Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slow and closing programs

Started by musicianindistress , Mar 25 2018 03:57 PM
Slow Virus Adware Closing Help

  • Please log in to reply

#1
musicianindistress
Posted 25 March 2018 - 03:57 PM

musicianindistress

    New Member

  • Member
  • Pip
  • 9 posts
I doenloaded a program that probably gave my PC a virus. I deleted everything related to that program (that I could find) and ran two antiviruses to check if there was any malware. Thing is, my PC is slow, and it closes some programs as soon as I open them, like cmd qnd Discord. It also closes google chrome whenever I look for words related to viruses or adware, wich is very suspicious, and it used to give me some ad pop us. But now that I deleted some of the files it's not the case anynore. Thank you in advance for your help :)
  • 0

Advertisements

#2
musicianindistress
Posted 26 March 2018 - 04:13 AM

musicianindistress

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
What I think is the virus: WC assistant
My antiviruses: AVC and Avast
  • 0

#3
Bruce1270
Posted 12 April 2018 - 04:26 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,697 posts
Hello musicianindistress and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.


    Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click on the file and select run as administrator (if you don't have this option just double click the file to run it). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from (this should be your desktop).
  • Please copy (CTRL + C) and paste (CTRL + V) the FRST.txt log back here.
  • The first time the tool is run it generates another log Addition.txt - also located in the same directory as FRST.exe.
  • Please also paste that along with the FRST.txt into your reply.
    Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

  • 0

#4
musicianindistress
Posted 15 April 2018 - 11:15 AM

musicianindistress

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

 

 

Thanks for your help! Here's the FRST.txt file:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by Sofiaa (administrator) on FAMILIASILVA-PC (15-04-2018 18:12:46)
Running from C:\Users\Sofiaa\Desktop
Loaded Profiles: Sofiaa (Available Profiles: Familia Silva & Sofiaa & Utilizador padrão & Convidado)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Discord Inc.) C:\Users\Sofiaa\AppData\Local\Discord\app-0.0.300\Discord.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Discord Inc.) C:\Users\Sofiaa\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Sofiaa\AppData\Local\Discord\app-0.0.300\Discord.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-09] (AVAST Software)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291056 2018-04-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [Everything] => "C:\Users\Sofiaa\Desktop\Download\Everything\Everything.exe" -startup
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1268683879-3191997658-603331031-1023\...\Run: [Akamai NetSession Interface] => "C:\Users\Sofiaa\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1268683879-3191997658-603331031-1023\...\Run: [Discord] => C:\Users\Sofiaa\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-05-14]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2014-05-14]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2014-05-14]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-09-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\Sofiaa\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Familia Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-04-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\Sofiaa\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\BfLLR.dll [196096 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064 2013-05-07] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\BfLLR.dll [216064 2013-05-07] (Bigfoot Networks, Inc.)
Hosts: 127.0.0.1 www.r2rdownload.com
Tcpip\Parameters: [DhcpNameServer] 213.228.128.156 213.228.128.6
Tcpip\..\Interfaces\{45AB0677-433F-45BC-9418-220F29114B79}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6DB1AB0B-4D52-4B57-BBE9-B7065B8FF668}: [DhcpNameServer] 213.228.128.156 213.228.128.6
Tcpip\..\Interfaces\{A007068D-CBA1-4E72-8C54-9430241D32C6}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1268683879-3191997658-603331031-1023\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180325__yaie
HKU\S-1-5-21-1268683879-3191997658-603331031-1023\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-pt/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1268683879-3191997658-603331031-1023 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180325__yaie&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-01-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-04] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\plugins\ArcPluginIE.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-01-09] (AVAST Software)
BHO-x32: Programa Auxiliar de Início de Sessão da conta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-04] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-19] (McAfee, Inc.)
Handler: WSWSVCUchrome - No CLSID Value
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-04-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2016-12-27] (Nexon)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
 
