TechSpot

Malware? Antivirus is blocked and massive slowdown

By Castilho
Jul 21, 2016
  1. Hi there. I'd like to thank any help beforehand and I apologize for any delays my lack of knowledge on this might incur.

    What's happening is pretty simple: My laptop is currently facing massive slowdown and my antivirus (Bitdefender free edition) isn't able to open/run. I've also tried running Windows Defender, which I usually keep deactivated, but it was also unable to open. I wonder if this can be malware related.

    Again, thank you very much for any help.

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-07-2016
    Ran by Philippe (administrator) on PHILIPPE-PC (21-07-2016 23:55:55)
    Running from C:\Philippe\Arquivos
    Loaded Profiles: Philippe (Available Profiles: Philippe & DefaultAppPool)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
    (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
    () C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    () C:\Program Files (x86)\KMPConnect\KMPConnectService.exe
    (Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
    (GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
    () C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (ASUSTeK Inc.) C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    () C:\Program Files (x86)\KMPConnect\kmpconnectcore.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (ASUSTeK Inc.) C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    Failed to access process -> gzserv.exe
    () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
    () C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe
    () C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe
    () C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
    (ASUS) C:\Windows\AsScrPro.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
    () C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME)
    HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2016-01-29] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
    HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
    HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
    HKLM-x32\...\Run: [Turbo Gear Help] => C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe [1026048 2009-08-05] ()
    HKLM-x32\...\Run: [Turbo Gear] => C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe [2987520 2009-08-06] ()
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248320 2011-03-21] ()
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
    HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [Diebold - Warsaw] => C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe [1960008 2014-09-19] ()
    HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [263112 2016-03-22] (Razer Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
    Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-08] (Valve Corporation)
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\RunOnce: [Uninstall C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\RunOnce: [Uninstall C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\RunOnce: [Uninstall C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
    ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
    ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
    ShellIconOverlayIdentifiers: [OverlayIconExtension1] -> {fe25455d-b4c2-4e32-97d2-92632ec1c224} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [OverlayIconExtension2] -> {1fae2d88-a78e-4f03-909f-be818a3c1ce6} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
    ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 201.17.0.93 201.17.1.83
    Tcpip\..\Interfaces\{51610c28-cca2-4349-ac5e-ba1f87f3dcc8}: [DhcpNameServer] 201.17.0.93 201.17.1.83
    Tcpip\..\Interfaces\{b6297368-00d4-4a53-9687-8890c2eac1e8}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/iat/us_br.aspx
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-3275748955-1752506241-411057531-1000 -> {17377BFE-37FB-4C81-AB2E-BDDD0D50332D} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    SearchScopes: HKU\S-1-5-21-3275748955-1752506241-411057531-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03] (Adobe Systems Incorporated)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
    BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-07] (DivX, LLC)
    BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll [2014-09-19] (Wondershare)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
    DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
    DPF: HKLM-x32 {F9043C85-F6F2-101A-A3C9-08002B2F49FB} ms-its:C:\Program Files (x86)\The Tournament Director 2\TD.lib::/comdlg32.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\sxu9egj8.default
    FF SelectedSearchEngine:
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-21] ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-21] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll [2013-09-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-14] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-30] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Philippe\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
    FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3275748955-1752506241-411057531-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Philippe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-27] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-3275748955-1752506241-411057531-1000: gastecnologia.com.br/sf/abn -> C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-20] (GAS Tecnologia)
    FF Plugin HKU\S-1-5-21-3275748955-1752506241-411057531-1000: gastecnologia.com.br/sf/uni -> C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-11-09] (GAS Tecnologia)
    FF Plugin HKU\S-1-5-21-3275748955-1752506241-411057531-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-11] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-05-12] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-04-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-05-12] (Citrix Systems, Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml [2011-12-18]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml [2011-12-18]
    FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-20] [not signed]
    FF Extension: No Name - C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\sxu9egj8.default\extensions\helper@savefrom.net.xpi [not found]
    FF Extension: Avira Browser Safety - C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\sxu9egj8.default\Extensions\abs@avira.com [2014-10-14] [not signed]
    FF Extension: Online HD TV - C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\sxu9egj8.default\Extensions\onlinehdtv@onlinehd.tv [2012-10-20] [not signed]
    FF Extension: Online HD TV - C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\sxu9egj8.default\Extensions\onlinehdtv@onlinehd.tv.xpi [2012-10-20] [not signed]
    FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
    FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2016-04-09] [not signed]
    FF HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
    FF Extension: GBBD Banco Santander (Brasil) S.A. - C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2015-01-26] [not signed]
    FF HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
    FF Extension: Guardião - Itaú 30 horas - C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-11-09] [not signed]

    Chrome:
    =======
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ()
    CHR Profile: C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface [2014-09-05]
    CHR Extension: (Google Docs) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
    CHR Extension: (Google Drive) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
    CHR Extension: (YouTube) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Adblock Plus) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
    CHR Extension: (Google Search) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Avira Browser Safety) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-21]
    CHR Extension: (Google Docs Offline) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (The Camelizer) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2016-04-26]
    CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf [2015-03-03]
    CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-09-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-25]
    CHR Extension: (Enhanced Steam) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-07-07]
    CHR Extension: (Gmail) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3275748955-1752506241-411057531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [abmojiekfpcmkkfamgfcpgfgipocface] - C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx [2013-06-02]
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
    CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
    R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe [66768 2014-11-14] ()
    S4 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
    S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-06] (BitRaider, LLC)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation)
    S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-12-23] (Creative Labs) [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2009-11-15] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]
    R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2016-01-29] (NVIDIA Corporation)
    S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
    S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
    R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software) [File not signed]
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2016-01-29] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2016-01-29] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-11] (Electronic Arts)
    S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-04-16] (Power Admin LLC)
    R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-10] (Razer, Inc.)
    S2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-22] (Razer Inc.)
    R2 ServiceKAirModule; C:\Program Files (x86)\KMPConnect\KMPConnectService.exe [389232 2014-05-14] ()
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6348560 2015-10-29] (TeamViewer GmbH)
    R2 Warsaw Technology; C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
    R2 WBVGAservice; C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [72248 2009-02-06] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
     
  2. Castilho

    Castilho TS Rookie Topic Starter

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [50896 2014-11-14] (Paragon Software Group)
    R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
    R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
    S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
    S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
    S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-01-09] (BitRaider)
    R1 EIO64; C:\Windows\System32\drivers\EIO64.sys [16384 2009-07-22] (ASUSTeK Computer Inc.)
    R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [61136 2014-11-14] (Paragon Software Group)
    R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
    R3 Hamachi; C:\Windows\System32\drivers\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
    S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [204496 2014-11-14] (Paragon Software Group)
    R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [15568 2014-11-14] (Paragon Software Group)
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
    S3 MEMSWEEP2; C:\Windows\system32\D275.tmp [6144 2010-05-26] (Sophos Plc) [File not signed]
    R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [45776 2014-11-14] (Paragon Software Group)
    R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2016-01-29] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2016-01-29] (NVIDIA Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
    R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
    R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
    S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15544 2013-04-18] (Headsoft)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R2 WtfEngineDrv; C:\Windows\system32\DRIVERS\WtfEngineDrv.sys [37872 2016-05-20] (AAA Internet Publishing, Inc.)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-21 22:25 - 2016-07-21 23:55 - 00000000 ____D C:\FRST
    2016-07-21 21:30 - 2016-07-21 22:24 - 00001714 _____ C:\Users\Philippe\Desktop\Rkill.txt
    2016-07-21 21:16 - 2016-07-21 21:16 - 06079168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2016-07-21 21:07 - 2016-07-21 21:07 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2016-07-21 21:07 - 2016-07-21 21:07 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-07-21 21:07 - 2016-07-21 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-07-21 21:07 - 2016-07-21 21:07 - 00000000 ____D C:\Program Files\CCleaner
    2016-07-21 21:06 - 2016-07-21 22:17 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
    2016-07-21 21:06 - 2016-07-21 22:17 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
    2016-07-21 21:04 - 2016-07-21 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    2016-07-21 21:04 - 2016-07-21 21:04 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2016-07-18 23:34 - 2016-07-18 23:34 - 00000000 ____D C:\Users\Philippe\AppData\Local\Pokemon Insurgence
    2016-07-18 23:29 - 2016-07-22 01:13 - 00000000 ____D C:\Program Files (x86)\Pokemon Insurgence
    2016-07-18 22:30 - 2016-07-20 22:38 - 00000446 _____ C:\Users\Philippe\AppData\Roaming\CSharpAnalytics-MeasurementSession
    2016-07-18 22:30 - 2016-07-18 22:30 - 00000000 ____D C:\Users\Philippe\AppData\Local\InsurgenceLauncher
    2016-07-06 19:36 - 2016-07-06 19:36 - 00000000 ____D C:\ProgramData\GeoComply
    2016-07-05 22:42 - 2016-07-05 22:42 - 00000000 ____D C:\Users\Philippe\AppData\Local\BANDAI NAMCO Games
    2016-06-28 22:14 - 2016-06-28 22:14 - 00000038 _____ C:\Users\Philippe\Desktop\ping.bat
    2016-06-28 21:44 - 2016-06-28 21:44 - 00001050 _____ C:\Users\Public\Desktop\WTFast.lnk
    2016-06-28 21:44 - 2016-06-28 21:44 - 00000000 ____D C:\Users\Philippe\AppData\Local\AAA_Internet_Publishing,_
    2016-06-28 21:44 - 2016-05-20 10:02 - 00037872 _____ (AAA Internet Publishing, Inc.) C:\WINDOWS\system32\Drivers\WtfEngineDrv.sys
    2016-06-28 21:43 - 2016-06-28 21:44 - 00000000 ____D C:\Program Files (x86)\WTFast

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-22 01:15 - 2015-12-12 16:07 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL.001
    2016-07-22 01:15 - 2015-10-30 06:07 - 00000000 ____D C:\WINDOWS\ShellNew
    2016-07-22 01:15 - 2015-10-30 06:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 __RSD C:\WINDOWS\Media
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\setup
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\IME
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Defender
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2016-07-22 01:14 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-07-22 01:14 - 2015-10-30 03:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-07-22 01:14 - 2015-08-13 21:50 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-07-22 01:14 - 2015-07-28 20:23 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\ProductData
    2016-07-22 01:14 - 2010-05-14 12:18 - 00000000 ____D C:\Users\Philippe\AppData\Local\PokerStars
    2016-07-22 00:54 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2016-07-22 00:50 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-07-21 23:20 - 2010-07-05 22:37 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-07-21 23:19 - 2010-05-24 18:56 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{33DAD70F-0861-48D0-9CF0-061A5DC2C8EE}
    2016-07-21 23:16 - 2012-10-30 05:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-07-21 23:11 - 2010-01-20 14:26 - 00000000 ____D C:\Philippe
    2016-07-21 22:52 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-07-21 22:52 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-07-21 22:29 - 2015-10-30 03:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-07-21 22:21 - 2014-09-28 18:08 - 00000441 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
    2016-07-21 22:21 - 2010-07-05 22:37 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-07-21 22:20 - 2014-05-17 20:00 - 00000000 ____D C:\Program Files (x86)\KMPConnect
    2016-07-21 22:18 - 2015-12-05 04:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-07-21 22:18 - 2015-12-05 03:54 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-07-21 22:17 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\registration
    2016-07-21 22:17 - 2015-10-30 03:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-07-21 21:20 - 2016-04-12 21:03 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\TeamViewer
    2016-07-21 21:20 - 2012-09-23 18:20 - 00000000 ____D C:\Users\Philippe\AppData\Local\LogMeIn Hamachi
    2016-07-21 21:20 - 2011-06-07 10:04 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\TS3Client
    2016-07-21 21:20 - 2011-01-04 11:31 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-07-21 21:20 - 2010-02-07 16:02 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\Media Player Classic
    2016-07-21 21:19 - 2016-05-13 21:47 - 00000000 ____D C:\WINDOWS\Minidump
    2016-07-21 21:19 - 2015-12-05 09:43 - 00000000 ___DC C:\WINDOWS\Panther
    2016-07-21 21:19 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
    2016-07-21 21:19 - 2013-11-13 15:21 - 00000000 ____D C:\Users\Philippe\AppData\Local\CrashDumps
    2016-07-21 21:18 - 2015-10-14 06:35 - 00000000 ____D C:\Users\Philippe\Desktop\Mamãe
    2016-07-21 21:05 - 2014-11-16 15:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-07-21 20:55 - 2015-12-05 04:00 - 00000000 ____D C:\Users\Philippe
    2016-07-21 20:55 - 2014-08-14 20:26 - 00000000 ____D C:\AdwCleaner
    2016-07-21 20:50 - 2014-11-16 15:15 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-07-21 20:50 - 2014-11-16 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-07-21 20:50 - 2014-11-16 15:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-07-21 20:44 - 2014-05-17 19:59 - 00000000 ____D C:\The KMPlayer
    2016-07-21 20:20 - 2015-12-05 03:45 - 04952872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-07-19 19:45 - 2015-12-05 11:36 - 00000000 ____D C:\Users\Philippe\AppData\Local\Deployment
    2016-07-13 08:05 - 2013-07-18 15:00 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-07-10 15:05 - 2015-12-05 03:59 - 01008280 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-07-09 12:05 - 2014-05-06 20:19 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\Curse Client
    2016-07-08 13:49 - 2010-01-29 18:09 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\Skype
    2016-07-08 08:49 - 2010-01-29 15:57 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-07-08 08:49 - 2010-01-29 15:57 - 00000000 ____D C:\ProgramData\Skype
    2016-07-06 21:39 - 2010-01-19 23:15 - 00485032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-07-01 02:09 - 2009-07-29 03:03 - 00400310 __RSH C:\bootmgr
    2016-06-29 06:27 - 2016-04-14 09:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2016-06-28 21:44 - 2013-02-15 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast
    2016-06-23 21:39 - 2016-06-19 13:43 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
    2016-06-23 21:39 - 2016-06-19 13:43 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
    2016-06-23 21:39 - 2009-11-15 04:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-06-23 21:25 - 2012-05-19 20:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-06-23 21:25 - 2012-05-19 20:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-06-23 11:30 - 2012-05-19 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-06-21 21:34 - 2009-11-15 04:58 - 00002743 _____ C:\WINDOWS\system32\ServiceFilter.ini
    2016-06-21 11:10 - 2015-10-30 04:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-06-21 11:08 - 2013-10-30 14:24 - 00000000 ____D C:\Program Files\Microsoft Office 15

    ==================== Files in the root of some directories =======

    2013-04-15 21:44 - 2013-04-15 23:47 - 0000015 _____ () C:\Users\Philippe\AppData\Roaming\CariocaPokerClub.frmMTexasTourney.resizer_settings
    2016-07-18 22:30 - 2016-07-20 22:38 - 0000446 _____ () C:\Users\Philippe\AppData\Roaming\CSharpAnalytics-MeasurementSession
    2013-12-14 08:45 - 2013-12-14 08:45 - 0000388 _____ () C:\Users\Philippe\AppData\Roaming\hexplorer.dat
    2013-12-14 08:45 - 2013-12-14 08:45 - 0000004 _____ () C:\Users\Philippe\AppData\Roaming\mclip.dat
    2011-04-06 21:34 - 2011-04-06 21:34 - 0046790 _____ () C:\Users\Philippe\AppData\Roaming\room.dat
    2013-04-24 21:54 - 2014-04-26 12:22 - 0034816 _____ () C:\Users\Philippe\AppData\Roaming\RZR_002052a74400bf73f7ac42cef577.db
    2016-04-02 20:24 - 2016-04-02 20:25 - 0002439 _____ () C:\Users\Philippe\AppData\Roaming\SpeedRunnersLog.txt
    2013-06-02 17:47 - 2013-06-02 17:47 - 0013897 _____ () C:\Users\Philippe\AppData\Roaming\unins000.dat
    2013-06-02 17:47 - 2013-06-02 17:47 - 0706250 _____ () C:\Users\Philippe\AppData\Roaming\unins000.exe
    2014-09-09 23:54 - 2014-09-09 23:54 - 0017084 _____ () C:\Users\Philippe\AppData\Roaming\unins001.dat
    2014-09-09 23:54 - 2014-09-09 23:54 - 0717985 _____ () C:\Users\Philippe\AppData\Roaming\unins001.exe
    2010-07-20 13:31 - 2013-09-15 18:13 - 0006624 _____ () C:\Users\Philippe\AppData\Roaming\wklnhst.dat
    2010-02-03 14:31 - 2010-02-03 14:31 - 0004608 _____ () C:\Users\Philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-03-30 19:29 - 2011-03-30 19:29 - 0000096 _____ () C:\Users\Philippe\AppData\Local\fusioncache.dat
    2010-06-15 13:31 - 2016-06-08 21:01 - 0007605 _____ () C:\Users\Philippe\AppData\Local\Resmon.ResmonCfg
    2006-06-26 02:33 - 2006-06-26 02:33 - 0163840 _____ (アリスソフト) C:\Users\Philippe\AppData\Local\Tempals_inst.exe
    2014-06-30 17:34 - 2014-06-30 17:34 - 0000000 _____ () C:\Users\Philippe\AppData\Local\{99B51C2B-CEC8-43C5-A0B3-407C2C11ABFD}
    2011-06-14 19:41 - 2011-06-14 19:41 - 0000000 _____ () C:\Users\Philippe\AppData\Local\{9BF77BC4-B6B9-4CA4-8474-E965E4831025}
    2015-02-12 18:19 - 2015-02-12 18:23 - 0048689 _____ () C:\ProgramData\1423775997.4512.bin
    2015-02-12 18:20 - 2015-02-12 18:21 - 0005918 _____ () C:\ProgramData\1423775997.4548.bin
    2015-02-12 18:20 - 2015-02-12 18:23 - 0009133 _____ () C:\ProgramData\1423775997.4668.bin
    2015-02-12 18:20 - 2015-02-12 18:21 - 0004426 _____ () C:\ProgramData\1423775997.5544.bin
    2015-02-12 18:20 - 2015-02-12 18:23 - 0043572 _____ () C:\ProgramData\1423775997.5636.bin
    2015-02-12 18:20 - 2015-02-12 18:20 - 0013548 _____ () C:\ProgramData\1423775997.5812.bin
    2015-02-12 18:20 - 2015-02-12 18:20 - 0002122 _____ () C:\ProgramData\1423775997.5948.bin
    2015-02-12 18:27 - 2015-02-12 18:27 - 0169350 _____ () C:\ProgramData\1423776360.bdinstall.bin
    2009-11-15 05:23 - 2009-09-10 14:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
    2011-01-19 10:44 - 2011-01-19 10:44 - 0000344 _____ () C:\ProgramData\IcL0ucP2tq
    2009-11-15 04:59 - 2009-11-15 04:59 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2009-11-15 04:59 - 2009-11-15 04:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2011-01-19 10:45 - 2011-01-19 11:42 - 0000272 _____ () C:\ProgramData\~IcL0ucP2tq
    2011-01-19 10:45 - 2011-01-19 10:45 - 0000152 _____ () C:\ProgramData\~IcL0ucP2tqr

    Some files in TEMP:
    ====================
    C:\Users\Philippe\AppData\Local\Temp\libeay32.dll
    C:\Users\Philippe\AppData\Local\Temp\msvcr120.dll
    C:\Users\Philippe\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-07-15 07:52

    ==================== End of FRST.txt ============================
     
  3. Castilho

    Castilho TS Rookie Topic Starter

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2016
    Ran by Philippe (2016-07-21 23:57:35)
    Running from C:\Philippe\Arquivos
    Windows 10 Home Version 1511 (X64) (2015-12-05 08:09:12)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3275748955-1752506241-411057531-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-3275748955-1752506241-411057531-1007 - Limited - Enabled)
    DefaultAccount (S-1-5-21-3275748955-1752506241-411057531-503 - Limited - Disabled)
    Guest (S-1-5-21-3275748955-1752506241-411057531-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3275748955-1752506241-411057531-1002 - Limited - Enabled)
    Philippe (S-1-5-21-3275748955-1752506241-411057531-1000 - Administrator - Enabled) => C:\Users\Philippe

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3 Stars of Destiny (HKLM-x32\...\Steam App 278530) (Version: - Aldorlea Games)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    8-Bit Adventures Font Installer version 1.01 (HKLM-x32\...\{D1C02EAB-6EA2-4846-9E90-4B6253911115}}_is1) (Version: 1.01 - Critical Games)
    A Bird Story (HKLM-x32\...\Steam App 327410) (Version: - Freebird Games)
    Abyss Odyssey (HKLM-x32\...\Steam App 255070) (Version: - ACE Team)
    Academagia version 1.1.4 (HKLM-x32\...\{89DAF511-9191-4928-9470-1C8F58008616}_is1) (Version: 1.1.4 - GamersGate)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Active@ Partition Recovery (HKLM-x32\...\{DE031509-F445-4261-A377-0ECF7414D992}) (Version: 7.1.2 - LSoft Technologies)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
    Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Reader 9.3.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.2 - Adobe Systems Incorporated)
    Agarest: Generations of War (HKLM-x32\...\Steam App 237890) (Version: - Idea Factory)
    Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - )
    ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
    ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0013 - ASUS)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
    ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
    ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.18 - asus)
    Asus WebStorage (HKLM\...\Asus WebStorage) (Version: 2.0.31.477 - eCareme Technologies, Inc.)
    Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
    ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
    ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
    ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
    ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
    Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bermuda (HKLM-x32\...\Steam App 337630) (Version: - InvertMouse)
    Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
    BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
    Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
    Brothers - A Tale of Two Sons (HKLM\...\Steam App 225080) (Version: - Starbreeze Studios AB)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
    CariocaPokerClub (HKLM-x32\...\CariocaPokerClub 1.0.5.0) (Version: 1.0.5.0 - CariocaPokerClub)
    CariocaPokerClub (x32 Version: 1.0.5.0 - CariocaPokerClub) Hidden
    CastleStorm (HKLM-x32\...\Steam App 241410) (Version: - Zen Studios)
    CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
    CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
    CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
    Citrix online plug-in (Web) (HKLM-x32\...\{B124E6D3-91B4-4E3C-AD03-BA959B223537}) (Version: 12.0.3.6 - Citrix Systems, Inc.)
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1720 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.2713 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Deadly Sin 2 (HKLM-x32\...\Steam App 285420) (Version: - Dancing Dragon Games)
    Defraggler (HKLM\...\Defraggler) (Version: 2.13 - Piriform)
    Depth (HKLM-x32\...\Steam App 274940) (Version: - Digital Confectioners)
    Desura (HKLM-x32\...\Desura) (Version: 100.64 - Desura)
    Desura: Doom and Destiny (HKLM-x32\...\Desura_77395310673952) (Version: Full - HeartBit Interactive)
    Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version: - Ion Storm)
    Deus Ex: Revision (HKLM-x32\...\Steam App 397550) (Version: - Ion Storm)
    Discord (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\Discord) (Version: 0.0.291 - Hammer & Chisel, Inc.)
    DivXLand Media Subtitler (HKLM-x32\...\DivXLand Media Subtitler) (Version: - )
    Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
    DRAGON BALL XENOVERSE (HKLM\...\Steam App 323470) (Version: - DIMPS)
    DreadOut (HKLM-x32\...\Steam App 269790) (Version: - Digital Happiness)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    DuelystLauncher (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\launcher) (Version: 0.05 - Counterplay Games Inc.)
    Enola (HKLM-x32\...\Steam App 263520) (Version: - The Domaginarium)
    ePub Converter (HKLM-x32\...\ePubConverter) (Version: 1.2.1 - eBook Converter)
    Express Gate (HKLM-x32\...\{B149B9A2-3FA8-40ED-866F-C08BB56BFD81}) (Version: 1.2.13.21 - DeviceVM, Inc.)
    Fahrenheit: Indigo Prophecy Remastered (HKLM-x32\...\Steam App 312840) (Version: - Aspyr)
    Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com)
    Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
    FO2 Restoration Project 2.2 (HKLM-x32\...\Fallout 2 Restoration Project_is1) (Version: - killap)
    Folding@home-x86 (HKLM-x32\...\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}) (Version: 6.23 - Folding@home)
    Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.48.3.WIN.FullTilt.COM - )
    Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games)
    Ghost in the Shell Stand Alone Complex First Assault Online (HKLM\...\Steam App 369200) (Version: - Neople)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    GoToMeeting 5.0.0.799 (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\GoToMeeting) (Version: 5.0.0.799 - CitrixOnline)
    Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.10.0.1 - )
    HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
    Hyperdimension Neptunia Re;Birth1 (HKLM-x32\...\Steam App 282900) (Version: - Idea Factory, Inc.)
    ICY Hexplorer (remove only) (HKLM-x32\...\Hexplorer) (Version: - )
    IdleMaster (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
    Instalação do DivX (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
    IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.2 - Receita Federal do Brasil)
    Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    K-Lite Mega Codec Pack 9.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.0.0 - )
    KMP Connect Program (HKLM-x32\...\{04F1B758-A24A-4409-88C8-7CA957A7E3C0}_is1) (Version: - PandoraTV)
    KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.8.1 - PandoraTV)
    Kotor Tool (HKLM-x32\...\Kotor Tool) (Version: - )
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 1.3 - Riot Games) Hidden
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Leviathan: The Last Day of the Decade (HKLM-x32\...\Steam App 328270) (Version: - Lostwood)
    Lilly and Sasha: Curse of the Immortals (HKLM-x32\...\Steam App 364270) (Version: - )
    LISA (HKLM-x32\...\Steam App 335670) (Version: - Dingaling)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden
    Long Live the Queen (HKLM-x32\...\GOGPACKLLTQ_is1) (Version: 2.0.0.3 - GOG.com)
    Magic The Gathering Online (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\35c9d60442fbb010) (Version: 3.4.90.573 - Wizards of the Coast)
    Magic Workstation 0.94f (HKLM-x32\...\4D688725-3709-476B-8A2F-47CDA8B0B04C_is1) (Version: 1.8.0 - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Compact Framework 2.0 SP1 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 - Microsoft Corporation)
    Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 15.0.4833.1001 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Millennium - A New Hope (HKLM-x32\...\Steam App 280140) (Version: - Aldorlea Games)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.14 - mIRC Co. Ltd.)
    Módulo de Proteção Santander 3.2.0.2 (HKLM-x32\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: Módulo de Proteção Banco Santander (Brasil) S.A. - )
    Mozilla Firefox 7.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 7.0.1 (x86 pt-BR)) (Version: 7.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MV RegClean 6.9 (HKLM-x32\...\MV RegClean 6.9_is1) (Version: - )
    My Game Long Name (HKLM\...\UDK-4aeb24a8-b221-4e50-a467-8b73cbb95afa) (Version: - Epic Games, Inc.)
    NetLimiter 3 (HKLM\...\{913923AB-3AAB-4870-8910-627C4CD82789}) (Version: 3.0.0.11 - Locktime Software s.r.o.)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.55.7 - Black Tree Gaming)
    NVIDIA 3D Vision Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
    ONE PIECE PIRATE WARRIORS 3 (HKLM\...\Steam App 331600) (Version: - KOEI TECMO GAMES CO., LTD.)
    Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
    Paragon HFS+ for Windows™ 9.1 (HKLM-x32\...\{456534C0-51E7-11DF-B336-005056C00008}) (Version: 1.00 - Nome de sua empresa:)
    Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
    Planescape - Torment (HKLM-x32\...\Planescape - Torment) (Version: - )
    Planet Stronghold (HKLM-x32\...\Steam App 291050) (Version: - Winter Wolves)
    PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
    Razer Comms (HKLM-x32\...\Razer Comms) (Version: 1.84.1 - Razer Inc.)
    Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.65 - Razer Inc)
    Razer DeathAdder(TM) Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.03 - Razer USA Ltd.)
    Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
    Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados)
    Richard & Alice (HKLM-x32\...\Steam App 279260) (Version: - Owl Cave)
    RICOH R5U8xx Media Driver ver.3.62.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH)
    Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
    Samsa and the Knights of Light (HKLM-x32\...\Steam App 371320) (Version: - Atixx)
    Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
    Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
    SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
    Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
    Signup Calc (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\db2fc40f9b1be163) (Version: 1.0.0.1 - Microsoft)
    Skyborn (HKLM-x32\...\Steam App 278460) (Version: - Dancing Dragon Games)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
    Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.103 - Skype Technologies S.A.)
    Sophos Anti-Rootkit 1.5.4 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.4 - Sophos Plc)
    SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    Stargazer (HKLM-x32\...\Steam App 373440) (Version: - )
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Suporte para Aplicativos Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    sXe Injected (HKLM-x32\...\sXe Injected) (Version: - )
    System Requirements Lab (HKLM-x32\...\{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC)
    Tales of Symphonia (HKLM\...\Steam App 372360) (Version: - BANDAI NAMCO Entertainment Inc.)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.50527 A - TeamViewer)
    TES Construction Set (HKLM-x32\...\{FF70923C-8A51-47F4-A7E9-893C6D54EB68}) (Version: - )
    The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
    The Deed (HKLM-x32\...\Steam App 420740) (Version: - Pilgrim Adventures)
    The Legend of Korra™ (HKLM-x32\...\Steam App 281690) (Version: - PlatinumGames)
    The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
    The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version: - Telltale Games)
    Thumbplug TGA (HKLM-x32\...\Thumbplug TGA) (Version: 1.10 - Echidna)
    TSLRCM 1.6 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version: - )
    Turbo Gear Extreme (HKLM-x32\...\{558B0625-03A7-491C-9693-FD1066005CBB}) (Version: 1.00.24 - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
    Warsaw 1.3.1 (HKLM-x32\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}) (Version: 14.0.8089.726 - Microsoft Corporation)
    WinDS PRO 2010.9.07 (Philippe) (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}Philippe_is1) (Version: 2010.9.07.0 - WinDS PRO Central)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
    Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.11 - ASUS)
    Wondershare Player(Build 1.6.1) (HKLM-x32\...\Wondershare Player_is1) (Version: 1.6.1.0 - Wondershare)
    WTFast 4.1 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.1.2.761 - Initex & AAA Internet Publishing)
    Ys II (HKLM-x32\...\Steam App 223870) (Version: - Nihon Falcom)
    yuPlay client 0.7.24 (HKLM-x32\...\yuPlay клиент_is1) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3275748955-1752506241-411057531-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
    CustomCLSID: HKU\S-1-5-21-3275748955-1752506241-411057531-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
    CustomCLSID: HKU\S-1-5-21-3275748955-1752506241-411057531-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3275748955-1752506241-411057531-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\799\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {02696D3F-6311-4CFB-B221-DFD9FFC5259C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {06AB3C09-4719-4D18-9BC3-054ADC6F2E41} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-21] (Adobe Systems Incorporated)
    Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {11967911-2F06-4BB0-A162-B38F3F6F89F2} - System32\Tasks\{190EAC7D-72D0-44A0-AB90-3FC779243477} => pcalua.exe -a C:\Users\Philippe\Downloads\The_Lore_of_Lorewyn_2.0.4.exe -d C:\Users\Philippe\Downloads
    Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {204CBB3B-7BE6-4E2E-BFB3-BA2B022FC30D} - System32\Tasks\{E65DE51F-331B-490F-9C75-E3C9CF64B058} => pcalua.exe -a C:\Users\Philippe\Downloads\dotnetfx35.exe -d C:\Users\Philippe\Downloads
    Task: {225CCE1D-CA5A-4AF9-9FA6-558F10D57637} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {27779856-7C93-4298-9932-EB8AD44AD324} - System32\Tasks\{47CC266C-548B-4776-ADB9-FDCCE8DA6CA2} => pcalua.exe -a D:\autorun.exe -d D:\
    Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {2B8A12BD-2E82-4A53-A833-C5C2A7ACD089} - System32\Tasks\AdobeAAMUpdater-1.0-Philippe-PC-Philippe => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
    Task: {2C0ED80C-D683-42DF-88C1-529309733867} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {4267EF5A-9918-45A0-9571-901ACF3928B8} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
    Task: {4713A092-825F-4CE1-B0B5-E6234149EAF0} - \ASUSControlDeck -> No File <==== ATTENTION
    Task: {49CCC654-1C51-476E-A498-1896E9112C5C} - System32\Tasks\{66BFEFAB-1B2C-46DC-BCFA-CECB264413AD} => pcalua.exe -a D:\setup.exe -d D:\
    Task: {4AE31FF9-23C0-48A0-9108-927605A6A07B} - System32\Tasks\{BC079451-B267-424E-829F-782ACD3F09AA} => pcalua.exe -a "C:\Users\Philippe\Desktop\DC Universe Online\Disk_1\steambackup.exe" -d "C:\Users\Philippe\Desktop\DC Universe Online\Disk_1"
    Task: {4F4563B7-B4E5-450D-B3F6-8C714854C9BD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {51AA876D-0460-4A42-8801-4CAE35326C58} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {5D90CCA4-B1EC-471B-8794-D090A6429BB4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-09-04] ()
    Task: {5E517423-ECED-4EDB-AF6F-CAB33F7C3E5F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {678FFBB4-40A1-4771-BF7C-4DD35D8ADFAF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
    Task: {6AEDC28D-A7E6-464B-AC6C-D3D02C028071} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
    Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {71F9274B-DDDE-4DEE-BEB8-AF562919D023} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {7A3A7E1E-CBA4-49BE-BA22-2E14DC10E559} - System32\Tasks\{697EE5A7-8EC8-4108-BA5C-B5CFE2E391B6} => pcalua.exe -a "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Ages of Empires III\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Ages of Empires III"
    Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {8848674F-5562-422D-B635-BE11B1A1F09C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
    Task: {97402E6E-5B39-4F01-99D6-D6A51ECBC2AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A3EE6C46-F471-4A35-BF4D-DB3D493FBC9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {A4F96590-6A00-48C3-9A1D-245EBA99F5E6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {B61468BB-2771-4CEE-8F86-83CF57706DB5} - System32\Tasks\Driver Booster SkipUAC (Philippe) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    Task: {BA0915D0-DF4B-4F2C-B484-D69817C80E9A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BF63C140-E469-414F-9D29-80CCF2C8CABE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {C2741DF7-0C82-43D7-AF08-46484491EBD0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {CE446FCD-FBB8-4F4B-892F-EAC6EE2A0699} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {DBF17FD8-1A41-4908-BA25-09CA456A9633} - System32\Tasks\{4C1086C6-7CD6-4C0B-BB97-A1C0D2E5AAAA} => pcalua.exe -a E:\Setup.exe -d E:\
    Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {E0458463-D4BA-4AC2-8260-BE94B92A1D52} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
    Task: {E3E0850B-C9C2-45C9-9E2E-DF101ACAE9E6} - System32\Tasks\{71A1BD14-35F1-40B8-9DD0-F2695A01095D} => pcalua.exe -a "C:\Users\Philippe\Downloads\Planescape Torment DVD\widescreen\widescreen-v2.31.exe" -d "C:\Users\Philippe\Downloads\Planescape Torment DVD\widescreen"
    Task: {E77EAD39-2932-423B-AC96-6115DE17B696} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
    Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {E9C6A1CD-3D9C-454F-900E-A745F570F388} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
    Task: {EFF541FA-42A1-4BE8-B162-D96FBA1FA3B9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {F0E36F82-3DCD-4A90-9217-174E32F3867F} - System32\Tasks\{0688522C-AE95-418D-93E0-D8FD741673A2} => pcalua.exe -a "C:\Users\Philippe\Downloads\Dragon Age Origins - Ultimate Edition\MODs\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Leliana\Dragon Age Redesigned- Leliana.exe" -d "C:\Users\Philippe\Downloads\Dragon Age Origins - Ultimate Edition\MOD (the data entry has 118 more characters).
    Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {FE87E497-CF66-49D3-9CC3-CBCC148DFCB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{1FE97AFA-7656-4CF0-8886-2A624285212E}.job => C:\Windows\system32\msfeedssync.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Philippe\Desktop\logoff.bat - Shortcut.lnk -> C:\Users\Philippe\Downloads\G72GX-ASUS-0602\logoff.bat (No File)
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{F11674B3-5F6B-49F3-B595-A96DAA994B35}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.psychonauts.com/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{A3D4727B-3B75-4277-A32A-DF7EB5F03058}\SupportTasks\1\Support.lnk -> hxxp://support.lucasarts.com/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{A3D4727B-3B75-4277-A32A-DF7EB5F03058}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.kotor2.com/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{873021AA-D77F-49DE-BF8D-515B0C5DC0D8}\SupportTasks\1\Support.lnk -> hxxp://www.eidosinteractive.com/techsupp/index.htm/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{873021AA-D77F-49DE-BF8D-515B0C5DC0D8}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.deusex.com/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{8480A4F4-1E04-4EBA-8242-1959D2DC9571}\SupportTasks\1\Support.lnk -> hxxp://www.divinedivinity.com/generated/dd_e_support.html/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{8480A4F4-1E04-4EBA-8242-1959D2DC9571}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.larian.com/php/nieuws.php3
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{3CBF70F5-64E0-4313-A328-282257DDD46E}\SupportTasks\1\Support.lnk -> hxxp://www.bethsoft.com/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{3CBF70F5-64E0-4313-A328-282257DDD46E}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.elderscrolls.com/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{31EEF33F-18D0-4214-A5C7-2D1EA9BCE2AC}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.valkyriestudios.com/scgame.htm/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{006295D3-A877-4F2C-B516-98956E6A2183}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/games/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{006295D3-A877-4F2C-B516-98956E6A2183}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.ageofempires3.com/
    Shortcut: C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader Support.lnk -> hxxp://jdownloader.org/knowledge/index
    Shortcut: C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ePub Converter\Website.lnk -> hxxp://www.ebook-converter.com/

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-04-16 15:54 - 2016-01-29 07:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-11-14 18:21 - 2014-11-14 18:21 - 00066768 _____ () C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
    2014-03-19 13:08 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-05-17 20:00 - 2014-05-14 12:51 - 00389232 _____ () C:\Program Files (x86)\KMPConnect\KMPConnectService.exe
    2009-11-15 05:40 - 2009-02-06 21:57 - 00072248 _____ () C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
    2014-05-17 20:00 - 2015-10-30 09:39 - 00617584 _____ () C:\Program Files (x86)\KMPConnect\KMPConnectCore.exe
    2016-04-13 10:04 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2008-08-14 01:59 - 2008-08-14 01:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    2016-04-13 10:04 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-04-24 11:44 - 2016-04-24 11:44 - 00959176 _____ () C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
    2007-06-15 15:28 - 2007-06-15 15:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
    2007-06-01 21:52 - 2007-06-01 21:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    2009-08-25 04:47 - 2009-08-25 04:47 - 00140560 _____ () C:\Program Files (x86)\ASUS\Asus WebStorage\EcaremeDLL.dll
    2015-12-05 04:07 - 2015-12-05 04:07 - 00029968 _____ () C:\WINDOWS\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll
    2015-12-05 04:07 - 2015-12-05 04:07 - 00931840 _____ () C:\WINDOWS\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
    2010-01-19 23:33 - 2009-12-12 14:12 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
    2009-09-04 20:24 - 2009-09-04 20:24 - 01600128 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    2008-10-01 04:02 - 2008-10-01 04:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    2009-11-15 05:41 - 2007-11-30 16:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    2015-12-17 17:32 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-05-11 10:13 - 2016-04-23 01:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2010-06-18 12:19 - 2009-08-05 23:26 - 01026048 _____ () C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe
    2010-06-18 12:19 - 2009-08-06 00:19 - 02987520 _____ () C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe
    2011-12-06 23:07 - 2011-03-21 10:06 - 00248320 _____ () C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    2013-02-12 23:37 - 2013-02-12 23:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    2011-12-06 23:07 - 2011-04-14 10:48 - 01758208 _____ () C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    2016-04-19 10:42 - 2016-04-19 10:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-06-14 20:53 - 2016-05-28 00:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-06-14 20:52 - 2016-05-28 00:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-06-14 20:54 - 2016-05-28 00:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-06-14 20:55 - 2016-05-28 00:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2010-06-18 12:19 - 2008-05-22 21:24 - 00045056 _____ () C:\Program Files (x86)\ASUS\Turbo Gear Extreme\atkmethod.dll
    2010-06-18 12:19 - 2008-02-16 22:08 - 00950272 _____ () C:\Program Files (x86)\ASUS\Turbo Gear Extreme\OcSetting.dll
    2010-06-18 12:19 - 2005-05-11 15:39 - 00565248 _____ () C:\Program Files (x86)\ASUS\Turbo Gear Extreme\pngio.dll
    2013-02-12 23:38 - 2013-02-12 23:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    2008-08-27 21:32 - 2008-08-27 21:32 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    2008-06-09 14:55 - 2008-06-09 14:55 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    2016-04-19 10:42 - 2016-04-19 10:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-04-19 10:42 - 2016-04-19 10:43 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-06-17 20:21 - 2016-06-15 06:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
    2016-06-17 20:21 - 2016-06-15 06:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
     
  4. Castilho

    Castilho TS Rookie Topic Starter

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:07BB519E [400]
    AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 [134]
    AlternateDataStreams: C:\ProgramData\Temp:734E442A [135]
    AlternateDataStreams: C:\ProgramData\Temp:90EE3BE1 [110]
    AlternateDataStreams: C:\ProgramData\Temp:A724744F [124]
    AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [145]
    AlternateDataStreams: C:\ProgramData\Temp:B88E99C8 [121]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\cinemanow.com -> hxxp://cinemanow.com
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\cinemanow.com -> hxxps://cinemanow.com
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\com -> hxxp://*.Wondershare.com
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\itau.com.br -> bankline.itau.com.br
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\itau.com.br -> hxxps://bankline.itau.com.br
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\sony.com -> sony.com

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 23:34 - 2015-11-07 20:17 - 00001794 _____ C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com
    127.0.0.1 adobeereg.com
    127.0.0.1 www.adobeereg.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 125.252.224.90
    127.0.0.1 125.252.224.91
    127.0.0.1 hl2rcv.adobe.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 201.17.0.93 - 201.17.1.83
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: ATKGFNEXSrv => 2
    MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
    MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
    MSCONFIG\Services: DAUpdaterSvc => 3
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    MSCONFIG\startupreg: NB Probe => C:\Program Files (x86)\ASUS\NB Probe\NBProbe.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    HKLM\...\StartupApproved\Run: => "EeeStorageBackup"
    HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\StartupApproved\Run: => "Steam"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{2190C2B9-02B2-4226-8528-50D717173B43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
    FirewallRules: [{76D76C95-32B7-4F7A-9A9D-1FBFE1659866}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
    FirewallRules: [{BA2C56F7-11A5-4F2B-B34D-AB9D491E0170}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys II\config.exe
    FirewallRules: [{DFEA5384-CC27-49F3-A39C-CFDBD315DB65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys II\config.exe
    FirewallRules: [{C81AD5D7-6D24-4CAC-BF7D-A17EE8282F32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys II\ys2plus.exe
    FirewallRules: [{FC2BF5F1-A29D-40B4-8397-EB78D3A8F456}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys II\ys2plus.exe
    FirewallRules: [{D58F9ADE-2A21-4E15-98E0-CFCEFEAE178E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Agarest Generations of War\Agarest.exe
    FirewallRules: [{2C910819-BA95-4E32-922C-8425592F35F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Agarest Generations of War\Agarest.exe
    FirewallRules: [{2BA4BF2F-0257-4A30-A1A8-0C207466C5A2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{C8B2165D-D639-415B-AB14-151986B8B273}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{54217F73-E793-4004-BF23-AFB4C62206FA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{73581C1D-5379-4E8C-B871-58A0F7DA1EFC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{2381FD81-1122-44EF-AD2B-412372AE602E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lilly and Sasha Curse of the Immortals\Lilly and Sasha.exe
    FirewallRules: [{56C9F530-8B92-47DB-A094-A09F0686DB54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lilly and Sasha Curse of the Immortals\Lilly and Sasha.exe
    FirewallRules: [{1189F34C-D7CD-4495-B776-5907CB6449FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\abyss_odyssey\Binaries\Win32\AO.exe
    FirewallRules: [{EC719E9B-E529-4881-A390-E9031C4BF7A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\abyss_odyssey\Binaries\Win32\AO.exe
    FirewallRules: [{606F2D3D-E097-4338-A972-BED889392EC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
    FirewallRules: [{2190B10D-A520-4BA2-92A5-2FF072897E60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
    FirewallRules: [{48EE9C4A-021A-41AF-A8D0-7EFA40ACCEBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\Revision.exe
    FirewallRules: [{F6607D68-B093-4EA7-80BB-B1AA68F2D74E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\Revision.exe
    FirewallRules: [{01F6E92B-DC0B-4A3F-952D-66C0705D741A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
    FirewallRules: [{F53063A4-9109-4E66-818D-17860D3C6F76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
    FirewallRules: [{0D7A8563-AF02-44E7-8C52-5E18252ABD9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe
    FirewallRules: [{2D1CD87B-C865-48E0-B6FB-C0085E98C436}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe
    FirewallRules: [{CC8F6AE1-BB66-4BAE-8B9B-E058CB142AD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan The Last Day of the Decade\ldod.exe
    FirewallRules: [{03904AC4-C842-4A1F-BD05-A63CE6D09B17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan The Last Day of the Decade\ldod.exe
    FirewallRules: [UDP Query User{F668BEC0-3996-4999-9715-C00DC0EC60D7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{912F6A29-F17A-4E32-BD0A-B288E46FFA72}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{C35563B9-85CB-4C4A-8F7C-5E3E8A8B47D7}C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{071214F9-5FB3-4D7B-9268-D2C175ECC546}C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
    FirewallRules: [{58C272AC-B910-44BB-BBEA-DFF75F2C5A9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
    FirewallRules: [{B4117A9F-1621-4751-8892-BD21930C98F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
    FirewallRules: [{F1E1AB10-F768-4D16-9C79-708D3BF306CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stargazer\Stargazer.exe
    FirewallRules: [{7AD6469D-B16D-4F56-B451-BF1E9793A169}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stargazer\Stargazer.exe
    FirewallRules: [{08353DAF-8C9C-4DEE-805C-BCA677B74EC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bermuda\bermuda.exe
    FirewallRules: [{46FB651B-008D-4F7E-8179-D82BB3B32820}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bermuda\bermuda.exe
    FirewallRules: [{0B8F0F9E-97E6-4F05-A126-96B99C53F7D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{B5D743A0-1C6E-4801-8F87-DC74E15A541C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{BCEC7C88-3F6E-4CDB-A17D-D498D094F4E4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{9E46CC71-DF23-42F6-8AB9-0A0310D628FF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{EB42561C-BC19-4CD4-B8EC-2DD1152379E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
    FirewallRules: [{949B3FC8-CF55-405A-9AD4-9F9447DA764D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
    FirewallRules: [{2F0BE94D-E31B-45EE-99F9-4A338A93AF58}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
    FirewallRules: [{090CF12E-9CEF-46DD-932C-C6EBDCAFFAC5}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
    FirewallRules: [{851DD5B4-6D45-47EE-B010-465A5390DAE3}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
    FirewallRules: [{C5DB060D-BC91-40A8-8CE7-0BD8DBECF1AF}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
    FirewallRules: [{DA04E5E4-689A-488C-B0E6-679CB26E19D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\strikesuitzero\pc\main\Binary\Launcher.exe
    FirewallRules: [{F2B1E6CF-2442-4041-A78A-159DF905CBD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\strikesuitzero\pc\main\Binary\Launcher.exe
    FirewallRules: [TCP Query User{FD452118-C127-447E-AD77-8D3FE4EC308C}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
    FirewallRules: [UDP Query User{C3E14E65-2342-4636-897E-F63D5F498851}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
    FirewallRules: [TCP Query User{2E14FD8A-E5A7-481D-9DA0-8A277D928511}C:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe
    FirewallRules: [UDP Query User{29FFC570-ADD3-4378-9114-39A690D4209A}C:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe
    FirewallRules: [{924E019E-5233-42EE-9015-F1D150ADA2ED}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [TCP Query User{F971DC73-194A-42C5-8220-EE2ABD23E5F8}C:\level up! games\warface\launcher\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Allow) C:\level up! games\warface\launcher\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe
    FirewallRules: [UDP Query User{7B0E3174-C370-458C-98AD-D62943172009}C:\level up! games\warface\launcher\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Allow) C:\level up! games\warface\launcher\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe
    FirewallRules: [{C0898C96-FD21-4EBB-8119-559870DF6154}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3 Stars of Destiny\3Stars.exe
    FirewallRules: [{788978DE-A283-470E-A4CF-2F8F2E431F1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3 Stars of Destiny\3Stars.exe
    FirewallRules: [{AD2D65F1-2EA2-4B09-88BA-8030A42C332E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
    FirewallRules: [{9B9BF3B2-1DA8-4D10-B467-88A6AD50810D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
    FirewallRules: [{204099DC-B93E-4AC0-920B-C42936FF8F21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deadly Sin 2\Game.exe
    FirewallRules: [{AD36E8F0-E49C-4D1F-B559-9A80AB24F11F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deadly Sin 2\Game.exe
    FirewallRules: [{6A3441CE-9D4B-4918-8B1F-72A3DB50BD31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyborn\Game.exe
    FirewallRules: [{691001AA-5034-4211-9B7D-0A92F788F0C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyborn\Game.exe
    FirewallRules: [{C25E9639-0C6D-4876-BA05-FDEC51FD8D1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millennium 1\Millennium.exe
    FirewallRules: [{0AFD0183-E12F-42CB-B299-D91514C822E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millennium 1\Millennium.exe
    FirewallRules: [{9A810B56-4D64-434F-9C95-3D81E98791CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
    FirewallRules: [{F9F311DA-51EC-4BD0-84F5-EFB18CA36147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
    FirewallRules: [TCP Query User{A56CEDD3-E2A0-4187-B54F-3D4EB6DB797E}C:\users\philippe\downloads\remotecontrolserver.exe] => (Allow) C:\users\philippe\downloads\remotecontrolserver.exe
    FirewallRules: [UDP Query User{9174DDB2-D914-4840-95C3-8FBB62390E96}C:\users\philippe\downloads\remotecontrolserver.exe] => (Allow) C:\users\philippe\downloads\remotecontrolserver.exe
    FirewallRules: [TCP Query User{FED1ABB3-7F89-4807-9EBA-78562FCF4726}C:\program files (x86)\magic workstation\data\mwshost.exe] => (Allow) C:\program files (x86)\magic workstation\data\mwshost.exe
    FirewallRules: [UDP Query User{7DA4DC69-6F2D-4499-9EFC-B4D7D435B18D}C:\program files (x86)\magic workstation\data\mwshost.exe] => (Allow) C:\program files (x86)\magic workstation\data\mwshost.exe
    FirewallRules: [{DBC271EF-0A2F-49F4-B1AE-67E9018B2354}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\Catan.exe
    FirewallRules: [{4B947FC7-FB94-4E47-96C6-A1E410B88261}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\Catan.exe
    FirewallRules: [{79A6400B-AC23-40B6-812D-02F0BBF9BFFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\CatanEdit.exe
    FirewallRules: [{5B02CFE2-5F18-42F7-ACDD-8BF296EEF391}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\CatanEdit.exe
    FirewallRules: [{74CB1C67-9E73-4ADD-BB18-439D179B2760}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{764142D7-5983-40A3-9111-CB4D44232825}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{42DEADD6-D5E4-49D8-AC1E-D528E426D8D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
    FirewallRules: [{F02CBF08-4CD5-4D62-A8D0-849B54B9AE38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
    FirewallRules: [{F45833DE-A75C-4583-A9DD-B9F1CE199A26}] => (Allow) C:\Program Files (x86)\Diebold\Warsaw\core.exe
    FirewallRules: [{1AF9E54B-2F68-42B0-86BD-B8E9183B8768}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{06A2AA87-D250-4ED9-A0D2-F0575B81221A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{BB4D5ACA-53B3-48AE-9D47-292A3CB7C4E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{E29BE655-3C44-4F16-B165-E60B680CF20A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{B6543D78-95AF-43E6-9484-F071E987E3AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{BD34B8C8-4DCB-4EA3-B564-C30BD8C897BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{4EAF2E79-7023-46F3-B244-C9BD7B4AE7DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [{4C700911-1A92-44E2-B3C8-D2700CCAD85D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [TCP Query User{92471A75-F022-4D02-A609-04DFB81F9544}C:\users\philippe\desktop\new folder\remoteserver.exe] => (Allow) C:\users\philippe\desktop\new folder\remoteserver.exe
    FirewallRules: [UDP Query User{A8E6C70D-5479-4204-9AF6-04B05DBA6737}C:\users\philippe\desktop\new folder\remoteserver.exe] => (Allow) C:\users\philippe\desktop\new folder\remoteserver.exe
    FirewallRules: [TCP Query User{0232CE29-360A-4EF5-9C56-A85E68370E6E}C:\gog games\shadowrun returns\shadowrun.exe] => (Allow) C:\gog games\shadowrun returns\shadowrun.exe
    FirewallRules: [UDP Query User{652446DA-4427-4AEC-8D6D-1189374C3854}C:\gog games\shadowrun returns\shadowrun.exe] => (Allow) C:\gog games\shadowrun returns\shadowrun.exe
    FirewallRules: [{5841958E-BD0E-4D7E-8794-435BE00A08D7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{16F6DF59-3709-4B98-98DF-DC516AD53EF8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [{DF4FA678-FF4F-4C75-8E0E-8B2C1CA23442}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [{AA5438F7-BC33-46CA-90EA-7AE61268CAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
    FirewallRules: [{2BA75C7A-3651-4A6A-AAAE-E9408E9D922A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
    FirewallRules: [TCP Query User{1D5F3720-AF19-4CB8-93D9-EC8AA20EC730}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
    FirewallRules: [UDP Query User{8C955BEA-1D02-4E6A-AE7C-B1DB69DDF41D}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
    FirewallRules: [TCP Query User{092B4110-9B0B-4597-A306-2F9823D09308}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
    FirewallRules: [UDP Query User{673530CE-D082-4859-8E5E-AC106A5F5187}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
    FirewallRules: [{C886938B-4BE4-463A-883A-F0D527FC2AA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
    FirewallRules: [{EF4D5B53-C544-4AF5-AB57-514E1692F969}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
    FirewallRules: [{EB33DE34-C50D-402F-9634-1AE1E31C0F48}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{6A24E867-129C-4604-B3CD-1E511E369F33}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{FC96CC0E-E344-4BA0-BA52-5E8DF75540AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{7779FF0D-5F14-48F2-91EC-A000C290E44C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{85431D5F-4054-4F8E-8FF0-358F74CFA8D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{E4E5334A-D62D-4808-9C5F-19F462AA5F51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{88A306FC-A5F1-4594-9BE8-46FA741BCD94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RichardAndAlice\richardandalice.exe
    FirewallRules: [{D6659CBB-311D-461A-A260-FF1FEEDD40D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RichardAndAlice\richardandalice.exe
    FirewallRules: [TCP Query User{DC2D1394-17BA-4BF5-A358-F6E88A222A78}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [UDP Query User{16418643-8799-4524-821E-1CD77126142F}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [{3AD1BD2C-F9BF-48EB-AB84-2C0DEC6DCC12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inquisitor\Game\Inquisitor.exe
    FirewallRules: [{F01B4B8D-10F7-4078-857D-030494519F61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inquisitor\Game\Inquisitor.exe
    FirewallRules: [{62336EFB-7B5C-4D37-B02B-7D23DAA23048}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetStronghold\Planet Stronghold.exe
    FirewallRules: [{7896073E-7242-4FB2-8F68-1C6A0E6D22BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetStronghold\Planet Stronghold.exe
    FirewallRules: [{812009DB-398D-493F-8D3C-B3282105118B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Bird Story\A Bird Story\A Bird Story.exe
    FirewallRules: [{749B123B-49EE-44E9-A622-98621BE7E122}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Bird Story\A Bird Story\A Bird Story.exe
    FirewallRules: [TCP Query User{F5630743-E38C-4400-8577-1FD1929E90A4}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{4FFF890C-88BC-4A75-8ED2-6622E52EB424}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
    FirewallRules: [{CE176CCE-BDDA-473E-9E59-56E8AC498E0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Old City\Binaries\Win32\UDK.exe
    FirewallRules: [{78DF36E7-AE00-42A3-8A5E-0D49A728BD73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Old City\Binaries\Win32\UDK.exe
    FirewallRules: [TCP Query User{5298AD4D-8A88-4DF5-82E6-B5D0CE4090B1}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{EC71CE64-C08F-4531-A68C-66139C8DAF37}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{AA56ECE7-C05E-4500-AE02-41F353790F75}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [UDP Query User{14C191BA-FE05-431F-AE7D-B21B72CFA405}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [TCP Query User{D2442127-EB0E-48F7-B8C3-A33377F6DC28}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{BD22CF65-1DB1-4185-9593-D5196823C687}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
    FirewallRules: [{7B69A761-490D-4318-B872-FBCB8A6AD45B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleStorm\CastleStorm.exe
    FirewallRules: [{E6B9CF04-E6B9-405A-B1EB-19DF0A2E682D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleStorm\CastleStorm.exe
    FirewallRules: [TCP Query User{9D1BD45B-40EA-455F-9BEF-88A021C78032}C:\program files (x86)\java\jre7\launch4j-tmp\irpf2015.exe] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\irpf2015.exe
    FirewallRules: [UDP Query User{83C4BEC3-4A67-4DC7-8693-64CEE36098CE}C:\program files (x86)\java\jre7\launch4j-tmp\irpf2015.exe] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\irpf2015.exe
    FirewallRules: [{FC941BF1-24E2-4979-A1FB-2971F75EF6BF}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{AD177177-A52C-4D8C-A343-8DF30E7C7F62}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [TCP Query User{4B757644-9869-48B5-A0D5-763CA2F504E3}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{9D2161A7-AAD6-4513-8DE9-65C8EF404C83}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
    FirewallRules: [{4082A65B-BF7A-4C06-9BDF-8A03347122DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
    FirewallRules: [{2BC02861-6C9B-4A51-B408-2A6E7F3D8F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
    FirewallRules: [{87542EB7-EB48-42F4-8154-E418E54AF014}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
    FirewallRules: [{FAF8106A-81DF-49CB-BFA8-0E4F5ABD6185}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
    FirewallRules: [TCP Query User{4D3A7D54-EDE4-49DA-8179-5C668031BF92}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{B3A5D4CF-3F8C-4075-B01A-103D392A7D0A}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
    FirewallRules: [{AA67BEDD-55BB-4CE8-A40B-C628D2A1CF1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
    FirewallRules: [{82CC9697-5206-47BE-B25D-111C02CFF76C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
    FirewallRules: [{27FE03F9-09A7-4EA1-AF74-DC479ABDB0F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
    FirewallRules: [{A6CD33A9-90ED-4B6A-B239-38C3EDDF4146}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
    FirewallRules: [{2E2B649F-B669-4C16-AEF0-8CCFA627143A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe
    FirewallRules: [{813E93D7-B3B5-486A-B22B-2E9E021A6172}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe
    FirewallRules: [{E3E432E1-AB76-471C-9313-1B3DEE948FAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
    FirewallRules: [{B1F24C25-406B-4B85-9D6D-A2A701E7C934}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
    FirewallRules: [{A86F74D3-D0D8-4456-BBF7-9B82E38EC432}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\JOYFUL\Game.exe
    FirewallRules: [{E6DCE921-4D97-4370-850F-E89384A9EBDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\JOYFUL\Game.exe
    FirewallRules: [{D9D79220-AD31-4CB1-9153-CECAC1E7AA12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
    FirewallRules: [{F667EDEF-D231-476B-BA8A-4F0D5D5DDF38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
    FirewallRules: [{D4E28964-C662-4A94-AC29-FA4A54A61254}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DreadOut\dreadout.exe
    FirewallRules: [{9F591500-993F-41B6-A21A-EDA256BAAE31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DreadOut\dreadout.exe
    FirewallRules: [{2EA23331-1F04-4102-8AD2-D58E4E7566C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DreadOut\dreadout32.exe
    FirewallRules: [{779590F9-815F-43D6-8F40-2F89B5BB8172}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DreadOut\dreadout32.exe
    FirewallRules: [{F1104CAF-2003-400A-B789-338E4C1B8F5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Samsa and the Knights of Light\Game.exe
    FirewallRules: [{15D4E059-0B70-4E76-A12A-91BAAD5DE97B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Samsa and the Knights of Light\Game.exe
    FirewallRules: [{69EE903D-44FB-4267-BE97-125F39B504F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Legend of Korra\LoK.exe
    FirewallRules: [{7E4AAE08-FABD-42CE-A8E7-09BAE4E8D5DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Legend of Korra\LoK.exe
    FirewallRules: [{C4A4F7EA-64FC-469A-8B9A-CC47AF9AC121}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Deed\Game.exe
    FirewallRules: [{505C8903-19C1-45C0-B823-FD467445C076}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Deed\Game.exe
    FirewallRules: [{E470444B-4C87-4101-9A9C-93458925712C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
    FirewallRules: [{9EFADB0B-3B53-4C34-9C28-A117D43046F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
    FirewallRules: [{4E27C66E-72FD-495D-831F-148B26ED8B7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
    FirewallRules: [{4D42A5A6-2D56-4ACC-AA60-A9644CF7B1A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
    FirewallRules: [{5765342C-E969-4BC4-B55A-DCC5A30D4B4A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [{BEFCFC38-807F-4BC3-87CD-7F6A80CC17ED}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [{C7D109D2-E56F-4F04-8C9E-EF5563D19555}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [{59C726C4-5B59-45F2-9BF9-9BBB3A56AE14}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [TCP Query User{5E7F2861-03C2-4FBE-B506-9E7B46D4591C}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{31D18B57-828B-4A18-8109-0B81F8D1E0BA}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
    FirewallRules: [{3CCC8481-2928-4D24-ABC9-20A822B0CBF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kelvin\Fahrenheit.exe
    FirewallRules: [{B7A6546A-BF9A-4630-9367-085386469CC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kelvin\Fahrenheit.exe
    FirewallRules: [{18E658D2-115C-4A6A-A887-6A47E93169A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
    FirewallRules: [{878F165A-991E-4D8E-A05B-2AF45DC09913}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
    FirewallRules: [{342AD258-34CF-4F2C-B576-8BD4AD514C25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
    FirewallRules: [{AF9E13C4-C9B0-457E-A1B1-002230863E5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
    FirewallRules: [{9F4AA613-9470-4A9B-9CBF-64F3748FF7DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
    FirewallRules: [{46670CEE-ADA0-4B5A-A976-B09D217D4F5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
    FirewallRules: [{12E925B3-1058-4025-94AB-10E9B057BBF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [{E6704F0D-D0AE-4042-8DD3-4341C9A6BE4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [TCP Query User{E9B83EF5-A69A-4891-9F8D-AB5AC1DD37D6}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{6C73C165-C05D-4FE0-A43A-DE9C38102772}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
    FirewallRules: [{6A5A4C0E-4D94-4BA7-9FC6-E67CF4FD1D97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
    FirewallRules: [{1CF0C1FF-5469-48AF-8891-CAA7F439B2A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
    FirewallRules: [{90C739E9-83DD-43B0-A52B-809F738ED9F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
    FirewallRules: [{8CE7EFF1-9078-4CB7-B6AA-0C79B16DAD0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
    FirewallRules: [{CD88FDCB-4182-4E76-8540-BE0C37777674}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
    FirewallRules: [{4D85BE5C-2666-43BE-A787-5BBC5EE67830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
    FirewallRules: [{CB85E814-0FB2-4611-B482-F4354E254037}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{00BB6D5E-C52E-486E-A94B-041B9C8C038F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{4806B806-3D2C-41DC-9BCB-4E554896F9FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{28A7BDB5-19EB-4FBD-BD53-9136DC79DFC7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{15BBA934-2752-4AEF-9FD9-CC49E89E5AFA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{0283E7C1-0EB2-4C11-9D2A-1775F619EF30}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{A4AEE25C-FDA1-4042-8B46-21F235112FC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{FD4B802B-ECC5-4CF5-AC5F-8AF2988C9193}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{BAE68209-1E7F-4C45-997B-06B6029A3AF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{98519EE3-C8E7-4EE6-8180-FF050F26FB73}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{F0CC0800-A27F-49B4-89E8-22CE4200C6CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{5487CFDB-02F4-4FCB-AB78-3F1F4CE08471}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{2606846A-519E-4797-8C6F-FA618BD18416}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{E56032F1-9C23-45A4-8056-375BE2FC5A3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{C4F28C94-2635-414F-8F61-AA0C19F0594E}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{E2275C9F-B56E-4A6B-A375-EEFCBBFA6A5C}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{3777A0E3-6CEF-4978-83B4-E72E4CDA2245}C:\program files (x86)\steam\steamapps\common\enola\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\enola\binaries\win32\udk.exe
    FirewallRules: [UDP Query User{F44BE101-F578-40ED-8FC7-B92A24CE99A2}C:\program files (x86)\steam\steamapps\common\enola\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\enola\binaries\win32\udk.exe
    FirewallRules: [{AFA5603C-FBFF-4DC0-B8A8-A02F05A81759}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OPPW3\oppw3.exe
    FirewallRules: [{420B449B-6BB0-494C-A39C-03B5788D8D76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OPPW3\oppw3.exe
    FirewallRules: [{215911D1-6039-43A2-ABED-4D9063E591F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{2C8BC86B-6A1B-46F0-B44F-25288A292770}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
    FirewallRules: [UDP Query User{7CC3F97B-8D3E-4BA7-8775-27A66FCED151}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
    FirewallRules: [{7FF36934-6418-48C0-8061-75A6C0FC6AF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\GAME.exe
    FirewallRules: [{0AE0ABE4-8685-4040-93C6-89CD45C1BF6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\GAME.exe
    FirewallRules: [{6D1AFBEA-7B2F-427C-A9A5-CC760EAD7AA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Symphonia\TOS.exe
    FirewallRules: [{ACEFA6FD-ADCD-4EF4-B446-F7373B985739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Symphonia\TOS.exe
    FirewallRules: [{BDF9CD83-6FAC-437B-B0A8-21EEF3EA7A9E}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
    FirewallRules: [{ADC326AA-FADA-43E6-B86A-99F2232B5E1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
    FirewallRules: [{7C811CAF-33FB-41EF-840A-5171CA5EABE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
    FirewallRules: [{3D9E5F5E-F529-4300-B334-947EB0765FE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DB Xenoverse\DBXV.exe
    FirewallRules: [{034BA1DC-EC2C-49A5-AC6A-A0E2AB1957AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DB Xenoverse\DBXV.exe
    FirewallRules: [{50F4F017-7760-408C-9B17-1B26F3E51E47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
    FirewallRules: [{43C513C9-82A3-47A9-B368-8E891DB1C6FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
    FirewallRules: [{D8D1381B-4FC6-4E28-AA16-EA3D678D6912}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{EAB07004-430D-45DB-9E40-944C3501E520}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{9B9B46FA-9861-48D1-9FD4-B540675E8664}] => (Allow) C:\Program Files (x86)\KMPConnect\KMPConnectCore.exe
    FirewallRules: [{37FB62A3-7D82-4749-97FD-A9F9D4357526}] => (Allow) C:\Program Files (x86)\KMPConnect\KMPConnectCore.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3
     
  5. Castilho

    Castilho TS Rookie Topic Starter

    ==================== Restore Points =========================

    03-07-2016 09:51:30 Scheduled Checkpoint
    11-07-2016 10:43:24 Windows Update
    18-07-2016 12:38:11 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/21/2016 10:46:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MSASCui.exe version 4.9.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1978

    Start Time: 01d1e3b84018f153

    Termination Time: 10

    Application Path: C:\Program Files\Windows Defender\MSASCui.exe

    Report Id: 0f0f3721-4fae-11e6-9d12-90e6baf75cee

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (07/21/2016 10:26:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: PHILIPPE-PC)
    Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

    Error: (07/21/2016 10:26:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHILIPPE-PC)
    Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (07/21/2016 10:24:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: gzserv.exe, version: 1.0.21.1099, time stamp: 0x5267e807
    Faulting module name: framework.dll, version: 1.0.18.1061, time stamp: 0x51f11e69
    Exception code: 0xc0000005
    Fault offset: 0x000000000000dccd
    Faulting process id: 0x1bfc
    Faulting application start time: 0xgzserv.exe0
    Faulting application path: gzserv.exe1
    Faulting module path: gzserv.exe2
    Report Id: gzserv.exe3
    Faulting package full name: gzserv.exe4
    Faulting package-relative application ID: gzserv.exe5

    Error: (07/21/2016 10:23:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: gzserv.exe, version: 1.0.21.1099, time stamp: 0x5267e807
    Faulting module name: framework.dll, version: 1.0.18.1061, time stamp: 0x51f11e69
    Exception code: 0xc0000005
    Fault offset: 0x000000000000dccd
    Faulting process id: 0x1728
    Faulting application start time: 0xgzserv.exe0
    Faulting application path: gzserv.exe1
    Faulting module path: gzserv.exe2
    Report Id: gzserv.exe3
    Faulting package full name: gzserv.exe4
    Faulting package-relative application ID: gzserv.exe5

    Error: (07/21/2016 10:23:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHILIPPE-PC)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (07/21/2016 10:22:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SearchUI.exe, version: 10.0.10586.420, time stamp: 0x57491ba1
    Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.306, time stamp: 0x571af9f6
    Exception code: 0xc000027b
    Fault offset: 0x00000000006fcd2b
    Faulting process id: 0x1500
    Faulting application start time: 0xSearchUI.exe0
    Faulting application path: SearchUI.exe1
    Faulting module path: SearchUI.exe2
    Report Id: SearchUI.exe3
    Faulting package full name: SearchUI.exe4
    Faulting package-relative application ID: SearchUI.exe5

    Error: (07/21/2016 10:21:24 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: gzserv.exe, version: 1.0.21.1099, time stamp: 0x5267e807
    Faulting module name: nxfidvs10xu.dll_unloaded, version: 1.3.2.182, time stamp: 0x51ee72f8
    Exception code: 0xc0000005
    Fault offset: 0x0000000000018b50
    Faulting process id: 0x164
    Faulting application start time: 0xgzserv.exe0
    Faulting application path: gzserv.exe1
    Faulting module path: gzserv.exe2
    Report Id: gzserv.exe3
    Faulting package full name: gzserv.exe4
    Faulting package-relative application ID: gzserv.exe5

    Error: (07/21/2016 09:39:06 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/21/2016 09:04:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: gzserv.exe, version: 1.0.21.1099, time stamp: 0x5267e807
    Faulting module name: framework.dll, version: 1.0.18.1061, time stamp: 0x51f11e69
    Exception code: 0xc0000005
    Fault offset: 0x000000000000dccd
    Faulting process id: 0xb40
    Faulting application start time: 0xgzserv.exe0
    Faulting application path: gzserv.exe1
    Faulting module path: gzserv.exe2
    Report Id: gzserv.exe3
    Faulting package full name: gzserv.exe4
    Faulting package-relative application ID: gzserv.exe5


    System errors:
    =============
    Error: (07/21/2016 10:26:25 PM) (Source: DCOM) (EventID: 10010) (User: PHILIPPE-PC)
    Description: MicrosoftEdge

    Error: (07/21/2016 10:24:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Bitdefender Antivirus Free Edition service terminated unexpectedly. It has done this 3 time(s).

    Error: (07/21/2016 10:24:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Bitdefender Antivirus Free Edition service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (07/21/2016 10:22:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Bitdefender Antivirus Free Edition service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (07/21/2016 10:21:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Net.Msmq Listener Adapter service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (07/21/2016 10:21:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Net.Pipe Listener Adapter service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (07/21/2016 10:21:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.

    Error: (07/21/2016 10:21:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.

    Error: (07/21/2016 10:20:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The RzWizardService service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (07/21/2016 10:20:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the RzWizardService service to connect.


    CodeIntegrity:
    ===================================
    Date: 2016-07-21 22:51:26.578
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-21 22:51:26.545
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-21 22:51:26.512
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-21 22:51:26.469
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-21 22:51:26.036
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-21 22:51:25.661
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-15 06:37:12.530
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-14 10:28:51.096
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-13 20:38:28.820
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-19 09:57:36.782
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
    Percentage of memory in use: 54%
    Total physical RAM: 6143.03 MB
    Available physical RAM: 2823.48 MB
    Total Virtual: 12287.03 MB
    Available Virtual: 9065.15 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:450.67 GB) (Free:101.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
    Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
    Partition 2: (Active) - (Size=450.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

    ==================== End of Addition.txt ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] Did you try to reinstall BitDefender?

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  7. Castilho

    Castilho TS Rookie Topic Starter

    Hi there Broni. Thank you so much for taking the time to help me out.

    1 - I actually cannot believe I didn't try this. It seems to be working fine after reinstalling.

    2 - I am very sorry. I ended up doing the MBAM scan before the Rogue Killer. Is this an issue?

    3 - I ran ADWCleaner just before seeking help. I've attached the log. I just ran it again, but it found no malicious content.

    Again, thank you so much!

    MBAM LOG

    Logfile: mbamlog.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.07.21.09
    Rootkit Database: v2016.05.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Philippe

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 488045
    Time Elapsed: 1 hr, 10 min, 6 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.MiniUPnP, C:\Program Files (x86)\KMPConnect\upnpc.exe, Quarantined, [beef002619814beb9fdfde590bf77090],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Rogue Killer LOG

    RogueKiller V12.4.0.0 (x64) [Jul 18 2016] (Free) por Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Site : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Sistema Operacional : Windows 10 (10.0.10586) 64 bits version
    Iniciou : Modo normal
    Usuário : Philippe [Administrador]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Modo : Deletar -- Data : 07/22/2016 20:11:16

    ¤¤¤ Processos : 0 ¤¤¤

    ¤¤¤ Registro : 4 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 201.17.0.93 201.17.1.83 ([-][Brazil]) -> Não selecionado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 201.17.0.93 201.17.1.83 ([-][Brazil]) -> Não selecionado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{51610c28-cca2-4349-ac5e-ba1f87f3dcc8} | DhcpNameServer : 201.17.0.93 201.17.1.83 ([-][Brazil]) -> Não selecionado
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{51610c28-cca2-4349-ac5e-ba1f87f3dcc8} | DhcpNameServer : 201.17.0.93 201.17.1.83 ([-][Brazil]) -> Não selecionado

    ¤¤¤ Tarefas : 0 ¤¤¤

    ¤¤¤ Arquivos : 1 ¤¤¤
    [PUP][Pasta] C:\Program Files (x86)\IObit -> Removido na reinicialização [91]
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\IObitLauncher.exe -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\IObitLauncher.ini -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Arabic.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Belarusian.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\ChineseSimp.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\ChineseTrad.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Czech.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Danish.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Dinka.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Dutch.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\English.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Finnish.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Flemish.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\French.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\German.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Greek.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Hebrew.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Hungarian.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Indonesia.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Italian.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Japanese.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Korean.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Latvian.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Malayalam.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Polish.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Portuguese(PT-BR).lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Portuguese(PT-PT).lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Romanian.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Russian.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Serbian (cyrillic).lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Serbian (latin).lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Slovak.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Slovenian.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Spanish.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Swedish.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Turkish.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Ukrainian.lng -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\Language\Vietnamese.lng -> Deletado
    [PUP][Pasta] C:\Program Files (x86)\IObit\LiveUpdate\Language -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -> Removido na reinicialização [5]
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.log -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdateSrvUpt.log -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdateSrvUpt.log.bak1 -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate_1.log -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\system.ini -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\update\liveupdate\IObitLauncher.exe.dat -> Deletado
    [PUP][Pasta] C:\Program Files (x86)\IObit\LiveUpdate\update\liveupdate -> Deletado
    [PUP][Arquivo] C:\Program Files (x86)\IObit\LiveUpdate\update\update.spt -> Deletado
    [PUP][Pasta] C:\Program Files (x86)\IObit\LiveUpdate\update -> Deletado
    [PUP][Pasta] C:\Program Files (x86)\IObit\LiveUpdate -> Removido na reinicialização [91]
    [PUP][Pasta] C:\Program Files (x86)\IObit\Smart Defrag 4 -> Deletado

    ¤¤¤ Arquivos de hosts : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

    ¤¤¤ Navegadores : 0 ¤¤¤

    ¤¤¤ Verificação da MBR : ¤¤¤
    +++++ PhysicalDrive0: ST9500325AS +++++
    --- User ---
    [MBR] db6dd133fd10a60ff9083f78469dbfc3
    [BSP] 430eaf6ed8558d670d2c84579f07828f : HP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14997 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 30716280 | Size: 461490 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975851520 | Size: 449 MB
    User = LL1 ... OK
    User = LL2 ... OK

    ADWCleaner LOG

    # AdwCleaner v5.201 - Logfile created 21/07/2016 at 20:30:08
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-07-21.2 [Server]
    # Operating system : Windows 10 Home (X64)
    # Username : Philippe - PHILIPPE-PC
    # Running from : C:\Users\Philippe\Downloads\AdwCleaner.exe
    # Option : Clean
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****

    [-] File Deleted : C:\END
    [-] File Deleted : C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\sxu9egj8.default\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi
    [-] File Deleted : C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
    [-] File Deleted : C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
    [-] File Deleted : C:\user.js

    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
    [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\IB Updater
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3275748955-1752506241-411057531-1000\Software\IB Updater
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3275748955-1752506241-411057531-1000\Software\SweetIM
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30
    [-] Value Deleted : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DisplayName]
    [-] Value Deleted : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    [-] Value Deleted : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [TopResultURLFallback]
    [-] Key Deleted : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

    ***** [ Web browsers ] *****

    [-] [C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : br.ask.com
    [-] [C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask search

    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [2641 bytes] - [21/07/2016 20:55:08]
    C:\AdwCleaner\AdwCleaner[C5].txt - [1312 bytes] - [21/08/2015 16:00:24]
    C:\AdwCleaner\AdwCleaner[C6].txt - [4129 bytes] - [24/11/2015 19:23:16]
    C:\AdwCleaner\AdwCleaner[R0].txt - [31554 bytes] - [14/08/2014 20:26:30]
    C:\AdwCleaner\AdwCleaner[R1].txt - [2645 bytes] - [22/11/2014 09:45:54]
    C:\AdwCleaner\AdwCleaner[R2].txt - [3364 bytes] - [11/02/2015 19:43:55]
    C:\AdwCleaner\AdwCleaner[R3].txt - [2831 bytes] - [06/07/2015 19:44:14]
    C:\AdwCleaner\AdwCleaner[R4].txt - [1292 bytes] - [25/07/2015 09:19:07]
    C:\AdwCleaner\AdwCleaner[S0].txt - [29953 bytes] - [14/08/2014 20:29:20]
    C:\AdwCleaner\AdwCleaner[S1].txt - [6170 bytes] - [22/11/2014 09:48:50]
    C:\AdwCleaner\AdwCleaner[S2].txt - [5910 bytes] - [11/02/2015 19:51:43]
    C:\AdwCleaner\AdwCleaner[S3].txt - [1359 bytes] - [25/07/2015 09:43:15]
    C:\AdwCleaner\AdwCleaner[S6].txt - [1185 bytes] - [21/08/2015 15:58:12]
    C:\AdwCleaner\AdwCleaner[S7].txt - [5803 bytes] - [24/11/2015 19:20:59]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3665 bytes] ##########

    Junkware Removal Tool LOG

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 10 Home x64
    Ran by Philippe (Administrator) on 22/07/2016 at 20:40:37,69
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 29

    Successfully deleted: C:\ai_recyclebin (Folder)
    Successfully deleted: C:\ProgramData\1423775997.4512.bin (File)
    Successfully deleted: C:\ProgramData\1423775997.4548.bin (File)
    Successfully deleted: C:\ProgramData\1423775997.4668.bin (File)
    Successfully deleted: C:\ProgramData\1423775997.5544.bin (File)
    Successfully deleted: C:\ProgramData\1423775997.5636.bin (File)
    Successfully deleted: C:\ProgramData\1423775997.5812.bin (File)
    Successfully deleted: C:\ProgramData\1423775997.5948.bin (File)
    Successfully deleted: C:\ProgramData\1423776360.bdinstall.bin (File)
    Successfully deleted: C:\ProgramData\1469180778.bdinstall.bin (File)
    Successfully deleted: C:\ProgramData\1469180793.bdinstall.bin (File)
    Successfully deleted: C:\ProgramData\1469180868.bdinstall.bin (File)
    Successfully deleted: C:\ProgramData\1469222946.bdinstall.bin (File)
    Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
    Successfully deleted: C:\Users\Philippe\AppData\Local\{0D8B9F6B-EF95-4608-89D6-8F9CD2BEBC44} (Empty Folder)
    Successfully deleted: C:\Users\Philippe\AppData\Local\{1406AF46-98EA-451D-BBE8-9DB4E16888BB} (Empty Folder)
    Successfully deleted: C:\Users\Philippe\AppData\Local\{183EFBF2-D68E-40C3-A508-1BA84B893287} (Empty Folder)
    Successfully deleted: C:\Users\Philippe\AppData\Local\{4D8371F1-7890-4FE4-8BAC-3059C301B9E7} (Empty Folder)
    Successfully deleted: C:\Users\Philippe\AppData\Local\{B1104D51-E94B-415E-A60C-54863584A174} (Empty Folder)
    Successfully deleted: C:\Users\Philippe\AppData\Local\{F3B215F3-4320-4B89-B3AC-4AD6588B82DE} (Empty Folder)
    Successfully deleted: C:\Users\Philippe\AppData\Roaming\getrighttogo (Folder)
    Successfully deleted: C:\Users\Philippe\AppData\Roaming\iobit\driver booster (Folder)
    Successfully deleted: C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\wondershare player.lnk (Shortcut)
    Successfully deleted: C:\Users\Philippe\AppData\Roaming\productdata (Folder)
    Successfully deleted: C:\Users\Philippe\AppData\Roaming\speedrunnerslog.txt (File)
    Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Philippe) (Task)
    Successfully deleted: C:\WINDOWS\prefetch\ANTIVIRUS_FREE_EDITION.EXE-5256F2A8.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\ANTIVIRUS_FREE_EDITION_X64.EX-8A2C5235.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\DRIVERCTRL.EXE-22B7B922.pf (File)



    Registry: 1

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 22/07/2016 at 20:44:59,82
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Does BitDefender work now?

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  9. Castilho

    Castilho TS Rookie Topic Starter

    Yes, Broni, it works fine now. Thank you!

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2016 02
    Ran by Philippe (administrator) on PHILIPPE-PC (23-07-2016 22:05:34)
    Running from C:\Philippe\Arquivos
    Loaded Profiles: Philippe (Available Profiles: Philippe & DefaultAppPool)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe
    () C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
    () C:\Program Files (x86)\KMPConnect\KMPConnectService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
    (ASUSTeK Inc.) C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
    (GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    () C:\Program Files (x86)\KMPConnect\kmpconnectcore.exe
    Failed to access process -> HControl.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    (ASUSTeK Inc.) C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
    () C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe
    () C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
    () C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    (GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    (ASUS) C:\Windows\AsScrPro.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (BitTorrent Inc.) C:\Users\Philippe\AppData\Roaming\uTorrent\uTorrent.exe
    (BitTorrent Inc.) C:\Users\Philippe\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
    (BitTorrent Inc.) C:\Users\Philippe\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.424_none_767fbf7a263fc7d3\TiWorker.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [EeeStorageBackup] => C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe [947472 2009-08-25] (ECAREME)
    HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2016-01-29] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
    HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
    HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
    HKLM-x32\...\Run: [Turbo Gear Help] => C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe [1026048 2009-08-05] ()
    HKLM-x32\...\Run: [Turbo Gear] => C:\Program Files (x86)\ASUS\Turbo Gear Extreme\TurboGear.exe [2987520 2009-08-06] ()
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248320 2011-03-21] ()
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
    HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [Diebold - Warsaw] => C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Player\DelayPluginI.exe [1960008 2014-09-19] ()
    HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [263112 2016-03-22] (Razer Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
    Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-08] (Valve Corporation)
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\RunOnce: [Uninstall C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\RunOnce: [Uninstall C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\RunOnce: [Uninstall C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
    ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
    ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
    ShellIconOverlayIdentifiers: [OverlayIconExtension1] -> {fe25455d-b4c2-4e32-97d2-92632ec1c224} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [OverlayIconExtension2] -> {1fae2d88-a78e-4f03-909f-be818a3c1ce6} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
    ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 201.17.0.93 201.17.1.83
    Tcpip\..\Interfaces\{51610c28-cca2-4349-ac5e-ba1f87f3dcc8}: [DhcpNameServer] 201.17.0.93 201.17.1.83
    Tcpip\..\Interfaces\{b6297368-00d4-4a53-9687-8890c2eac1e8}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/iat/us_br.aspx
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-3275748955-1752506241-411057531-1000 -> {17377BFE-37FB-4C81-AB2E-BDDD0D50332D} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03] (Adobe Systems Incorporated)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
    BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-07] (DivX, LLC)
    BHO-x32: Wondershare Player 1.6.0 -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll [2014-09-19] (Wondershare)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
    DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
    DPF: HKLM-x32 {F9043C85-F6F2-101A-A3C9-08002B2F49FB} ms-its:C:\Program Files (x86)\The Tournament Director 2\TD.lib::/comdlg32.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\sxu9egj8.default
    FF SelectedSearchEngine:
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-21] ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-21] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll [2013-09-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-14] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-30] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Philippe\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
    FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3275748955-1752506241-411057531-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Philippe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-27] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-3275748955-1752506241-411057531-1000: gastecnologia.com.br/sf/abn -> C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-20] (GAS Tecnologia)
    FF Plugin HKU\S-1-5-21-3275748955-1752506241-411057531-1000: gastecnologia.com.br/sf/uni -> C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-11-09] (GAS Tecnologia)
    FF Plugin HKU\S-1-5-21-3275748955-1752506241-411057531-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-11] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-05-12] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-05-12] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-04-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-05-12] (Citrix Systems, Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml [2011-12-18]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml [2011-12-18]
    FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-20] [not signed]
    FF Extension: No Name - C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\sxu9egj8.default\extensions\helper@savefrom.net.xpi [not found]
    FF Extension: Avira Browser Safety - C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\sxu9egj8.default\Extensions\abs@avira.com [2014-10-14] [not signed]
    FF Extension: Online HD TV - C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\sxu9egj8.default\Extensions\onlinehdtv@onlinehd.tv [2012-10-20] [not signed]
    FF Extension: Online HD TV - C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\sxu9egj8.default\Extensions\onlinehdtv@onlinehd.tv.xpi [2012-10-20] [not signed]
    FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
    FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2016-04-09] [not signed]
    FF HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
    FF Extension: GBBD Banco Santander (Brasil) S.A. - C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2015-01-26] [not signed]
    FF HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
    FF Extension: Guardião - Itaú 30 horas - C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-11-09] [not signed]

    Chrome:
    =======
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ()
    CHR Profile: C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface [2014-09-05]
    CHR Extension: (Google Docs) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
    CHR Extension: (Google Drive) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
    CHR Extension: (YouTube) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Adblock Plus) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
    CHR Extension: (Google Search) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Avira Browser Safety) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-21]
    CHR Extension: (Google Docs Offline) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (The Camelizer) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2016-04-26]
    CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf [2015-03-03]
    CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-09-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-08-25]
    CHR Extension: (Enhanced Steam) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-07-07]
    CHR Extension: (Gmail) - C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3275748955-1752506241-411057531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [abmojiekfpcmkkfamgfcpgfgipocface] - C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx [2013-06-02]
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
    CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
    R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe [66768 2014-11-14] ()
    S4 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
    S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-01-06] (BitRaider, LLC)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-02] (Microsoft Corporation)
    S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-12-23] (Creative Labs) [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2009-11-15] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]
    R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2016-01-29] (NVIDIA Corporation)
    R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
    S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
    R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1845248 2011-03-21] (Locktime Software) [File not signed]
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2016-01-29] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2016-01-29] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-11] (Electronic Arts)
    S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-04-16] (Power Admin LLC)
    R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-10] (Razer, Inc.)
    S2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-22] (Razer Inc.)
    R2 ServiceKAirModule; C:\Program Files (x86)\KMPConnect\KMPConnectService.exe [389232 2014-05-14] ()
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6348560 2015-10-29] (TeamViewer GmbH)
    R2 Warsaw Technology; C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
    R2 WBVGAservice; C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [72248 2009-02-06] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
     
  10. Castilho

    Castilho TS Rookie Topic Starter

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [50896 2014-11-14] (Paragon Software Group)
    R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
    R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
    R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
    S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
    S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
    S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-01-09] (BitRaider)
    R1 EIO64; C:\Windows\System32\drivers\EIO64.sys [16384 2009-07-22] (ASUSTeK Computer Inc.)
    R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [61136 2014-11-14] (Paragon Software Group)
    R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
    R3 Hamachi; C:\Windows\System32\drivers\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
    S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [204496 2014-11-14] (Paragon Software Group)
    R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [15568 2014-11-14] (Paragon Software Group)
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
    S3 MEMSWEEP2; C:\Windows\system32\D275.tmp [6144 2010-05-26] (Sophos Plc) [File not signed]
    R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [45776 2014-11-14] (Paragon Software Group)
    R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [88200 2011-03-21] (Locktime Software)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2016-01-29] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2016-01-29] (NVIDIA Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
    R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-10] (Razer, Inc.)
    R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-10] (Razer, Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-22] ()
    R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
    S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15544 2013-04-18] (Headsoft)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R2 WtfEngineDrv; C:\Windows\system32\DRIVERS\WtfEngineDrv.sys [37872 2016-05-20] (AAA Internet Publishing, Inc.)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-23 20:29 - 2016-07-23 21:22 - 585321568 ____R C:\Users\Philippe\Downloads\[HorribleSubs] Berserk - 04 [1080p].mkv
    2016-07-23 20:29 - 2016-07-23 21:21 - 568574108 ____R C:\Users\Philippe\Downloads\[HorribleSubs] Alderamin on the Sky - 03 [1080p].mkv
    2016-07-23 20:29 - 2016-07-23 20:34 - 209114286 ____R C:\Users\Philippe\Downloads\[HorribleSubs] Battery - 02 [720p].mkv
    2016-07-23 20:29 - 2016-07-23 20:29 - 00022765 _____ C:\Users\Philippe\Downloads\[HorribleSubs] Berserk - 04 [1080p].mkv.torrent
    2016-07-23 20:29 - 2016-07-23 20:29 - 00016384 _____ C:\Users\Philippe\Downloads\[HorribleSubs] Battery - 02 [720p].mkv.torrent
    2016-07-23 20:28 - 2016-07-23 21:26 - 764867428 ____R C:\Users\Philippe\Downloads\[HorribleSubs] Handa-kun - 03 [1080p].mkv
    2016-07-23 20:28 - 2016-07-23 21:24 - 579920330 ____R C:\Users\Philippe\Downloads\[HorribleSubs] Shokugeki no Soma S2 - 04 [1080p].mkv
    2016-07-23 20:28 - 2016-07-23 20:28 - 00029607 _____ C:\Users\Philippe\Downloads\[HorribleSubs] Handa-kun - 03 [1080p].mkv.torrent
    2016-07-23 20:28 - 2016-07-23 20:28 - 00022578 _____ C:\Users\Philippe\Downloads\[HorribleSubs] Shokugeki no Soma S2 - 04 [1080p].mkv.torrent
    2016-07-23 20:28 - 2016-07-23 20:28 - 00022138 _____ C:\Users\Philippe\Downloads\[HorribleSubs] Alderamin on the Sky - 03 [1080p].mkv.torrent
    2016-07-23 20:27 - 2016-07-23 20:27 - 00002744 _____ C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
    2016-07-23 20:27 - 2016-07-23 20:27 - 00000000 ____D C:\Users\Philippe\AppData\LocalLow\uTorrent
    2016-07-23 20:26 - 2016-07-23 20:26 - 02530304 _____ (BitTorrent Inc.) C:\Users\Philippe\Downloads\uTorrent.exe
    2016-07-23 16:03 - 2016-07-23 16:03 - 00001585 _____ C:\Users\Public\Desktop\League of Legends.lnk
    2016-07-23 16:03 - 2016-07-23 16:03 - 00000000 ____D C:\Riot Games
    2016-07-23 15:53 - 2016-07-23 16:03 - 28120008 _____ (Riot Games) C:\Users\Philippe\Downloads\LeagueofLegends_BR_Installer_2016_05_13.exe
    2016-07-22 20:44 - 2016-07-22 20:44 - 00003089 _____ C:\Users\Philippe\Desktop\JRT.txt
    2016-07-22 20:39 - 2016-07-22 20:39 - 00000000 ____D C:\ProgramData\GZ
    2016-07-22 20:38 - 2016-07-22 20:38 - 01610560 _____ (Malwarebytes) C:\Users\Philippe\Downloads\JRT.exe
    2016-07-22 18:39 - 2016-07-22 18:39 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-07-22 18:35 - 2016-07-22 18:35 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-07-22 18:34 - 2016-07-22 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-07-22 18:34 - 2016-07-22 18:35 - 00000000 ____D C:\Program Files\RogueKiller
    2016-07-22 18:34 - 2016-07-22 18:34 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-07-22 18:31 - 2016-07-22 18:31 - 00002247 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
    2016-07-22 18:31 - 2016-07-22 18:31 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
    2016-07-22 18:31 - 2016-07-22 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
    2016-07-22 18:30 - 2016-07-22 18:31 - 00000000 ____D C:\Program Files\Bitdefender
    2016-07-22 18:30 - 2013-04-17 13:59 - 00718840 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
    2016-07-22 18:30 - 2013-04-17 13:59 - 00593144 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
    2016-07-22 18:30 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
    2016-07-22 18:29 - 2013-05-28 11:12 - 00382536 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
    2016-07-22 18:29 - 2013-04-22 12:21 - 00148696 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
    2016-07-22 18:18 - 2016-07-22 18:18 - 00002066 _____ C:\ProgramData\1469222246.17264.bin
    2016-07-22 18:18 - 2016-07-22 18:18 - 00000421 _____ C:\ProgramData\1469222246.17328.bin
    2016-07-22 18:17 - 2016-07-22 18:18 - 00043429 _____ C:\ProgramData\1469222246.15824.bin
    2016-07-22 06:47 - 2016-07-22 06:47 - 10606640 _____ C:\Users\Philippe\Downloads\Antivirus_Free_Edition_x64.exe
    2016-07-22 06:46 - 2016-07-22 06:47 - 00196944 _____ C:\Users\Philippe\Downloads\Antivirus_Free_Edition.exe
    2016-07-22 06:44 - 2016-07-22 18:34 - 34626736 _____ (Adlice Software ) C:\Users\Philippe\Downloads\setup.exe
    2016-07-22 00:48 - 2016-07-22 00:48 - 00001767 _____ C:\Users\Public\Desktop\Defraggler.lnk
    2016-07-22 00:45 - 2016-07-22 00:45 - 04529456 _____ (Piriform Ltd) C:\Users\Philippe\Downloads\dfsetup221.exe
    2016-07-21 22:25 - 2016-07-23 22:05 - 00000000 ____D C:\FRST
    2016-07-21 21:30 - 2016-07-21 22:24 - 00001714 _____ C:\Users\Philippe\Desktop\Rkill.txt
    2016-07-21 21:16 - 2016-07-21 21:16 - 06079168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
    2016-07-21 21:07 - 2016-07-21 21:07 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2016-07-21 21:07 - 2016-07-21 21:07 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-07-21 21:07 - 2016-07-21 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-07-21 21:07 - 2016-07-21 21:07 - 00000000 ____D C:\Program Files\CCleaner
    2016-07-21 21:06 - 2016-07-21 22:17 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
    2016-07-21 21:06 - 2016-07-21 22:17 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
    2016-07-21 21:04 - 2016-07-21 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    2016-07-21 21:04 - 2016-07-21 21:04 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2016-07-18 23:34 - 2016-07-18 23:34 - 00000000 ____D C:\Users\Philippe\AppData\Local\Pokemon Insurgence
    2016-07-18 23:29 - 2016-07-22 01:13 - 00000000 ____D C:\Program Files (x86)\Pokemon Insurgence
    2016-07-18 22:30 - 2016-07-20 22:38 - 00000446 _____ C:\Users\Philippe\AppData\Roaming\CSharpAnalytics-MeasurementSession
    2016-07-18 22:30 - 2016-07-18 22:30 - 00000000 ____D C:\Users\Philippe\AppData\Local\InsurgenceLauncher
    2016-07-06 19:36 - 2016-07-06 19:36 - 00000000 ____D C:\ProgramData\GeoComply
    2016-07-05 22:42 - 2016-07-05 22:42 - 00000000 ____D C:\Users\Philippe\AppData\Local\BANDAI NAMCO Games
    2016-06-28 22:14 - 2016-06-28 22:14 - 00000038 _____ C:\Users\Philippe\Desktop\ping.bat
    2016-06-28 21:44 - 2016-06-28 21:44 - 00001050 _____ C:\Users\Public\Desktop\WTFast.lnk
    2016-06-28 21:44 - 2016-06-28 21:44 - 00000000 ____D C:\Users\Philippe\AppData\Local\AAA_Internet_Publishing,_
    2016-06-28 21:44 - 2016-05-20 10:02 - 00037872 _____ (AAA Internet Publishing, Inc.) C:\WINDOWS\system32\Drivers\WtfEngineDrv.sys
    2016-06-28 21:43 - 2016-06-28 21:44 - 00000000 ____D C:\Program Files (x86)\WTFast

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-23 22:03 - 2010-01-23 21:27 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\uTorrent
    2016-07-23 21:44 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-07-23 21:20 - 2010-07-05 22:37 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-07-23 21:16 - 2012-10-30 05:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-07-23 20:35 - 2014-05-17 19:59 - 00000000 ____D C:\The KMPlayer
    2016-07-23 19:30 - 2011-01-04 11:31 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-07-23 17:35 - 2010-05-24 18:56 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{33DAD70F-0861-48D0-9CF0-061A5DC2C8EE}
    2016-07-23 16:52 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-07-23 16:04 - 2014-03-08 12:36 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\Riot Games
    2016-07-23 15:45 - 2010-07-05 22:37 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-07-22 21:11 - 2014-09-28 18:08 - 00000441 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
    2016-07-22 21:10 - 2014-05-17 20:00 - 00000000 ____D C:\Program Files (x86)\KMPConnect
    2016-07-22 21:09 - 2015-12-05 04:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-07-22 21:09 - 2015-12-05 03:54 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-07-22 21:09 - 2015-10-30 03:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-07-22 20:43 - 2014-02-28 19:03 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\IObit
    2016-07-22 20:43 - 2014-02-28 19:03 - 00000000 ____D C:\ProgramData\IObit
    2016-07-22 20:26 - 2014-11-16 15:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-07-22 20:19 - 2015-12-05 03:59 - 01008280 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-07-22 20:19 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
    2016-07-22 18:51 - 2015-10-30 04:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-07-22 18:48 - 2013-10-30 14:24 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-07-22 01:20 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-07-22 01:15 - 2015-12-12 16:07 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL.001
    2016-07-22 01:15 - 2015-10-30 06:07 - 00000000 ____D C:\WINDOWS\ShellNew
    2016-07-22 01:15 - 2015-10-30 06:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 __RSD C:\WINDOWS\Media
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\setup
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\IME
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Defender
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2016-07-22 01:15 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2016-07-22 01:14 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-07-22 01:14 - 2015-10-30 03:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-07-22 01:14 - 2015-10-30 03:28 - 00000000 ____D C:\WINDOWS\servicing
    2016-07-22 01:14 - 2015-08-13 21:50 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-07-22 01:14 - 2010-05-14 12:18 - 00000000 ____D C:\Users\Philippe\AppData\Local\PokerStars
    2016-07-22 00:54 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2016-07-22 00:50 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-07-22 00:48 - 2013-02-28 00:27 - 00000000 ____D C:\Program Files\Defraggler
    2016-07-22 00:48 - 2012-09-23 18:20 - 00000000 ____D C:\Users\Philippe\AppData\Local\LogMeIn Hamachi
    2016-07-21 23:11 - 2010-01-20 14:26 - 00000000 ____D C:\Philippe
    2016-07-21 22:29 - 2015-10-30 03:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-07-21 22:17 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\registration
    2016-07-21 21:20 - 2016-04-12 21:03 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\TeamViewer
    2016-07-21 21:20 - 2011-06-07 10:04 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\TS3Client
    2016-07-21 21:20 - 2010-02-07 16:02 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\Media Player Classic
    2016-07-21 21:19 - 2016-05-13 21:47 - 00000000 ____D C:\WINDOWS\Minidump
    2016-07-21 21:19 - 2015-12-05 09:43 - 00000000 ___DC C:\WINDOWS\Panther
    2016-07-21 21:19 - 2013-11-13 15:21 - 00000000 ____D C:\Users\Philippe\AppData\Local\CrashDumps
    2016-07-21 21:18 - 2015-10-14 06:35 - 00000000 ____D C:\Users\Philippe\Desktop\Mamãe
    2016-07-21 20:55 - 2015-12-05 04:00 - 00000000 ____D C:\Users\Philippe
    2016-07-21 20:55 - 2014-08-14 20:26 - 00000000 ____D C:\AdwCleaner
    2016-07-21 20:50 - 2014-11-16 15:15 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-07-21 20:50 - 2014-11-16 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-07-21 20:50 - 2014-11-16 15:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-07-21 20:20 - 2015-12-05 03:45 - 04952872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-07-19 19:45 - 2015-12-05 11:36 - 00000000 ____D C:\Users\Philippe\AppData\Local\Deployment
    2016-07-13 08:05 - 2013-07-18 15:00 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-07-09 12:05 - 2014-05-06 20:19 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\Curse Client
    2016-07-08 13:49 - 2010-01-29 18:09 - 00000000 ____D C:\Users\Philippe\AppData\Roaming\Skype
    2016-07-08 08:49 - 2010-01-29 15:57 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-07-08 08:49 - 2010-01-29 15:57 - 00000000 ____D C:\ProgramData\Skype
    2016-07-06 21:39 - 2010-01-19 23:15 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-07-01 02:09 - 2009-07-29 03:03 - 00400310 __RSH C:\bootmgr
    2016-06-29 06:27 - 2016-04-14 09:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2016-06-28 21:44 - 2013-02-15 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast
    2016-06-23 21:39 - 2016-06-19 13:43 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
    2016-06-23 21:39 - 2016-06-19 13:43 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
    2016-06-23 21:39 - 2009-11-15 04:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-06-23 21:25 - 2012-05-19 20:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-06-23 21:25 - 2012-05-19 20:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-06-23 11:30 - 2012-05-19 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

    ==================== Files in the root of some directories =======

    2013-04-15 21:44 - 2013-04-15 23:47 - 0000015 _____ () C:\Users\Philippe\AppData\Roaming\CariocaPokerClub.frmMTexasTourney.resizer_settings
    2016-07-18 22:30 - 2016-07-20 22:38 - 0000446 _____ () C:\Users\Philippe\AppData\Roaming\CSharpAnalytics-MeasurementSession
    2013-12-14 08:45 - 2013-12-14 08:45 - 0000388 _____ () C:\Users\Philippe\AppData\Roaming\hexplorer.dat
    2013-12-14 08:45 - 2013-12-14 08:45 - 0000004 _____ () C:\Users\Philippe\AppData\Roaming\mclip.dat
    2011-04-06 21:34 - 2011-04-06 21:34 - 0046790 _____ () C:\Users\Philippe\AppData\Roaming\room.dat
    2013-04-24 21:54 - 2014-04-26 12:22 - 0034816 _____ () C:\Users\Philippe\AppData\Roaming\RZR_002052a74400bf73f7ac42cef577.db
    2013-06-02 17:47 - 2013-06-02 17:47 - 0013897 _____ () C:\Users\Philippe\AppData\Roaming\unins000.dat
    2013-06-02 17:47 - 2013-06-02 17:47 - 0706250 _____ () C:\Users\Philippe\AppData\Roaming\unins000.exe
    2014-09-09 23:54 - 2014-09-09 23:54 - 0017084 _____ () C:\Users\Philippe\AppData\Roaming\unins001.dat
    2014-09-09 23:54 - 2014-09-09 23:54 - 0717985 _____ () C:\Users\Philippe\AppData\Roaming\unins001.exe
    2010-07-20 13:31 - 2013-09-15 18:13 - 0006624 _____ () C:\Users\Philippe\AppData\Roaming\wklnhst.dat
    2010-02-03 14:31 - 2010-02-03 14:31 - 0004608 _____ () C:\Users\Philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-03-30 19:29 - 2011-03-30 19:29 - 0000096 _____ () C:\Users\Philippe\AppData\Local\fusioncache.dat
    2010-06-15 13:31 - 2016-06-08 21:01 - 0007605 _____ () C:\Users\Philippe\AppData\Local\Resmon.ResmonCfg
    2006-06-26 02:33 - 2006-06-26 02:33 - 0163840 _____ (アリスソフト) C:\Users\Philippe\AppData\Local\Tempals_inst.exe
    2014-06-30 17:34 - 2014-06-30 17:34 - 0000000 _____ () C:\Users\Philippe\AppData\Local\{99B51C2B-CEC8-43C5-A0B3-407C2C11ABFD}
    2011-06-14 19:41 - 2011-06-14 19:41 - 0000000 _____ () C:\Users\Philippe\AppData\Local\{9BF77BC4-B6B9-4CA4-8474-E965E4831025}
    2016-07-22 18:17 - 2016-07-22 18:18 - 0043429 _____ () C:\ProgramData\1469222246.15824.bin
    2016-07-22 18:18 - 2016-07-22 18:18 - 0002066 _____ () C:\ProgramData\1469222246.17264.bin
    2016-07-22 18:18 - 2016-07-22 18:18 - 0000421 _____ () C:\ProgramData\1469222246.17328.bin
    2009-11-15 05:23 - 2009-09-10 14:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
    2011-01-19 10:44 - 2011-01-19 10:44 - 0000344 _____ () C:\ProgramData\IcL0ucP2tq
    2009-11-15 04:59 - 2009-11-15 04:59 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2009-11-15 04:59 - 2009-11-15 04:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2011-01-19 10:45 - 2011-01-19 11:42 - 0000272 _____ () C:\ProgramData\~IcL0ucP2tq
    2011-01-19 10:45 - 2011-01-19 10:45 - 0000152 _____ () C:\ProgramData\~IcL0ucP2tqr

    Some files in TEMP:
    ====================
    C:\Users\Philippe\AppData\Local\Temp\dllnt_dump.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-07-22 18:06

    ==================== End of FRST.txt ============================
     
  11. Castilho

    Castilho TS Rookie Topic Starter

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2016 02
    Ran by Philippe (2016-07-23 21:59:34)
    Running from C:\Philippe\Arquivos
    Windows 10 Home Version 1511 (X64) (2015-12-05 08:09:12)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3275748955-1752506241-411057531-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-3275748955-1752506241-411057531-1007 - Limited - Enabled)
    DefaultAccount (S-1-5-21-3275748955-1752506241-411057531-503 - Limited - Disabled)
    Guest (S-1-5-21-3275748955-1752506241-411057531-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3275748955-1752506241-411057531-1002 - Limited - Enabled)
    Philippe (S-1-5-21-3275748955-1752506241-411057531-1000 - Administrator - Enabled) => C:\Users\Philippe

