Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-05-2016 Ran by pc (administrator) on PC-PC (20-05-2016 00:40:51) Running from C:\Users\pc\Downloads Loaded Profiles: pc (Available Profiles: pc & Guest) Platform: Windows 8.1 Pro (X64) Language: Inglês (Estados Unidos) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-25] (IDT, Inc.) HKLM\...\Run: [cpuminer] => C:\Users\pc\AppData\Roaming\cpuminer\cpm.exe [1452032 2016-05-10] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [tasklist.exe -start] => C:\ProgramData\tasklist.exe [5714944 2016-05-16] (Skype Technologies) HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs, HKLM-x32\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs, [X] Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\...\Run: [uTorrent] => C:\Users\pc\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-18] (BitTorrent Inc.) HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [2758656 2014-08-16] (Seekar Ltd) HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\...\Run: [Selection Tools] => C:\Users\pc\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe [4084464 2016-04-11] (Nosibay) HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\...\Run: [msiql] => c:\programdata\msiql.exe [1920000 2016-05-16] () HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\...\MountPoints2: {0a1dbcee-d0bf-11e4-824e-68a3c47eab03} - "G:\LG_PC_Programs.exe" HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\...\MountPoints2: {246d69f4-cc25-11e4-8047-68a3c47eab03} - "I:\LG_PC_Programs.exe" AppInit_DLLs: C:\ProgramData\Lamzap\Matfan.dll => C:\ProgramData\Lamzap\Matfan.dll [363008 2016-05-17] () AppInit_DLLs-x32: C:\ProgramData\Lamzap\Biocom.dll => C:\ProgramData\Lamzap\Biocom.dll [257536 2016-05-17] () GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{167EB571-8329-494F-A253-5CD9494994CD}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCzz0AtA0CyEyB0E0A0BtDtAzyyDzzyBtN0D0Tzu0StCyDzyzztN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0DyDtByD0ByC0AtGyC0E0D0DtGtA0CyE0EtGtAyDyD0EtG0Czz0ByByC0CtCyEzzzyzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyE0A0BtDyEtAtGtDyCtAtBtGyE0A0FtDtGzztBtBzztGtC0DtB0DzyyEyD0EzyyC0DtC2QtN0A0LzuyE%26cr%3D748911800%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCzz0AtA0CyEyB0E0A0BtDtAzyyDzzyBtN0D0Tzu0StCyDzyzztN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0DyDtByD0ByC0AtGyC0E0D0DtGtA0CyE0EtGtAyDyD0EtG0Czz0ByByC0CtCyEzzzyzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyE0A0BtDyEtAtGtDyCtAtBtGyE0A0FtDtGzztBtBzztGtC0DtB0DzyyEyD0EzyyC0DtC2QtN0A0LzuyE%26cr%3D748911800%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0XiJx-FdZPBDIfw1iZYWHjbB0WsGXzgSfDUJ76516MnH2tO0-GqJbbEk3_xVBRQup5AjJPx9UbjsINE4eDpsYnnvbgzLOtb36P5nzfO-NZeAca5iiSH_dE9URar5SFpTafZ_gOPiIv6RGl-6xnhOeBICi_TT&q={searchTerms} HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0XiJx-FdZPBDIfw1iZYWHjbB0WsGXzgSfDUJ76516MnH2tO0-GqJbbEk3_xVBRQup5x0do9BpscFLdYS9gtU-Q_zw28zDwZl-0D5obMOePdj751IVbO8cj766DEV4KJjTgHsKq2ONhW5RExKaBZKeHQu-eg5 HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0XiJx-FdZPBDIfw1iZYWHjbB0WsGXzgSfDUJ76516MnH2tO0-GqJbbEk3_xVBRQup5AjJPx9UbjsINE4eDpsYnnvbgzLOtb36P5nzfO-NZeAca5iiSH_dE9URar5SFpTafZ_gOPiIv6RGl-6xnhOeBICi_TT&q={searchTerms} HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0XiJx-FdZPBDIfw1iZYWHjbB0WsGXzgSfDUJ76516MnH2tO0-GqJbbEk3_xVBRQup5AjJPx9UbjsINE4eDpsYnnvbgzLOtb36P5nzfO-NZeAca5iiSH_dE9URar5SFpTafZ_gOPiIv6RGl-6xnhOeBICi_TT&q={searchTerms} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCzz0AtA0CyEyB0E0A0BtDtAzyyDzzyBtN0D0Tzu0StCyDzyzztN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0DyDtByD0ByC0AtGyC0E0D0DtGtA0CyE0EtGtAyDyD0EtG0Czz0ByByC0CtCyEzzzyzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyE0A0BtDyEtAtGtDyCtAtBtGyE0A0FtDtGzztBtBzztGtC0DtB0DzyyEyD0EzyyC0DtC2QtN0A0LzuyE%26cr%3D748911800%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCzz0AtA0CyEyB0E0A0BtDtAzyyDzzyBtN0D0Tzu0StCyDzyzztN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0DyDtByD0ByC0AtGyC0E0D0DtGtA0CyE0EtGtAyDyD0EtG0Czz0ByByC0CtCyEzzzyzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyE0A0BtDyEtAtGtDyCtAtBtGyE0A0FtDtGzztBtBzztGtC0DtB0DzyyEyD0EzyyC0DtC2QtN0A0LzuyE%26cr%3D748911800%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0XiJx-FdZPBDIfw1iZYWHjbB0WsGXzgSfDUJ76516MnH2tO0-GqJbbEk3_xVBRQup5AjJPx9UbjsINE4eDpsYnnvbgzLOtb36P5nzfO-NZeAca5iiSH_dE9URar5SFpTafZ_gOPiIv6RGl-6xnhOeBICi_TT&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCzz0AtA0CyEyB0E0A0BtDtAzyyDzzyBtN0D0Tzu0StCyDzyzztN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0DyDtByD0ByC0AtGyC0E0D0DtGtA0CyE0EtGtAyDyD0EtG0Czz0ByByC0CtCyEzzzyzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyE0A0BtDyEtAtGtDyCtAtBtGyE0A0FtDtGzztBtBzztGtC0DtB0DzyyEyD0EzyyC0DtC2QtN0A0LzuyE%26cr%3D748911800%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-3445738514-2521246755-3089652957-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0XiJx-FdZPBDIfw1iZYWHjbB0WsGXzgSfDUJ76516MnH2tO0-GqJbbEk3_xVBRQup5AjJPx9UbjsINE4eDpsYnnvbgzLOtb36P5nzfO-NZeAca5iiSH_dE9URar5SFpTafZ_gOPiIv6RGl-6xnhOeBICi_TT&q={searchTerms} SearchScopes: HKU\S-1-5-21-3445738514-2521246755-3089652957-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCzz0AtA0CyEyB0E0A0BtDtAzyyDzzyBtN0D0Tzu0StCyDzyzztN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0DyDtByD0ByC0AtGyC0E0D0DtGtA0CyE0EtGtAyDyD0EtG0Czz0ByByC0CtCyEzzzyzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DyE0A0BtDyEtAtGtDyCtAtBtGyE0A0FtDtGzztBtBzztGtC0DtB0DzyyEyD0EzyyC0DtC2QtN0A0LzuyE%26cr%3D748911800%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-3445738514-2521246755-3089652957-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0XiJx-FdZPBDIfw1iZYWHjbB0WsGXzgSfDUJ76516MnH2tO0-GqJbbEk3_xVBRQup5AjJPx9UbjsINE4eDpsYnnvbgzLOtb36P5nzfO-NZeAca5iiSH_dE9URar5SFpTafZ_gOPiIv6RGl-6xnhOeBICi_TT&q={searchTerms} BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2014-01-16] (Orbitdownloader.com) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2014-04-29] (FreeDownloadManager.ORG) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) Chrome: ======= CHR HomePage: ChromeDefaultData -> search.mpc.am CHR StartupUrls: ChromeDefaultData -> "search.mpc.am" CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3445738514-2521246755-3089652957-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed] S2 GoogleChromeUpService; C:\ProgramData\service.exe [1755136 2016-05-17] () [File not signed] S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2783744 2016-05-17] (TODO: ) [File not signed] R2 SDDUpdate; C:\Users\pc\AppData\Roaming\SNDA\SDUpdate\SDDUpdateSvc.dll [238392 2016-05-17] (SNDA) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-25] (IDT, Inc.) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 muftionSysSrv; "C:\Program Files (x86)\Muftion\muftionSysSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-05-27] (Google Inc) S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-05-27] (LG Electronics Inc.) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2014-07-07] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2014-07-07] (LG Electronics Inc.) S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis64.sys [93696 2014-05-27] (LG Electronics Inc.) R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 blNetFilter; \??\C:\WINDOWS\system32\drivers\blNetFilter.sys [X] S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [X] S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [X] S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [X] S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [X] S3 usbbus; \SystemRoot\System32\drivers\lgx64bus.sys [X] S3 UsbDiag; \SystemRoot\system32\DRIVERS\lgx64diag.sys [X] S3 USBModem; \SystemRoot\system32\DRIVERS\lgx64modem.sys [X] S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-20 00:42 - 2016-05-20 00:42 - 00111363 _____ C:\Users\pc\Downloads\InSUBs_a80dbdbd96d48a77f767850584d70a40.rar 2016-05-20 00:40 - 2016-05-20 00:41 - 00017540 _____ C:\Users\pc\Downloads\FRST.txt 2016-05-20 00:40 - 2016-05-20 00:40 - 00000000 ____D C:\FRST 2016-05-20 00:39 - 2016-05-20 00:38 - 02382336 _____ (Farbar) C:\Users\pc\Desktop\FRST64 (1).exe 2016-05-20 00:38 - 2016-05-20 00:38 - 02382336 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe 2016-05-20 00:38 - 2016-05-20 00:38 - 02382336 _____ (Farbar) C:\Users\pc\Downloads\FRST64 (1).exe 2016-05-20 00:36 - 2016-05-20 00:37 - 01732608 _____ (Farbar) C:\Users\pc\Downloads\FRST.exe 2016-05-19 23:27 - 2016-05-19 23:27 - 00000221 _____ C:\Users\pc\Desktop\淘宝.url 2016-05-19 23:27 - 2016-05-19 23:27 - 00000221 _____ C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\淘宝.url 2016-05-19 23:27 - 2016-05-19 23:27 - 00000208 _____ C:\Users\pc\Desktop\百度一下.url 2016-05-19 23:27 - 2016-05-19 23:27 - 00000208 _____ C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\百度一下.url 2016-05-19 23:27 - 2016-05-19 23:27 - 00000000 ____D C:\Users\pc\AppData\Roaming\taobao 2016-05-19 23:27 - 2016-05-19 23:27 