Chrome: 
=======
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default [2017-02-13]
CHR Extension: (Adblock Plus) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-12-30]
CHR Extension: (Documentos do Google offline) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-30]
CHR Extension: (Avast Online Security) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-30]
CHR Extension: (BetterGaia) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\lmgjagdflhhfjflolfalapokbplfldna [2016-11-06]
CHR Extension: (Gaia Enhancement Suite) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\mgcnknfohcgfckjaebhijnpgdmngoceg [2016-11-06]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-30]
CHR Extension: (MirrorTube) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\olomckflnlligkboahmaihmeaffjdbfm [2016-08-31]
CHR Extension: (Quick Searcher) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-25]
CHR Extension: (Gmail) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-30]
CHR Extension: (RocketBolt: Email Tracking for Gmail) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkapfpgbgfcojflnfmhnplkkkcdcmkfj [2016-10-17]
CHR Extension: (Chrome Media Router) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-30]
CHR Profile: C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Default [2018-03-25]
CHR Extension: (Documentos do Google offline) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-31]
CHR Extension: (Avast Online Security) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-31]
CHR Extension: (Skype) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-31]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-31]
CHR Extension: (MirrorTube) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\olomckflnlligkboahmaihmeaffjdbfm [2017-01-01]
CHR Extension: (Quick Searcher) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-25]
CHR Extension: (Gmail) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-31]
CHR Extension: (Chrome Media Router) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-31]
CHR Extension: (System Table) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-03-25]
CHR Profile: C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-04-15]
CHR Extension: (Apresentações) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Documentos) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-04]
CHR Extension: (YouTube) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-04]
CHR Extension: (Adblock Plus) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-26]
CHR Extension: (Plugins) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop [2017-07-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-21]
CHR Extension: (Folhas de cálculo) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-03-10]
CHR Extension: (Documentos do Google offline) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-06]
CHR Extension: (Avast Online Security) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-23]
CHR Extension: (BetterGaia) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmgjagdflhhfjflolfalapokbplfldna [2017-12-04]
CHR Extension: (AVG SafePrice) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-03-25]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (MirrorTube) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\olomckflnlligkboahmaihmeaffjdbfm [2017-01-06]
CHR Extension: (Quick Searcher) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-03-25]
CHR Extension: (Gmail) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-04]
CHR Extension: (Chrome Media Router) - C:\Users\Sofiaa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1268683879-3191997658-603331031-1023\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-09] (AVAST Software)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [314688 2018-04-14] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [7653992 2018-04-14] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-06] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-19] (McAfee, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2014-11-21] (Microsoft)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [503296 2013-05-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2018-01-09] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2018-01-09] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2018-01-09] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2018-01-09] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2018-01-09] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2018-01-09] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-01-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-10] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2018-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2018-01-09] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2018-01-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-10] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2018-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2018-01-09] (AVAST Software)
S3 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-04-14] (AVG Technologies CZ, s.r.o.)
S3 avgbdisk; C:\Windows\System32\drivers\avgbdiska.sys [166064 2018-04-14] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [220600 2018-04-14] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [192536 2018-04-14] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\Windows\System32\drivers\avgbloga.sys [336848 2018-04-14] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [50776 2018-04-14] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-04-14] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139608 2018-04-14] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [103744 2018-04-14] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [76760 2018-04-14] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1019088 2018-04-14] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [452904 2018-04-14] (AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-04-14] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [372920 2018-04-14] (AVG Technologies CZ, s.r.o.)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2013-05-07] (Qualcomm Atheros, Inc.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-10-07] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-10-07] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-01-21] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-02-06] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [165824 2013-05-07] (Qualcomm Atheros, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-10-07] (Duplex Secure Ltd.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [122640 2012-08-13] (High Criteria inc.)
S3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [27648 2018-03-15] (Windows ® Win 7 DDK provider)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2018-04-15] ()
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-12-31] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-12-31] (Zemana Ltd.)
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-15 18:12 - 2018-04-15 18:12 - 002403328 _____ (Farbar) C:\Users\Sofiaa\Desktop\FRST64.exe
2018-04-15 18:12 - 2018-04-15 18:12 - 000032156 _____ C:\Users\Sofiaa\Desktop\FRST.txt
2018-04-15 18:11 - 2018-04-15 18:12 - 000000000 ____D C:\FRST
2018-04-15 18:08 - 2018-04-15 18:08 - 000094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2018-04-15 15:36 - 2018-04-15 15:36 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-04-14 22:28 - 2018-04-14 22:28 - 000000000 ____D C:\Users\Sofiaa\Documents\Guild Wars 2
2018-04-14 09:16 - 2018-04-14 09:16 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-04-12 22:01 - 2018-04-12 22:01 - 000000000 ___HD C:\Users\Sofiaa\AppData\Local\TeamViewer
2018-04-12 19:43 - 2018-04-12 19:43 - 000000000 ___HD C:\Users\Sofiaa\AppData\Local\Hewlett-Packard
2018-04-09 15:31 - 2018-04-09 15:32 - 000000000 ____D C:\Users\Familia Silva\Desktop\keygen
2018-04-09 15:31 - 2018-04-09 15:32 - 000000000 ____D C:\Users\Familia Silva\Desktop\Image-Line FL Studio Producer Edition 12.5.1 Build 5 + Patch [SadeemPC]
2018-04-09 15:26 - 2018-04-09 15:27 - 000068720 _____ C:\Users\Sofiaa\Desktop\untitled.flp
2018-04-09 15:26 - 2018-04-09 15:26 - 000068720 _____ C:\Users\Sofiaa\Desktop\q3we.flp
2018-04-09 15:10 - 2018-04-09 15:34 - 000002004 _____ C:\Users\Public\Desktop\FL Studio 12 (64bit).lnk
2018-04-09 15:10 - 2018-04-09 15:34 - 000001988 _____ C:\Users\Public\Desktop\FL Studio 12.lnk
2018-04-09 15:10 - 2018-04-09 15:10 - 000000000 ____D C:\Users\Familia Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-04-09 15:10 - 2018-04-09 15:10 - 000000000 ____D C:\Users\Familia Silva\AppData\Roaming\Image-Line
2018-04-08 12:49 - 2018-04-08 12:49 - 000000000 ___HD C:\Users\Sofiaa\AppData\Local\uTorrent
2018-04-06 23:02 - 2018-04-06 23:02 - 000004638 _____ C:\Users\Sofiaa\AppData\Roaming\VoiceMeeterDefault.xml
2018-04-06 22:51 - 2018-04-08 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2018-04-06 22:51 - 2018-04-08 14:12 - 000000000 ____D C:\Program Files\VB
2018-04-06 22:51 - 2018-04-06 22:51 - 000000000 ____D C:\Program Files (x86)\VB
2018-04-06 20:32 - 2018-04-08 14:11 - 000000000 ____D C:\Program Files\Voicemod Desktop
2018-04-06 20:32 - 2018-03-15 15:20 - 000027648 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\vmdrv.sys
2018-04-06 19:48 - 2018-04-06 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClownfishVoiceChanger
2018-04-06 19:47 - 2018-04-06 19:48 - 000000000 ____D C:\Program Files (x86)\ClownfishVoiceChanger
2018-04-06 19:29 - 2018-04-06 19:29 - 000000000 ___HD C:\Users\Sofiaa\AppData\Local\Canon
2018-04-05 14:23 - 2018-04-08 14:12 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-04-05 14:23 - 2018-04-05 14:23 - 000000000 ____D C:\Users\Familia Silva\AppData\Roaming\AVG
2018-04-05 14:22 - 2018-04-05 14:22 - 000000000 ____D C:\Users\Familia Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-05 14:21 - 2018-04-05 14:21 - 000000000 ____D C:\Users\Familia Silva\AppData\Local\AVG
2018-03-31 00:01 - 2018-03-31 00:01 - 000000000 ___HD C:\Users\Sofiaa\AppData\Local\BitTorrent
2018-03-25 22:48 - 2018-04-15 18:06 - 000527302 _____ C:\Windows\ntbtlog.txt
2018-03-25 22:44 - 2018-03-25 22:44 - 000000000 ____D C:\Windows\System32\Tasks\AVG
2018-03-25 22:44 - 2018-03-25 22:44 - 000000000 ____D C:\Users\Sofiaa\AppData\Roaming\AVG
2018-03-25 22:44 - 2018-03-25 22:44 - 000000000 ____D C:\Users\Sofiaa\AppData\Local\AVG
2018-03-25 22:44 - 2018-03-25 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2018-03-25 22:43 - 2018-04-14 09:16 - 001019088 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-03-25 22:43 - 2018-04-14 09:16 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-03-25 22:43 - 2018-04-14 09:16 - 000372920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-03-25 22:43 - 2018-04-14 09:16 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-03-25 22:43 - 2018-04-14 09:16 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-03-25 22:43 - 2018-04-14 09:16 - 000139608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-03-25 22:43 - 2018-04-14 09:16 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-03-25 22:43 - 2018-04-14 09:16 - 000076760 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-03-25 22:43 - 2018-04-14 09:16 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-03-25 22:43 - 2018-04-14 09:16 - 000003904 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-03-25 22:43 - 2018-04-14 09:15 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-03-25 22:43 - 2018-04-14 09:15 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-03-25 22:43 - 2018-04-14 09:15 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-03-25 22:43 - 2018-04-14 09:15 - 000166064 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2018-03-25 22:43 - 2018-04-14 09:15 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2018-03-25 22:43 - 2018-03-25 22:43 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-03-25 22:42 - 2018-03-25 22:42 - 000000000 ____D C:\Program Files\AVG
2018-03-25 22:41 - 2018-03-25 23:45 - 000000000 ____D C:\ProgramData\AVG
2018-03-25 16:26 - 2018-03-25 16:26 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2018-03-25 12:01 - 2018-03-25 22:46 - 000000004 _____ C:\ProgramData\lock.dat
2018-03-25 12:01 - 2018-03-25 14:34 - 000000008 _____ C:\ProgramData\rwi.jhad
2018-03-25 11:33 - 2018-03-25 11:33 - 000000000 ____D C:\Users\Sofiaa\AppData\Roaming\WidModule
2018-03-25 11:32 - 2018-03-25 11:32 - 000000000 ___HD C:\$AV_ASW
2018-03-25 11:31 - 2018-04-15 18:08 - 000000280 ____H C:\Windows\Tasks\{09EFC5AB-D230-AB81-74D2-4D2309EFC5AB}.job
2018-03-25 11:31 - 2018-03-25 22:48 - 000000000 ____D C:\ProgramData\dahjService
2018-03-25 11:31 - 2018-03-25 11:31 - 000003642 _____ C:\Windows\System32\Tasks\{DA409434-5703-FFF2-6EF2-C96686C95FC8}
2018-03-25 11:31 - 2018-03-25 11:31 - 000003476 _____ C:\Windows\System32\Tasks\{312B53AD-E943-9D18-CF8F-B118EE1C3B74}
2018-03-25 11:31 - 2018-03-25 11:31 - 000000003 _____ C:\Users\Sofiaa\AppData\Local\wbem.ini
2018-03-25 11:29 - 2018-03-25 14:49 - 000000000 ____D C:\Users\Sofiaa\AppData\Roaming\uTorrent
2018-03-25 11:29 - 2018-03-25 11:29 - 000000839 _____ C:\Users\Sofiaa\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\Users\Sofiaa\AppData\Roaming\Lavasoft
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\Users\Sofiaa\AppData\Local\Lavasoft
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\ProgramData\Lavasoft
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2018-03-23 14:39 - 2018-04-15 18:12 - 000052714 _____ C:\Windows\ZAM.krnl.trace
2018-03-23 14:39 - 2018-04-15 18:12 - 000024060 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-19 19:08 - 2018-04-12 19:43 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-15 18:08 - 2018-01-04 22:01 - 000000346 _____ C:\Windows\Tasks\Connect.job
2018-04-15 18:08 - 2017-10-31 20:57 - 000000000 ____D C:\Users\Sofiaa\AppData\Roaming\discord
2018-04-15 18:08 - 2017-04-05 18:37 - 000000412 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2018-04-15 18:08 - 2016-09-11 12:44 - 000000436 _____ C:\Windows\Tasks\simplitec Power Suite (Tray).job
2018-04-15 18:08 - 2016-08-30 19:52 - 000000000 ____D C:\Users\Sofiaa
2018-04-15 18:08 - 2014-05-14 12:08 - 000034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2018-04-15 18:08 - 2014-05-14 11:58 - 000000000 ____D C:\ProgramData\Bigfoot Networks
2018-04-15 18:08 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-15 18:06 - 2014-06-26 17:09 - 000000000 ____D C:\Windows\Minidump
2018-04-15 18:06 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\041518-6068-01.dmp
2018-04-15 17:59 - 2009-07-14 05:45 - 000027888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-15 17:59 - 2009-07-14 05:45 - 000027888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-15 17:57 - 2011-01-27 16:46 - 007419548 _____ C:\Windows\system32\prfh0816.dat
2018-04-15 17:57 - 2011-01-27 16:46 - 006569596 _____ C:\Windows\system32\prfc0816.dat
2018-04-15 17:57 - 2009-07-14 06:13 - 000006464 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-15 17:51 - 2013-11-05 23:46 - 000319891 ____N C:\Windows\Minidump\041518-5054-01.dmp
2018-04-15 17:21 - 2015-06-20 23:41 - 000000950 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1268683879-3191997658-603331031-1000UA.job
2018-04-14 16:59 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\041418-5959-01.dmp
2018-04-14 09:21 - 2015-06-20 23:41 - 000000898 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1268683879-3191997658-603331031-1000Core.job
2018-04-14 09:16 - 2017-03-25 16:48 - 000000000 ____D C:\Users\Utilizador padrão
2018-04-14 09:16 - 2014-05-15 14:35 - 000000000 ____D C:\Users\Convidado
2018-04-12 19:45 - 2013-11-05 23:46 - 000319883 ____N C:\Windows\Minidump\041218-4633-01.dmp
2018-04-12 19:43 - 2014-07-09 19:08 - 006158848 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2018-04-12 19:43 - 2014-05-14 12:21 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-12 19:43 - 2014-05-14 12:21 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-12 19:43 - 2014-05-14 12:21 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-12 19:43 - 2014-05-14 12:21 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-12 19:43 - 2014-05-14 12:20 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-10 17:01 - 2017-01-24 17:58 - 000000000 ____D C:\Users\Familia Silva\AppData\Roaming\vlc
2018-04-10 16:21 - 2014-05-22 20:10 - 000004006 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{10108F7D-6A99-4CFC-BFD7-43AF9EEAC872}
2018-04-10 16:18 - 2014-05-13 12:41 - 000000000 ____D C:\Users\Familia Silva
2018-04-09 21:13 - 2013-11-05 23:46 - 000319891 ____N C:\Windows\Minidump\040918-5226-01.dmp
2018-04-09 15:14 - 2017-01-24 17:49 - 000000000 ____D C:\Users\Familia Silva\AppData\LocalLow\Mozilla
2018-04-09 15:07 - 2014-11-28 16:56 - 000000000 ____D C:\Users\Familia Silva\AppData\Local\CrashDumps
2018-04-08 17:41 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\040818-5054-01.dmp
2018-04-08 17:19 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\040818-4430-01.dmp
2018-04-08 16:48 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\040818-4399-01.dmp
2018-04-08 16:01 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\040818-3837-01.dmp
2018-04-08 15:18 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\040818-5038-01.dmp
2018-04-08 14:42 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\040818-6520-01.dmp
2018-04-08 13:41 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\040818-4570-01.dmp
2018-04-08 12:56 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\040818-4368-01.dmp
2018-04-08 05:53 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\040818-5210-01.dmp
2018-04-07 01:03 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\040718-10155-01.dmp
2018-04-06 23:03 - 2014-11-28 20:02 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-06 22:55 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\040618-7737-01.dmp
2018-04-06 22:51 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-04-06 12:52 - 2018-01-09 19:13 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-04-05 14:34 - 2009-07-14 06:08 - 000032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-05 14:22 - 2015-06-20 23:41 - 000000000 ____D C:\Users\Familia Silva\AppData\Local\Dropbox
2018-04-05 14:22 - 2014-05-16 19:29 - 000000000 ____D C:\Users\Familia Silva\AppData\Roaming\Dropbox
2018-04-05 12:58 - 2013-11-05 23:46 - 000319955 ____N C:\Windows\Minidump\040518-4321-01.dmp
2018-04-03 13:34 - 2013-11-05 23:46 - 000320019 ____N C:\Windows\Minidump\040318-16785-01.dmp
2018-04-02 20:04 - 2016-09-02 15:28 - 000000000 ____D C:\Users\Sofiaa\AppData\Local\CrashDumps
2018-04-01 01:54 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\040118-3650-01.dmp
2018-03-31 21:16 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\033118-4976-01.dmp
2018-03-31 00:40 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\033118-4243-01.dmp
2018-03-30 13:08 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\033018-3712-01.dmp
2018-03-30 00:36 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\033018-3681-01.dmp
2018-03-29 13:29 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\032918-3822-01.dmp
2018-03-29 00:36 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\032918-4274-01.dmp
2018-03-28 22:21 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\032818-5038-01.dmp
2018-03-28 00:09 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\032818-4352-01.dmp
2018-03-26 23:58 - 2016-02-15 19:44 - 000000000 ____D C:\Windows\rescache
2018-03-26 23:33 - 2013-11-05 23:46 - 000320275 ____N C:\Windows\Minidump\032618-4539-01.dmp
2018-03-26 13:51 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\032618-6162-01.dmp
2018-03-26 12:07 - 2016-08-30 19:55 - 000000000 ____D C:\Users\Sofiaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PaintTool SAI
2018-03-26 00:12 - 2013-11-05 23:46 - 000319827 ____N C:\Windows\Minidump\032618-3868-01.dmp
2018-03-25 23:23 - 2017-01-04 17:00 - 000000000 ____D C:\AdwCleaner
2018-03-25 22:48 - 2013-11-05 23:46 - 000320275 ____N C:\Windows\Minidump\032518-9828-01.dmp
2018-03-25 14:41 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files\Windows Sidebar
2018-03-25 14:33 - 2016-11-27 13:33 - 000000000 ____D C:\Users\Sofiaa\AppData\LocalLow\uTorrent
2018-03-25 14:33 - 2013-11-05 23:46 - 000320147 ____N C:\Windows\Minidump\032518-4243-01.dmp
2018-03-25 12:00 - 2017-05-17 19:31 - 000000000 ____D C:\Program Files (x86)\HyperCam 4
2018-03-25 11:33 - 2014-05-13 15:24 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-25 01:27 - 2017-08-08 18:53 - 000000000 ____D C:\Users\Sofiaa\Desktop\Guild Wars 2
2018-03-24 23:37 - 2017-07-15 16:44 - 000000000 ____D C:\Users\Sofiaa\AppData\Local\Deployment
2018-03-23 14:51 - 2017-01-04 17:17 - 000002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 14:41 - 2014-05-16 19:32 - 000000000 ___RD C:\Users\Familia Silva\Dropbox
2018-03-23 14:39 - 2017-01-24 17:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-23 14:39 - 2016-12-30 19:54 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-23 14:39 - 2015-05-29 16:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
 
