f20ffd9-5d3e-11e5-8285-c8cbb8c38f63} - "D:\LG_PC_Programs.exe" HKU\S-1-5-21-609318736-340572046-362664169-1001\...\MountPoints2: {ba01d37d-4422-11e5-8263-c8cbb8c38f63} - "H:\SETUP.EXE" HKU\S-1-5-21-609318736-340572046-362664169-1001\...\MountPoints2: {f394be21-3680-11e5-824f-c8cbb8c38f63} - "G:\SETUP.EXE" HKU\S-1-5-21-609318736-340572046-362664169-1001\...\MountPoints2: {f50ee1c2-4900-11e5-8267-c8cbb8c38f63} - "L:\SETUP.EXE" HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 74.208.105.171 Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{39878E0B-0A6E-4D08-AE83-A0A2500A7890}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-609318736-340572046-362664169-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-609318736-340572046-362664169-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp SearchScopes: HKU\S-1-5-21-609318736-340572046-362664169-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-08-29] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-20] (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-20] (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-08-29] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-08-07] (FreeDownloadManager.ORG) BHO-x32: No Name -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> No File BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) Toolbar: HKU\S-1-5-21-609318736-340572046-362664169-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File FireFox: ======== FF ProfilePath: C:\Users\nathane\AppData\Roaming\Mozilla\Firefox\Profiles\zllwfrd6.default FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-20] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-20] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-01-06] (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-08-29] () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-08-29] () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-08-29] () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF user.js: detected! => C:\Users\nathane\AppData\Roaming\Mozilla\Firefox\Profiles\zllwfrd6.default\user.js [2015-10-21] FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - => not found FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-08-29] [not signed] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-08-29] [not signed] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-08-29] [not signed] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-08-29] [not signed] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-08-29] [not signed] FF HKU\S-1-5-21-609318736-340572046-362664169-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.0.17 FF Extension: Free Download Manager extension - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.0.17 [2015-10-20] Chrome: ======= CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=sy&ts=1438895369&z=b36c081c1cdfe5e5529f7f2g5z0c2bab1tewbc6ebe&from=smt&uid=ST500LM012XHN-M500MBB_S2ZYJ9FDB02622 CHR StartupUrls: Default -> "hxxp://www.google.com.br/","hxxp://www.google.com.br/" CHR Profile: C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-30] CHR Extension: (Google Docs) - C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-30] CHR Extension: (Google Drive) - C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22] CHR Extension: (Google Search) - C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-30] CHR Extension: (Proteção Kaspersky) - C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-29] CHR Extension: (Planilhas do Google) - C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-30] CHR Extension: (Documentos Google off-line) - C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04] CHR Extension: (GBBD Banco do Brasil) - C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkafhcogdnfhkmiepeebkkdbdphnjfll [2015-07-30] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30] CHR Extension: (Gmail) - C:\Users\nathane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.) R3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.) R3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.) R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe [2216208 2014-11-10] (Disc Soft Ltd) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2015-01-06] (Intel Corporation) R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2015-08-30] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor) R2 SparkSvc; C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe [97080 2015-09-24] (Baidu Inc.) S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [1371960 2015-08-06] (Baidu.com, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-05-27] (Google Inc) S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-05-27] (LG Electronics Inc.) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2014-07-07] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2014-07-07] (LG Electronics Inc.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-11] (Qualcomm Atheros Communications, Inc.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems) S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-30] (Disc Soft Ltd) R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29864 2015-08-16] (Disc Soft Ltd) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-08-06] () S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-06] (LogMeIn Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2015-08-29] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2015-08-29] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-01-06] (Intel Corporation) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2013-02-01] (Realtek Semiconductor Corp.) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9101016 2013-12-10] (Realtek Semiconductor Corp.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-11] (Apple, Inc.) [File not signed] R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) S3 ATP; \SystemRoot\system32\DRIVERS\cmdatp.sys [X] S3 GPU-Z; \??\C:\Users\nathane\AppData\Local\Temp\GPU-Z.sys [X] S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-21 23:06 - 2015-10-21 23:10 - 00023754 _____ C:\Users\nathane\Downloads\FRST.txt 2015-10-21 23:04 - 2015-10-21 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2015-10-21 23:04 - 2015-10-21 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-10-21 23:01 - 2015-10-21 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2015-10-21 23:00 - 2015-10-21 23:07 - 00000000 ____D C:\FRST 2015-10-21 23:00 - 2015-10-21 23:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework 2015-10-21 23:00 - 2015-10-21 23:00 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2015-10-21 22:57 - 2015-10-21 22:57 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2015-10-21 22:56 - 2015-10-21 22:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2015-10-21 22:55 - 2015-10-21 22:55 - 02196480 _____ (Farbar) C:\Users\nathane\Downloads\FRST64.exe 2015-10-21 22:49 - 2015-10-21 22:49 - 00000000 __RHD C:\MSOCache 2015-10-21 22:45 - 2015-10-21 22:45 - 00001133 _____ C:\Users\nathane\Desktop\bank-slip-image-generator.htm 2015-10-21 22:23 - 2015-10-21 22:23 - 00008105 _____ C:\Users\nathane\Desktop\Boleto.htm 2015-10-21 22:23 - 2015-10-21 22:23 - 00000000 ____D C:\Users\nathane\Desktop\Boleto_arquivos 2015-10-21 19:38 - 2015-10-21 20:51 - 00000000 ____D C:\Users\nathane\AppData\Local\Mozilla 2015-10-21 19:38 - 2015-10-21 19:38 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-10-21 19:38 - 2015-10-21 19:38 - 00001115 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-10-21 19:38 - 2015-10-21 19:38 - 00000000 ____D C:\Users\nathane\AppData\Roaming\Mozilla 2015-10-21 19:38 - 2015-10-21 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-10-21 16:42 - 2015-10-21 16:42 - 00000000 ____D C:\Users\nathane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2015-10-21 16:42 - 2015-10-21 16:42 - 00000000 ____D C:\Program Files (x86)\GPU-Z 2015-10-20 19:53 - 2015-10-21 19:11 - 00000000 ____D C:\Users\nathane\AppData\LocalLow\uTorrent 2015-10-20 19:06 - 2015-10-20 19:06 - 00000000 ____D C:\Windows\SysWOW64\rufus_files 2015-10-20 17:08 - 2015-10-20 17:08 - 00000000 ____D C:\Users\Todos os Usuários\Free Download Manager 2015-10-20 17:08 - 2015-10-20 17:08 - 00000000 ____D C:\ProgramData\Free Download Manager 2015-10-18 10:43 - 2015-10-19 23:36 - 00000672 _____ C:\Windows\PFRO.log 2015-10-15 20:44 - 2015-10-21 20:50 - 00249405 _____ C:\Windows\WindowsUpdate.log 2015-10-15 20:35 - 2015-10-15 20:35 - 00451428 _____ C:\Users\nathane\Documents\cc_20151015_193539.reg 2015-10-14 00:50 - 