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-05-19 23:27 - 2016-05-19 23:27 - 00000000 ____D C:\Program Files (x86)\osTip 2016-05-19 23:25 - 2016-05-19 23:26 - 00482368 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-05-19 01:52 - 2016-05-19 01:52 - 00000000 ____D C:\Users\pc\Downloads\Arrow.S04E22.HDTV.x264-LOL[ettv] 2016-05-19 01:25 - 2016-05-19 01:25 - 00000000 ____D C:\Users\pc\Downloads\Supernatural.S11E22.HDTV.x264-LOL[ettv] 2016-05-19 01:23 - 2016-05-19 01:23 - 00126392 _____ C:\Users\pc\Downloads\InSUBs_f4e7712e36574bbecb5a8c21c3c578c5.rar 2016-05-18 03:08 - 2016-05-19 01:23 - 00000000 ____D C:\Users\pc\Downloads\The.Flash.2014.S02E22.HDTV.x264-LOL[ettv] 2016-05-18 03:06 - 2016-05-18 03:06 - 00003628 _____ C:\Users\pc\Downloads\[kat.cr]the.flash.2014.s02e22.hdtv.x264.lol.ettv.torrent 2016-05-18 02:03 - 2016-05-18 02:03 - 00001773 _____ C:\Users\pc\Desktop\chrome - Atalho.lnk 2016-05-18 02:01 - 2016-05-18 02:01 - 00000286 __RSH C:\Users\pc\ntuser.pol 2016-05-18 01:51 - 2016-05-18 02:05 - 00250912 _____ C:\WINDOWS\SysWOW64\kz.exe 2016-05-18 01:18 - 2016-05-18 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sear 2016-05-18 01:12 - 2016-05-18 01:12 - 00000972 _____ C:\WINDOWS\SysWOW64\${LOGFILE} 2016-05-17 23:39 - 2016-05-18 01:23 - 00000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 2016-05-17 22:38 - 2016-05-19 23:27 - 00000000 ____D C:\Users\pc\AppData\Roaming\favicons 2016-05-17 22:38 - 2016-05-17 22:38 - 00000210 _____ C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\上网导航.url 2016-05-17 22:38 - 2016-05-17 22:38 - 00000000 ____D C:\ProgramData\did 2016-05-17 22:37 - 2016-05-17 22:37 - 00000000 ____D C:\Users\pc\AppData\Roaming\SNDA 2016-05-17 22:30 - 2016-05-17 22:30 - 00000000 ____D C:\Program Files\Common Files\Tencent 2016-05-17 22:29 - 2016-05-18 01:31 - 00000000 ____D C:\ProgramData\TXQMPC 2016-05-17 22:29 - 2016-05-17 22:29 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys 2016-05-17 22:29 - 2016-05-17 22:29 - 00097400 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys 2016-05-17 22:29 - 2016-05-17 22:29 - 00000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2016-05-17 22:28 - 2016-05-18 01:32 - 00000000 ____D C:\ProgramData\Tencent 2016-05-17 22:28 - 2016-05-17 22:59 - 00000000 ____D C:\Users\pc\AppData\Roaming\Tencent 2016-05-17 22:28 - 2016-05-16 13:22 - 01443152 _____ ( ) C:\Users\pc\AppData\Roaming\AutoTime_51477.exe 2016-05-17 22:26 - 2016-05-17 22:26 - 00000000 ____D C:\Users\pc\AppData\Roaming\kingsoft 2016-05-17 22:23 - 2016-05-17 22:23 - 01667617 _____ (Oleg N. Scherbakov) C:\Users\pc\AppData\Roaming\tasklist.exe 2016-05-17 22:23 - 2016-05-17 22:23 - 00293320 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\xldl.dll 2016-05-17 22:23 - 2016-05-17 22:23 - 00000000 ____D C:\ProgramData\download 2016-05-17 22:23 - 2016-05-16 12:09 - 05714944 _____ (Skype Technologies) C:\ProgramData\tasklist.exe 2016-05-17 22:23 - 2016-05-11 05:32 - 00936414 _____ ( ) C:\Users\pc\AppData\Roaming\setup_52.exe 2016-05-17 22:22 - 2016-05-18 01:10 - 00000000 ____D C:\Users\pc\AppData\Roaming\Kuaizip 2016-05-17 22:22 - 2016-05-17 22:22 - 00092872 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys 2016-05-17 22:22 - 2016-05-17 22:22 - 00000000 ____D C:\Users\pc\AppData\Roaming\Softlink 2016-05-17 22:22 - 2016-02-18 00:56 - 07318464 _____ C:\Users\pc\AppData\Roaming\KuaiZip_Setup_1875570831_jiuzhuan_001.exe 2016-05-17 22:21 - 2016-05-17 22:21 - 02154623 _____ C:\Users\pc\AppData\Roaming\xdo.zip 2016-05-17 22:21 - 2016-05-17 22:21 - 00000000 ____D C:\Users\Public\Thunder Network 2016-05-17 22:21 - 2016-05-17 22:21 - 00000000 ____D C:\Users\pc\AppData\Roaming\download 2016-05-17 22:21 - 2016-05-17 22:21 - 00000000 ____D C:\ProgramData\Thunder Network 2016-05-17 22:21 - 2016-05-17 22:21 - 00000000 ____D C:\ProgramData\160WiFi 2016-05-17 22:21 - 2016-05-16 13:21 - 03022848 _____ (UPCleaner) C:\Users\pc\AppData\Roaming\ADS.exe 2016-05-17 22:20 - 2016-03-04 01:00 - 10167000 _____ (深圳市驱动人生软件技术有限公司) C:\Users\pc\AppData\Roaming\160wifi_wcid-6085.exe 2016-05-17 22:16 - 2016-05-19 23:28 - 00003072 _____ C:\WINDOWS\System32\Tasks\osTip 2016-05-17 22:15 - 2016-02-18 07:10 - 05267952 _____ () C:\Users\pc\AppData\Roaming\ziptool_wc-9015_setup.exe 2016-05-17 22:11 - 2016-05-19 23:26 - 00000600 _____ C:\WINDOWS\Tasks\PPTAssistantUpdateTask_pc.job 2016-05-17 22:11 - 2016-05-19 23:26 - 00000330 _____ C:\WINDOWS\Tasks\PPTAssistantNotifyTask_pc.job 2016-05-17 22:11 - 2016-05-19 23:25 - 00000000 ____D