==================== Files in the root of some directories =======
 
2018-03-25 12:01 - 2018-03-25 22:46 - 000000004 _____ () C:\ProgramData\lock.dat
2017-07-30 13:07 - 2017-07-30 13:07 - 000000048 ____H () C:\Program Files (x86)\q89etct4yc.dat
2014-05-22 20:18 - 2010-01-26 10:11 - 000444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
1623-04-04 11:37 - 1623-04-04 11:37 - 000073216 ____N (Microsoft Corporation) C:\Users\Sofiaa\AppData\Roaming\niZHaUI.exe
1623-04-04 11:37 - 1623-04-04 11:37 - 000186368 ____N (Microsoft Corporation) C:\Users\Sofiaa\AppData\Roaming\rCEajDayOvQ.exe
2018-04-06 23:02 - 2018-04-06 23:02 - 000004638 _____ () C:\Users\Sofiaa\AppData\Roaming\VoiceMeeterDefault.xml
2017-07-31 20:24 - 2017-07-31 20:24 - 000007605 _____ () C:\Users\Sofiaa\AppData\Local\Resmon.ResmonCfg
2018-03-25 11:31 - 2018-03-25 11:31 - 000000003 _____ () C:\Users\Sofiaa\AppData\Local\wbem.ini
 
Files to move or delete:
====================
C:\Windows\Tasks\{09EFC5AB-D230-AB81-74D2-4D2309EFC5AB}.job
 
 
Some files in TEMP:
====================
2017-08-08 18:52 - 2017-08-08 18:52 - 034201768 _____ (ArenaNet) C:\Users\Sofiaa\AppData\Local\Temp\Gw2.exe
2018-03-25 11:31 - 2018-03-25 11:31 - 000946351 _____ (1hU7MnMV8j9ACyBQdyeo                                        ) C:\Users\Sofiaa\AppData\Local\Temp\installer.exe
2017-12-14 19:33 - 2017-12-14 19:33 - 000030208 _____ (Melloware Inc (www.melloware.com)) C:\Users\Sofiaa\AppData\Local\Temp\JIntellitype.dll
2018-03-25 11:31 - 2018-03-25 11:31 - 002180264 _____ (Adobe Systems Incorporated) C:\Users\Sofiaa\AppData\Local\Temp\poxes.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-08 00:15
 
==================== End of FRST.txt ============================
 
Here's the other file: 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Sofiaa (15-04-2018 18:13:01)
Running from C:\Users\Sofiaa\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-05-13 11:41:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1268683879-3191997658-603331031-500 - Administrator - Disabled)
Convidado (S-1-5-21-1268683879-3191997658-603331031-501 - Administrator - Disabled) => C:\Users\Convidado
Familia Silva (S-1-5-21-1268683879-3191997658-603331031-1000 - Administrator - Enabled) => C:\Users\Familia Silva
Sofiaa (S-1-5-21-1268683879-3191997658-603331031-1023 - Administrator - Enabled) => C:\Users\Sofiaa
Utilizador padrão (S-1-5-21-1268683879-3191997658-603331031-1025 - Limited - Enabled) => C:\Users\Utilizador padrão
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: AVG Antivirus (Disabled - Out of date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Disabled - Out of date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1268683879-3191997658-603331031-1023\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
5600 (HKLM-x32\...\{F2DC2589-C894-43DD-BA70-8FDCA7360584}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (HKLM-x32\...\{7DCBC3D8-8954-491D-A1B9-8C61C563B004}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (HKLM-x32\...\{2605461E-AB2E-49F5-8A16-64B7F3595030}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Actualização do Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0816-0000-0000000FF1CE}_ENTERPRISE_{CCDE3C71-5F35-477F-BA90-1A399C91C10C}) (Version:  - Microsoft)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0816-0000-0000000FF1CE}_ENTERPRISE_{CF0BC77F-1B63-44BF-BCFE-3A8CBB9077D1}) (Version:  - Microsoft)
Actualização do Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0816-0000-0000000FF1CE}_ENTERPRISE_{A1A8C49E-BB40-4852-853E-B5A1F6BB2A3C}) (Version:  - Microsoft)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
AliExpress version 1.1.0.5019 (HKLM-x32\...\70652e10-a720-11e6-bfea-d33ec8ab8d4f_is1) (Version: 1.1.0.5019 - )
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version:  - )
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.3.3051 - AVG Technologies)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version:  - )
Connect (HKLM-x32\...\MAGIX_connector_is1) (Version: 2.6.1.117 - MAGIX Software GmbH)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DesignDoll (HKU\S-1-5-21-1268683879-3191997658-603331031-1023\...\a94d3e1b3ab3bea6) (Version: 1.4.0.0 - Terawell)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-1268683879-3191997658-603331031-1023\...\Discord) (Version: 0.0.300 - Discord Inc.)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
doPDF (HKLM\...\{5873B699-892C-4EE6-93AE-333658910A09}) (Version: 8.1.920 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{7ced5c6b-4b09-4bd7-8707-b3cce8eead22}) (Version: 8.1.920 - Softland)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Free MP4 Player (HKLM-x32\...\{381D3191-01FA-4B56-BCF2-DADFE708BCA8}) (Version: 1.00.0000 - Media Freeware)
Free PC Audio Recorder 3.0 (HKLM-x32\...\Free PC Audio Recorder_is1) (Version: 3.0 - Cok Free Software)
fx-CG20 Series OS Update (HKLM-x32\...\{ED42EB6F-5D8C-4DEA-94E5-19CCCBB97174}) (Version: 3.10.0000 - CASIO COMPUTER CO., LTD.)
Galeria de Fotografias (HKLM-x32\...\{23079EF2-2617-4BFC-BDFF-E6AE8D79B734}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.326.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 3.0.69 - GridinSoft LLC)
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
HyperCam 4 (HKLM-x32\...\HyperCam 4 4.0.1511.06) (Version: 4.0.1511.06 - Solveig Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.2.1001 - Intel Corporation)
Intel® Smart Connect Technology 4.0 x64 (HKLM\...\{565CA964-C937-4634-8DD4-C95733724B56}) (Version: 4.0.41.2072 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
IRS - Modelo 3 Impressos 2016 (HKLM-x32\...\pt.at.DM3IRSCLIv2016) (Version: 2016.2.6.0146 - AT)
IRS - Modelo 3 Impressos 2017 (HKLM-x32\...\pt.at.DM3IRSCLIv2017) (Version: 2017.1.3-0074 - AT)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
join.me (HKU\S-1-5-21-1268683879-3191997658-603331031-1023\...\JoinMe) (Version: 3.2.1.5223 - LogMeIn, Inc.)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
MAGIX Conteúdo e Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{32A69CB3-D657-4B43-8BB5-1A8CC6E93D3E}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.183 - McAfee, Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3B5AAF87-531E-4163-BE79-8989FC249173}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 pt-PT) (HKLM\...\Mozilla Firefox 58.0.2 (x64 pt-PT)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.2.17 - Symantec Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2 - Notepad++ Team)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{17BD99A4-9C11-47D4-91AF-8814DD3FFCC2}) (Version: 8.1.920 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{B6E0BB99-B532-4EC1-9D84-ACC8CED590B3}) (Version: 8.1.920 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{3A1637B5-233D-47B1-B89F-EBF718C04CFD}) (Version: 8.1.920 - Softland)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Pacote de controladores do Windows - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
PaintTool SAI (HKLM-x32\...\PaintTool SAI1.1.0) (Version: 1.1.0 - Eddie Sekiguchi Softwares)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Pioneer DDJ_SR Driver (HKLM-x32\...\Pioneer DDJ_SR ASIO) (Version: 1.100.000.001 - Pioneer DJ Corporation.)
Qualcomm Atheros Killer Network Manager (HKLM\...\{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.591 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.591 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Screen Receiver (HKLM-x32\...\{B808CBB8-0436-48A5-A99B-E77B65FCE7C3}) (Version: 3.02.2001 - CASIO COMPUTER CO., LTD.)
Serato DJ  (HKLM-x32\...\{8a5fa39a-fc35-443a-b1ae-b5d600daed1a}) (Version: 1.9.10.5170 - )
Serato DJ  (HKLM-x32\...\{941AF1A8-32BA-4E7D-9D04-ADDB39F58B53}) (Version: 1.9.10.5170 - Serato) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-1268683879-3191997658-603331031-1023\...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.018 - MSI)
Suporte para Aplicações Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Sweet Home 3D version 4.4 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Recorder 8.3 Professional Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VDownloader 4.3.2190 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version:  - Vitzo Limited)
VirtualDJ 8 (HKLM-x32\...\{E1962904-0960-42F6-9072-3EC7D66A5495}) (Version: 8.2.3994.0 - Atomix Productions)
Vita Concert Grand LE (HKLM\...\{C81BA934-5770-4610-A423-5CB7C9EEE548}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{44ebc444-24b6-4544-97cc-559155cde204}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-09] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Users\Sofiaa\Desktop\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-09] (AVAST Software)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-04-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-02-27] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-09] (AVAST Software)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-09] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-25] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-09] (AVAST Software)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-04-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08497E82-5F54-4749-BE0F-E84EF6C0E9DA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1268683879-3191997658-603331031-1000Core => C:\Users\Familia Silva\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-06] (Dropbox, Inc.)
Task: {3073252B-F0A6-4A54-BB02-15451E7214A1} - \{09EFC5AB-D230-AB81-74D2-4D2309EFC5AB} -> No File <==== ATTENTION
Task: {30838BE9-C1B2-4DCB-895B-A9B95B23CCD0} - System32\Tasks\Connect => C:\Program Files (x86)\MAGIX\Connect\connect.exe [2017-08-02] (MAGIX Software GmbH)
Task: {311C9BB8-D70B-4506-B9D3-4EC2BC4B01B3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-12] (Adobe Systems Incorporated)
Task: {414F65F7-71B0-49FE-A86B-8D5DF29624DD} - System32\Tasks\CMPCUAC => C:\Program Files\CleanMyPC\CleanMyPC.exe
Task: {4700098B-62B1-4BC3-871E-473FA572DAE9} - System32\Tasks\simplitec Power Suite => C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe
Task: {47B10365-62B9-496D-9C76-FE97D108B876} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {4A54B462-1864-4F25-B3DB-0E250E881E26} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1268683879-3191997658-603331031-1000UA => C:\Users\Familia Silva\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-06] (Dropbox, Inc.)
Task: {5015C151-AC81-4161-B7CD-DCC8C7850BF3} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2014-11-21] ()
Task: {52B61CA4-C00D-481D-87D1-4CC4E49866CC} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
Task: {59BCBE78-917D-4846-8829-4E33C36C529C} - System32\Tasks\{312B53AD-E943-9D18-CF8F-B118EE1C3B74} => C:\Users\Sofiaa\AppData\Roaming\niZHaUI.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {75342112-D436-475A-BEC2-813AF6D9CF3B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {803DE3D3-6C3D-454B-98A5-C7411F39B868} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-09] (AVAST Software)
Task: {8225F97B-CF76-4146-ADF0-01EDB4715ED1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {85F2E412-CED6-491A-9F69-ED59F88681E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B128C5F9-9FE6-48A9-A919-5C96AF70645F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C46580CB-798A-4B06-A960-2116BD982E95} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2018-02-07] (AVAST Software)
Task: {C4F0DB51-BCD9-4E50-809C-E873CA174685} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-04-14] (AVG Technologies CZ, s.r.o.)
Task: {CDA69128-3697-4D53-BBB6-A524E835F776} - System32\Tasks\Final Media Player Update Checker => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: {CF5174E5-5A77-41DE-8D16-A84FAE9D929F} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-04-14] (AVG Technologies CZ, s.r.o.)
Task: {DD7FC4A1-443A-4A15-B38B-10E4A98AB3CB} - System32\Tasks\simplitec Power Suite (Tray) => C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
Task: {E64CE5ED-D949-477B-89FD-F7F5414E7106} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2018-04-13] (AVAST Software)
Task: {F4D3DA7E-C319-4BB0-A762-63164B22F620} - System32\Tasks\{DA409434-5703-FFF2-6EF2-C96686C95FC8} => C:\Windows\SysWOW64\PfeUpEF.exe [1623-04-04] (Microsoft Corporation)
Task: {F99FA9B2-F1EC-46DC-A5E7-4ED7696E7BBD} - System32\Tasks\Norton Security Scan for Familia Silva => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.2.17\Nss.exe [2017-05-15] (Symantec Corporation)
Task: {FB265057-104D-4B1F-85A6-A215882B94ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-12] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Connect.job => C:\Program Files (x86)\MAGIX\Connect\connect.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1268683879-3191997658-603331031-1000Core.job => C:\Users\Familia Silva\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1268683879-3191997658-603331031-1000UA.job => C:\Users\Familia Silva\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\Final Media Player Update Checker.job => C:\Program Files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\Windows\Tasks\simplitec Power Suite (Tray).job => C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
Task: C:\Windows\Tasks\simplitec Power Suite.job => C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe
Task: C:\Windows\Tasks\{09EFC5AB-D230-AB81-74D2-4D2309EFC5AB}.job => C:\Program Files (x86)\NVIDIA Corporation\2.2\PhysXLoader.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Sofiaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Sofiaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
 
ShortcutWithArgument: C:\Users\Sofiaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Sofiaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\477ad49a64adfc24\Adblock Plus.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=cfhdojbkjhnklbpkdaibdccddilifddb
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-02-13 10:35 - 2013-02-13 10:35 - 000180200 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-02-13 10:35 - 2013-02-13 10:35 - 000060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-11-21 21:06 - 2014-11-21 21:06 - 000137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2013-05-07 11:43 - 2013-05-07 11:43 - 000503296 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
2011-05-09 20:46 - 2011-05-09 20:46 - 002760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-09 20:56 - 2011-05-09 20:56 - 009856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-09 20:47 - 2011-05-09 20:47 - 000416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2013-05-07 11:43 - 2013-05-07 11:43 - 000217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-10 12:32 - 2011-05-10 12:32 - 000731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2011-05-09 20:48 - 2011-05-09 20:48 - 000990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000067920 _____ () c:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000236840 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000902824 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000349568 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000337096 _____ () C:\Program Files\AVAST Software\Avast\x64\tasks_core.dll
2017-01-07 11:22 - 2015-02-27 15:38 - 000721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2013-05-07 11:43 - 2013-05-07 11:43 - 000554496 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
2013-05-07 11:43 - 2013-05-07 11:43 - 000404992 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modApplications.dll
2013-05-07 11:43 - 2013-05-07 11:43 - 000036864 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFeatures.dll
2013-05-07 11:43 - 2013-05-07 11:43 - 000025088 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFraps.dll
2013-05-07 11:43 - 2013-05-07 11:43 - 000240128 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modGraph.dll
2013-05-07 11:43 - 2013-05-07 11:43 - 000062464 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modlcd.dll
2013-05-07 11:43 - 2013-05-07 11:43 - 000291328 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll
2013-05-07 11:43 - 2013-05-07 11:43 - 000184832 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNpu.dll
2013-05-07 11:43 - 2013-05-07 11:43 - 000211456 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOptions.dll
2013-05-07 11:43 - 2013-05-07 11:43 - 000064000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOverview.dll
2013-05-07 11:43 - 2013-05-07 11:43 - 000317440 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modSystemInfo.dll
2018-03-23 14:51 - 2018-03-20 07:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll
2018-03-23 14:51 - 2018-03-20 07:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll
2018-03-23 14:51 - 2018-03-20 07:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-23 14:51 - 2018-03-20 07:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-04-14 16:08 - 2018-04-14 16:08 - 005817488 _____ () C:\Program Files\AVAST Software\Avast\defs\18041402\algo.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000293944 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-14 09:16 - 2018-04-14 09:16 - 000348400 _____ () C:\Program Files\AVG\Antivirus\streamback_avast.dll
2018-04-14 09:16 - 2018-04-14 09:16 - 000296688 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-04-14 09:16 - 2018-04-14 09:16 - 000283888 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2018-04-14 16:07 - 2018-04-14 16:07 - 005813488 _____ () C:\Program Files\AVG\Antivirus\defs\18041402\algo.dll
2018-04-14 09:16 - 2018-04-14 09:16 - 000764656 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2018-04-14 09:16 - 2018-04-14 09:16 - 000912112 _____ () C:\Program Files\AVG\Antivirus\anen.dll
2018-04-14 09:16 - 2018-04-14 09:16 - 000970992 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-04-14 09:16 - 2018-04-14 09:16 - 000502512 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-01-09 20:06 - 2018-01-09 20:06 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-01-09 19:58 - 2018-01-08 18:52 - 001891832 _____ () C:\Users\Sofiaa\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
2018-01-09 19:59 - 2018-02-10 16:30 - 001780216 _____ () \\?\C:\Users\Sofiaa\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
2018-03-25 22:43 - 2018-03-25 22:43 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-01-09 19:58 - 2018-01-08 18:52 - 001937912 _____ () C:\Users\Sofiaa\AppData\Local\Discord\app-0.0.300\libglesv2.dll
2018-01-09 19:58 - 2018-01-08 18:52 - 000095736 _____ () C:\Users\Sofiaa\AppData\Local\Discord\app-0.0.300\libegl.dll
2018-01-09 19:59 - 2018-01-09 19:59 - 002662904 _____ () \\?\C:\Users\Sofiaa\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
2018-01-09 19:59 - 2018-03-22 20:07 - 009623896 _____ () \\?\C:\Users\Sofiaa\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
2018-01-09 19:59 - 2018-02-01 20:10 - 001508344 _____ () \\?\C:\Users\Sofiaa\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
2018-01-09 19:59 - 2018-01-09 19:59 - 000513016 _____ () \\?\C:\Users\Sofiaa\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
2018-01-09 19:59 - 2018-03-13 21:53 - 001517560 _____ () \\?\C:\Users\Sofiaa\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node
2018-01-09 19:59 - 2018-03-10 10:54 - 002749944 _____ () \\?\C:\Users\Sofiaa\AppData\Roaming\discord\0.0.300\modules\discord_contact_import\discord_contact_import.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Familia Silva\Desktop\fx9860emulator.exe:com.dropbox.attributes [166]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1268683879-3191997658-603331031-1023\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1268683879-3191997658-603331031-1023\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2018-04-09 15:31 - 000000869 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.r2rdownload.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1268683879-3191997658-603331031-1023\Control Panel\Desktop\\Wallpaper -> C:\Users\Sofiaa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.228.128.156 - 213.228.128.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Sofiaa\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => C:\Users\Sofiaa\AppData\Roaming\Spotify\Spotify.exe --autostart
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Sofiaa\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: uTorrent => "C:\Users\Sofiaa\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VDownloader => C:\Program Files\VDownloader\VDownloader.exe /silent
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C67140EF-5DF3-455D-9E26-AE6094DA51EF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F3E823A2-CB90-4CEB-94DA-FA675920D14E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{8A425A9B-0FFE-4BE8-AC1E-54F3ED616122}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{840D0E23-D647-47BE-9CB1-973C9DA74150}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{0D59C7BB-42FE-4C39-B1A9-1DB359C83977}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{33228555-8ABA-4EDA-8B91-6F929F1DB606}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{71604EDB-8770-49BC-9426-915E145697C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{8BBBB3E2-CC63-4766-9BF5-6B9ED65E9428}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{11FFFDF8-B54A-45D4-BFAB-C2326C44C838}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{838A94FD-6061-4A48-8E73-49622F526094}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{47C44C35-6466-46A9-8D60-47142926D4AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{B5E42672-2818-4414-A5FD-4C5EEDADD65F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{3EC69148-6D3D-4085-8AAD-ED0D07039D97}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{7F46D5AA-98FA-46F6-9E6E-79DC5517C911}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{7C5F1AB5-F077-48F3-9E7E-B5DCD067AB21}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{E763C450-F5CA-4E8A-98C1-EB9ED4E8418F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{D96732B2-DCA8-4656-9E31-28F3C85BC1F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{D70AEDB2-51A7-4D6F-B500-674A883A39A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{76FCA29B-3DB7-4AA3-ACAB-B16C3D6BD17B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{542A92D4-B012-40DB-837A-0218F57FC227}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{04F3C738-A517-4EDE-BF7C-D7C87122AA83}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{907F0FC2-0C8B-4DE1-B484-E0E9E268FFFE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{2DBC973E-D0EB-4F03-8A2D-4F3D326952B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{316B65D9-FAAC-480F-B51C-DB76D81B226A}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{F5D9CD8C-A274-4A8B-82A6-DDE538652EE0}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{5951DC9C-C1C7-4AFF-91BC-C799D6EB853B}] => (Allow) C:\Users\Familia Silva\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D0666F42-FF6B-4DC1-9D19-CC8D72892AB0}] => (Allow) C:\Users\Familia Silva\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7A65F2DF-EB9D-4BF6-8ADB-610880A6FC09}] => (Allow) LPort=8501
FirewallRules: [{F6537A48-8B30-43AD-914A-5E84EA0294FF}] => (Allow) LPort=8501
FirewallRules: [TCP Query User{D149C3BE-597F-437C-98FC-AEA998F1DB3A}C:\users\familia silva\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\familia silva\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1639941B-CD15-4E7A-9E80-77A04B5E33F2}C:\users\familia silva\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\familia silva\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{880E547E-E15C-4724-94C2-1EE52085F72D}C:\users\convidado\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\convidado\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{182A285E-8AB3-4F12-B6BC-8698C1F9146C}C:\users\convidado\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\convidado\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{988BDDA5-4AB6-4348-B908-E13AA8318522}C:\users\convidado\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\convidado\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6653C395-E484-4064-B52A-B062BE0E6BB2}C:\users\convidado\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\convidado\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0CE6D119-D4E0-4DFB-9988-9679EFF53544}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CED0B1BC-F27D-478A-B136-3A1CC42C994C}] => (Allow) LPort=2869
FirewallRules: [{3BA98B37-4C76-46FF-B774-D49707D48E93}] => (Allow) LPort=1900
FirewallRules: [{926C4681-EAB1-462E-8811-EBA5CFA1B73D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{052B0E77-40F6-4EF0-A992-BDCEFD9E72B4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A0C3CD33-4CC5-4A8C-96A4-48052F6E24B0}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe
FirewallRules: [{84A6799B-ADFB-4AC2-A873-083BBC8ACD61}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe
FirewallRules: [{981695F6-5EC1-41D6-B3F8-04031FBDF6EC}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [{A2E22CF1-98FA-4F45-A266-25E3293E7412}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [{404EED37-895E-4F25-B7D9-6217D40CF254}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [{81FDF65F-9B59-4930-B6B9-40419DB69DC8}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [{B88ABD96-E3DE-473E-83ED-008EDDADA5AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{95F7D95C-E9A4-4013-A918-2414B173694C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{A88B179B-FBA1-4DF7-9D18-64CDA974F1CD}C:\users\sofiaa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sofiaa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A8D70E01-4B91-4751-B2CB-00BB0A0BA5A1}C:\users\sofiaa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sofiaa\appdata\local\akamai\netsession_win.exe
FirewallRules: [{D0916C3F-08C2-4F63-8D0D-57A67788CA43}] => (Allow) C:\Program Files (x86)\Yeahseed\Application\chrome.exe
FirewallRules: [{6CF9DA0E-F993-4083-AE2E-1729D4E55451}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{A01E2D75-7BF4-4D07-91B8-B963959E3150}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{B3A291D3-84A7-44EA-9520-A9D7BE385359}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C3DC3B82-3AF1-4F6B-8A08-07362AD175A8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A7F1FE9D-D6D7-480F-A8A2-AB597720342F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CrushCrush\CrushCrush.exe
FirewallRules: [{ABEA907B-B99E-4C0C-875B-47885D81DC04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CrushCrush\CrushCrush.exe
FirewallRules: [{7AD5BFE7-6535-4424-9694-7D991F56EF60}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B08B3CC6-CDCF-4388-9BFE-0900F542E758}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{191E4C52-5907-43C1-9ED6-45A55124A2EA}F:\vlcportable\app\vlc\vlc.exe] => (Allow) F:\vlcportable\app\vlc\vlc.exe
FirewallRules: [UDP Query User{730C380C-2735-44C4-8935-F0CE73572469}F:\vlcportable\app\vlc\vlc.exe] => (Allow) F:\vlcportable\app\vlc\vlc.exe
FirewallRules: [{BE88A69F-766A-4E9E-B764-A8B9E76E58EC}] => (Allow) C:\Users\Sofiaa\Downloads\bin\BlackDesert32.exe
FirewallRules: [{47AB7FB2-E50F-4FE4-BD6A-5C9DC7B4370F}] => (Allow) C:\Users\Sofiaa\Downloads\bin64\BlackDesert64.exe
FirewallRules: [{2A3E9DBF-F02C-41DB-8A7E-C369B75C6121}] => (Allow) C:\Users\Sofiaa\Downloads\BlackDesert_Launcher.exe
FirewallRules: [{4E2F4023-114E-46D9-8FE9-09898402868E}] => (Allow) C:\Users\Sofiaa\Downloads\BlackDesert_Downloader.exe
FirewallRules: [{B63BB0FB-F4C0-4260-BB4B-8376AD23A012}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{FCCF547C-2F3A-4FC2-903B-F9E26C43F52F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{8B6ADF7D-D63B-4299-968E-91EC492EB88B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{7ECD855E-2765-428D-A8A9-0F088ADB7EB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [TCP Query User{C8D2703E-8860-4BE0-8EA8-FCA50A62CFDA}C:\users\sofiaa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sofiaa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9FB99784-20EF-4EDE-80B2-964F66B9FB26}C:\users\sofiaa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sofiaa\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{525225C1-4C6F-4A0F-B59C-D36CB9B463CA}C:\users\sofiaa\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sofiaa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E1CC4466-2C4D-48BE-8925-A4F923BE8B28}C:\users\sofiaa\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sofiaa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B16A2447-DE7A-4FC2-9310-7E1260350D06}] => (Allow) C:\Users\Sofiaa\Desktop\Limpa o LIXO E ORGANIZA O COMPUTADOR PRECISA DE ESPAÇO\Guild Wars 2\Gw2-64.exe
FirewallRules: [{10DFC8AA-7603-41E8-AE05-6E89E142853A}] => (Allow) C:\Users\Sofiaa\Desktop\Limpa o LIXO E ORGANIZA O COMPUTADOR PRECISA DE ESPAÇO\Guild Wars 2\Gw2-64.exe
FirewallRules: [{D83DC2A7-C3A1-483E-9D75-E1194B8FAAB9}] => (Allow) C:\Users\Sofiaa\Desktop\Limpa o LIXO E ORGANIZA O COMPUTADOR PRECISA DE ESPAÇO\Guild Wars 2\Gw2-64.exe
FirewallRules: [{5C0F3939-C458-41A7-82B9-983CEEBEA2ED}] => (Allow) C:\Users\Sofiaa\Desktop\Limpa o LIXO E ORGANIZA O COMPUTADOR PRECISA DE ESPAÇO\Guild Wars 2\Gw2-64.exe
FirewallRules: [{224384AB-7EFA-49D0-9777-C4A60D6D41B3}] => (Allow) C:\Users\Sofiaa\Desktop\Limpa o LIXO E ORGANIZA O COMPUTADOR PRECISA DE ESPAÇO\Guild Wars 2\bin64\CoherentUI_Host.exe
FirewallRules: [{22C3AD69-1C03-485D-8004-68BC02BB7F33}] => (Allow) C:\Users\Sofiaa\Desktop\Limpa o LIXO E ORGANIZA O COMPUTADOR PRECISA DE ESPAÇO\Guild Wars 2\bin64\CoherentUI_Host.exe
FirewallRules: [{995DABFF-5807-4B20-9EE7-AF8CFDF33944}] => (Allow) C:\Users\Sofiaa\Desktop\Limpa o LIXO E ORGANIZA O COMPUTADOR PRECISA DE ESPAÇO\Guild Wars 2\bin64\CoherentUI_Host.exe
FirewallRules: [{0AC821E3-34E3-408F-8067-61A937EC11D7}] => (Allow) C:\Users\Sofiaa\Desktop\Limpa o LIXO E ORGANIZA O COMPUTADOR PRECISA DE ESPAÇO\Guild Wars 2\bin64\CoherentUI_Host.exe
FirewallRules: [{F1CBB304-D877-497B-B8BC-14395EE3573F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{1355A41D-D3BD-47D6-8185-5381EFD28395}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{4D5D0849-B232-43BB-8A0C-8F8DC05F5864}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{680F79D1-7A9D-495C-8170-A8BBC59F0336}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1ECC4761-3704-40C4-9D62-E64D2D075C9F}] => (Allow) C:\Users\Sofiaa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{03E5A32D-1C6A-4D91-9402-D11D00919E02}] => (Allow) C:\Users\Sofiaa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{80B8B0FA-B072-497E-B304-0956109D4684}C:\program files (x86)\vb\voicemeeter\voicemeeter.exe] => (Block) C:\program files (x86)\vb\voicemeeter\voicemeeter.exe
FirewallRules: [UDP Query User{33C90D6B-2713-4235-A369-01533BF992F4}C:\program files (x86)\vb\voicemeeter\voicemeeter.exe] => (Block) C:\program files (x86)\vb\voicemeeter\voicemeeter.exe
FirewallRules: [TCP Query User{BD476AC9-1465-48CE-8CD0-FE5603FFF970}C:\program files (x86)\vb\voicemeeter\voicemeetermacrobuttons.exe] => (Allow) C:\program files (x86)\vb\voicemeeter\voicemeetermacrobuttons.exe
FirewallRules: [UDP Query User{6F4B5F1B-1DDC-4384-B337-4775A8EC70C4}C:\program files (x86)\vb\voicemeeter\voicemeetermacrobuttons.exe] => (Allow) C:\program files (x86)\vb\voicemeeter\voicemeetermacrobuttons.exe
FirewallRules: [TCP Query User{C7D2EA54-1640-44D4-8581-22E25A8370FA}C:\program files (x86)\vb\voicemeeter\vban2midi.exe] => (Allow) C:\program files (x86)\vb\voicemeeter\vban2midi.exe
FirewallRules: [UDP Query User{DC71DC7E-C4B7-4A25-A720-49DC5B195D12}C:\program files (x86)\vb\voicemeeter\vban2midi.exe] => (Allow) C:\program files (x86)\vb\voicemeeter\vban2midi.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Adaptador de Túnel Teredo da Microsoft
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/15/2018 06:08:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/15/2018 05:57:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: O descarregamento das cadeias do contador de desempenho do serviço WmiApRpl (WmiApRpl) falhou. A primeira DWORD na secção Data contém o código de erro.
 
Error: (04/15/2018 05:57:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: As cadeias de desempenho no valor de registo de desempenho estão danificadas para o fornecedor de contadores de extensão do processo Performance. O valor de BaseIndex do registo de desempenho é a primeira DWORD na secção Data, o valor de LastCounter é a segunda DWORD na secção Data e o valor LastHelp é a terceira DWORD na secção Data.
 
Error: (04/15/2018 05:57:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: As cadeias de desempenho no valor de registo de desempenho estão danificadas para o fornecedor de contadores de extensão do processo Performance. O valor de BaseIndex do registo de desempenho é a primeira DWORD na secção Data, o valor de LastCounter é a segunda DWORD na secção Data e o valor LastHelp é a terceira DWORD na secção Data.
 
Error: (04/15/2018 05:52:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/15/2018 03:42:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: O descarregamento das cadeias do contador de desempenho do serviço WmiApRpl (WmiApRpl) falhou. A primeira DWORD na secção Data contém o código de erro.
 
Error: (04/15/2018 03:42:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: As cadeias de desempenho no valor de registo de desempenho estão danificadas para o fornecedor de contadores de extensão do processo Performance. O valor de BaseIndex do registo de desempenho é a primeira DWORD na secção Data, o valor de LastCounter é a segunda DWORD na secção Data e o valor LastHelp é a terceira DWORD na secção Data.
 
Error: (04/15/2018 03:42:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: As cadeias de desempenho no valor de registo de desempenho estão danificadas para o fornecedor de contadores de extensão do processo Performance. O valor de BaseIndex do registo de desempenho é a primeira DWORD na secção Data, o valor de LastCounter é a segunda DWORD na secção Data e o valor LastHelp é a terceira DWORD na secção Data.
 
 
System errors:
=============
Error: (04/15/2018 06:10:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço Serviço Google Update (gupdate) falhou o arranque devido ao seguinte erro: 
O sistema não conseguiu localizar o ficheiro especificado.
 
Error: (04/15/2018 06:09:13 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: O serviço avgbIDSAgent terminou com o erro específico do serviço %%-536753635.
 
Error: (04/15/2018 06:08:31 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: FamiliaSilva-PC)
Description: Falha no processamento da Política de Grupo. O Windows não conseguiu aplicar as definições de política baseadas no registo para o objecto LocalGPO da Política de Grupo. As definições da Política de Grupo não serão resolvidas enquanto este evento não for resolvido. Consulte os detalhes do evento para obter mais informações sobre o nome do ficheiro e o caminho que causaram a falha.
 
Error: (04/15/2018 06:06:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: O servidor {3EB3C877-1F16-487C-9050-104DBCD66683} não foi registado no DCOM dentro do tempo de espera requerido.
 
Error: (04/15/2018 06:06:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço de Lista de Redes depende do serviço Identificação da localização na rede o qual falhou o arranque devido ao seguinte erro: 
O serviço ou grupo de dependência não conseguiu ser iniciado.
 
Error: (04/15/2018 06:06:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço de Lista de Redes depende do serviço Identificação da localização na rede o qual falhou o arranque devido ao seguinte erro: 
O serviço ou grupo de dependência não conseguiu ser iniciado.
 
Error: (04/15/2018 06:06:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço de Lista de Redes depende do serviço Identificação da localização na rede o qual falhou o arranque devido ao seguinte erro: 
O serviço ou grupo de dependência não conseguiu ser iniciado.
 
Error: (04/15/2018 06:06:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço de Lista de Redes depende do serviço Identificação da localização na rede o qual falhou o arranque devido ao seguinte erro: 
O serviço ou grupo de dependência não conseguiu ser iniciado.
 
 
Windows Defender:
===================================
Date: 2017-06-04 10:17:42.757
Description: 
A análise de Windows Defender parou antes de ser concluída.
ID de Análise:{0033705D-124C-4F1E-B0B7-1EB68D25C020}
Tipo de Análise:AntiSpyware
Parâmetros de Análise:Análise Rápida
Utilizador:NT AUTHORITY\Serviço de rede
 
Date: 2016-12-16 15:13:29.252
Description: 
A análise de Windows Defender parou antes de ser concluída.
ID de Análise:{43487DE1-6239-4C73-959B-FC125B86647B}
Tipo de Análise:AntiSpyware
Parâmetros de Análise:Análise Rápida
Utilizador:NT AUTHORITY\Serviço de rede
 
Date: 2016-11-13 07:48:31.175
Description: 
Windows Defender detectou spyware ou outro software potencialmente indesejável.
Para mais informações, consulte:
Nome:BrowserModifier:Win32/SupTab
ID:214126
Gravidade:Alto
Categoria:Modificador de Browser
Caminho Encontrado:file:C:\ProgramData\UvConverter\UvConverter.exe;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\b_2643743_EN.json;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\b_autoip_EN.json;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy00.png;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy01.png;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy02.png;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy03.png;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy04.png;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy05.png;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c
Tipo de Detecção:Concreto
Origem da Detecção:Sistema
Estado:Desconhecido
Utilizador:NT AUTHORITY\SYSTEM
Nome do Processo:
 
Date: 2016-11-12 18:41:14.962
Description: 
Windows Defender detectou spyware ou outro software potencialmente indesejável.
Para mais informações, consulte:
Nome:BrowserModifier:Win32/SupTab
ID:214126
Gravidade:Alto
Categoria:Modificador de Browser
Caminho Encontrado:file:C:\ProgramData\UvConverter\UvConverter.exe;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\b_2643743_EN.json;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\b_autoip_EN.json;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy00.png;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy01.png;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy02.png;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy03.png;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy04.png;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy05.png;file:c:\users\familia silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c
Tipo de Detecção:Concreto
Origem da Detecção:Sistema
Estado:Desconhecido
Utilizador:NT AUTHORITY\SYSTEM
Nome do Processo:
 
Date: 2016-11-11 21:48:48.847
Description: 
Windows Defender detectou spyware ou outro software potencialmente indesejável.
Para mais informações, consulte:
Nome:BrowserModifier:Win32/SupTab
ID:214126
Gravidade:Alto
Categoria:Modificador de Browser
Caminho Encontrado:file:C:\ProgramData\UvConverter\UvConverter.exe;file:C:\Users\Familia Silva\AppData\Roaming\Corner Sunshine\b_2643743_EN.json;file:C:\Users\Familia Silva\AppData\Roaming\Corner Sunshine\b_autoip_EN.json;file:C:\Users\Familia Silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy00.png;file:C:\Users\Familia Silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy01.png;file:C:\Users\Familia Silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy02.png;file:C:\Users\Familia Silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy03.png;file:C:\Users\Familia Silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy04.png;file:C:\Users\Familia Silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c815f67132b949\cloudy05.png;file:C:\Users\Familia Silva\AppData\Roaming\Corner Sunshine\picture\cloudy_e17e6047cf929e7ea4c
Tipo de Detecção:Concreto
Origem da Detecção:Sistema
Estado:Desconhecido
Utilizador:NT AUTHORITY\SYSTEM
Nome do Processo:
 
Date: 2016-09-02 15:28:22.431
Description: 
O motor de %1 foi terminado devido a um erro inesperado.
Tipo de Falha:%5
Código de Excepção:%6
Recurso:%3
 
Date: 2016-07-08 16:20:30.984
Description: 
Windows Defender encontrou um erro ao tentar carregar assinaturas e irá tentar reverter para um conjunto de assinaturas em condições conhecido.
Assinaturas Tentadas:Actual
Código de Erro:0x8050800d
Descrição do Erro:Não foi possível apresentar alguns itens do histórico. Aguarde alguns minutos e volte a tentar. Se tal não funcionar, limpe o histórico e volte a tentar. 
Versão de Assinatura:1.225.793.0
Versão de Motor:1.1.12902.0
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 43%
Total physical RAM: 7862.01 MB
Available physical RAM: 4436.25 MB
Total Virtual: 15722.21 MB
Available Virtual: 12127.46 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:13.05 GB) NTFS
Drive e: (Sistema Reservado) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Novo volume) (Fixed) (Total:1863.01 GB) (Free:1856.68 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: E402D98B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=42)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: D238DA12)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#5
Bruce1270
Posted 16 April 2018 - 04:01 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,697 posts
Hi musicianindistress

let's see what we can do. First an advisory


As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Risks of Peer to Peer systems
P2P programs: Popular and perilous

If you continue to use P2P programs it is likely that you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to do this, you can do so by:
  • Please go to Start Menu -> Control Panel -> Programs and Features for Windows 7 and Vista.
  • Click on uTorrent.
  • Click uninstall.
If you decide to keep the programs in spite of the risks involved, do not use them until I have finished cleaning your computer and have given you the all clear.

Multiple AVS

Multiple installed antivirus products can lead to a clash as products fight for access to files which are being opened since they need to be checked for viruses.
In general terms, the programs may conflict and cause:
False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to multiple products attempting to access the same file at the same time.

Please remove AVG.
To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall e.g. AVG AntiVirus FREE
Click uninstall.


Step1 - CK scanner
  • Download CKScanner from here
  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).
  • Give permission if necessary, and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please run the program once only.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


    Step2 - Uninstall Chrome

    1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
    2. Open your Google Dashboard. Make sure that you are signed in to your Google account.
    3. Click Reset sync to stop syncing and clear all of your synced data.
    4. Click OK.
    5. Now we need to uninstall chrome.
    6. Close all Chrome windows and tabs.
    7. Go to the Start menu > Control Panel.
    8. Click Uninstall a Program or Programmes and Features
    9. Double-click Google Chrome.
    10. Click Uninstall from the confirmation dialogue. Select the "Also delete your browsing data" tick box.

    Do not reinstall Chrome until I instruct you to do so.


    Step3 - FRST fix


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   6.61KB   4 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.jpg
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

    Things for your next post:
  • CKFiles.txt
  • Confirm that Google is uninstalled.
  • fixlog.txt

  • 0

#6
musicianindistress
Posted 18 April 2018 - 12:16 PM

musicianindistress

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Okay, I uninstalled what you told me to. Here are the files:

 

CKfiles:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\image-line\fl studio 12\data\patches\packs\drums (modeaudio)\claps\ma firecracker clap.wv
c:\program files (x86)\image-line\fl studio 12\data\patches\packs\drums (modeaudio)\hi hats\ma firecracker chat.wv
c:\program files (x86)\image-line\fl studio 12\data\patches\packs\drums (modeaudio)\kicks\ma firecracker kick.wv
c:\program files (x86)\image-line\fl studio 12\data\patches\packs\drums (modeaudio)\snares\ma firecracker snare.wv
c:\program files (x86)\image-line\fl studio 12\data\patches\plugin presets\generators\drumpad\sound fx\crack.fst
c:\program files (x86)\image-line\fl studio 12\plugins\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\effects\hardcore\presets\default\i cracked my tube!.hdprg
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\generators\sawer\presets\ambient\mc cracked.sawer
c:\program files (x86)\image-line\fl studio 12\plugins\fruity\generators\toxic biohazard\presets\basses\crack.tbio
c:\program files (x86)\image-line\fl studio 12\plugins\hardcore\default\i cracked my tube!.hdprg
c:\program files (x86)\image-line\fl studio 12\plugins\sawer\ambient\mc cracked.sawer
c:\program files (x86)\image-line\fl studio 12\plugins\toxic biohazard\basses\crack.tbio
c:\users\familia silva\desktop\alf\documents\image-line\data\drumaxx\drum patches\sound fx\crack.dmpatch
c:\users\familia silva\desktop\alf\documents\image-line\data\hardcore\default\i cracked my tube!.hdprg
c:\users\familia silva\desktop\alf\documents\image-line\data\sawer\ambient\mc cracked.sawer
c:\users\familia silva\desktop\alf\documents\image-line\data\toxic biohazard\basses\crack.tbio
c:\users\familia silva\desktop\image-line fl studio producer edition 12.5.1 build 5 + patch [sadeempc]\crack\hostchange.cmd
c:\users\familia silva\desktop\image-line fl studio producer edition 12.5.1 build 5 + patch [sadeempc]\crack\readme.txt
c:\users\familia silva\desktop\keygen\flregkey.reg
scanner sequence 3.ZZ.11.QHNAEZ
 ----- EOF -----
  

fixlog:

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Sofiaa (18-04-2018 19:12:10) Run:1
Running from C:\Users\Sofiaa\Desktop
Loaded Profiles: Familia Silva & Sofiaa & Utilizador padrão & Convidado (Available Profiles: Familia Silva & Sofiaa & Utilizador padrão & Convidado)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ShortcutTarget: Dropbox.lnk -> C:\Users\Sofiaa\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShortcutTarget: Dropbox.lnk -> C:\Users\Sofiaa\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicy\User: Restriction <==== ATTENTION
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\plugins\ArcPluginIE.dll => No File
Handler: WSWSVCUchrome - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [X]
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
2018-04-09 15:31 - 2018-04-09 15:32 - 000000000 ____D C:\Users\Familia Silva\Desktop\keygen
2018-04-09 15:31 - 2018-04-09 15:32 - 000000000 ____D C:\Users\Familia Silva\Desktop\Image-Line FL Studio Producer Edition 12.5.1 Build 5 + Patch [SadeemPC]
2018-04-09 15:26 - 2018-04-09 15:27 - 000068720 _____ C:\Users\Sofiaa\Desktop\untitled.flp
2018-04-09 15:26 - 2018-04-09 15:26 - 000068720 _____ C:\Users\Sofiaa\Desktop\q3we.flp
2018-04-09 15:10 - 2018-04-09 15:34 - 000002004 _____ C:\Users\Public\Desktop\FL Studio 12 (64bit).lnk
2018-04-09 15:10 - 2018-04-09 15:34 - 000001988 _____ C:\Users\Public\Desktop\FL Studio 12.lnk
2018-04-09 15:10 - 2018-04-09 15:10 - 000000000 ____D C:\Users\Familia Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-04-09 15:10 - 2018-04-09 15:10 - 000000000 ____D C:\Users\Familia Silva\AppData\Roaming\Image-Line
2018-03-25 12:01 - 2018-03-25 22:46 - 000000004 _____ C:\ProgramData\lock.dat
2018-03-25 12:01 - 2018-03-25 14:34 - 000000008 _____ C:\ProgramData\rwi.jhad
2018-03-25 11:33 - 2018-03-25 11:33 - 000000000 ____D C:\Users\Sofiaa\AppData\Roaming\WidModule
2018-03-25 11:31 - 2018-04-15 18:08 - 000000280 ____H C:\Windows\Tasks\{09EFC5AB-D230-AB81-74D2-4D2309EFC5AB}.job
2018-03-25 11:31 - 2018-03-25 22:48 - 000000000 ____D C:\ProgramData\dahjService
2018-03-25 11:31 - 2018-03-25 11:31 - 000003642 _____ C:\Windows\System32\Tasks\{DA409434-5703-FFF2-6EF2-C96686C95FC8}
2018-03-25 11:31 - 2018-03-25 11:31 - 000003476 _____ C:\Windows\System32\Tasks\{312B53AD-E943-9D18-CF8F-B118EE1C3B74}
2018-03-25 11:31 - 2018-03-25 11:31 - 000000003 _____ C:\Users\Sofiaa\AppData\Local\wbem.ini
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\Users\Sofiaa\AppData\Roaming\Lavasoft
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\Users\Sofiaa\AppData\Local\Lavasoft
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\ProgramData\Lavasoft
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\Program Files (x86)\Lavasoft
1623-04-04 11:37 - 1623-04-04 11:37 - 000073216 ____N (Microsoft Corporation) C:\Users\Sofiaa\AppData\Roaming\niZHaUI.exe
1623-04-04 11:37 - 1623-04-04 11:37 - 000186368 ____N (Microsoft Corporation) C:\Users\Sofiaa\AppData\Roaming\rCEajDayOvQ.exe
CustomCLSID: HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Users\Sofiaa\Desktop\Notepad++\NppShell_06.dll -> No File
Task: {3073252B-F0A6-4A54-BB02-15451E7214A1} - \{09EFC5AB-D230-AB81-74D2-4D2309EFC5AB} -> No File <==== ATTENTION
Task: {59BCBE78-917D-4846-8829-4E33C36C529C} - System32\Tasks\{312B53AD-E943-9D18-CF8F-B118EE1C3B74} => C:\Users\Sofiaa\AppData\Roaming\niZHaUI.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {F4D3DA7E-C319-4BB0-A762-63164B22F620} - System32\Tasks\{DA409434-5703-FFF2-6EF2-C96686C95FC8} => C:\Windows\SysWOW64\PfeUpEF.exe [1623-04-04] (Microsoft Corporation)
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
FirewallRules: [{D0916C3F-08C2-4F63-8D0D-57A67788CA43}] => (Allow) C:\Program Files (x86)\Yeahseed\Application\chrome.exe
C:\Program Files (x86)\Yeahseed
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:


  • 0

#7
Bruce1270
Posted 18 April 2018 - 02:14 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,697 posts
There are signs of cracked software on your PC. I will need you to remove this in order for me to continue to help you.