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: BitDefender Gonzales (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
    AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
    3 Stars of Destiny (HKLM-x32\...\Steam App 278530) (Version: - Aldorlea Games)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    8-Bit Adventures Font Installer version 1.01 (HKLM-x32\...\{D1C02EAB-6EA2-4846-9E90-4B6253911115}}_is1) (Version: 1.01 - Critical Games)
    A Bird Story (HKLM-x32\...\Steam App 327410) (Version: - Freebird Games)
    Abyss Odyssey (HKLM-x32\...\Steam App 255070) (Version: - ACE Team)
    Academagia version 1.1.4 (HKLM-x32\...\{89DAF511-9191-4928-9470-1C8F58008616}_is1) (Version: 1.1.4 - GamersGate)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Active@ Partition Recovery (HKLM-x32\...\{DE031509-F445-4261-A377-0ECF7414D992}) (Version: 7.1.2 - LSoft Technologies)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
    Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Reader 9.3.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.3.2 - Adobe Systems Incorporated)
    Agarest: Generations of War (HKLM-x32\...\Steam App 237890) (Version: - Idea Factory)
    Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - )
    ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
    ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0013 - ASUS)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
    ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
    ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.18 - asus)
    Asus WebStorage (HKLM\...\Asus WebStorage) (Version: 2.0.31.477 - eCareme Technologies, Inc.)
    Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
    ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
    ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
    ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
    ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
    Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bermuda (HKLM-x32\...\Steam App 337630) (Version: - InvertMouse)
    Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
    BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
    Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
    Brothers - A Tale of Two Sons (HKLM\...\Steam App 225080) (Version: - Starbreeze Studios AB)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
    CariocaPokerClub (HKLM-x32\...\CariocaPokerClub 1.0.5.0) (Version: 1.0.5.0 - CariocaPokerClub)
    CariocaPokerClub (x32 Version: 1.0.5.0 - CariocaPokerClub) Hidden
    CastleStorm (HKLM-x32\...\Steam App 241410) (Version: - Zen Studios)
    CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
    CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
    CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
    Citrix online plug-in (Web) (HKLM-x32\...\{B124E6D3-91B4-4E3C-AD03-BA959B223537}) (Version: 12.0.3.6 - Citrix Systems, Inc.)
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1720 - CyberLink Corp.)
    CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.2713 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Deadly Sin 2 (HKLM-x32\...\Steam App 285420) (Version: - Dancing Dragon Games)
    Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
    Depth (HKLM-x32\...\Steam App 274940) (Version: - Digital Confectioners)
    Desura (HKLM-x32\...\Desura) (Version: 100.64 - Desura)
    Desura: Doom and Destiny (HKLM-x32\...\Desura_77395310673952) (Version: Full - HeartBit Interactive)
    Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version: - Ion Storm)
    Deus Ex: Revision (HKLM-x32\...\Steam App 397550) (Version: - Ion Storm)
    Discord (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\Discord) (Version: 0.0.291 - Hammer & Chisel, Inc.)
    DivXLand Media Subtitler (HKLM-x32\...\DivXLand Media Subtitler) (Version: - )
    Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
    DRAGON BALL XENOVERSE (HKLM\...\Steam App 323470) (Version: - DIMPS)
    DreadOut (HKLM-x32\...\Steam App 269790) (Version: - Digital Happiness)
    Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
    DuelystLauncher (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\launcher) (Version: 0.05 - Counterplay Games Inc.)
    Enola (HKLM-x32\...\Steam App 263520) (Version: - The Domaginarium)
    ePub Converter (HKLM-x32\...\ePubConverter) (Version: 1.2.1 - eBook Converter)
    Express Gate (HKLM-x32\...\{B149B9A2-3FA8-40ED-866F-C08BB56BFD81}) (Version: 1.2.13.21 - DeviceVM, Inc.)
    Fahrenheit: Indigo Prophecy Remastered (HKLM-x32\...\Steam App 312840) (Version: - Aspyr)
    Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com)
    Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
    FO2 Restoration Project 2.2 (HKLM-x32\...\Fallout 2 Restoration Project_is1) (Version: - killap)
    Folding@home-x86 (HKLM-x32\...\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}) (Version: 6.23 - Folding@home)
    Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.48.3.WIN.FullTilt.COM - )
    Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games)
    Ghost in the Shell Stand Alone Complex First Assault Online (HKLM\...\Steam App 369200) (Version: - Neople)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    GoToMeeting 5.0.0.799 (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\GoToMeeting) (Version: 5.0.0.799 - CitrixOnline)
    Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.10.0.1 - )
    HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
    Hyperdimension Neptunia Re;Birth1 (HKLM-x32\...\Steam App 282900) (Version: - Idea Factory, Inc.)
    ICY Hexplorer (remove only) (HKLM-x32\...\Hexplorer) (Version: - )
    IdleMaster (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
    Instalação do DivX (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
    IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.2 - Receita Federal do Brasil)
    Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    K-Lite Mega Codec Pack 9.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.0.0 - )
    KMP Connect Program (HKLM-x32\...\{04F1B758-A24A-4409-88C8-7CA957A7E3C0}_is1) (Version: - PandoraTV)
    KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.8.1 - PandoraTV)
    Kotor Tool (HKLM-x32\...\Kotor Tool) (Version: - )
    League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
    League of Legends (x32 Version: 1.3 - Riot Games) Hidden
    League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
    Leviathan: The Last Day of the Decade (HKLM-x32\...\Steam App 328270) (Version: - Lostwood)
    Lilly and Sasha: Curse of the Immortals (HKLM-x32\...\Steam App 364270) (Version: - )
    LISA (HKLM-x32\...\Steam App 335670) (Version: - Dingaling)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden
    Long Live the Queen (HKLM-x32\...\GOGPACKLLTQ_is1) (Version: 2.0.0.3 - GOG.com)
    Magic The Gathering Online (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\35c9d60442fbb010) (Version: 3.4.90.573 - Wizards of the Coast)
    Magic Workstation 0.94f (HKLM-x32\...\4D688725-3709-476B-8A2F-47CDA8B0B04C_is1) (Version: 1.8.0 - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Compact Framework 2.0 SP1 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 - Microsoft Corporation)
    Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 15.0.4841.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Millennium - A New Hope (HKLM-x32\...\Steam App 280140) (Version: - Aldorlea Games)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.14 - mIRC Co. Ltd.)
    Módulo de Proteção Santander 3.2.0.2 (HKLM-x32\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: Módulo de Proteção Banco Santander (Brasil) S.A. - )
    Mozilla Firefox 7.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 7.0.1 (x86 pt-BR)) (Version: 7.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MV RegClean 6.9 (HKLM-x32\...\MV RegClean 6.9_is1) (Version: - )
    My Game Long Name (HKLM\...\UDK-4aeb24a8-b221-4e50-a467-8b73cbb95afa) (Version: - Epic Games, Inc.)
    NetLimiter 3 (HKLM\...\{913923AB-3AAB-4870-8910-627C4CD82789}) (Version: 3.0.0.11 - Locktime Software s.r.o.)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.55.7 - Black Tree Gaming)
    NVIDIA 3D Vision Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
    ONE PIECE PIRATE WARRIORS 3 (HKLM\...\Steam App 331600) (Version: - KOEI TECMO GAMES CO., LTD.)
    Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
    Paragon HFS+ for Windows™ 9.1 (HKLM-x32\...\{456534C0-51E7-11DF-B336-005056C00008}) (Version: 1.00 - Nome de sua empresa:)
    Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
    Planescape - Torment (HKLM-x32\...\Planescape - Torment) (Version: - )
    Planet Stronghold (HKLM-x32\...\Steam App 291050) (Version: - Winter Wolves)
    PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
    Razer Comms (HKLM-x32\...\Razer Comms) (Version: 1.84.1 - Razer Inc.)
    Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.65 - Razer Inc)
    Razer DeathAdder(TM) Mouse (HKLM-x32\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.03 - Razer USA Ltd.)
    Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
    Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados)
    Richard & Alice (HKLM-x32\...\Steam App 279260) (Version: - Owl Cave)
    RICOH R5U8xx Media Driver ver.3.62.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH)
    Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
    RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
    Samsa and the Knights of Light (HKLM-x32\...\Steam App 371320) (Version: - Atixx)
    Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
    Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
    SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
    Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
    Signup Calc (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\db2fc40f9b1be163) (Version: 1.0.0.1 - Microsoft)
    Skyborn (HKLM-x32\...\Steam App 278460) (Version: - Dancing Dragon Games)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
    Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.103 - Skype Technologies S.A.)
    Sophos Anti-Rootkit 1.5.4 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.4 - Sophos Plc)
    SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    Stargazer (HKLM-x32\...\Steam App 373440) (Version: - )
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Suporte para Aplicativos Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    sXe Injected (HKLM-x32\...\sXe Injected) (Version: - )
    System Requirements Lab (HKLM-x32\...\{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC)
    Tales of Symphonia (HKLM\...\Steam App 372360) (Version: - BANDAI NAMCO Entertainment Inc.)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.50527 A - TeamViewer)
    TES Construction Set (HKLM-x32\...\{FF70923C-8A51-47F4-A7E9-893C6D54EB68}) (Version: - )
    The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
    The Deed (HKLM-x32\...\Steam App 420740) (Version: - Pilgrim Adventures)
    The Legend of Korra™ (HKLM-x32\...\Steam App 281690) (Version: - PlatinumGames)
    The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
    The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version: - Telltale Games)
    Thumbplug TGA (HKLM-x32\...\Thumbplug TGA) (Version: 1.10 - Echidna)
    TSLRCM 1.6 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version: - )
    Turbo Gear Extreme (HKLM-x32\...\{558B0625-03A7-491C-9693-FD1066005CBB}) (Version: 1.00.24 - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
    Warsaw 1.3.1 (HKLM-x32\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}) (Version: 14.0.8089.726 - Microsoft Corporation)
    WinDS PRO 2010.9.07 (Philippe) (HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}Philippe_is1) (Version: 2010.9.07.0 - WinDS PRO Central)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
    Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.11 - ASUS)
    Wondershare Player(Build 1.6.1) (HKLM-x32\...\Wondershare Player_is1) (Version: 1.6.1.0 - Wondershare)
    WTFast 4.1 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.1.2.761 - Initex & AAA Internet Publishing)
    Ys II (HKLM-x32\...\Steam App 223870) (Version: - Nihon Falcom)
    yuPlay client 0.7.24 (HKLM-x32\...\yuPlay клиент_is1) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3275748955-1752506241-411057531-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
    CustomCLSID: HKU\S-1-5-21-3275748955-1752506241-411057531-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Philippe\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
    CustomCLSID: HKU\S-1-5-21-3275748955-1752506241-411057531-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3275748955-1752506241-411057531-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\799\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {02696D3F-6311-4CFB-B221-DFD9FFC5259C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {06AB3C09-4719-4D18-9BC3-054ADC6F2E41} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-21] (Adobe Systems Incorporated)
    Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {11967911-2F06-4BB0-A162-B38F3F6F89F2} - System32\Tasks\{190EAC7D-72D0-44A0-AB90-3FC779243477} => pcalua.exe -a C:\Users\Philippe\Downloads\The_Lore_of_Lorewyn_2.0.4.exe -d C:\Users\Philippe\Downloads
    Task: {12170F91-09DA-451B-A22C-FE7FDCAC4965} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
    Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {204CBB3B-7BE6-4E2E-BFB3-BA2B022FC30D} - System32\Tasks\{E65DE51F-331B-490F-9C75-E3C9CF64B058} => pcalua.exe -a C:\Users\Philippe\Downloads\dotnetfx35.exe -d C:\Users\Philippe\Downloads
    Task: {225CCE1D-CA5A-4AF9-9FA6-558F10D57637} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {27779856-7C93-4298-9932-EB8AD44AD324} - System32\Tasks\{47CC266C-548B-4776-ADB9-FDCCE8DA6CA2} => pcalua.exe -a D:\autorun.exe -d D:\
    Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {2B8A12BD-2E82-4A53-A833-C5C2A7ACD089} - System32\Tasks\AdobeAAMUpdater-1.0-Philippe-PC-Philippe => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
    Task: {2C0ED80C-D683-42DF-88C1-529309733867} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {3CC91286-128D-4A08-BD49-2EE5DE80CB1D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
    Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {4267EF5A-9918-45A0-9571-901ACF3928B8} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
    Task: {4713A092-825F-4CE1-B0B5-E6234149EAF0} - \ASUSControlDeck -> No File <==== ATTENTION
    Task: {49CCC654-1C51-476E-A498-1896E9112C5C} - System32\Tasks\{66BFEFAB-1B2C-46DC-BCFA-CECB264413AD} => pcalua.exe -a D:\setup.exe -d D:\
    Task: {4AE31FF9-23C0-48A0-9108-927605A6A07B} - System32\Tasks\{BC079451-B267-424E-829F-782ACD3F09AA} => pcalua.exe -a "C:\Users\Philippe\Desktop\DC Universe Online\Disk_1\steambackup.exe" -d "C:\Users\Philippe\Desktop\DC Universe Online\Disk_1"
    Task: {4F4563B7-B4E5-450D-B3F6-8C714854C9BD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {51AA876D-0460-4A42-8801-4CAE35326C58} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {5D90CCA4-B1EC-471B-8794-D090A6429BB4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-09-04] ()
    Task: {5E517423-ECED-4EDB-AF6F-CAB33F7C3E5F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {71F9274B-DDDE-4DEE-BEB8-AF562919D023} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {7A3A7E1E-CBA4-49BE-BA22-2E14DC10E559} - System32\Tasks\{697EE5A7-8EC8-4108-BA5C-B5CFE2E391B6} => pcalua.exe -a "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Ages of Empires III\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games\Ages of Empires III"
    Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {84E1E016-1A4A-4760-AE2B-1008B77F0573} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
    Task: {88123F04-76E8-4EB3-A87B-FFF924A80234} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
    Task: {97402E6E-5B39-4F01-99D6-D6A51ECBC2AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A3EE6C46-F471-4A35-BF4D-DB3D493FBC9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {A4F96590-6A00-48C3-9A1D-245EBA99F5E6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {BA0915D0-DF4B-4F2C-B484-D69817C80E9A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BF63C140-E469-414F-9D29-80CCF2C8CABE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {C2741DF7-0C82-43D7-AF08-46484491EBD0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {CE446FCD-FBB8-4F4B-892F-EAC6EE2A0699} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {DBF17FD8-1A41-4908-BA25-09CA456A9633} - System32\Tasks\{4C1086C6-7CD6-4C0B-BB97-A1C0D2E5AAAA} => pcalua.exe -a E:\Setup.exe -d E:\
    Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {E0458463-D4BA-4AC2-8260-BE94B92A1D52} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
    Task: {E3E0850B-C9C2-45C9-9E2E-DF101ACAE9E6} - System32\Tasks\{71A1BD14-35F1-40B8-9DD0-F2695A01095D} => pcalua.exe -a "C:\Users\Philippe\Downloads\Planescape Torment DVD\widescreen\widescreen-v2.31.exe" -d "C:\Users\Philippe\Downloads\Planescape Torment DVD\widescreen"
    Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {E9C6A1CD-3D9C-454F-900E-A745F570F388} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
    Task: {EFF541FA-42A1-4BE8-B162-D96FBA1FA3B9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {F0E36F82-3DCD-4A90-9217-174E32F3867F} - System32\Tasks\{0688522C-AE95-418D-93E0-D8FD741673A2} => pcalua.exe -a "C:\Users\Philippe\Downloads\Dragon Age Origins - Ultimate Edition\MODs\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Leliana\Dragon Age Redesigned- Leliana.exe" -d "C:\Users\Philippe\Downloads\Dragon Age Origins - Ultimate Edition\MOD (the data entry has 118 more characters).
    Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {FE87E497-CF66-49D3-9CC3-CBCC148DFCB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{1FE97AFA-7656-4CF0-8886-2A624285212E}.job => C:\Windows\system32\msfeedssync.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Philippe\Desktop\logoff.bat - Shortcut.lnk -> C:\Users\Philippe\Downloads\G72GX-ASUS-0602\logoff.bat (No File)
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{F11674B3-5F6B-49F3-B595-A96DAA994B35}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.psychonauts.com/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{A3D4727B-3B75-4277-A32A-DF7EB5F03058}\SupportTasks\1\Support.lnk -> hxxp://support.lucasarts.com/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{A3D4727B-3B75-4277-A32A-DF7EB5F03058}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.kotor2.com/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{873021AA-D77F-49DE-BF8D-515B0C5DC0D8}\SupportTasks\1\Support.lnk -> hxxp://www.eidosinteractive.com/techsupp/index.htm/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{873021AA-D77F-49DE-BF8D-515B0C5DC0D8}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.deusex.com/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{8480A4F4-1E04-4EBA-8242-1959D2DC9571}\SupportTasks\1\Support.lnk -> hxxp://www.divinedivinity.com/generated/dd_e_support.html/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{8480A4F4-1E04-4EBA-8242-1959D2DC9571}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.larian.com/php/nieuws.php3
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{3CBF70F5-64E0-4313-A328-282257DDD46E}\SupportTasks\1\Support.lnk -> hxxp://www.bethsoft.com/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{3CBF70F5-64E0-4313-A328-282257DDD46E}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.elderscrolls.com/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{31EEF33F-18D0-4214-A5C7-2D1EA9BCE2AC}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.valkyriestudios.com/scgame.htm/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{006295D3-A877-4F2C-B516-98956E6A2183}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/games/
    Shortcut: C:\Users\Philippe\AppData\Local\Microsoft\Windows\GameExplorer\{006295D3-A877-4F2C-B516-98956E6A2183}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.ageofempires3.com/
    Shortcut: C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader Support.lnk -> hxxp://jdownloader.org/knowledge/index
    Shortcut: C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ePub Converter\Website.lnk -> hxxp://www.ebook-converter.com/
     
  12. Castilho

    Castilho TS Rookie Topic Starter

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-22 18:30 - 2013-03-19 11:07 - 00712288 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
    2016-07-22 18:30 - 2013-09-03 13:29 - 00111832 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
    2014-11-14 18:21 - 2014-11-14 18:21 - 00066768 _____ () C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.1\apmwinsrv.exe
    2014-05-17 20:00 - 2014-05-14 12:51 - 00389232 _____ () C:\Program Files (x86)\KMPConnect\KMPConnectService.exe
    2009-11-15 05:40 - 2009-02-06 21:57 - 00072248 _____ () C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
    2014-05-17 20:00 - 2015-10-30 09:39 - 00617584 _____ () C:\Program Files (x86)\KMPConnect\KMPConnectCore.exe
    2014-03-19 13:08 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-04-16 15:54 - 2016-01-29 07:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2008-08-14 01:59 - 2008-08-14 01:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    2016-04-13 10:04 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2008-10-01 04:02 - 2008-10-01 04:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    2009-09-04 20:24 - 2009-09-04 20:24 - 01600128 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    2016-04-13 10:04 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-04-24 11:44 - 2016-04-24 11:44 - 00959176 _____ () C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
    2007-06-15 15:28 - 2007-06-15 15:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
    2007-06-01 21:52 - 2007-06-01 21:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    2009-08-25 04:47 - 2009-08-25 04:47 - 00140560 _____ () C:\Program Files (x86)\ASUS\Asus WebStorage\EcaremeDLL.dll
    2015-12-05 04:07 - 2015-12-05 04:07 - 00029968 _____ () C:\WINDOWS\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll
    2015-12-05 04:07 - 2015-12-05 04:07 - 00931840 _____ () C:\WINDOWS\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
    2010-01-19 23:33 - 2009-12-12 14:12 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
    2015-12-17 17:32 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-05-11 10:13 - 2016-04-23 01:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2010-06-18 12:19 - 2009-08-05 23:26 - 01026048 _____ () C:\Program Files (x86)\ASUS\Turbo Gear Extreme\GearHelp.exe
    2011-12-06 23:07 - 2011-03-21 10:06 - 00248320 _____ () C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    2013-02-12 23:37 - 2013-02-12 23:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    2011-12-06 23:07 - 2011-04-14 10:48 - 01758208 _____ () C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    2016-06-14 20:53 - 2016-05-28 00:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-06-14 20:52 - 2016-05-28 00:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-06-14 20:54 - 2016-05-28 00:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-06-14 20:55 - 2016-05-28 00:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-04-19 10:42 - 2016-04-19 10:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2010-06-18 12:19 - 2008-05-22 21:24 - 00045056 _____ () C:\Program Files (x86)\ASUS\Turbo Gear Extreme\atkmethod.dll
    2013-02-12 23:38 - 2013-02-12 23:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    2008-08-27 21:32 - 2008-08-27 21:32 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    2008-06-09 14:55 - 2008-06-09 14:55 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    2016-04-19 10:42 - 2016-04-19 10:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-04-19 10:42 - 2016-04-19 10:43 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2013-03-12 17:10 - 2016-04-29 17:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-01-19 19:22 - 2015-07-03 13:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
    2014-05-21 16:28 - 2016-07-08 22:06 - 02317904 _____ () C:\Program Files (x86)\Steam\video.dll
    2014-08-28 17:19 - 2016-02-08 20:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2014-08-28 17:19 - 2016-02-08 20:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2014-08-28 17:19 - 2016-02-08 20:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2014-08-28 17:19 - 2016-02-08 20:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2014-08-28 17:19 - 2016-02-08 20:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-01-19 19:22 - 2015-07-03 13:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-01-19 19:22 - 2015-07-03 13:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2011-07-12 22:35 - 2016-07-08 22:06 - 00829520 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2016-03-09 23:49 - 2016-07-06 19:00 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
    2011-01-04 11:37 - 2016-06-14 16:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2015-01-19 19:22 - 2015-09-24 20:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
    2016-06-17 20:21 - 2016-06-15 06:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
    2016-06-17 20:21 - 2016-06-15 06:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:07BB519E [400]
    AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 [134]
    AlternateDataStreams: C:\ProgramData\Temp:734E442A [135]
    AlternateDataStreams: C:\ProgramData\Temp:90EE3BE1 [110]
    AlternateDataStreams: C:\ProgramData\Temp:A724744F [124]
    AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [145]
    AlternateDataStreams: C:\ProgramData\Temp:B88E99C8 [121]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\cinemanow.com -> hxxp://cinemanow.com
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\cinemanow.com -> hxxps://cinemanow.com
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\com -> hxxp://*.Wondershare.com
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\itau.com.br -> bankline.itau.com.br
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\itau.com.br -> hxxps://bankline.itau.com.br
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\sony.com -> sony.com

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 23:34 - 2015-11-07 20:17 - 00001794 ____N C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 adobe.activate.com
    127.0.0.1 adobeereg.com
    127.0.0.1 www.adobeereg.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 125.252.224.90
    127.0.0.1 125.252.224.91
    127.0.0.1 hl2rcv.adobe.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    DNS Servers: 201.17.0.93 - 201.17.1.83
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: ATKGFNEXSrv => 2
    MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
    MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
    MSCONFIG\Services: DAUpdaterSvc => 3
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    MSCONFIG\startupreg: NB Probe => C:\Program Files (x86)\ASUS\NB Probe\NBProbe.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    HKLM\...\StartupApproved\Run: => "EeeStorageBackup"
    HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3275748955-1752506241-411057531-1000\...\StartupApproved\Run: => "Steam"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{2190C2B9-02B2-4226-8528-50D717173B43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
    FirewallRules: [{76D76C95-32B7-4F7A-9A9D-1FBFE1659866}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
    FirewallRules: [{BA2C56F7-11A5-4F2B-B34D-AB9D491E0170}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys II\config.exe
    FirewallRules: [{DFEA5384-CC27-49F3-A39C-CFDBD315DB65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys II\config.exe
    FirewallRules: [{C81AD5D7-6D24-4CAC-BF7D-A17EE8282F32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys II\ys2plus.exe
    FirewallRules: [{FC2BF5F1-A29D-40B4-8397-EB78D3A8F456}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys II\ys2plus.exe
    FirewallRules: [{D58F9ADE-2A21-4E15-98E0-CFCEFEAE178E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Agarest Generations of War\Agarest.exe
    FirewallRules: [{2C910819-BA95-4E32-922C-8425592F35F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Agarest Generations of War\Agarest.exe
    FirewallRules: [{2BA4BF2F-0257-4A30-A1A8-0C207466C5A2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{C8B2165D-D639-415B-AB14-151986B8B273}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{54217F73-E793-4004-BF23-AFB4C62206FA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{73581C1D-5379-4E8C-B871-58A0F7DA1EFC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{2381FD81-1122-44EF-AD2B-412372AE602E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lilly and Sasha Curse of the Immortals\Lilly and Sasha.exe
    FirewallRules: [{56C9F530-8B92-47DB-A094-A09F0686DB54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lilly and Sasha Curse of the Immortals\Lilly and Sasha.exe
    FirewallRules: [{1189F34C-D7CD-4495-B776-5907CB6449FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\abyss_odyssey\Binaries\Win32\AO.exe
    FirewallRules: [{EC719E9B-E529-4881-A390-E9031C4BF7A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\abyss_odyssey\Binaries\Win32\AO.exe
    FirewallRules: [{606F2D3D-E097-4338-A972-BED889392EC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
    FirewallRules: [{2190B10D-A520-4BA2-92A5-2FF072897E60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
    FirewallRules: [{48EE9C4A-021A-41AF-A8D0-7EFA40ACCEBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\Revision.exe
    FirewallRules: [{F6607D68-B093-4EA7-80BB-B1AA68F2D74E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\Revision.exe
    FirewallRules: [{01F6E92B-DC0B-4A3F-952D-66C0705D741A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
    FirewallRules: [{F53063A4-9109-4E66-818D-17860D3C6F76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
    FirewallRules: [{0D7A8563-AF02-44E7-8C52-5E18252ABD9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe
    FirewallRules: [{2D1CD87B-C865-48E0-B6FB-C0085E98C436}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Thrones.exe
    FirewallRules: [{CC8F6AE1-BB66-4BAE-8B9B-E058CB142AD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan The Last Day of the Decade\ldod.exe
    FirewallRules: [{03904AC4-C842-4A1F-BD05-A63CE6D09B17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan The Last Day of the Decade\ldod.exe
    FirewallRules: [UDP Query User{F668BEC0-3996-4999-9715-C00DC0EC60D7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{912F6A29-F17A-4E32-BD0A-B288E46FFA72}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{C35563B9-85CB-4C4A-8F7C-5E3E8A8B47D7}C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{071214F9-5FB3-4D7B-9268-D2C175ECC546}C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe
    FirewallRules: [{58C272AC-B910-44BB-BBEA-DFF75F2C5A9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
    FirewallRules: [{B4117A9F-1621-4751-8892-BD21930C98F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
    FirewallRules: [{F1E1AB10-F768-4D16-9C79-708D3BF306CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stargazer\Stargazer.exe
    FirewallRules: [{7AD6469D-B16D-4F56-B451-BF1E9793A169}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stargazer\Stargazer.exe
    FirewallRules: [{08353DAF-8C9C-4DEE-805C-BCA677B74EC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bermuda\bermuda.exe
    FirewallRules: [{46FB651B-008D-4F7E-8179-D82BB3B32820}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bermuda\bermuda.exe
    FirewallRules: [{0B8F0F9E-97E6-4F05-A126-96B99C53F7D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{B5D743A0-1C6E-4801-8F87-DC74E15A541C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{BCEC7C88-3F6E-4CDB-A17D-D498D094F4E4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{9E46CC71-DF23-42F6-8AB9-0A0310D628FF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{EB42561C-BC19-4CD4-B8EC-2DD1152379E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
    FirewallRules: [{949B3FC8-CF55-405A-9AD4-9F9447DA764D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
    FirewallRules: [{2F0BE94D-E31B-45EE-99F9-4A338A93AF58}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
    FirewallRules: [{090CF12E-9CEF-46DD-932C-C6EBDCAFFAC5}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
    FirewallRules: [{851DD5B4-6D45-47EE-B010-465A5390DAE3}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
    FirewallRules: [{C5DB060D-BC91-40A8-8CE7-0BD8DBECF1AF}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
    FirewallRules: [{DA04E5E4-689A-488C-B0E6-679CB26E19D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\strikesuitzero\pc\main\Binary\Launcher.exe
    FirewallRules: [{F2B1E6CF-2442-4041-A78A-159DF905CBD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\strikesuitzero\pc\main\Binary\Launcher.exe
    FirewallRules: [TCP Query User{FD452118-C127-447E-AD77-8D3FE4EC308C}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
    FirewallRules: [UDP Query User{C3E14E65-2342-4636-897E-F63D5F498851}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
    FirewallRules: [TCP Query User{2E14FD8A-E5A7-481D-9DA0-8A277D928511}C:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe
    FirewallRules: [UDP Query User{29FFC570-ADD3-4378-9114-39A690D4209A}C:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\strikesuitzero\pc\main\binary\ssz.exe
    FirewallRules: [{924E019E-5233-42EE-9015-F1D150ADA2ED}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [TCP Query User{F971DC73-194A-42C5-8220-EE2ABD23E5F8}C:\level up! games\warface\launcher\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Allow) C:\level up! games\warface\launcher\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe
    FirewallRules: [UDP Query User{7B0E3174-C370-458C-98AD-D62943172009}C:\level up! games\warface\launcher\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Allow) C:\level up! games\warface\launcher\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe
    FirewallRules: [{C0898C96-FD21-4EBB-8119-559870DF6154}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3 Stars of Destiny\3Stars.exe
    FirewallRules: [{788978DE-A283-470E-A4CF-2F8F2E431F1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3 Stars of Destiny\3Stars.exe
    FirewallRules: [{AD2D65F1-2EA2-4B09-88BA-8030A42C332E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
    FirewallRules: [{9B9BF3B2-1DA8-4D10-B467-88A6AD50810D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
    FirewallRules: [{204099DC-B93E-4AC0-920B-C42936FF8F21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deadly Sin 2\Game.exe
    FirewallRules: [{AD36E8F0-E49C-4D1F-B559-9A80AB24F11F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deadly Sin 2\Game.exe
    FirewallRules: [{6A3441CE-9D4B-4918-8B1F-72A3DB50BD31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyborn\Game.exe
    FirewallRules: [{691001AA-5034-4211-9B7D-0A92F788F0C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyborn\Game.exe
    FirewallRules: [{C25E9639-0C6D-4876-BA05-FDEC51FD8D1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millennium 1\Millennium.exe
    FirewallRules: [{0AFD0183-E12F-42CB-B299-D91514C822E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millennium 1\Millennium.exe
    FirewallRules: [{9A810B56-4D64-434F-9C95-3D81E98791CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
    FirewallRules: [{F9F311DA-51EC-4BD0-84F5-EFB18CA36147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
    FirewallRules: [TCP Query User{A56CEDD3-E2A0-4187-B54F-3D4EB6DB797E}C:\users\philippe\downloads\remotecontrolserver.exe] => (Allow) C:\users\philippe\downloads\remotecontrolserver.exe
    FirewallRules: [UDP Query User{9174DDB2-D914-4840-95C3-8FBB62390E96}C:\users\philippe\downloads\remotecontrolserver.exe] => (Allow) C:\users\philippe\downloads\remotecontrolserver.exe
    FirewallRules: [TCP Query User{FED1ABB3-7F89-4807-9EBA-78562FCF4726}C:\program files (x86)\magic workstation\data\mwshost.exe] => (Allow) C:\program files (x86)\magic workstation\data\mwshost.exe
    FirewallRules: [UDP Query User{7DA4DC69-6F2D-4499-9EFC-B4D7D435B18D}C:\program files (x86)\magic workstation\data\mwshost.exe] => (Allow) C:\program files (x86)\magic workstation\data\mwshost.exe
    FirewallRules: [{DBC271EF-0A2F-49F4-B1AE-67E9018B2354}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\Catan.exe
    FirewallRules: [{4B947FC7-FB94-4E47-96C6-A1E410B88261}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\Catan.exe
    FirewallRules: [{79A6400B-AC23-40B6-812D-02F0BBF9BFFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\CatanEdit.exe
    FirewallRules: [{5B02CFE2-5F18-42F7-ACDD-8BF296EEF391}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan\bin\Release\CatanEdit.exe
    FirewallRules: [{74CB1C67-9E73-4ADD-BB18-439D179B2760}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{764142D7-5983-40A3-9111-CB4D44232825}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{42DEADD6-D5E4-49D8-AC1E-D528E426D8D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
    FirewallRules: [{F02CBF08-4CD5-4D62-A8D0-849B54B9AE38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead Season Two\TheWalkingDead2.exe
    FirewallRules: [{F45833DE-A75C-4583-A9DD-B9F1CE199A26}] => (Allow) C:\Program Files (x86)\Diebold\Warsaw\core.exe
    FirewallRules: [{1AF9E54B-2F68-42B0-86BD-B8E9183B8768}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{06A2AA87-D250-4ED9-A0D2-F0575B81221A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{BB4D5ACA-53B3-48AE-9D47-292A3CB7C4E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{E29BE655-3C44-4F16-B165-E60B680CF20A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{B6543D78-95AF-43E6-9484-F071E987E3AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{BD34B8C8-4DCB-4EA3-B564-C30BD8C897BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{4EAF2E79-7023-46F3-B244-C9BD7B4AE7DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [{4C700911-1A92-44E2-B3C8-D2700CCAD85D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [TCP Query User{92471A75-F022-4D02-A609-04DFB81F9544}C:\users\philippe\desktop\new folder\remoteserver.exe] => (Allow) C:\users\philippe\desktop\new folder\remoteserver.exe
    FirewallRules: [UDP Query User{A8E6C70D-5479-4204-9AF6-04B05DBA6737}C:\users\philippe\desktop\new folder\remoteserver.exe] => (Allow) C:\users\philippe\desktop\new folder\remoteserver.exe
    FirewallRules: [TCP Query User{0232CE29-360A-4EF5-9C56-A85E68370E6E}C:\gog games\shadowrun returns\shadowrun.exe] => (Allow) C:\gog games\shadowrun returns\shadowrun.exe
    FirewallRules: [UDP Query User{652446DA-4427-4AEC-8D6D-1189374C3854}C:\gog games\shadowrun returns\shadowrun.exe] => (Allow) C:\gog games\shadowrun returns\shadowrun.exe
    FirewallRules: [{5841958E-BD0E-4D7E-8794-435BE00A08D7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{16F6DF59-3709-4B98-98DF-DC516AD53EF8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [{DF4FA678-FF4F-4C75-8E0E-8B2C1CA23442}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [{AA5438F7-BC33-46CA-90EA-7AE61268CAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
    FirewallRules: [{2BA75C7A-3651-4A6A-AAAE-E9408E9D922A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe
    FirewallRules: [TCP Query User{1D5F3720-AF19-4CB8-93D9-EC8AA20EC730}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
    FirewallRules: [UDP Query User{8C955BEA-1D02-4E6A-AE7C-B1DB69DDF41D}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
    FirewallRules: [TCP Query User{092B4110-9B0B-4597-A306-2F9823D09308}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
    FirewallRules: [UDP Query User{673530CE-D082-4859-8E5E-AC106A5F5187}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
    FirewallRules: [{C886938B-4BE4-463A-883A-F0D527FC2AA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
    FirewallRules: [{EF4D5B53-C544-4AF5-AB57-514E1692F969}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
    FirewallRules: [{EB33DE34-C50D-402F-9634-1AE1E31C0F48}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{6A24E867-129C-4604-B3CD-1E511E369F33}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{FC96CC0E-E344-4BA0-BA52-5E8DF75540AD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{7779FF0D-5F14-48F2-91EC-A000C290E44C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{85431D5F-4054-4F8E-8FF0-358F74CFA8D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{E4E5334A-D62D-4808-9C5F-19F462AA5F51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{88A306FC-A5F1-4594-9BE8-46FA741BCD94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RichardAndAlice\richardandalice.exe
    FirewallRules: [{D6659CBB-311D-461A-A260-FF1FEEDD40D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RichardAndAlice\richardandalice.exe
    FirewallRules: [TCP Query User{DC2D1394-17BA-4BF5-A358-F6E88A222A78}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [UDP Query User{16418643-8799-4524-821E-1CD77126142F}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [{3AD1BD2C-F9BF-48EB-AB84-2C0DEC6DCC12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inquisitor\Game\Inquisitor.exe
    FirewallRules: [{F01B4B8D-10F7-4078-857D-030494519F61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inquisitor\Game\Inquisitor.exe
    FirewallRules: [{62336EFB-7B5C-4D37-B02B-7D23DAA23048}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetStronghold\Planet Stronghold.exe
    FirewallRules: [{7896073E-7242-4FB2-8F68-1C6A0E6D22BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetStronghold\Planet Stronghold.exe
    FirewallRules: [{812009DB-398D-493F-8D3C-B3282105118B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Bird Story\A Bird Story\A Bird Story.exe
    FirewallRules: [{749B123B-49EE-44E9-A622-98621BE7E122}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Bird Story\A Bird Story\A Bird Story.exe
    FirewallRules: [TCP Query User{F5630743-E38C-4400-8577-1FD1929E90A4}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{4FFF890C-88BC-4A75-8ED2-6622E52EB424}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
    FirewallRules: [{CE176CCE-BDDA-473E-9E59-56E8AC498E0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Old City\Binaries\Win32\UDK.exe
    FirewallRules: [{78DF36E7-AE00-42A3-8A5E-0D49A728BD73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Old City\Binaries\Win32\UDK.exe
    FirewallRules: [TCP Query User{5298AD4D-8A88-4DF5-82E6-B5D0CE4090B1}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{EC71CE64-C08F-4531-A68C-66139C8DAF37}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{AA56ECE7-C05E-4500-AE02-41F353790F75}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [UDP Query User{14C191BA-FE05-431F-AE7D-B21B72CFA405}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [TCP Query User{D2442127-EB0E-48F7-B8C3-A33377F6DC28}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{BD22CF65-1DB1-4185-9593-D5196823C687}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
    FirewallRules: [{7B69A761-490D-4318-B872-FBCB8A6AD45B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleStorm\CastleStorm.exe
    FirewallRules: [{E6B9CF04-E6B9-405A-B1EB-19DF0A2E682D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleStorm\CastleStorm.exe
    FirewallRules: [TCP Query User{9D1BD45B-40EA-455F-9BEF-88A021C78032}C:\program files (x86)\java\jre7\launch4j-tmp\irpf2015.exe] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\irpf2015.exe
    FirewallRules: [UDP Query User{83C4BEC3-4A67-4DC7-8693-64CEE36098CE}C:\program files (x86)\java\jre7\launch4j-tmp\irpf2015.exe] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\irpf2015.exe
    FirewallRules: [{FC941BF1-24E2-4979-A1FB-2971F75EF6BF}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{AD177177-A52C-4D8C-A343-8DF30E7C7F62}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [TCP Query User{4B757644-9869-48B5-A0D5-763CA2F504E3}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{9D2161A7-AAD6-4513-8DE9-65C8EF404C83}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
    FirewallRules: [{4082A65B-BF7A-4C06-9BDF-8A03347122DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
    FirewallRules: [{2BC02861-6C9B-4A51-B408-2A6E7F3D8F29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
    FirewallRules: [{87542EB7-EB48-42F4-8154-E418E54AF014}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
    FirewallRules: [{FAF8106A-81DF-49CB-BFA8-0E4F5ABD6185}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
    FirewallRules: [TCP Query User{4D3A7D54-EDE4-49DA-8179-5C668031BF92}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{B3A5D4CF-3F8C-4075-B01A-103D392A7D0A}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
    FirewallRules: [{AA67BEDD-55BB-4CE8-A40B-C628D2A1CF1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
    FirewallRules: [{82CC9697-5206-47BE-B25D-111C02CFF76C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
    FirewallRules: [{27FE03F9-09A7-4EA1-AF74-DC479ABDB0F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
    FirewallRules: [{A6CD33A9-90ED-4B6A-B239-38C3EDDF4146}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
     
  13. Castilho

    Castilho TS Rookie Topic Starter

    FirewallRules: [{2E2B649F-B669-4C16-AEF0-8CCFA627143A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe
    FirewallRules: [{813E93D7-B3B5-486A-B22B-2E9E021A6172}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe
    FirewallRules: [{E3E432E1-AB76-471C-9313-1B3DEE948FAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
    FirewallRules: [{B1F24C25-406B-4B85-9D6D-A2A701E7C934}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
    FirewallRules: [{A86F74D3-D0D8-4456-BBF7-9B82E38EC432}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\JOYFUL\Game.exe
    FirewallRules: [{E6DCE921-4D97-4370-850F-E89384A9EBDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\JOYFUL\Game.exe
    FirewallRules: [{D9D79220-AD31-4CB1-9153-CECAC1E7AA12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
    FirewallRules: [{F667EDEF-D231-476B-BA8A-4F0D5D5DDF38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Depth\Binaries\Win32\DepthGame.exe
    FirewallRules: [{D4E28964-C662-4A94-AC29-FA4A54A61254}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DreadOut\dreadout.exe
    FirewallRules: [{9F591500-993F-41B6-A21A-EDA256BAAE31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DreadOut\dreadout.exe
    FirewallRules: [{2EA23331-1F04-4102-8AD2-D58E4E7566C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DreadOut\dreadout32.exe
    FirewallRules: [{779590F9-815F-43D6-8F40-2F89B5BB8172}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DreadOut\dreadout32.exe
    FirewallRules: [{F1104CAF-2003-400A-B789-338E4C1B8F5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Samsa and the Knights of Light\Game.exe
    FirewallRules: [{15D4E059-0B70-4E76-A12A-91BAAD5DE97B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Samsa and the Knights of Light\Game.exe
    FirewallRules: [{69EE903D-44FB-4267-BE97-125F39B504F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Legend of Korra\LoK.exe
    FirewallRules: [{7E4AAE08-FABD-42CE-A8E7-09BAE4E8D5DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Legend of Korra\LoK.exe
    FirewallRules: [{C4A4F7EA-64FC-469A-8B9A-CC47AF9AC121}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Deed\Game.exe
    FirewallRules: [{505C8903-19C1-45C0-B823-FD467445C076}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Deed\Game.exe
    FirewallRules: [{E470444B-4C87-4101-9A9C-93458925712C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
    FirewallRules: [{9EFADB0B-3B53-4C34-9C28-A117D43046F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
    FirewallRules: [{4E27C66E-72FD-495D-831F-148B26ED8B7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
    FirewallRules: [{4D42A5A6-2D56-4ACC-AA60-A9644CF7B1A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
    FirewallRules: [{5765342C-E969-4BC4-B55A-DCC5A30D4B4A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [{BEFCFC38-807F-4BC3-87CD-7F6A80CC17ED}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [{C7D109D2-E56F-4F04-8C9E-EF5563D19555}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [{59C726C4-5B59-45F2-9BF9-9BBB3A56AE14}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [TCP Query User{5E7F2861-03C2-4FBE-B506-9E7B46D4591C}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{31D18B57-828B-4A18-8109-0B81F8D1E0BA}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
    FirewallRules: [{3CCC8481-2928-4D24-ABC9-20A822B0CBF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kelvin\Fahrenheit.exe
    FirewallRules: [{B7A6546A-BF9A-4630-9367-085386469CC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kelvin\Fahrenheit.exe
    FirewallRules: [{18E658D2-115C-4A6A-A887-6A47E93169A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
    FirewallRules: [{878F165A-991E-4D8E-A05B-2AF45DC09913}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
    FirewallRules: [{342AD258-34CF-4F2C-B576-8BD4AD514C25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
    FirewallRules: [{AF9E13C4-C9B0-457E-A1B1-002230863E5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
    FirewallRules: [{9F4AA613-9470-4A9B-9CBF-64F3748FF7DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
    FirewallRules: [{46670CEE-ADA0-4B5A-A976-B09D217D4F5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
    FirewallRules: [{12E925B3-1058-4025-94AB-10E9B057BBF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [{E6704F0D-D0AE-4042-8DD3-4341C9A6BE4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
    FirewallRules: [TCP Query User{E9B83EF5-A69A-4891-9F8D-AB5AC1DD37D6}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{6C73C165-C05D-4FE0-A43A-DE9C38102772}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
    FirewallRules: [{6A5A4C0E-4D94-4BA7-9FC6-E67CF4FD1D97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
    FirewallRules: [{1CF0C1FF-5469-48AF-8891-CAA7F439B2A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
    FirewallRules: [{90C739E9-83DD-43B0-A52B-809F738ED9F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
    FirewallRules: [{8CE7EFF1-9078-4CB7-B6AA-0C79B16DAD0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
    FirewallRules: [{CD88FDCB-4182-4E76-8540-BE0C37777674}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
    FirewallRules: [{4D85BE5C-2666-43BE-A787-5BBC5EE67830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\tbs\win32\The Banner Saga.exe
    FirewallRules: [{CB85E814-0FB2-4611-B482-F4354E254037}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{00BB6D5E-C52E-486E-A94B-041B9C8C038F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{4806B806-3D2C-41DC-9BCB-4E554896F9FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{28A7BDB5-19EB-4FBD-BD53-9136DC79DFC7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{15BBA934-2752-4AEF-9FD9-CC49E89E5AFA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{0283E7C1-0EB2-4C11-9D2A-1775F619EF30}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{A4AEE25C-FDA1-4042-8B46-21F235112FC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{FD4B802B-ECC5-4CF5-AC5F-8AF2988C9193}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{BAE68209-1E7F-4C45-997B-06B6029A3AF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{98519EE3-C8E7-4EE6-8180-FF050F26FB73}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{F0CC0800-A27F-49B4-89E8-22CE4200C6CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{5487CFDB-02F4-4FCB-AB78-3F1F4CE08471}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{2606846A-519E-4797-8C6F-FA618BD18416}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{E56032F1-9C23-45A4-8056-375BE2FC5A3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{C4F28C94-2635-414F-8F61-AA0C19F0594E}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{E2275C9F-B56E-4A6B-A375-EEFCBBFA6A5C}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{3777A0E3-6CEF-4978-83B4-E72E4CDA2245}C:\program files (x86)\steam\steamapps\common\enola\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\enola\binaries\win32\udk.exe
    FirewallRules: [UDP Query User{F44BE101-F578-40ED-8FC7-B92A24CE99A2}C:\program files (x86)\steam\steamapps\common\enola\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\enola\binaries\win32\udk.exe
    FirewallRules: [{AFA5603C-FBFF-4DC0-B8A8-A02F05A81759}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OPPW3\oppw3.exe
    FirewallRules: [{420B449B-6BB0-494C-A39C-03B5788D8D76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OPPW3\oppw3.exe
    FirewallRules: [{215911D1-6039-43A2-ABED-4D9063E591F7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{2C8BC86B-6A1B-46F0-B44F-25288A292770}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
    FirewallRules: [UDP Query User{7CC3F97B-8D3E-4BA7-8775-27A66FCED151}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
    FirewallRules: [{7FF36934-6418-48C0-8061-75A6C0FC6AF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\GAME.exe
    FirewallRules: [{0AE0ABE4-8685-4040-93C6-89CD45C1BF6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\GAME.exe
    FirewallRules: [{6D1AFBEA-7B2F-427C-A9A5-CC760EAD7AA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Symphonia\TOS.exe
    FirewallRules: [{ACEFA6FD-ADCD-4EF4-B446-F7373B985739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tales of Symphonia\TOS.exe
    FirewallRules: [{BDF9CD83-6FAC-437B-B0A8-21EEF3EA7A9E}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
    FirewallRules: [{ADC326AA-FADA-43E6-B86A-99F2232B5E1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
    FirewallRules: [{7C811CAF-33FB-41EF-840A-5171CA5EABE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
    FirewallRules: [{3D9E5F5E-F529-4300-B334-947EB0765FE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DB Xenoverse\DBXV.exe
    FirewallRules: [{034BA1DC-EC2C-49A5-AC6A-A0E2AB1957AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DB Xenoverse\DBXV.exe
    FirewallRules: [{D8D1381B-4FC6-4E28-AA16-EA3D678D6912}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{EAB07004-430D-45DB-9E40-944C3501E520}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{9B9B46FA-9861-48D1-9FD4-B540675E8664}] => (Allow) C:\Program Files (x86)\KMPConnect\KMPConnectCore.exe
    FirewallRules: [{37FB62A3-7D82-4749-97FD-A9F9D4357526}] => (Allow) C:\Program Files (x86)\KMPConnect\KMPConnectCore.exe
    FirewallRules: [{DCD6CB00-262E-4FC7-95DE-40970BA5E796}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
    FirewallRules: [{8DC9FA2C-D9D9-40FF-B6CF-C06B2C606A8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\firstassault\Shipping\nxsteam.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

    ==================== Restore Points =========================

    22-07-2016 18:11:11 Windows Update
    22-07-2016 20:39:27 JRT Pre-Junkware Removal
    22-07-2016 20:40:37 JRT Pre-Junkware Removal
    23-07-2016 16:03:29 Installed DirectX

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/23/2016 04:03:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (07/23/2016 03:44:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHILIPPE-PC)
    Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (07/22/2016 09:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: HControl.exe, version: 1.0.52.2, time stamp: 0x4a825f17
    Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
    Exception code: 0xc0000005
    Fault offset: 0x0003c56e
    Faulting process id: 0xff0
    Faulting application start time: 0xHControl.exe0
    Faulting application path: HControl.exe1
    Faulting module path: HControl.exe2
    Report Id: HControl.exe3
    Faulting package full name: HControl.exe4
    Faulting package-relative application ID: HControl.exe5

    Error: (07/22/2016 08:41:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (07/22/2016 08:39:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (07/22/2016 06:50:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Enterprise 2007 - Update 'Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

    Error: (07/22/2016 06:50:53 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Enterprise 2007 -- Error 2902.An internal error has occurred. (ixfAssemblyCopy ) Contact Microsoft Product Support Services (PSS) for assistance. For information about how to contact PSS, seePSS10R.CHM.

    Error: (07/22/2016 06:13:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (07/22/2016 05:15:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
    Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
    Exception code: 0xc0000409
    Fault offset: 0x00000000000a9ba0
    Faulting process id: 0x13f8
    Faulting application start time: 0xbackgroundTaskHost.exe0
    Faulting application path: backgroundTaskHost.exe1
    Faulting module path: backgroundTaskHost.exe2
    Report Id: backgroundTaskHost.exe3
    Faulting package full name: backgroundTaskHost.exe4
    Faulting package-relative application ID: backgroundTaskHost.exe5

    Error: (07/22/2016 12:56:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program NLClientApp.exe version 3.0.0.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: b64

    Start Time: 01d1e3ccc5f5b143

    Termination Time: 37

    Application Path: C:\Program Files\NetLimiter 3\NLClientApp.exe

    Report Id: 4d6d1cfb-4fc0-11e6-9d13-90e6baf75cee

    Faulting package full name:

    Faulting package-relative application ID:


    System errors:
    =============
    Error: (07/23/2016 04:14:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073cf6: Skype Preview.

    Error: (07/23/2016 03:58:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.225.2249.0).

    Error: (07/22/2016 09:21:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_2c431 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (07/22/2016 09:21:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_2c431 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (07/22/2016 09:21:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_2c431 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (07/22/2016 09:21:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_2c431 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (07/22/2016 09:11:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Net.Msmq Listener Adapter service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (07/22/2016 09:11:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.

    Error: (07/22/2016 09:11:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Net.Pipe Listener Adapter service failed to start due to the following error:
    %%1053 = The service did not respond to the start or control request in a timely fashion.


    Error: (07/22/2016 09:11:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.


    CodeIntegrity:
    ===================================
    Date: 2016-07-22 18:17:25.795
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-22 04:40:34.117
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-22 04:40:33.265
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-22 03:59:34.943
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-22 03:59:34.780
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-22 03:59:34.693
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-22 03:59:34.571
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-22 03:59:34.088
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-22 03:59:34.007
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-07-22 03:59:33.653
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
    Percentage of memory in use: 56%
    Total physical RAM: 6143.03 MB
    Available physical RAM: 2645.11 MB
    Total Virtual: 12287.03 MB
    Available Virtual: 7784.19 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:450.67 GB) (Free:103.84 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
    Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
    Partition 2: (Active) - (Size=450.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

    ==================== End of Addition.txt ============================
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  15. Castilho

    Castilho TS Rookie Topic Starter

    Again, thank you so much for your incredibly fast replies.


    Fix result of Farbar Recovery Scan Tool (x64) Version: 24-07-2016
    Ran by Philippe (2016-07-24 16:55:36) Run:1
    Running from C:\Users\Philippe\Desktop
    Loaded Profiles: Philippe (Available Profiles: Philippe & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
    U3 idsvc; no ImagePath
    2013-04-15 21:44 - 2013-04-15 23:47 - 0000015 _____ () C:\Users\Philippe\AppData\Roaming\CariocaPokerClub.frmMTexasTourney.resizer_settings
    2016-07-18 22:30 - 2016-07-20 22:38 - 0000446 _____ () C:\Users\Philippe\AppData\Roaming\CSharpAnalytics-MeasurementSession
    2013-12-14 08:45 - 2013-12-14 08:45 - 0000388 _____ () C:\Users\Philippe\AppData\Roaming\hexplorer.dat
    2013-12-14 08:45 - 2013-12-14 08:45 - 0000004 _____ () C:\Users\Philippe\AppData\Roaming\mclip.dat
    2011-04-06 21:34 - 2011-04-06 21:34 - 0046790 _____ () C:\Users\Philippe\AppData\Roaming\room.dat
    2013-04-24 21:54 - 2014-04-26 12:22 - 0034816 _____ () C:\Users\Philippe\AppData\Roaming\RZR_002052a74400bf73f7ac42cef577.db
    2013-06-02 17:47 - 2013-06-02 17:47 - 0013897 _____ () C:\Users\Philippe\AppData\Roaming\unins000.dat
    2013-06-02 17:47 - 2013-06-02 17:47 - 0706250 _____ () C:\Users\Philippe\AppData\Roaming\unins000.exe
    2014-09-09 23:54 - 2014-09-09 23:54 - 0017084 _____ () C:\Users\Philippe\AppData\Roaming\unins001.dat
    2014-09-09 23:54 - 2014-09-09 23:54 - 0717985 _____ () C:\Users\Philippe\AppData\Roaming\unins001.exe
    2010-07-20 13:31 - 2013-09-15 18:13 - 0006624 _____ () C:\Users\Philippe\AppData\Roaming\wklnhst.dat
    2010-02-03 14:31 - 2010-02-03 14:31 - 0004608 _____ () C:\Users\Philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-03-30 19:29 - 2011-03-30 19:29 - 0000096 _____ () C:\Users\Philippe\AppData\Local\fusioncache.dat
    2010-06-15 13:31 - 2016-06-08 21:01 - 0007605 _____ () C:\Users\Philippe\AppData\Local\Resmon.ResmonCfg
    2006-06-26 02:33 - 2006-06-26 02:33 - 0163840 _____ (アリスソフト) C:\Users\Philippe\AppData\Local\Tempals_inst.exe
    2014-06-30 17:34 - 2014-06-30 17:34 - 0000000 _____ () C:\Users\Philippe\AppData\Local\{99B51C2B-CEC8-43C5-A0B3-407C2C11ABFD}
    2011-06-14 19:41 - 2011-06-14 19:41 - 0000000 _____ () C:\Users\Philippe\AppData\Local\{9BF77BC4-B6B9-4CA4-8474-E965E4831025}
    2016-07-22 18:17 - 2016-07-22 18:18 - 0043429 _____ () C:\ProgramData\1469222246.15824.bin
    2016-07-22 18:18 - 2016-07-22 18:18 - 0002066 _____ () C:\ProgramData\1469222246.17264.bin
    2016-07-22 18:18 - 2016-07-22 18:18 - 0000421 _____ () C:\ProgramData\1469222246.17328.bin
    2009-11-15 05:23 - 2009-09-10 14:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
    2011-01-19 10:44 - 2011-01-19 10:44 - 0000344 _____ () C:\ProgramData\IcL0ucP2tq
    2009-11-15 04:59 - 2009-11-15 04:59 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2009-11-15 04:59 - 2009-11-15 04:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2011-01-19 10:45 - 2011-01-19 11:42 - 0000272 _____ () C:\ProgramData\~IcL0ucP2tq
    2011-01-19 10:45 - 2011-01-19 10:45 - 0000152 _____ () C:\ProgramData\~IcL0ucP2tqr
    C:\Users\Philippe\AppData\Local\Temp\dllnt_dump.dll
    Task: {02696D3F-6311-4CFB-B221-DFD9FFC5259C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {2C0ED80C-D683-42DF-88C1-529309733867} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {4713A092-825F-4CE1-B0B5-E6234149EAF0} - \ASUSControlDeck -> No File <==== ATTENTION
    Task: {4F4563B7-B4E5-450D-B3F6-8C714854C9BD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {51AA876D-0460-4A42-8801-4CAE35326C58} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {5E517423-ECED-4EDB-AF6F-CAB33F7C3E5F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {97402E6E-5B39-4F01-99D6-D6A51ECBC2AB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A4F96590-6A00-48C3-9A1D-245EBA99F5E6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {BA0915D0-DF4B-4F2C-B484-D69817C80E9A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BF63C140-E469-414F-9D29-80CCF2C8CABE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {EFF541FA-42A1-4BE8-B162-D96FBA1FA3B9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {FE87E497-CF66-49D3-9CC3-CBCC148DFCB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Shortcut: C:\Users\Philippe\Desktop\logoff.bat - Shortcut.lnk -> C:\Users\Philippe\Downloads\G72GX-ASUS-0602\logoff.bat (No File)
    AlternateDataStreams: C:\ProgramData\Temp:07BB519E [400]
    AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 [134]
    AlternateDataStreams: C:\ProgramData\Temp:734E442A [135]
    AlternateDataStreams: C:\ProgramData\Temp:90EE3BE1 [110]
    AlternateDataStreams: C:\ProgramData\Temp:A724744F [124]
    AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [145]
    AlternateDataStreams: C:\ProgramData\Temp:B88E99C8 [121]


    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg => value removed successfully
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully
    HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
    "HKCR\PROTOCOLS\Handler\WSIEChrome" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
    LiveUpdateSvc => service removed successfully
    idsvc => service removed successfully
    C:\Users\Philippe\AppData\Roaming\CariocaPokerClub.frmMTexasTourney.resizer_settings => moved successfully
    C:\Users\Philippe\AppData\Roaming\CSharpAnalytics-MeasurementSession => moved successfully
    C:\Users\Philippe\AppData\Roaming\hexplorer.dat => moved successfully
    C:\Users\Philippe\AppData\Roaming\mclip.dat => moved successfully
    C:\Users\Philippe\AppData\Roaming\room.dat => moved successfully
    C:\Users\Philippe\AppData\Roaming\RZR_002052a74400bf73f7ac42cef577.db => moved successfully
    C:\Users\Philippe\AppData\Roaming\unins000.dat => moved successfully
    C:\Users\Philippe\AppData\Roaming\unins000.exe => moved successfully
    C:\Users\Philippe\AppData\Roaming\unins001.dat => moved successfully
    C:\Users\Philippe\AppData\Roaming\unins001.exe => moved successfully
    C:\Users\Philippe\AppData\Roaming\wklnhst.dat => moved successfully
    C:\Users\Philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
    C:\Users\Philippe\AppData\Local\fusioncache.dat => moved successfully
    C:\Users\Philippe\AppData\Local\Resmon.ResmonCfg => moved successfully
    C:\Users\Philippe\AppData\Local\Tempals_inst.exe => moved successfully
    C:\Users\Philippe\AppData\Local\{99B51C2B-CEC8-43C5-A0B3-407C2C11ABFD} => moved successfully
    C:\Users\Philippe\AppData\Local\{9BF77BC4-B6B9-4CA4-8474-E965E4831025} => moved successfully
    C:\ProgramData\1469222246.15824.bin => moved successfully
    C:\ProgramData\1469222246.17264.bin => moved successfully
    C:\ProgramData\1469222246.17328.bin => moved successfully
    C:\ProgramData\FullRemove.exe => moved successfully
    C:\ProgramData\IcL0ucP2tq => moved successfully
    C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
    C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
    C:\ProgramData\~IcL0ucP2tq => moved successfully
    C:\ProgramData\~IcL0ucP2tqr => moved successfully
    C:\Users\Philippe\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02696D3F-6311-4CFB-B221-DFD9FFC5259C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02696D3F-6311-4CFB-B221-DFD9FFC5259C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C0ED80C-D683-42DF-88C1-529309733867}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C0ED80C-D683-42DF-88C1-529309733867}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4713A092-825F-4CE1-B0B5-E6234149EAF0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4713A092-825F-4CE1-B0B5-E6234149EAF0}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUSControlDeck => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F4563B7-B4E5-450D-B3F6-8C714854C9BD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F4563B7-B4E5-450D-B3F6-8C714854C9BD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51AA876D-0460-4A42-8801-4CAE35326C58}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51AA876D-0460-4A42-8801-4CAE35326C58}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E517423-ECED-4EDB-AF6F-CAB33F7C3E5F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E517423-ECED-4EDB-AF6F-CAB33F7C3E5F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97402E6E-5B39-4F01-99D6-D6A51ECBC2AB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97402E6E-5B39-4F01-99D6-D6A51ECBC2AB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4F96590-6A00-48C3-9A1D-245EBA99F5E6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4F96590-6A00-48C3-9A1D-245EBA99F5E6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA0915D0-DF4B-4F2C-B484-D69817C80E9A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA0915D0-DF4B-4F2C-B484-D69817C80E9A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF63C140-E469-414F-9D29-80CCF2C8CABE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF63C140-E469-414F-9D29-80CCF2C8CABE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFF541FA-42A1-4BE8-B162-D96FBA1FA3B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFF541FA-42A1-4BE8-B162-D96FBA1FA3B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE87E497-CF66-49D3-9CC3-CBCC148DFCB2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE87E497-CF66-49D3-9CC3-CBCC148DFCB2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    C:\Users\Philippe\Desktop\logoff.bat - Shortcut.lnk => moved successfully
    C:\ProgramData\Temp => ":07BB519E" ADS removed successfully.
    C:\ProgramData\Temp => ":4CF61E54" ADS removed successfully.
    C:\ProgramData\Temp => ":734E442A" ADS removed successfully.
    C:\ProgramData\Temp => ":90EE3BE1" ADS removed successfully.
    C:\ProgramData\Temp => ":A724744F" ADS removed successfully.
    C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.
    C:\ProgramData\Temp => ":B88E99C8" ADS removed successfully.

    ==== End of Fixlog 16:55:44 ====
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  17. Castilho

    Castilho TS Rookie Topic Starter

    Hi Broni. Sorry for taking so long, but I had to run the Sophos tool overnight.

    I'll report on the PC status once I am back from work, but besides the long boot time, I am noticing huge improvement on the previous general slowdown.

    Security Check Log

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    BitDefender Gonzales
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Sophos Anti-Rootkit 1.5.4
    JavaFX 2.1.1
    Java 8 Update 51
    Java version 32-bit out of Date!
    Adobe Flash Player 22.0.0.209
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (7.0.1)
    Google Chrome (51.0.2704.103)
    Google Chrome (51.0.2704.84)
    Google Chrome (SetupMetrics.pma..)
    ````````Process Check: objlist.exe by Laurent````````
    Bitdefender Antivirus Free Edition gzserv.exe
    Bitdefender Antivirus Free Edition gziface.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Log

    Farbar Service Scanner Version: 27-01-2016
    Ran by Philippe (administrator) on 24-07-2016 at 22:48:10
    Running from "C:\Users\Philippe\Downloads"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    Sophos Virus Removal Tool Log

    2016-07-25 02:18:43.788 Sophos Virus Removal Tool version 2.5.5
    2016-07-25 02:18:43.788 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2016-07-25 02:18:43.788 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2016-07-25 02:18:43.788 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
    2016-07-25 02:18:43.788 Checking for updates...
    2016-07-25 02:18:43.884 Update progress: proxy server not available
    2016-07-25 02:18:56.471 Option all = no
    2016-07-25 02:18:56.471 Option recurse = yes
    2016-07-25 02:18:56.487 Option archive = no
    2016-07-25 02:18:56.487 Option service = yes
    2016-07-25 02:18:56.487 Option confirm = yes
    2016-07-25 02:18:56.487 Option sxl = yes
    2016-07-25 02:18:56.487 Option max-data-age = 35
    2016-07-25 02:18:56.487 Option EnableSafeClean = yes
    2016-07-25 02:19:00.582 Option vdl-logging = yes
    2016-07-25 02:19:00.598 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2016-07-25 02:19:00.598 Machine ID: 428f204a8be9496b9aad4a64f0cfcbc7
    2016-07-25 02:19:00.598 Component SVRTcli.exe version 2.5.5
    2016-07-25 02:19:00.598 Component control.dll version 2.5.5
    2016-07-25 02:19:00.598 Component SVRTservice.exe version 2.5.5
    2016-07-25 02:19:00.598 Component engine\osdp.dll version 1.44.1.2250
    2016-07-25 02:19:00.598 Component engine\veex.dll version 3.65.0.2250
    2016-07-25 02:19:00.598 Component engine\savi.dll version 9.0.1.2250
    2016-07-25 02:19:00.598 Component rkdisk.dll version 1.5.30.0
    2016-07-25 02:19:00.598 Version info: Product version 2.5.5
    2016-07-25 02:19:00.598 Version info: Detection engine 3.65.0
    2016-07-25 02:19:00.598 Version info: Detection data 5.26
    2016-07-25 02:19:00.598 Version info: Build date 05/04/2016
    2016-07-25 02:19:00.598 Version info: Data files added 682
    2016-07-25 02:19:00.598 Version info: Last successful update (not yet updated)
    2016-07-25 02:19:57.371 Downloading updates...
    2016-07-25 02:19:57.372 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2016-07-25 02:19:57.372 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2016-07-25 02:19:57.372 Update progress: [I49502] Found supplement IDE527 LATEST
    2016-07-25 02:19:57.373 Update progress: [I49502] Found supplement IDE528 LATEST
    2016-07-25 02:19:57.373 Update progress: [I49502] Found supplement IDE529 LATEST
    2016-07-25 02:19:57.373 Update progress: [I49502] Found supplement IDE530 LATEST
    2016-07-25 02:19:57.373 Update progress: [I49502] Found supplement IDE531 LATEST
    2016-07-25 02:19:57.373 Update progress: [I49502] Found supplement IDE532 LATEST
    2016-07-25 02:19:57.373 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2016-07-25 02:19:57.373 Update progress: [I19463] Syncing product SAVIW32 70
    2016-07-25 02:20:08.457 Update progress: [I19463] Syncing product IDE527 142
    2016-07-25 02:20:11.264 Installing updates...
    2016-07-25 02:20:12.095 Error level 1
    2016-07-25 02:20:12.433 Update progress: [I19463] Syncing product IDE528 127
    2016-07-25 02:20:12.433 Update progress: [I19463] Syncing product IDE529 135
    2016-07-25 02:20:12.433 Update progress: [I19463] Syncing product IDE530 214
    2016-07-25 02:20:12.433 Update progress: [I19463] Syncing product IDE531 71
    2016-07-25 02:20:12.433 Update progress: [I19463] Syncing product IDE532 1
    2016-07-25 02:20:42.828 Update successful
    2016-07-25 02:21:01.961 Option all = no
    2016-07-25 02:21:01.961 Option recurse = yes
    2016-07-25 02:21:01.961 Option archive = no
    2016-07-25 02:21:01.961 Option service = yes
    2016-07-25 02:21:01.961 Option confirm = yes
    2016-07-25 02:21:01.961 Option sxl = yes
    2016-07-25 02:21:01.963 Option max-data-age = 35
    2016-07-25 02:21:01.963 Option EnableSafeClean = yes
    2016-07-25 02:21:02.476 Option vdl-logging = yes
    2016-07-25 02:21:02.476 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2016-07-25 02:21:02.476 Machine ID: 428f204a8be9496b9aad4a64f0cfcbc7
    2016-07-25 02:21:02.476 Component SVRTcli.exe version 2.5.5
    2016-07-25 02:21:02.476 Component control.dll version 2.5.5
    2016-07-25 02:21:02.476 Component SVRTservice.exe version 2.5.5
    2016-07-25 02:21:02.476 Component engine\osdp.dll version 1.44.1.2250
    2016-07-25 02:21:02.476 Component engine\veex.dll version 3.65.0.2250
    2016-07-25 02:21:02.476 Component engine\savi.dll version 9.0.1.2250
    2016-07-25 02:21:02.476 Component rkdisk.dll version 1.5.30.0
    2016-07-25 02:21:02.476 Version info: Product version 2.5.5
    2016-07-25 02:21:02.476 Version info: Detection engine 3.65.0
    2016-07-25 02:21:02.476 Version info: Detection data 5.26
    2016-07-25 02:21:02.476 Version info: Build date 05/04/2016
    2016-07-25 02:21:02.476 Version info: Data files added 682
    2016-07-25 02:21:02.476 Version info: Last successful update 24/07/2016 23:20:42

    2016-07-25 02:21:27.024 Warning: rootkit scan failed to open device "\\?\Volume{5686c153-9875-11e5-9cd4-806e6f6e6963}" (1)
    2016-07-25 04:19:44.568 Could not open C:\Boot\BCD
    2016-07-25 04:20:17.853 Could not open C:\hiberfil.sys
    2016-07-25 04:20:54.766 Could not open C:\pagefile.sys
    2016-07-25 04:22:17.525 Password protected file C:\Philippe\Arquivos\Old Files up to 2014\Raquel privado.xls
    2016-07-25 04:22:28.576 Password protected file C:\Philippe\Arquivos\Old Files up to 2014\WITHOLDING TAX 05-2014.xls
    2016-07-25 04:24:00.254 >>> Virus 'Mal/Generic-S' found in file C:\Philippe\Playstation\Burninng Games Utilities\ps2pal2ntscyfixsource8rr\ps2_pal2ntsc_yfix.exe
    2016-07-25 05:29:17.535 Could not open C:\swapfile.sys
    2016-07-25 05:29:18.067 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-07-25 05:29:18.067 Could not open C:\System Volume Information\{b67ee35b-5069-11e6-9d16-90e6baf75cee}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-07-25 05:29:18.067 Could not open C:\System Volume Information\{b67efe00-5069-11e6-9d16-90e6baf75cee}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-07-25 05:29:18.067 Could not open C:\System Volume Information\{d7433710-5061-11e6-9d15-90e6baf75cee}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-07-25 05:29:18.067 Could not open C:\System Volume Information\{d743373e-5061-11e6-9d15-90e6baf75cee}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-07-25 05:29:18.067 Could not open C:\System Volume Information\{e7a0f4d2-4fbb-11e6-9d13-90e6baf75cee}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-07-25 05:31:23.070 Could not open C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Current Session
    2016-07-25 05:31:23.070 Could not open C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
    2016-07-25 06:01:38.410 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2016-07-25 06:01:38.410 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2016-07-25 06:01:45.128 Could not open C:\Windows\System32\config\BBI
    2016-07-25 06:01:45.482 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2016-07-25 06:01:45.497 Could not open C:\Windows\System32\config\RegBack\SAM
    2016-07-25 06:01:45.497 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2016-07-25 06:01:45.513 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2016-07-25 06:01:45.513 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2016-07-25 06:39:32.000 >>> Virus 'Mal/Generic-S' found in file E:\Philippe\Back Oldschool\Playstation\Burninng Games Utilities\ps2pal2ntscyfixsource8rr\ps2_pal2ntsc_yfix.exe
    2016-07-25 06:41:42.417 The following items will be cleaned up:
    2016-07-25 06:41:42.417 Mal/Generic-S
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    [​IMG] Update Firefox to the current version.

    [​IMG]Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

    [​IMG] Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    ============================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
    Castilho likes this.
  19. Castilho

    Castilho TS Rookie Topic Starter

    Broni, thank you so much.

    I`ve installed all the software you`ve recommended and I will make sure to follow your instructions in the future.

    My laptop is back in shape! I'd say it`s even better than before its recent issue.

    Again, thank you for taking your precious time to help me out. I sincerely appreciate all you've done for me. Sorry for all the trouble.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...