2015-05-31 08:59 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys 2015-10-14 00:50 - 2015-05-31 08:58 - 00033472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys 2015-10-14 00:50 - 2015-05-21 18:36 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys 2015-10-14 00:50 - 2015-05-21 18:35 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll 2015-10-14 00:50 - 2015-05-21 18:35 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll 2015-10-14 00:49 - 2015-05-31 08:59 - 00931520 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll 2015-10-14 00:49 - 2015-05-31 08:59 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe 2015-10-14 00:49 - 2015-05-31 08:59 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys 2015-10-14 00:49 - 2015-05-31 08:58 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe 2015-10-14 00:49 - 2015-05-22 09:03 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys 2015-10-14 00:48 - 2015-10-14 00:48 - 00002096 _____ C:\Users\Public\Desktop\VMware Player.lnk 2015-10-13 16:18 - 2015-10-13 16:18 - 00000000 ____D C:\Program Files\Strogino CS Portal 2015-10-09 13:22 - 2015-10-14 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade 2015-10-08 18:35 - 2015-10-08 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZBot 2015-10-06 23:50 - 2015-10-07 00:11 - 00000000 _____ C:\Windows\SysWOW64\Access.dat 2015-10-04 12:33 - 2015-10-13 20:44 - 00844200 _____ (Akeo Consulting (http://akeo.ie)) C:\Windows\SysWOW64\rufus-2.4.exe 2015-10-03 12:25 - 2015-10-03 12:30 - 00000000 ____D C:\Users\nathane\AppData\Roaming\Tunngle 2015-10-03 12:25 - 2015-10-03 12:25 - 00000000 ____D C:\Users\nathane\Documents\Tunngle 2015-10-03 12:25 - 2009-09-16 09:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys 2015-10-02 15:04 - 2015-10-03 11:52 - 00000350 _____ C:\Windows\system32\VpnService.log 2015-10-02 14:35 - 2015-10-03 01:23 - 00000000 ____D C:\Users\nathane\AppData\Roaming\COMODO 2015-10-02 14:33 - 2015-10-02 14:33 - 00000000 ____D C:\Users\Todos os Usuários\COMODO 2015-10-02 14:33 - 2015-10-02 14:33 - 00000000 ____D C:\ProgramData\COMODO 2015-10-01 00:10 - 2015-10-01 00:10 - 00000000 ____D C:\Users\Todos os Usuários\LogMeIn 2015-10-01 00:10 - 2015-10-01 00:10 - 00000000 ____D C:\Users\nathane\AppData\Local\LogMeIn 2015-10-01 00:10 - 2015-10-01 00:10 - 00000000 ____D C:\ProgramData\LogMeIn 2015-09-29 15:46 - 2015-09-29 15:46 - 00000000 ____D C:\Users\nathane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HLDS 2015-09-29 15:46 - 2015-09-29 15:46 - 00000000 ____D C:\Users\nathane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life 2015-09-29 15:46 - 2015-09-29 15:46 - 00000000 ____D C:\Users\nathane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 2015-09-29 15:42 - 2015-09-29 15:42 - 00000000 ____D C:\Games 2015-09-22 18:16 - 2015-09-22 18:16 - 00000000 ____D C:\Users\nathane\Documents\Modelos Personalizados do Office 2015-09-21 16:31 - 2015-10-20 17:11 - 00000000 ____D C:\Users\nathane\AppData\Roaming\Free Download Manager 2015-09-21 16:31 - 2015-09-21 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager 2015-09-21 14:09 - 2015-09-21 14:15 - 00000000 ____D C:\AdwCleaner 2015-09-21 13:58 - 2015-10-19 20:41 - 00000000 ____D C:\Users\nathane\Documents\Virtual Machines ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-21 23:24 - 2015-08-29 02:28 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab 2015-10-21 23:10 - 2015-07-30 09:27 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D81880EE-BED8-489F-B0CB-5AB76745EECA} 2015-10-21 23:09 - 2015-07-30 09:20 - 00003592 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-609318736-340572046-362664169-1001 2015-10-21 23:08 - 2015-07-30 18:38 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2015-10-21 23:08 - 2015-07-30 18:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-10-21 23:03 - 2014-03-18 08:03 - 00000000 ____D C:\Windows\ShellNew 2015-10-21 23:02 - 2015-08-06 13:41 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-10-21 23:00 - 2015-07-30 18:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-10-21 23:00 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\sru 2015-10-21 22:57 - 2013-08-22 13:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-10-21 22:55 - 2015-07-30 18:38 - 00000000 ____D C:\Program Files\Microsoft Office 2015-10-21 22:55 - 2013-08-22 11:25 - 00000167 _____ C:\Windows\win.ini 2015-10-21 21:21 - 2015-08-29 02:28 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-10-21 20:47 - 2015-07-30 09:32 - 00000000 ____D C:\Program Files (x86)\Google 2015-10-21 20:30 - 2015-08-01 13:19 - 00006468 _____ C:\Windows\SysWOW64\Gms.log 2015-10-21 20:27 - 2015-08-11 03:30 - 00000000 ____D C:\Users\Todos os Usuários\VMware 2015-10-21 20:27 - 2015-08-11 03:30 - 00000000 ____D C:\ProgramData\VMware 2015-10-21 20:27 - 2013-08-22 12:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-21 19:38 - 2015-07-30 18:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-10-21 19:37 - 2015-07-30 17:33 - 00000000 ____D C:\Users\nathane\AppData\Roaming\uTorrent 2015-10-21 19:25 - 2015-08-27 00:19 - 00000000 ____D C:\Users\nathane\Downloads\matheus 2015-10-21 18:59 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\NDF 2015-10-21 01:43 - 2015-07-30 09:14 - 00000000 ____D C:\Users\nathane 2015-10-20 19:16 - 2013-08-22 11:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-10-20 19:15 - 2015-08-26 14:15 - 00000468 __RSH C:\Users\Todos os Usuários\ntuser.pol 2015-10-20 19:15 - 2015-08-26 14:15 - 00000468 __RSH C:\ProgramData\ntuser.pol 2015-10-20 19:08 - 2014-03-18 08:33 - 01808706 _____ C:\Windows\system32\PerfStringBackup.INI 2015-10-20 19:08 - 2014-03-18 07:45 - 00778622 _____ C:\Windows\system32\prfh0416.dat 2015-10-20 19:08 - 2014-03-18 07:45 - 00160240 _____ C:\Windows\system32\prfc0416.dat 2015-10-20 18:31 - 2015-08-15 19:31 - 00000370 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - nathane).job 2015-10-20 17:50 - 2015-08-13 01:09 - 00000000 ____D C:\Users\nathane\AppData\Roaming\vlc 2015-10-19 21:07 - 2015-08-11 03:34 - 00000000 ____D C:\Users\nathane\AppData\Roaming\VMware 2015-10-19 21:07 - 2015-08-11 03:34 - 00000000 ____D C:\Users\nathane\AppData\Local\VMware 2015-10-15 20:33 - 2015-08-16 14:37 - 00000000 ____D C:\Users\nathane\AppData\Roaming\DAEMON Tools Pro 2015-10-14 00:48 - 2015-08-11 03:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2015-10-14 00:48 - 2015-08-01 13:03 - 01818234 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-10-08 19:07 - 2015-09-17 14:22 - 00000000 ____D C:\Program Files (x86)\LG Electronics 2015-10-08 19:06 - 2015-08-07 14:42 - 00000000 ____D C:\Users\nathane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Level Up 2015-10-08 19:06 - 2015-08-07 14:37 - 00000000 ____D C:\Users\nathane\AppData\Local\Deployment 2015-10-08 18:55 - 2015-08-14 21:00 - 00000000 ____D C:\Program Files (x86)\Valve 2015-10-08 13:54 - 2015-08-27 00:17 - 00000000 ____D C:\Users\nathane\Desktop\Games 2015-10-08 13:53 - 2015-09-17 11:27 - 00000000 ____D C:\Users\nathane\Desktop\NATANEEEEE,,,,_files 2015-10-07 14:03 - 2013-08-22 12:44 - 00477840 _____ C:\Windows\system32\FNTCACHE.DAT 2015-10-06 23:21 - 2015-07-30 18:44 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2015-09-30 18:23 - 2015-08-05 18:23 - 00000310 _____ C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job 2015-09-21 20:57 - 2015-08-16 16:06 - 00000000 ____D C:\Windows\SysWOW64\xlive 2015-09-21 17:56 - 2015-09-18 15:12 - 00000065 _____ C:\Windows\SysWOW64\lgAxconfig.ini 2015-09-21 17:56 - 2015-09-18 15:12 - 00000000 ____D C:\Users\Todos os Usuários\LGMOBILEAX 2015-09-21 17:56 - 2015-09-18 15:12 - 00000000 ____D C:\ProgramData\LGMOBILEAX 2015-09-21 17:56 - 2015-09-18 15:12 - 00000000 ____D C:\LGMobileUpgrade 2015-09-21 16:31 - 2015-07-30 09:42 - 00000000 ____D C:\Program Files (x86)\Free Download Manager 2015-09-21 13:45 - 2015-08-29 02:13 - 00000000 ____D C:\Windows\System32\Tasks\WiseCleaner 2015-09-21 13:43 - 2015-09-14 18:27 - 00000000 ____D C:\Users\Todos os Usuários\Apple 2015-09-21 13:43 - 2015-09-14 18:27 - 00000000 ____D C:\ProgramData\Apple ==================== Files in the root of some directories ======= 2005-09-14 04:53 - 2015-08-29 02:51 - 0000640 ____H () C:\Users\nathane\AppData\Roaming\logs.dat 2015-08-29 01:07 - 2015-08-29 01:07 - 0274449 _____ () C:\ProgramData\1440817405.bdinstall.bin Some files in TEMP: ==================== C:\Users\nathane\AppData\Local\Temp\ChromeSetup.exe C:\Users\nathane\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed