Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-01-2017 Ran by Célio Pereira (administrator) on CÉLIO (11-01-2017 19:23:00) Running from C:\Users\Célio Pereira\Desktop Loaded Profiles: Célio Pereira (Available Profiles: Célio Pereira) Platform: Windows 8.1 Pro (Update) (X64) Language: Inglês (Estados Unidos) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe () C:\ProgramData\service.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe () C:\Users\Célio Pereira\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe (Microsoft Corporation) C:\Program Files\XBox\XBLive.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Users\Célio Pereira\Downloads\ZA-Scan.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\wow64_microsoft-windows-notepad_31bf3856ad364e35_6.3.9600.17930_none_6a5f9ae878329b5c\notepad.exe (Microsoft Corporation) C:\Windows\WinSxS\wow64_microsoft-windows-notepad_31bf3856ad364e35_6.3.9600.17930_none_6a5f9ae878329b5c\notepad.exe (Microsoft Corporation) C:\Windows\WinSxS\wow64_microsoft-windows-notepad_31bf3856ad364e35_6.3.9600.17930_none_6a5f9ae878329b5c\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.3.9600.18438_none_06b6b29657458c14\wmplayer.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [856800 2015-08-21] (GAS Tecnologia LTDA) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil) Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1985691564-1225726452-1134471747-1001\...\MountPoints2: {00421bc9-a1ba-11e5-8269-2089845db180} - "D:\autorun.exe" HKU\S-1-5-21-1985691564-1225726452-1134471747-1001\...\MountPoints2: {1330ab64-9e75-11e5-8268-2089845db180} - "F:\FarCryAutoCD.exe" HKU\S-1-5-21-1985691564-1225726452-1134471747-1001\...\MountPoints2: {9a7d4bf4-8097-11e5-825d-2089845db180} - "D:\autorun.exe" HKU\S-1-5-21-1985691564-1225726452-1134471747-1001\...\MountPoints2: {b03b3c3e-8756-11e6-82a9-2089845db180} - "G:\Lenovo_Suite.exe" HKU\S-1-5-21-1985691564-1225726452-1134471747-1001\...\MountPoints2: {b232e616-be0b-11e6-82b1-2089845db180} - "G:\Lenovo_Suite.exe" HKU\S-1-5-21-1985691564-1225726452-1134471747-1001\...\MountPoints2: {fa9e312c-a38f-11e5-826a-2089845db180} - "F:\autorun.exe" HKLM\...\Providers\u0o1kbtx: C:\Program Files (x86)\Pervetainuserent Adapter\local64spl.dll [291328 2017-01-10] () ShellExecuteHooks: No Name - {8F3A9CCC-D3F4-11E6-AF41-64006A5CFC35} - C:\Users\Célio Pereira\AppData\Roaming\Puziknehation\Tejerck.dll [148480 2017-01-10] () ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil) GroupPolicy: Restriction <======= ATTENTION GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-1985691564-1225726452-1134471747-1001] => Proxy is enabled. ProxyServer: [S-1-5-21-1985691564-1225726452-1134471747-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080 AutoConfigURL: [S-1-5-21-1985691564-1225726452-1134471747-1001] => hxxp://un-stop.info/wpad.dat?1a71a95330eb806792178d59077c53a211370778 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{8F864149-DC17-4EA2-A666-246456149A09}: [DhcpNameServer] 10.1.1.1 ManualProxies: 0hxxp://un-stop.info/wpad.dat?1a71a95330eb806792178d59077c53a211370778 Internet Explorer: ================== HKU\S-1-5-21-1985691564-1225726452-1134471747-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-08] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-08] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-08] (Oracle Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-22] (Caixa Economica Federal) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-08] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) FireFox: ======== FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-08] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-08] (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-03-04] (DivX, LLC) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-11-26] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-11-26] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-08] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 1 CHR HomePage: Profile 1 -> hxxp://search.etype.com/?smart=1 CHR StartupUrls: Profile 1 -> "hxxp://google.com/" CHR Profile: C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-11] <==== ATTENTION CHR Extension: (Fast search) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-10] CHR Profile: C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Default [2017-01-11] CHR Extension: (Google Docs) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-30] CHR Extension: (Google Drive) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30] CHR Extension: (YouTube) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-30] CHR Extension: (Google Search) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Documentos Google off-line) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Fast search) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-10] CHR Extension: (Gmail) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-30] CHR Profile: C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-11] CHR Extension: (Google Docs) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-11] CHR Extension: (Tree Branches) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgdeemcfmmabkdhbnhmkhpadancpkgol [2017-01-11] CHR Extension: (Adblock Plus) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-11] CHR Extension: (Gun Blood) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cpbkahmbgcfjocgliikbkfiieemcjkoj [2017-01-11] CHR Extension: (Planilhas do Google) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-11] CHR Extension: (Documentos Google off-line) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-11] CHR Extension: (Fast search) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-10] CHR Extension: (Bloxorz Block Puzzle) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\phiaicokjaoaobiobphcfkmbeiejdang [2017-01-11] CHR Extension: (Chrome Media Router) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-11] CHR Profile: C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-01-11] CHR Extension: (Fast search) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-10] CHR Profile: C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-01-11] CHR Extension: (Fast search) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-10] CHR Extension: (Bloxorz Block Puzzle) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\phiaicokjaoaobiobphcfkmbeiejdang [2016-06-12] CHR Extension: (Gmail) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-12] CHR Extension: (Chrome Media Router) - C:\Users\Célio Pereira\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 1ed4e2375a10448b2befe3b252645eff; C:\Program Files\1ed4e2375a10448b2befe3b252645eff\de7f6177a8e97d3dea3ef903e50320c9.exe [5676032 2017-01-06] () [File not signed] <==== ATTENTION R2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [412672 2017-01-11] (TODO: <公司名>) [File not signed] S2 Bqryclawut; C:\Program Files (x86)\Wiqesewonisy\srtprovider.dll [178176 2017-01-10] () [File not signed] R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia) R2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-01-11] () [File not signed] <==== ATTENTION R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [131072 2017-01-11] () [File not signed] R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) S2 IntelSony; C:\Program Files (x86)\Sony\IntelSony.dll [225792 2017-01-11] () [File not signed] S3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [519680 2017-01-11] () [File not signed] <==== ATTENTION R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2015-11-26] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2015-12-28] (Dritek System INC.) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [997568 2014-06-29] (@ByELDI) [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [59392 2014-10-28] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [856800 2015-08-21] (GAS Tecnologia LTDA) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1265664 2016-10-26] (Microsoft Corporation) [File not signed] <==== ATTENTION R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [508928 2017-01-11] () [File not signed] R2 WMPNetworkAcSvc; C:\Users\Célio Pereira\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5091840 2016-11-10] () [File not signed] <==== ATTENTION R2 XBox; C:\Program Files\XBox\XBLive.exe [6342584 2016-06-13] (Microsoft Corporation) <==== ATTENTION S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 6ee0da6814863fcff6e147fe6702917a; C:\Windows\system32\drivers\6ee0da6814863fcff6e147fe6702917a.sys [95040 2017-01-06] (9M5RAE) <==== ATTENTION R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-31] (Disc Soft Ltd) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia) R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-11] (REALiX(tm)) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2015-11-26] (Intel Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2015-11-26] (Dritek System Inc.) S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11973 2016-04-21] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2015-11-26] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-03] (GAS Tecnologia LTDA) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-10-08] (Basil Projects) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-01-11] (GAS Tecnologia) R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia) R2 zdwfp; C:\Windows\system32\Drivers\zdwfp64.sys [46352 2016-12-14] (zdengine) S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] R4 KuaiZipDrive; \??\C:\Windows\system32\drivers\KuaiZipDrive.sys [X] S1 ucdrv; \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <==== ATTENTION ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-11 19:23 - 2017-01-11 19:23 - 00022081 _____ C:\Users\Célio Pereira\Desktop\FRST.txt 2017-01-11 19:23 - 2017-01-11 19:23 - 00000000 ____D C:\Users\Célio Pereira\Desktop\Nova pasta (2) 2017-01-11 19:19 - 2017-01-11 19:20 - 00046017 _____ C:\Users\Célio Pereira\Downloads\Addition.txt 2017-01-11 19:18 - 2017-01-11 19:23 - 00000000 ____D C:\FRST 2017-01-11 19:18 - 2017-01-11 19:20 - 00064264 _____ C:\Users\Célio Pereira\Downloads\FRST.txt 2017-01-11 19:17 - 2017-01-11 19:17 - 02419200 _____ (Farbar) C:\Users\Célio Pereira\Desktop\FRST64.exe 2017-01-11 19:16 - 2017-01-11 19:16 - 01761280 _____ (Farbar) C:\Users\Célio Pereira\Desktop\FRST.exe 2017-01-11 19:08 - 2017-01-11 19:08 - 00003145 _____ C:\Users\Célio Pereira\Desktop\FSS.txt 2017-01-11 19:07 - 2017-01-11 19:07 - 00899584 _____ (Farbar) C:\Users\Célio Pereira\Desktop\FSS.exe 2017-01-11 19:06 - 2017-01-11 19:07 - 00000512 _____ C:\Users\Célio Pereira\Downloads\Dump_Hdd0_DR0.mbr 2017-01-11 19:06 - 2017-01-11 19:06 - 00147456 _____ (Eric_71) C:\Users\Célio Pereira\Downloads\MbrScan.exe 2017-01-11 19:06 - 2017-01-11 19:06 - 00016492 _____ C:\Users\Célio Pereira\Desktop\ZA-Scan.txt 2017-01-11 19:05 - 2017-01-11 19:05 - 00016492 _____ C:\ZA-Scan.txt 2017-01-11 18:44 - 2017-01-11 19:05 - 00000588 _____ C:\runcheck.txt 2017-01-11 18:43 - 2017-01-11 18:43 - 01370112 _____ C:\Users\Célio Pereira\Downloads\ZA-Scan.exe 2017-01-11 18:43 - 2017-01-11 18:43 - 00000000 ____D C:\zoek_backup 2017-01-11 17:54 - 2017-01-11 17:54 - 00000000 ____D C:\Users\Célio Pereira\AppData\Local\GeoLocator 2017-01-11 17:46 - 2017-01-11 17:46 - 00000000 ____D C:\Program Files (x86)\WinArcher 2017-01-11 17:45 - 2017-01-11 17:45 - 00000000 ____D C:\Users\Célio Pereira\AppData\Roaming\WinSnare 2017-01-11 17:45 - 2017-01-11 17:45 - 00000000 ____D C:\ProgramData\WinSAPSvc 2017-01-11 17:45 - 2017-01-11 17:45 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.0.4) 2017-01-11 17:45 - 2017-01-11 17:45 - 00000000 ____D C:\Program Files (x86)\Gubed 2017-01-11 17:43 - 2017-01-11 17:43 - 00000000 ____D C:\Program Files\u0o1kbtx 2017-01-11 02:27 - 2017-01-11 02:27 - 00250912 _____ C:\Windows\SysWOW64\kz.exe 2017-01-11 01:10 - 2017-01-11 15:38 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1985691564-1225726452-1134471747-1001 2017-01-11 01:07 - 2017-01-11 01:07 - 00000000 ____D C:\Users\Célio Pereira\AppData\LocalLow\uTorrent 2017-01-11 00:57 - 2017-01-11 00:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Célio Pereira\Downloads\revosetup.exe 2017-01-11 00:41 - 2017-01-11 00:55 - 00000986 __RSH C:\ProgramData\ntuser.pol 2017-01-11 00:34 - 2017-01-11 00:34 - 00000146 _____ C:\Users\Célio Pereira\Desktop\Windows Defender - Atalho.lnk 2017-01-11 00:18 - 2017-01-11 00:18 - 11335348 _____ C:\Users\Célio Pereira\Downloads\Revo Uninstaller Pro 3.1.6 Setup + Activator.rar 2017-01-11 00:14 - 2017-01-11 00:14 - 00018017 _____ C:\Users\Célio Pereira\Downloads\RUP_3.1.x_Registrator.7z 2017-01-11 00:11 - 2017-01-11 02:50 - 00001232 _____ C:\Users\Célio Pereira\Desktop\Google Chrome.lnk 2017-01-11 00:07 - 2017-01-11 00:28 - 00000000 ____D C:\ProgramData\ProductData 2017-01-11 00:07 - 2017-01-11 00:10 - 00000000 ____D C:\Users\Célio Pereira\AppData\LocalLow\IObit 2017-01-11 00:07 - 2017-01-11 00:07 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS 2017-01-11 00:07 - 2017-01-11 00:07 - 00000000 ____D C:\Windows\IObit 2017-01-11 00:07 - 2017-01-11 00:07 - 00000000 ____D C:\ProgramData\IObit 2017-01-11 00:06 - 2017-01-11 00:07 - 00001113 _____ C:\Users\Célio Pereira\Desktop\AutoTime.lnk 2017-01-11 00:06 - 2017-01-11 00:06 - 01620992 _____ C:\ProgramData\service.exe 2017-01-11 00:06 - 2017-01-11 00:06 - 00000000 ____D C:\Users\Célio Pereira\AppData\Roaming\IObit 2017-01-11 00:05 - 2017-01-11 00:30 - 00000000 ____D C:\Users\Célio Pereira\AppData\Local\UCBrowser 2017-01-11 00:05 - 2017-01-11 00:05 - 00000000 ____D C:\Program Files\XBox 2017-01-11 00:04 - 2017-01-11 00:04 - 00010368 _____ C:\Windows\SysWOW64\zdengineOff.ini 2017-01-11 00:04 - 2017-01-11 00:04 - 00010368 _____ C:\Windows\system32\zdengineOff.ini 2017-01-11 00:04 - 2017-01-11 00:04 - 00000002 _____ C:\END 2017-01-11 00:04 - 2016-12-14 09:01 - 00046352 _____ (zdengine) C:\Windows\system32\Drivers\zdwfp64.sys 2017-01-11 00:02 - 2017-01-11 00:32 - 00000986 _____ C:\Users\Célio Pereira\Desktop\¿ìѹ.lnk 2017-01-11 00:02 - 2017-01-11 00:13 - 00000000 ____D C:\Users\Célio Pereira\AppData\Roaming\KuaiZip 2017-01-11 00:02 - 2017-01-11 00:02 - 00000000 ____D C:\Users\Célio Pereira\AppData\Roaming\Softlink 2017-01-10 23:59 - 2017-01-10 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer 2017-01-10 23:58 - 2017-01-11 02:29 - 00000000 ____D C:\Program Files\1ed4e2375a10448b2befe3b252645eff 2017-01-10 23:58 - 2017-01-11 01:12 - 00000000 ____D C:\Windows\system32\SSL 2017-01-10 23:58 - 2017-01-10 23:58 - 00000000 ____D C:\ProgramData\Avira 2017-01-10 23:58 - 2017-01-10 23:58 - 00000000 ____D C:\ProgramData\Avg 2017-01-10 23:58 - 2017-01-10 23:58 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-10 23:57 - 2017-01-11 00:03 - 00000000 ____D C:\Users\C←lio Pereira\AppData\Local\Kersashherberry 2017-01-10 23:57 - 2017-01-10 23:57 - 00000000 ____D C:\Users\C←lio Pereira 2017-01-10 23:57 - 2017-01-10 23:57 - 00000000 ____D C:\Program Files (x86)\Pervetainuserent Adapter 2017-01-10 23:56 - 2017-01-11 17:45 - 00000000 ____D C:\Program Files (x86)\Wiqesewonisy 2017-01-10 23:56 - 2017-01-10 23:56 - 00000000 ____D C:\Users\Célio Pereira\AppData\Roaming\Puziknehation 2017-01-10 23:56 - 2017-01-10 23:56 - 00000000 ____D C:\Users\Célio Pereira\AppData\Local\Kersashherberry 2017-01-10 23:55 - 2017-01-11 00:00 - 00000000 ____D C:\Users\Célio Pereira\AppData\Local\1055DE88-1484092521-E211-9E12-2089845DB180 2017-01-10 23:55 - 2017-01-10 23:55 - 00000000 ____D C:\Users\Célio Pereira\AppData\Roaming\Links2 2017-01-10 23:55 - 2017-01-10 23:55 - 00000000 ____D C:\Program Files (x86)\CleanBrowser 2017-01-10 23:54 - 2017-01-10 23:54 - 00000000 _____ C:\TOSTACK 2017-01-10 23:53 - 2017-01-11 17:54 - 00000000 ____D C:\ProgramData\vCore 2017-01-10 23:53 - 2017-01-11 15:33 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} 2017-01-10 23:53 - 2017-01-11 01:10 - 00000000 ____D C:\Users\Célio Pereira\AppData\Roaming\WMPNetworkAcSvc 2017-01-10 23:53 - 2017-01-10 23:53 - 00000000 ____D C:\ProgramData\Windows Security 2017-01-10 22:55 - 2014-01-17 15:55 - 00000804 _____ C:\Users\Célio Pereira\Downloads\Leia-me.txt 2017-01-10 22:55 - 2014-01-13 12:06 - 03867432 _____ C:\Users\Célio Pereira\Downloads\m4.txd 2017-01-10 22:55 - 2014-01-13 11:53 - 00717038 _____ C:\Users\Célio Pereira\Downloads\m4.dff 2017-01-10 22:55 - 2013-09-10 00:26 - 00000160 _____ C:\Users\Célio Pereira\Downloads\Tutoriais - GTA San Andreas.url 2017-01-10 22:55 - 2013-09-10 00:26 - 00000123 _____ C:\Users\Célio Pereira\Downloads\Mods GTA San Andreas.url 2017-01-10 21:38 - 2017-01-10 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net 2017-01-10 21:15 - 2017-01-10 21:15 - 00244436 _____ C:\Users\Célio Pereira\Downloads\ImgTool.rar 2017-01-10 21:09 - 2017-01-10 21:09 - 00007911 _____ C:\Windows\unins000.dat 2017-01-10 21:09 - 2017-01-10 21:08 - 01204011 _____ C:\Windows\unins000.exe 2017-01-10 21:07 - 2017-01-10 21:07 - 00894870 _____ (Seemann, Deji, Alien ) C:\Users\Célio Pereira\Downloads\CLEO4_setup.exe 2017-01-10 19:33 - 2017-01-10 20:48 - 00000000 ____D C:\Users\Célio Pereira\Documents\GTA San Andreas User Files 2017-01-10 19:33 - 2017-01-10 19:33 - 00000000 ____D C:\Users\Célio Pereira\AppData\Local\modloader 2017-01-10 19:33 - 2017-01-10 19:33 - 00000000 ____D C:\ProgramData\modloader 2017-01-10 19:31 - 2017-01-10 19:31 - 00001237 _____ C:\Users\Célio Pereira\Desktop\gta_sa.exe - Atalho.lnk 2017-01-10 18:56 - 2017-01-10 23:51 - 00000000 ____D C:\Users\Célio Pereira\Downloads\san andreas 2017-01-10 18:28 - 2017-01-10 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2017-01-10 18:28 - 2017-01-10 18:28 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2017-01-09 19:54 - 2017-01-09 19:54 - 00014507 _____ C:\Users\Célio Pereira\Downloads\FlatOut.2 - RELOADED.torrent 2017-01-09 17:31 - 2017-01-10 13:24 - 00000000 ____D C:\Users\Célio Pereira\Downloads\GTA San Andreas Completo 2017-01-09 17:30 - 2017-01-09 17:30 - 00125355 _____ C:\Users\Célio Pereira\Downloads\Grand-Theft-Auto-GTA-San-Andreas-PC-www.jogoscompletostorrent.com_.rar 2017-01-09 17:14 - 2017-01-09 17:14 - 00000000 ____D C:\Programme 2017-01-06 17:55 - 2017-01-06 17:55 - 02185908 _____ C:\Windows\e08092a8deea03a2772034ed51cc4b44.exe 2017-01-06 17:50 - 2017-01-06 17:50 - 00095040 _____ (9M5RAE) C:\Windows\system32\Drivers\6ee0da6814863fcff6e147fe6702917a.sys 2016-12-14 23:52 - 2016-12-14 23:52 - 00001233 _____ C:\Users\Célio Pereira\Desktop\pun.exe - Atalho.lnk 2016-12-14 23:51 - 2016-12-14 23:51 - 00001421 _____ C:\Users\Célio Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pun.lnk 2016-12-14 23:49 - 2017-01-09 19:25 - 00000000 ____D C:\Users\Célio Pereira\Desktop\tr punisher 2016-12-14 19:50 - 2016-12-14 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ 2016-12-14 19:50 - 2016-12-14 19:50 - 00000000 ____D C:\Program Files (x86)\THQ 2016-12-14 19:09 - 2016-12-14 19:09 - 00031334 _____ C:\Users\Célio Pereira\Downloads\1366x768-data-out-45-36279116-chicago-bulls-wallpaper.jpg 2016-12-14 17:22 - 2016-11-30 04:34 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2016-12-14 17:22 - 2016-11-30 04:27 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2016-12-14 16:44 - 2016-12-14 19:54 - 00000000 ____D C:\Users\Célio Pereira\Downloads\The Punisher 2016-12-14 16:20 - 2016-11-12 17:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-12-14 16:20 - 2016-11-12 16:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-12-14 16:20 - 2016-11-12 15:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-12-14 16:20 - 2016-11-12 15:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-12-14 16:19 - 2016-11-19 19:24 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-12-14 16:19 - 2016-11-19 19:24 - 00152856 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2016-12-14 16:19 - 2016-11-19 17:29 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-12-14 16:19 - 2016-11-19 16:44 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-12-14 16:19 - 2016-11-19 15:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-12-14 16:19 - 2016-11-19 15:22 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2016-12-14 16:19 - 2016-11-16 19:49 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2016-12-14 16:19 - 2016-11-12 19:06 - 00738104 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-12-14 16:19 - 2016-11-12 17:38 - 00613632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-12-14 16:19 - 2016-11-12 17:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-12-14 16:19 - 2016-11-12 17:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-12-14 16:19 - 2016-11-12 16:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-12-14 16:19 - 2016-11-12 16:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-12-14 16:19 - 2016-11-12 16:23 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-12-14 16:19 - 2016-11-12 16:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-12-14 16:19 - 2016-11-12 16:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-12-14 16:19 - 2016-11-12 15:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-12-14 16:19 - 2016-11-12 15:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-12-14 16:19 - 2016-11-12 15:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-12-14 16:19 - 2016-11-12 15:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-12-14 16:19 - 2016-11-12 15:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-12-14 16:19 - 2016-11-12 15:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-12-14 16:19 - 2016-11-12 15:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-12-14 16:19 - 2016-11-12 15:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-12-14 16:19 - 2016-11-12 15:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-12-14 16:19 - 2016-11-11 00:33 - 01541240 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2016-12-14 16:19 - 2016-11-09 15:25 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2016-12-14 16:19 - 2016-11-05 18:46 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2016-12-14 16:19 - 2016-11-05 16:35 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-12-14 16:19 - 2016-11-05 15:57 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-12-14 16:19 - 2016-11-05 15:11 - 03606528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-12-14 16:19 - 2016-11-05 13:56 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-12-14 16:19 - 2016-11-05 13:46 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-12-14 16:19 - 2016-10-28 00:56 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-12-14 16:19 - 2016-10-27 12:28 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-12-14 16:19 - 2016-10-12 19:49 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2016-12-14 16:19 - 2016-10-12 19:11 - 00922968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys 2016-12-14 16:19 - 2016-10-11 14:45 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2016-12-14 16:19 - 2016-10-10 21:31 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2016-12-14 16:19 - 2016-10-10 16:18 - 00069976 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-12-14 16:19 - 2016-10-10 16:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cmimcext.sys 2016-12-14 16:19 - 2016-10-09 12:17 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll 2016-12-14 16:19 - 2016-10-09 12:08 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll 2016-12-14 16:19 - 2016-10-09 12:08 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll 2016-12-14 16:19 - 2016-10-08 20:24 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2016-12-14 16:19 - 2016-10-08 19:31 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2016-12-14 16:19 - 2016-10-08 19:10 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2016-12-14 16:19 - 2016-10-05 12:01 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2016-12-14 16:19 - 2016-10-05 12:00 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2016-12-14 16:19 - 2016-10-05 12:00 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll 2016-12-14 16:19 - 2016-10-05 11:52 - 00513456 _____ C:\Windows\SysWOW64\locale.nls 2016-12-14 16:19 - 2016-10-05 11:52 - 00513456 _____ C:\Windows\system32\locale.nls 2016-12-14 16:19 - 2016-10-05 02:15 - 01969944 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2016-12-14 16:19 - 2016-10-05 02:15 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2016-12-14 16:19 - 2016-10-05 02:15 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2016-12-14 16:19 - 2016-10-05 02:15 - 00245320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2016-12-14 16:19 - 2016-09-27 18:16 - 00445873 _____ C:\Windows\system32\ApnDatabase.xml 2016-12-14 16:19 - 2016-09-20 20:30 - 02462040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2016-11-30 07:50 - 2016-11-02 18:48 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-11-30 07:50 - 2016-11-02 18:48 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-11-30 07:50 - 2016-10-27 16:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-11-30 07:50 - 2016-10-27 15:47 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-11-30 07:50 - 2016-10-27 15:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-11-30 07:50 - 2016-10-27 15:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-11-30 07:50 - 2016-10-22 15:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-11-30 07:50 - 2016-10-22 14:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-11-30 07:50 - 2016-10-22 14:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-11-30 07:50 - 2016-10-22 14:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-11-30 07:50 - 2016-10-13 17:06 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2016-11-30 07:50 - 2016-10-13 17:06 - 01124376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2016-11-30 07:50 - 2016-10-11 18:21 - 00497448 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll 2016-11-30 07:50 - 2016-10-11 18:21 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll 2016-11-30 07:50 - 2016-10-11 16:34 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll 2016-11-30 07:50 - 2016-10-11 15:47 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2016-11-30 07:50 - 2016-10-11 14:55 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll 2016-11-30 07:50 - 2016-10-10 19:17 - 00444248 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-11-30 07:50 - 2016-10-10 19:17 - 00333656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-11-30 07:50 - 2016-10-09 20:59 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys 2016-11-30 07:50 - 2016-10-08 20:53 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-11-30 07:50 - 2016-10-08 20:21 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-11-30 07:50 - 2016-10-08 20:07 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2016-11-30 07:50 - 2016-10-08 19:49 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-11-30 07:50 - 2016-10-08 19:21 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2016-11-30 07:50 - 2016-10-07 23:34 - 01660040 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-11-30 07:50 - 2016-10-07 23:34 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-11-30 07:50 - 2016-10-04 18:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2016-11-30 07:50 - 2016-10-04 18:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-11-30 07:50 - 2016-10-04 18:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2016-11-30 07:50 - 2016-10-04 18:08 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-11-30 07:50 - 2016-09-09 20:14 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2016-11-30 07:50 - 2016-09-09 12:15 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll 2016-11-30 07:50 - 2016-09-09 12:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll 2016-11-30 07:50 - 2016-09-09 12:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-11-30 07:50 - 2016-09-09 12:03 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll 2016-11-30 07:50 - 2016-09-09 12:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsiwmi.dll 2016-11-30 07:50 - 2016-09-03 16:20 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\iscsidsc.dll 2016-11-30 07:50 - 2016-09-03 16:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll 2016-11-30 07:50 - 2016-09-03 15:21 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsidsc.dll 2016-11-30 07:50 - 2016-09-03 15:18 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll 2016-11-30 07:50 - 2016-09-03 14:12 - 00512512 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2016-11-30 07:50 - 2016-09-03 14:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2016-11-30 07:50 - 2016-09-03 13:58 - 00397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2016-11-30 07:50 - 2016-09-02 12:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll 2016-11-30 07:50 - 2016-09-02 12:05 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll 2016-11-30 07:50 - 2016-09-01 12:33 - 00377856 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll 2016-11-30 07:50 - 2016-09-01 12:33 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll 2016-11-30 07:50 - 2016-09-01 12:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll 2016-11-30 07:50 - 2016-08-30 12:11 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll 2016-11-30 07:50 - 2016-08-30 00:45 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll 2016-11-30 07:50 - 2016-08-30 00:18 - 00871936 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll 2016-11-30 07:50 - 2016-08-30 00:03 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll 2016-11-30 07:50 - 2016-08-22 11:34 - 01628672 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-11-30 07:49 - 2016-11-02 12:03 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-11-30 07:49 - 2016-11-02 12:00 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-11-30 07:49 - 2016-10-27 16:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-11-30 07:49 - 2016-10-27 16:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2016-11-30 07:49 - 2016-10-27 16:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-11-30 07:49 - 2016-10-27 15:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-11-30 07:49 - 2016-10-22 15:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-11-30 07:49 - 2016-10-22 14:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-11-30 07:49 - 2016-10-22 14:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2016-11-30 07:49 - 2016-10-22 14:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-11-30 07:49 - 2016-10-08 20:18 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2016-11-30 07:49 - 2016-08-30 00:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll 2016-11-29 08:44 - 2016-11-29 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2016-11-29 08:44 - 2016-11-29 08:44 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2016-11-11 13:43 - 2016-11-11 13:43 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys 2016-11-06 13:09 - 2016-11-06 13:17 - 39722470 _____ C:\Users\Célio Pereira\Downloads\Screaman-1.05.rar 2016-11-06 13:07 - 2016-12-14 16:55 - 206689270 _____ C:\Users\Célio Pereira\Downloads\PlayWithMe.zip 2016-11-04 21:20 - 2016-11-06 22:26 - 3429552128 _____ C:\Users\Célio Pereira\Downloads\vol1-m2twg.iso 2016-11-04 21:19 - 2016-11-06 12:48 - 00000000 ____D C:\Users\Célio Pereira\Downloads\Lord of the Rings - Battle for middle earth II + Witch King Expansion (2006) 2016-10-18 20:28 - 2016-09-12 21:48 - 00085680 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-10-18 20:28 - 2016-09-09 11:38 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-10-18 20:28 - 2016-09-09 11:38 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-10-18 20:28 - 2016-09-09 11:38 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-10-18 20:28 - 2016-09-09 11:38 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-10-18 20:28 - 2016-09-09 11:38 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-10-18 20:28 - 2016-09-09 11:38 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-10-18 20:28 - 2016-09-09 11:38 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-10-18 20:28 - 2016-09-09 11:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-10-18 20:28 - 2016-08-27 17:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-10-18 20:28 - 2016-08-27 17:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-10-18 20:28 - 2016-08-27 17:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe 2016-10-18 20:28 - 2016-08-27 16:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-10-18 20:28 - 2016-08-27 16:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2016-10-18 20:28 - 2016-08-27 16:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe 2016-10-18 20:28 - 2016-08-27 14:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2016-10-18 20:28 - 2016-08-27 13:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2016-10-18 20:02 - 2016-09-30 22:22 - 07444312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-10-18 20:02 - 2016-09-13 23:53 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-10-18 20:02 - 2016-09-08 12:00 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-10-18 20:02 - 2016-09-08 12:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2016-10-18 20:02 - 2016-09-07 20:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2016-10-18 20:02 - 2016-09-07 19:59 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2016-10-18 20:02 - 2016-09-07 19:59 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2016-10-18 20:02 - 2016-09-07 19:57 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2016-10-18 20:02 - 2016-08-27 14:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2016-10-18 20:02 - 2016-08-27 14:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2016-10-18 20:02 - 2016-08-25 18:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2016-10-18 20:02 - 2016-08-25 17:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll 2016-10-18 20:02 - 2016-08-12 19:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-10-18 20:02 - 2016-08-12 18:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-10-18 20:02 - 2016-08-11 23:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2016-10-18 20:02 - 2016-08-11 23:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2016-10-18 20:02 - 2016-08-11 15:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe 2016-10-18 20:02 - 2016-08-03 13:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll 2016-10-18 20:02 - 2016-08-03 13:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll 2016-10-18 20:02 - 2016-07-30 15:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2016-10-18 20:02 - 2016-07-30 14:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2016-10-18 20:02 - 2016-07-23 16:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll 2016-10-18 20:01 - 2016-09-17 16:16 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll 2016-10-18 20:01 - 2016-09-17 15:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll 2016-10-18 20:01 - 2016-09-13 23:53 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-10-18 20:01 - 2016-09-13 23:53 - 01490112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-10-18 20:01 - 2016-09-13 23:53 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2016-10-18 20:01 - 2016-09-12 20:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll 2016-10-18 20:01 - 2016-09-12 19:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll 2016-10-18 20:01 - 2016-09-08 18:41 - 00121176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys 2016-10-18 20:01 - 2016-09-07 19:56 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2016-10-18 20:01 - 2016-08-12 22:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2016-10-18 20:01 - 2016-08-12 22:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys 2016-10-18 20:01 - 2016-08-12 22:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys 2016-10-18 20:01 - 2016-08-12 22:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys 2016-10-18 20:01 - 2016-08-12 20:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll 2016-10-18 20:01 - 2016-08-12 20:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2016-10-18 20:01 - 2016-08-12 19:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll 2016-10-18 20:01 - 2016-08-11 16:33 - 00096256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys 2016-10-18 20:01 - 2016-08-11 16:33 - 00083456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys 2016-10-18 20:01 - 2016-08-11 16:33 - 00023040 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys 2016-10-18 20:01 - 2016-08-03 13:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll 2016-10-18 20:01 - 2016-08-03 13:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll 2016-10-18 20:01 - 2016-07-26 11:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS 2016-10-18 20:01 - 2016-07-26 11:40 - 00162850 _____ C:\Windows\system32\C_932.NLS 2016-10-18 20:01 - 2016-07-23 16:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll 2016-10-18 19:52 - 2016-10-18 19:52 - 00000000 ____D C:\MagicPlusMini ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-11 15:37 - 2015-10-07 23:13 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{40AE15D8-C4D8-4A60-BFA1-DC704BC4F559} 2017-01-11 15:33 - 2015-10-16 09:27 - 00000000 __SHD C:\Users\Célio Pereira\IntelGraphicsProfiles 2017-01-11 02:59 - 2015-10-31 12:55 - 00000000 ____D C:\Users\Célio Pereira\AppData\Roaming\uTorrent 2017-01-11 02:48 - 2015-11-15 18:08 - 00000000 ____D C:\Users\Célio Pereira\AppData\Roaming\Skype 2017-01-11 02:25 - 2015-12-15 23:28 - 00000000 ____D C:\Users\Célio Pereira\AppData\Local\Spotify 2017-01-11 02:03 - 2015-12-15 23:15 - 00000000 ____D C:\Users\Célio Pereira\AppData\Roaming\Spotify 2017-01-11 01:19 - 2016-03-21 16:35 - 00002413 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-01-11 01:15 - 2016-03-21 16:35 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-11 01:07 - 2016-03-27 16:24 - 00000000 ____D C:\Users\Célio Pereira\AppData\Local\LogMeIn Hamachi 2017-01-11 01:06 - 2015-10-14 16:21 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2017-01-11 01:06 - 2015-10-08 13:31 - 00000000 ____D C:\Program Files\KMSpico 2017-01-11 01:05 - 2016-08-23 16:40 - 00000000 ____D C:\Program Files (x86)\Sony 2017-01-11 01:05 - 2015-10-14 16:30 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2017-01-11 01:04 - 2013-08-22 12:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-11 01:03 - 2013-08-22 11:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2017-01-11 00:37 - 2013-08-22 13:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2017-01-11 00:20 - 2016-04-24 01:54 - 00000000 ____D C:\Users\Célio Pereira\AppData\Local\ElevatedDiagnostics 2017-01-11 00:11 - 2015-10-07 22:03 - 00001054 _____ C:\Users\Célio Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-01-11 00:05 - 2015-10-07 22:03 - 00000000 ____D C:\Users\Célio Pereira\AppData\Roaming\Adobe 2017-01-10 23:58 - 2016-04-06 21:01 - 00000000 ____D C:\Program Files (x86)\Apowersoft 2017-01-10 23:58 - 2015-12-05 20:17 - 00000000 ____D C:\Games 2017-01-10 23:58 - 2015-11-30 10:46 - 00000000 ____D C:\BancoBrasil 2017-01-10 23:58 - 2015-10-14 17:09 - 00000000 ____D C:\Intel 2017-01-10 23:58 - 2015-10-09 13:27 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-01-10 23:55 - 2016-03-23 23:33 - 00001140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-01-10 23:55 - 2016-03-23 23:33 - 00001128 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-01-10 23:53 - 2015-11-26 08:09 - 00000000 ____D C:\ProgramData\Intel 2017-01-10 18:58 - 2016-04-21 14:09 - 00000000 ____D C:\Users\Célio Pereira\Downloads\Far Cry 2017-01-10 18:28 - 2015-10-22 12:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-01-01 19:02 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\AppReadiness 2017-01-01 15:14 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Inf 2016-12-28 12:37 - 2015-11-26 10:20 - 00000000 ____D C:\Users\Célio Pereira\Documents\Arquivos do Outlook 2016-12-18 04:10 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\rescache 2016-12-18 03:56 - 2014-11-18 14:10 