C:\Users\pc\AppData\Local\PPTAssist 2016-05-17 22:11 - 2016-05-18 01:49 - 00003540 _____ C:\WINDOWS\System32\Tasks\PPTAssistantUpdateTask_pc 2016-05-17 22:11 - 2016-05-18 01:49 - 00003274 _____ C:\WINDOWS\System32\Tasks\PPTAssistantNotifyTask_pc 2016-05-17 22:11 - 2016-05-17 22:26 - 00000000 ____D C:\ProgramData\kingsoft 2016-05-17 22:11 - 2016-05-17 22:11 - 00000000 ____D C:\Users\pc\AppData\Roaming\pptassist 2016-05-17 22:11 - 2016-05-17 22:11 - 00000000 ____D C:\ProgramData\Windows Update 2016-05-17 22:11 - 2016-05-04 05:44 - 04232400 _____ (Kingsoft Corp. Ltd.) C:\Users\pc\AppData\Roaming\OfficeAssist.0172.80.1384.exe 2016-05-17 22:10 - 2016-05-17 22:11 - 02783744 _____ (TODO: ) C:\Users\pc\AppData\Roaming\svrupg.exe 2016-05-17 22:10 - 2016-05-17 22:10 - 00002259 _____ C:\ProgramData\webad.xml 2016-05-17 22:09 - 2016-05-17 22:09 - 00002397 _____ C:\WINDOWS\SysWOW64\findit.xml 2016-05-17 22:09 - 2016-05-17 22:09 - 00000000 ____D C:\Users\pc\AppData\Roaming\Mozilla 2016-05-17 22:09 - 2016-05-17 22:09 - 00000000 ____D C:\ProgramData\Lamzaps 2016-05-17 22:09 - 2016-05-16 13:19 - 01920000 _____ C:\ProgramData\msiql.exe 2016-05-17 22:09 - 2016-05-16 13:18 - 01755136 _____ C:\Users\pc\AppData\Roaming\service.exe 2016-05-17 22:08 - 2016-05-19 23:35 - 00000000 ____D C:\ProgramData\Lamzap 2016-05-17 22:08 - 2016-05-19 23:35 - 00000000 ____D C:\ProgramData\CloudPrinter 2016-05-17 22:08 - 2016-05-18 01:24 - 00000000 ____D C:\Users\pc\AppData\Local\app 2016-05-17 22:08 - 2016-05-17 22:08 - 06814720 _____ C:\Users\pc\AppData\Roaming\agent.dat 2016-05-17 22:08 - 2016-05-17 22:08 - 01755136 _____ C:\ProgramData\service.exe 2016-05-17 22:08 - 2016-05-17 22:08 - 01743892 _____ C:\Users\pc\AppData\Roaming\Lamlam.tst 2016-05-17 22:08 - 2016-05-17 22:08 - 00848437 _____ C:\Users\pc\AppData\Roaming\Ronplus.bin 2016-05-17 22:08 - 2016-05-17 22:08 - 00126464 _____ C:\Users\pc\AppData\Roaming\noah.dat 2016-05-17 22:08 - 2016-05-17 22:08 - 00126464 _____ C:\Users\pc\AppData\Roaming\lobby.dat 2016-05-17 22:08 - 2016-05-17 22:08 - 00072707 _____ C:\Users\pc\AppData\Roaming\Toughtop.tst 2016-05-17 22:08 - 2016-05-17 22:08 - 00065952 _____ C:\Users\pc\AppData\Roaming\Config.xml 2016-05-17 22:08 - 2016-05-17 22:08 - 00054272 _____ C:\Users\pc\AppData\Roaming\ApplicationHosting.dat 2016-05-17 22:08 - 2016-05-17 22:08 - 00018432 _____ C:\Users\pc\AppData\Roaming\Main.dat 2016-05-17 22:08 - 2016-05-17 22:08 - 00005568 _____ C:\Users\pc\AppData\Roaming\md.xml 2016-05-17 22:08 - 2016-05-17 22:04 - 00957440 _____ C:\Users\pc\AppData\Roaming\Toughtop.exe 2016-05-17 22:08 - 2016-05-17 22:04 - 00957440 _____ C:\Users\pc\AppData\Roaming\Lamlam.exe 2016-05-17 22:06 - 2016-05-17 22:22 - 00000000 ____D C:\Users\pc\AppData\Roaming\UPUpdata 2016-05-17 22:06 - 2016-05-17 22:07 - 00000000 ____D C:\Users\pc\AppData\Roaming\gplyra 2016-05-17 22:06 - 2016-05-17 22:07 - 00000000 ____D C:\Users\pc\AppData\Roaming\cpuminer 2016-05-17 22:05 - 2016-05-18 01:49 - 00008850 _____ C:\WINDOWS\System32\Tasks\Muftion System 2016-05-17 22:05 - 2016-05-17 22:05 - 00000000 ____D C:\Users\pc\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-05-17 22:04 - 2016-05-17 22:05 - 00015888 _____ C:\Users\pc\AppData\Roaming\InstallationConfiguration.xml 2016-05-17 22:04 - 2016-05-17 22:04 - 00127488 _____ C:\Users\pc\AppData\Roaming\Installer.dat 2016-05-17 22:03 - 2016-05-17 22:33 - 00000000 ____D C:\Users\pc\AppData\Local\9B42510C-1463522623-11E0-BDA1-5884BF0C8079 2016-05-17 22:01 - 2016-05-17 21:59 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2016-05-17 22:00 - 2016-05-18 01:50 - 00003722 _____ C:\WINDOWS\System32\Tasks\Selection Tools Update 2016-05-17 22:00 - 2016-05-18 01:24 - 00000000 ____D C:\Users\pc\AppData\Roaming\Store 2016-05-17 22:00 - 2016-05-17 22:00 - 00000000 ____D C:\Users\pc\AppData\Roaming\WTools 2016-05-17 21:59 - 2016-05-18 01:42 - 00000000 ____D C:\WINDOWS\AutoKMS 2016-05-17 21:59 - 2016-05-18 01:12 - 00000000 ____D C:\Users\pc\AppData\Roaming\Nosibay 2016-05-17 21:57 - 2016-05-17 21:58 - 00000000 ____D C:\WINDOWS\system32\SSL 2016-05-17 21:56 - 2016-05-18 01:53 - 00000000 ____D C:\Users\pc\Desktop\Office.2010.Toolkit.and.EZ-Activator.2.2.3 2016-05-17 21:56 - 2016-05-18 01:10 - 00000000 ____D C:\Users\pc\AppData\Roaming\Checkers 2016-05-17 21:54 - 2016-05-17 21:56 - 18982651 _____ C:\Users\pc\Downloads\Office 2010 Toolkit and EZ-Activator 2.2.3.zip 2016-05-17 21:54 - 2016-05-17 21:55 - 04000284 _____ C:\Users\pc\Downloads\Office 2010 Toolkit And EZ_activator Full Version 2.2.rar 2016-05-17 21:52 - 2016-05-19 23:26 - 00000274 _____ C:\WINDOWS\Tasks\{5E3E0626-7F3C-193C-6036-6182CABC3407}.job 2016-05-17 21:52 - 2016-05-18 01:50 - 00002614 _____ C:\WINDOWS\System32\Tasks\{5E3E0626-7F3C-193C-6036-6182CABC3407} 2016-05-17 21:52 - 2016-05-18 01:49 - 00003426 _____ C:\WINDOWS\System32\Tasks\pcDesistingTightnessV2 2016-05-17 21:52 - 2016-05-18 01:06 - 00000000 ____D C:\Users\pc\AppData\Local\{2153170F-05FB-7BB7-6863-5E5F4C0BA2C7} 2016-05-17 21:52 - 2016-05-17 21:57 - 00000738 __RSH C:\ProgramData\ntuser.pol 2016-05-17 21:52 - 2016-05-17 21:52 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk 2016-05-17 21:52 - 2016-05-17 21:52 - 00000000 ____D C:\Users\pc\AppData\Roaming\PriceFountainUpdateVer 2016-05-17 21:51 - 2016-05-17 21:51 - 00304743 _____ ( ) C:\Users\pc\Downloads\Ativador_Office_2010_DEFINITIVO_Atualizado_2014_PH_Downs [1].exe 2016-05-17 21:51 - 2016-05-17 21:51 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-05-17 21:50 - 2016-05-17 21:50 - 00957808 _____ C:\Users\pc\Downloads\Ativador_Office_2010_DEFINITIVO_Atualizado_2014_PH_Downs.zip 2016-05-17 19:38 - 2016-05-17 19:38 - 00000000 ____D C:\WINDOWS\PCHEALTH 2016-05-17 19:38 - 2016-05-17 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-05-17 19:34 - 2016-05-17 19:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-05-17 19:34 - 2016-05-17 19:34 - 00000000 __RHD C:\MSOCache 2016-05-17 19:34 - 2016-05-17 19:34 - 00000000 ____D C:\Program Files\Microsoft Office 2016-05-17 19:34 - 2016-05-17 19:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2016-05-17 11:38 - 2016-05-17 11:38 - 00656896 _____ C:\WINDOWS\4e222331eb55956abcb1a27a5e8000c6.exe 2016-05-16 17:35 - 2016-05-16 17:36 - 00000000 ____D C:\Users\pc\Desktop\2 Cavalgada - Protecao aos animais OAB matao 2016-05-12 23:15 - 2016-05-12 23:15 - 00113297 _____ C:\Users\pc\Downloads\InSUBs_7975b36abb61c70ddab208660642ac77.rar 2016-05-12 14:29 - 2016-05-12 14:29 - 00104380 _____ C:\Users\pc\Downloads\legendas_tv_20160512140600000000.rar 2016-05-12 02:26 - 2016-05-12 14:29 - 00000000 ____D C:\Users\pc\Downloads\Supernatural.S11E21.HDTV.x264-LOL[ettv] 2016-05-12 00:15 - 2016-05-12 23:15 - 00000000 ____D C:\Users\pc\Downloads\Arrow.S04E21.HDTV.x264-LOL[ettv] 2016-05-11 00:44 - 2016-04-22 17:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-05-11 00:44 - 2016-04-22 17:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-05-11 00:44 - 2016-04-22 17:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-05-11 00:44 - 2016-04-22 17:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-05-11 00:44 - 2016-04-22 17:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-05-11 00:44 - 2016-04-22 17:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-05-11 00:44 - 2016-04-22 16:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-05-11 00:44 - 2016-04-22 16:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-05-11 00:44 - 2016-04-22 16:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-05-11 00:44 - 2016-04-22 16:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-05-11 00:44 - 2016-04-22 16:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-05-11 00:44 - 2016-04-22 16:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-05-11 00:44 - 2016-04-22 16:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-05-11 00:44 - 2016-04-22 16:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-05-11 00:44 - 2016-04-22 16:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-05-11 00:44 - 2016-04-22 16:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-05-11 00:44 - 2016-04-22 15:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-05-11 00:44 - 2016-04-22 15:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-05-11 00:44 - 2016-04-22 15:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-05-11 00:44 - 2016-04-22 15:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-05-11 00:44 - 2016-04-22 15:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-05-11 00:44 - 2016-04-22 15:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-05-11 00:44 - 2016-04-22 15:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-05-11 00:44 - 2016-04-22 15:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-05-11 00:44 - 2016-04-22 15:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-05-11 00:44 - 2016-04-22 15:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-05-11 00:44 - 2016-04-22 15:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-05-11 00:44 - 2016-04-22 15:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-05-11 00:44 - 2016-04-22 15:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-05-11 00:44 - 2016-03-31 03:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-05-11 00:44 - 2016-03-31 00:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-05-11 00:43 - 2016-04-06 18:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-05-11 00:43 - 2016-04-06 18:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll 2016-05-11 00:43 - 2016-04-06 15:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-05-11 00:43 - 2016-04-06 15:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-05-11 00:43 - 2016-04-06 15:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-05-11 00:43 - 2016-04-06 14:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll 2016-05-11 00:43 - 2016-04-06 14:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2016-05-11 00:43 - 2016-04-06 13:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-05-11 00:43 - 2016-04-06 13:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-05-11 00:43 - 2016-04-06 13:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2016-05-11 00:43 - 2016-04-06 12:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-05-11 00:42 - 2016-04-10 01:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-05-11 00:42 - 2016-04-10 01:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-05-11 00:42 - 2016-04-09 18:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-05-11 00:42 - 2016-04-09 18:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-05-11 00:42 - 2016-03-28 22:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-05-11 00:38 - 2016-04-10 04:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-05-11 00:38 - 2016-04-10 04:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-05-11 00:38 - 2016-04-10 01:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-05-11 00:38 - 2016-04-09 19:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-05-11 00:38 - 2016-03-14 13:50 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2016-05-11 00:38 - 2016-03-10 14:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll 2016-05-11 00:38 - 2016-03-10 13:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll 2016-05-11 00:38 - 2016-03-05 14:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2016-05-11 00:38 - 2016-03-05 14:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2016-05-11 00:38 - 2016-02-27 15:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-05-11 00:38 - 2016-02-27 14:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2016-05-11 00:38 - 2016-02-27 14:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2016-05-11 00:38 - 2016-02-27 13:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-05-11 00:37 - 2016-04-11 03:21 - 00074584 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2016-05-11 00:37 - 2016-04-10 02:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-05-11 00:37 - 2016-03-15 22:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-05-11 00:37 - 2016-03-15 22:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-05-11 00:37 - 2016-03-11 21:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-05-11 00:37 - 2016-03-11 21:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL 2016-05-11 00:37 - 2016-03-11 21:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL 2016-05-11 00:37 - 2016-03-10 13:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll 2016-05-11 00:37 - 2016-03-10 13:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2016-05-11 00:37 - 2016-03-10 13:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll 2016-05-11 00:34 - 2016-04-09 20:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-05-08 11:33 - 2016-05-08 11:34 - 00000000 ____D C:\Users\pc\Desktop\Nova pasta (3) 2016-05-08 11:21 - 2016-05-08 11:25 - 00000000 ____D C:\Users\pc\Desktop\costela no chao - aniversario bi 2016 2016-05-02 14:47 - 2016-05-06 14:51 - 00109795 _____ C:\Users\pc\Desktop\Imprimir as informações do seu pedido _ Armarinhos 25.pdf 2016-05-02 14:46 - 2016-05-02 14:46 - 00056178 _____ C:\Users\pc\Downloads\Impressao.aspx 2016-05-02 14:46 - 2016-05-02 14:46 - 00054418 _____ C:\Users\pc\Desktop\boleto armarinho25.pdf 2016-05-02 03:13 - 2016-05-02 14:04 - 00000000 ____D C:\Users\pc\Desktop\maio ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-20 00:40 - 2015-03-21 00:05 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3445738514-2521246755-3089652957-1000 2016-05-20 00:20 - 2015-03-28 09:22 - 00000000 ___RD C:\Users\pc\OneDrive 2016-05-19 23:33 - 2015-03-21 13:48 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7398A85C-A7EB-43BB-A7DD-6C9E4E445B33} 2016-05-19 23:26 - 2015-03-22 14:23 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-19 23:26 - 2015-03-22 14:23 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-19 23:26 - 2015-03-20 23:52 - 00000000 ____D C:\Users\pc 2016-05-19 23:26 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-05-19 08:38 - 2015-03-25 03:22 - 00000000 ____D C:\Users\pc\AppData\Roaming\uTorrent 2016-05-19 02:22 - 2015-03-26 15:53 - 00000000 ____D C:\Users\pc\AppData\Roaming\vlc 2016-05-18 03:22 - 2015-12-13 23:49 - 00000000 ____D C:\Users\pc\AppData\LocalLow\uTorrent 2016-05-18 01:50 - 2015-04-03 05:00 - 00002768 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2016-05-18 01:50 - 2015-03-24 02:40 - 00003598 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 2540 series 2016-05-18 01:49 - 2015-03-22 14:23 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-18 01:49 - 2015-03-22 14:23 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-18 01:23 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Inf 2016-05-18 01:08 - 2015-05-02 08:14 - 00002320 _____ C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-18 01:08 - 2015-03-22 14:30 - 00002629 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-18 01:08 - 2015-03-20 23:59 - 00002771 _____ C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-17 22:29 - 2015-03-20 23:59 - 00000000 ____D C:\Users\pc\AppData\Local\VirtualStore 2016-05-17 21:57 - 2013-08-22 12:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-05-17 21:53 - 2015-03-21 03:18 - 00747252 _____ C:\WINDOWS\system32\prfh0416.dat 2016-05-17 21:53 - 2015-03-21 03:18 - 00150848 _____ C:\WINDOWS\system32\prfc0416.dat 2016-05-17 21:53 - 2015-03-20 23:57 - 01707228 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-05-17 21:50 - 2015-12-25 00:06 - 00000000 ____D C:\Users\pc\Desktop\5 2016-05-17 19:40 - 2013-08-22 10:25 - 00000167 _____ C:\WINDOWS\win.ini 2016-05-17 19:38 - 2013-08-22 16:11 - 00000000 ____D C:\WINDOWS\ShellNew 2016-05-17 19:35 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-05-17 19:05 - 2015-03-23 23:46 - 00000000 ____D C:\Users\pc\AppData\Local\Microsoft Help 2016-05-16 15:42 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\rescache 2016-05-16 01:42 - 2013-08-22 12:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-05-16 00:14 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-05-12 04:56 - 2015-03-28 07:59 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-05-11 17:08 - 2016-04-15 00:21 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-05-11 17:08 - 2016-04-15 00:21 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-11 15:28 - 2013-08-22 16:11 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-11 15:26 - 2015-03-24 07:21 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-05-11 15:20 - 2015-03-24 07:21 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-05-11 00:33 - 2016-04-14 01:24 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-05-11 00:33 - 2016-04-14 01:24 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-05-11 00:33 - 2016-04-14 01:24 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-05-11 00:33 - 2016-04-14 01:24 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-05-11 00:33 - 2016-04-14 01:24 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-05-11 00:33 - 2016-04-14 01:24 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-05-11 00:33 - 2016-04-14 01:24 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-05-06 02:32 - 2015-04-05 11:21 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2016-05-06 02:32 - 2015-04-05 11:21 - 00000000 ___SD C:\WINDOWS\system32\GWX 2016-04-30 08:46 - 2013-08-22 12:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-27 02:45 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-04-23 02:29 - 2016-04-17 14:12 - 00000000 ____D C:\Users\pc\AppData\Roaming\Orbit 2016-04-23 02:29 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\ModemLogs 2016-04-22 04:57 - 2015-03-24 03:51 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2016-05-17 22:20 - 2016-03-04 01:00 - 10167000 _____ (深圳市驱动人生软件技术有限公司) C:\Users\pc\AppData\Roaming\160wifi_wcid-6085.exe 2016-05-17 22:21 - 2016-05-16 13:21 - 3022848 _____ (UPCleaner) C:\Users\pc\AppData\Roaming\ADS.exe 2016-05-17 22:08 - 2016-05-17 22:08 - 6814720 _____ () C:\Users\pc\AppData\Roaming\agent.dat 2016-05-17 22:08 - 2016-05-17 22:08 - 0054272 _____ () C:\Users\pc\AppData\Roaming\ApplicationHosting.dat 2016-05-17 22:28 - 2016-05-16 13:22 - 1443152 _____ ( ) C:\Users\pc\AppData\Roaming\AutoTime_51477.exe 2016-05-17 21:58 - 2016-05-17 22:00 - 0001338 _____ () C:\Users\pc\AppData\Roaming\Bubble Dock.boostrap.log 2016-05-17 21:58 - 2016-05-17 21:59 - 0005695 _____ () C:\Users\pc\AppData\Roaming\Bubble Dock.installation.log 2016-05-17 22:08 - 2016-05-17 22:08 - 0065952 _____ () C:\Users\pc\AppData\Roaming\Config.xml 2016-05-17 22:04 - 2016-05-17 22:05 - 0015888 _____ () C:\Users\pc\AppData\Roaming\InstallationConfiguration.xml 2016-05-17 22:04 - 2016-05-17 22:04 - 0127488 _____ () C:\Users\pc\AppData\Roaming\Installer.dat 2016-05-17 22:22 - 2016-02-18 00:56 - 7318464 _____ () C:\Users\pc\AppData\Roaming\KuaiZip_Setup_1875570831_jiuzhuan_001.exe 2016-05-17 22:08 - 2016-05-17 22:04 - 0957440 _____ () C:\Users\pc\AppData\Roaming\Lamlam.exe 2016-05-17 22:08 - 2016-05-17 22:08 - 1743892 _____ () C:\Users\pc\AppData\Roaming\Lamlam.tst 2016-05-17 22:08 - 2016-05-17 22:08 - 0126464 _____ () C:\Users\pc\AppData\Roaming\lobby.dat 2016-05-17 22:08 - 2016-05-17 22:08 - 0018432 _____ () C:\Users\pc\AppData\Roaming\Main.dat 2016-05-17 22:08 - 2016-05-17 22:08 - 0005568 _____ () C:\Users\pc\AppData\Roaming\md.xml 2016-05-17 22:08 - 2016-05-17 22:08 - 0126464 _____ () C:\Users\pc\AppData\Roaming\noah.dat 2016-05-17 22:11 - 2016-05-04 05:44 - 4232400 _____ (Kingsoft Corp. Ltd.) C:\Users\pc\AppData\Roaming\OfficeAssist.0172.80.1384.exe 2016-05-17 22:08 - 2016-05-17 22:08 - 0848437 _____ () C:\Users\pc\AppData\Roaming\Ronplus.bin 2016-05-17 22:00 - 2016-05-17 22:00 - 0000078 _____ () C:\Users\pc\AppData\Roaming\Selection Tools.installation.log 2016-05-17 22:09 - 2016-05-16 13:18 - 1755136 _____ () C:\Users\pc\AppData\Roaming\service.exe 2016-05-17 22:23 - 2016-05-11 05:32 - 0936414 _____ ( ) C:\Users\pc\AppData\Roaming\setup_52.exe 2016-05-17 22:10 - 2016-05-17 22:11 - 2783744 _____ (TODO: ) C:\Users\pc\AppData\Roaming\svrupg.exe 2016-05-17 22:23 - 2016-05-17 22:23 - 1667617 _____ (Oleg N. Scherbakov) C:\Users\pc\AppData\Roaming\tasklist.exe 2016-05-17 22:08 - 2016-05-17 22:04 - 0957440 _____ () C:\Users\pc\AppData\Roaming\Toughtop.exe 2016-05-17 22:08 - 2016-05-17 22:08 - 0072707 _____ () C:\Users\pc\AppData\Roaming\Toughtop.tst 2016-05-17 22:09 - 2016-05-17 22:09 - 0032038 _____ () C:\Users\pc\AppData\Roaming\uninstall_temp.ico 2016-05-17 21:58 - 2016-05-17 21:58 - 0000097 _____ () C:\Users\pc\AppData\Roaming\WindApp.boostrap.log 2016-05-17 22:00 - 2016-05-17 22:00 - 0000078 _____ () C:\Users\pc\AppData\Roaming\WindApp.installation.log 2016-05-17 22:21 - 2016-05-17 22:21 - 2154623 _____ () C:\Users\pc\AppData\Roaming\xdo.zip 2014-07-18 09:17 - 2014-07-18 09:17 - 0293320 ____N (深圳市迅雷网络技术有限公司) C:\Users\pc\AppData\Roaming\xldl.dll 2015-02-10 11:29 - 2015-02-10 11:29 - 0005724 ____N () C:\Users\pc\AppData\Roaming\xldl.h 2016-05-17 22:15 - 2016-02-18 07:10 - 5267952 _____ () C:\Users\pc\AppData\Roaming\ziptool_wc-9015_setup.exe 2015-03-24 02:38 - 2015-03-24 02:38 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-05-17 22:09 - 2016-05-16 13:19 - 1920000 _____ () C:\ProgramData\msiql.exe 2016-05-17 22:08 - 2016-05-17 22:08 - 1755136 _____ () C:\ProgramData\service.exe 2016-05-17 22:23 - 2016-05-16 12:09 - 5714944 _____ (Skype Technologies) C:\ProgramData\tasklist.exe 2016-05-17 22:10 - 2016-05-17 22:10 - 0002259 _____ () C:\ProgramData\webad.xml 2016-05-17 22:23 - 2016-05-17 22:23 - 0293320 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\xldl.dll Files to move or delete: ==================== C:\ProgramData\msiql.exe C:\ProgramData\service.exe C:\ProgramData\tasklist.exe C:\ProgramData\xldl.dll C:\Windows\Tasks\{5E3E0626-7F3C-193C-6036-6182CABC3407}.job Some files in TEMP: ==================== C:\Users\pc\AppData\Local\Temp\1D44.tmp.exe C:\Users\pc\AppData\Local\Temp\23333.exe C:\Users\pc\AppData\Local\Temp\4C8B.tmp.exe C:\Users\pc\AppData\Local\Temp\667.tmp.exe C:\Users\pc\AppData\Local\Temp\Browser_V5.6.12150.8_f_4730_(Build1604251144).exe C:\Users\pc\AppData\Local\Temp\ICReinstall_1D44.tmp.exe C:\Users\pc\AppData\Local\Temp\nsh5527.tmp.exe C:\Users\pc\AppData\Local\Temp\PulmonaryHindu.dll C:\Users\pc\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_45535_Silence.exe C:\Users\pc\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_72623_Silence.exe C:\Users\pc\AppData\Local\Temp\uninst.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-16 14:58 ==================== End of FRST.txt ============================