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{137aad10-ae7e-11e3-80bb-90b11c1ccb90}.TMContainer00000000000000000002.regtrans-ms 2016-12-18 03:56 - 2014-11-18 14:10 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{137aad10-ae7e-11e3-80bb-90b11c1ccb90}.TM.blf 2016-12-17 04:10 - 2014-11-18 14:10 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{137aad10-ae7e-11e3-80bb-90b11c1ccb90}.TMContainer00000000000000000001.regtrans-ms 2016-12-17 03:07 - 2013-08-22 13:31 - 00000000 ____D C:\Windows\system32\DriverStore 2016-12-16 23:29 - 2013-08-22 13:36 - 00000000 __RSD C:\Windows\assembly 2016-12-16 14:49 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinSxS 2016-12-16 14:47 - 2013-08-22 12:44 - 00409704 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-16 12:43 - 2014-11-18 14:10 - 00524288 ___SH C:\Windows\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TMContainer00000000000000000001.regtrans-ms 2016-12-16 12:43 - 2014-11-18 14:10 - 00065536 ___SH C:\Windows\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TM.blf 2016-12-16 12:40 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\SysWOW64\pt-BR 2016-12-16 12:40 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\SysWOW64\en-US 2016-12-16 12:40 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\pt-BR 2016-12-16 12:40 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\en-US 2016-12-16 12:40 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\wbem 2016-12-16 12:40 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\oobe 2016-12-16 12:39 - 2015-10-08 13:40 - 00000000 ____D C:\ProgramData\Microsoft Help 2016-12-16 12:38 - 2015-10-08 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-12-16 12:37 - 2015-10-30 07:42 - 00000000 ____D C:\Windows\system32\MRT 2016-12-16 12:35 - 2015-10-07 22:00 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-12-14 23:51 - 2015-10-07 22:03 - 00000564 ___SH C:\Users\Célio Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini 2016-12-14 23:51 - 2015-10-07 22:03 - 00000000 ___RD C:\Users\Célio Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 2016-12-14 17:32 - 2013-08-22 11:25 - 00000167 _____ C:\Windows\win.ini 2016-12-14 17:28 - 2013-08-22 13:20 - 00000000 ____D C:\Windows\CbsTemp ==================== Files in the root of some directories ======= 2016-02-12 15:54 - 2016-02-12 15:54 - 0053246 _____ () C:\Program Files (x86)\CMS Setup Log.txt 2017-01-11 00:06 - 2017-01-11 00:06 - 1620992 _____ () C:\ProgramData\service.exe Files to move or delete: ==================== C:\ProgramData\service.exe Some files in TEMP: ==================== C:\Users\Célio Pereira\AppData\Local\Temp\0Uninst.exe C:\Users\Célio Pereira\AppData\Local\Temp\1Uninst.exe C:\Users\Célio Pereira\AppData\Local\Temp\2Uninst.exe C:\Users\Célio Pereira\AppData\Local\Temp\46D.tmp.exe C:\Users\Célio Pereira\AppData\Local\Temp\4BCY598UDT.exe C:\Users\Célio Pereira\AppData\Local\Temp\69610890-b374-4a70-aa1d-013c08cbf771.exe C:\Users\Célio Pereira\AppData\Local\Temp\7za.exe C:\Users\Célio Pereira\AppData\Local\Temp\aDUB8AeBGj.exe C:\Users\Célio Pereira\AppData\Local\Temp\aoe3-114-english.exe C:\Users\Célio Pereira\AppData\Local\Temp\AutoTime51495.exe C:\Users\Célio Pereira\AppData\Local\Temp\Browser_V6.0.1121.13_r_4727_(Build1612191708).exe C:\Users\Célio Pereira\AppData\Local\Temp\CmdLineExt.dll C:\Users\Célio Pereira\AppData\Local\Temp\DBUpdater.exe C:\Users\Célio Pereira\AppData\Local\Temp\DivXSetup.exe C:\Users\Célio Pereira\AppData\Local\Temp\DriverBoosterSetup.exe C:\Users\Célio Pereira\AppData\Local\Temp\drm_dialogs.dll C:\Users\Célio Pereira\AppData\Local\Temp\drm_dyndata_7300014.dll C:\Users\Célio Pereira\AppData\Local\Temp\fsdC538.exe C:\Users\Célio Pereira\AppData\Local\Temp\hijackthis.exe C:\Users\Célio Pereira\AppData\Local\Temp\jg3.6.0.exe C:\Users\Célio Pereira\AppData\Local\Temp\JGO7U54S5B.exe C:\Users\Célio Pereira\AppData\Local\Temp\JNX506X0NQ.exe C:\Users\Célio Pereira\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\Célio Pereira\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\Célio Pereira\AppData\Local\Temp\mininewsrepair.exe C:\Users\Célio Pereira\AppData\Local\Temp\NirCmd.exe C:\Users\Célio Pereira\AppData\Local\Temp\nshC793.tmp.exe C:\Users\Célio Pereira\AppData\Local\Temp\PEVZ.EXE C:\Users\Célio Pereira\AppData\Local\Temp\ReimagePackage.exe C:\Users\Célio Pereira\AppData\Local\Temp\remove.exe C:\Users\Célio Pereira\AppData\Local\Temp\sdf3ADC.exe C:\Users\Célio Pereira\AppData\Local\Temp\sdf55B7.exe C:\Users\Célio Pereira\AppData\Local\Temp\sed.exe C:\Users\Célio Pereira\AppData\Local\Temp\setup.exe C:\Users\Célio Pereira\AppData\Local\Temp\shortcut.exe C:\Users\Célio Pereira\AppData\Local\Temp\SIntf16.dll C:\Users\Célio Pereira\AppData\Local\Temp\SIntf32.dll C:\Users\Célio Pereira\AppData\Local\Temp\SIntfNT.dll C:\Users\Célio Pereira\AppData\Local\Temp\standalonepatcher.exe C:\Users\Célio Pereira\AppData\Local\Temp\start.exe C:\Users\Célio Pereira\AppData\Local\Temp\swreg.exe C:\Users\Célio Pereira\AppData\Local\Temp\swxcacls.exe C:\Users\Célio Pereira\AppData\Local\Temp\TV7U7UZ7CP.exe C:\Users\Célio Pereira\AppData\Local\Temp\updengine.exe C:\Users\Célio Pereira\AppData\Local\Temp\VDcxiAIYEV.exe C:\Users\Célio Pereira\AppData\Local\Temp\VideoBox.exe C:\Users\Célio Pereira\AppData\Local\Temp\wajam_install.exe C:\Users\Célio Pereira\AppData\Local\Temp\wget.exe C:\Users\Célio Pereira\AppData\Local\Temp\zLJD6ZcCTY.exe C:\Users\Célio Pereira\AppData\Local\Temp\zoek-delete.exe C:\Users\Célio Pereira\AppData\Local\Temp\{E827D32C-602B-4FB9-92F7-726718ACFC14}-53.0.2785.116_52.0.2743.116_chrome_updater.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-09 19:37 ==================== End of FRST.txt ============================