The use of Keygens and Cracks inevitably leads to infection. Further, it is contrary to this sites Terms of Use.

Please remove the following programs:

FL Studio 12
FL Studio ASIO

Please confirm if you have removed the software or if you do not wish to proceed any further.

Also looks like you have posted the fixlist instead of the fixlog.

This can be found in the location %SystemDrive%\FRST\Logs (in most cases this will be C:\FRST\Logs). Look for the log called Fixlog with the last date and time it was run. The log should open with notepad. Please copy and paste the log in your next reply.
  • 0

#8
musicianindistress
Posted 19 April 2018 - 01:55 PM

musicianindistress

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

There are signs of cracked software on your PC. I will need you to remove this in order for me to continue to help you.

The use of Keygens and Cracks inevitably leads to infection. Further, it is contrary to this sites Terms of Use.

Please remove the following programs:

FL Studio 12
FL Studio ASIO

Please confirm if you have removed the software or if you do not wish to proceed any further.

Also looks like you have posted the fixlist instead of the fixlog.

This can be found in the location %SystemDrive%\FRST\Logs (in most cases this will be C:\FRST\Logs). Look for the log called Fixlog with the last date and time it was run. The log should open with notepad. Please copy and paste the log in your next reply.

Okay, I deleted the programs you asked me to.

 

Here's the FRST log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Sofiaa (18-04-2018 19:12:10) Run:1
Running from C:\Users\Sofiaa\Desktop
Loaded Profiles: Familia Silva & Sofiaa & Utilizador padrão & Convidado (Available Profiles: Familia Silva & Sofiaa & Utilizador padrão & Convidado)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ShortcutTarget: Dropbox.lnk -> C:\Users\Sofiaa\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShortcutTarget: Dropbox.lnk -> C:\Users\Sofiaa\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicy\User: Restriction <==== ATTENTION
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\plugins\ArcPluginIE.dll => No File
Handler: WSWSVCUchrome - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [X]
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
2018-04-09 15:31 - 2018-04-09 15:32 - 000000000 ____D C:\Users\Familia Silva\Desktop\keygen
2018-04-09 15:31 - 2018-04-09 15:32 - 000000000 ____D C:\Users\Familia Silva\Desktop\Image-Line FL Studio Producer Edition 12.5.1 Build 5 + Patch [SadeemPC]
2018-04-09 15:26 - 2018-04-09 15:27 - 000068720 _____ C:\Users\Sofiaa\Desktop\untitled.flp
2018-04-09 15:26 - 2018-04-09 15:26 - 000068720 _____ C:\Users\Sofiaa\Desktop\q3we.flp
2018-04-09 15:10 - 2018-04-09 15:34 - 000002004 _____ C:\Users\Public\Desktop\FL Studio 12 (64bit).lnk
2018-04-09 15:10 - 2018-04-09 15:34 - 000001988 _____ C:\Users\Public\Desktop\FL Studio 12.lnk
2018-04-09 15:10 - 2018-04-09 15:10 - 000000000 ____D C:\Users\Familia Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-04-09 15:10 - 2018-04-09 15:10 - 000000000 ____D C:\Users\Familia Silva\AppData\Roaming\Image-Line
2018-03-25 12:01 - 2018-03-25 22:46 - 000000004 _____ C:\ProgramData\lock.dat
2018-03-25 12:01 - 2018-03-25 14:34 - 000000008 _____ C:\ProgramData\rwi.jhad
2018-03-25 11:33 - 2018-03-25 11:33 - 000000000 ____D C:\Users\Sofiaa\AppData\Roaming\WidModule
2018-03-25 11:31 - 2018-04-15 18:08 - 000000280 ____H C:\Windows\Tasks\{09EFC5AB-D230-AB81-74D2-4D2309EFC5AB}.job
2018-03-25 11:31 - 2018-03-25 22:48 - 000000000 ____D C:\ProgramData\dahjService
2018-03-25 11:31 - 2018-03-25 11:31 - 000003642 _____ C:\Windows\System32\Tasks\{DA409434-5703-FFF2-6EF2-C96686C95FC8}
2018-03-25 11:31 - 2018-03-25 11:31 - 000003476 _____ C:\Windows\System32\Tasks\{312B53AD-E943-9D18-CF8F-B118EE1C3B74}
2018-03-25 11:31 - 2018-03-25 11:31 - 000000003 _____ C:\Users\Sofiaa\AppData\Local\wbem.ini
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\Users\Sofiaa\AppData\Roaming\Lavasoft
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\Users\Sofiaa\AppData\Local\Lavasoft
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\ProgramData\Lavasoft
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\Program Files (x86)\Lavasoft
1623-04-04 11:37 - 1623-04-04 11:37 - 000073216 ____N (Microsoft Corporation) C:\Users\Sofiaa\AppData\Roaming\niZHaUI.exe
1623-04-04 11:37 - 1623-04-04 11:37 - 000186368 ____N (Microsoft Corporation) C:\Users\Sofiaa\AppData\Roaming\rCEajDayOvQ.exe
CustomCLSID: HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{073CB204-6B29-46FC-AB98-45


  • 0

#9
Bruce1270
Posted 19 April 2018 - 03:43 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,697 posts
Hi

It looks like the fixlog has cut off in your post.

Open up the fixlog file, it should open in notepad. Click on Edit > Select All. Click on Edit > Copy

Then paste the content into your next reply.
  • 0

#10
musicianindistress
Posted Yesterday, 01:53 PM

musicianindistress

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

 

Oops, sorry here it is

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Sofiaa (18-04-2018 19:12:10) Run:1
Running from C:\Users\Sofiaa\Desktop
Loaded Profiles: Familia Silva & Sofiaa & Utilizador padrão & Convidado (Available Profiles: Familia Silva & Sofiaa & Utilizador padrão & Convidado)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ShortcutTarget: Dropbox.lnk -> C:\Users\Sofiaa\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShortcutTarget: Dropbox.lnk -> C:\Users\Sofiaa\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicy\User: Restriction <==== ATTENTION
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\plugins\ArcPluginIE.dll => No File
Handler: WSWSVCUchrome - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [X]
S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 VBAudioVMVAIOMME; system32\DRIVERS\vbaudio_vmvaio64_win7.sys [X]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
2018-04-09 15:31 - 2018-04-09 15:32 - 000000000 ____D C:\Users\Familia Silva\Desktop\keygen
2018-04-09 15:31 - 2018-04-09 15:32 - 000000000 ____D C:\Users\Familia Silva\Desktop\Image-Line FL Studio Producer Edition 12.5.1 Build 5 + Patch [SadeemPC]
2018-04-09 15:26 - 2018-04-09 15:27 - 000068720 _____ C:\Users\Sofiaa\Desktop\untitled.flp
2018-04-09 15:26 - 2018-04-09 15:26 - 000068720 _____ C:\Users\Sofiaa\Desktop\q3we.flp
2018-04-09 15:10 - 2018-04-09 15:34 - 000002004 _____ C:\Users\Public\Desktop\FL Studio 12 (64bit).lnk
2018-04-09 15:10 - 2018-04-09 15:34 - 000001988 _____ C:\Users\Public\Desktop\FL Studio 12.lnk
2018-04-09 15:10 - 2018-04-09 15:10 - 000000000 ____D C:\Users\Familia Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2018-04-09 15:10 - 2018-04-09 15:10 - 000000000 ____D C:\Users\Familia Silva\AppData\Roaming\Image-Line
2018-03-25 12:01 - 2018-03-25 22:46 - 000000004 _____ C:\ProgramData\lock.dat
2018-03-25 12:01 - 2018-03-25 14:34 - 000000008 _____ C:\ProgramData\rwi.jhad
2018-03-25 11:33 - 2018-03-25 11:33 - 000000000 ____D C:\Users\Sofiaa\AppData\Roaming\WidModule
2018-03-25 11:31 - 2018-04-15 18:08 - 000000280 ____H C:\Windows\Tasks\{09EFC5AB-D230-AB81-74D2-4D2309EFC5AB}.job
2018-03-25 11:31 - 2018-03-25 22:48 - 000000000 ____D C:\ProgramData\dahjService
2018-03-25 11:31 - 2018-03-25 11:31 - 000003642 _____ C:\Windows\System32\Tasks\{DA409434-5703-FFF2-6EF2-C96686C95FC8}
2018-03-25 11:31 - 2018-03-25 11:31 - 000003476 _____ C:\Windows\System32\Tasks\{312B53AD-E943-9D18-CF8F-B118EE1C3B74}
2018-03-25 11:31 - 2018-03-25 11:31 - 000000003 _____ C:\Users\Sofiaa\AppData\Local\wbem.ini
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\Users\Sofiaa\AppData\Roaming\Lavasoft
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\Users\Sofiaa\AppData\Local\Lavasoft
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\ProgramData\Lavasoft
2018-03-25 11:29 - 2018-03-25 11:29 - 000000000 ____D C:\Program Files (x86)\Lavasoft
1623-04-04 11:37 - 1623-04-04 11:37 - 000073216 ____N (Microsoft Corporation) C:\Users\Sofiaa\AppData\Roaming\niZHaUI.exe
1623-04-04 11:37 - 1623-04-04 11:37 - 000186368 ____N (Microsoft Corporation) C:\Users\Sofiaa\AppData\Roaming\rCEajDayOvQ.exe
CustomCLSID: HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\DirectConnect2015 (64-bit)\bin\Aruba\Inventor Server\Bin\TestServer.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Users\Sofiaa\Desktop\Notepad++\NppShell_06.dll -> No File
Task: {3073252B-F0A6-4A54-BB02-15451E7214A1} - \{09EFC5AB-D230-AB81-74D2-4D2309EFC5AB} -> No File <==== ATTENTION
Task: {59BCBE78-917D-4846-8829-4E33C36C529C} - System32\Tasks\{312B53AD-E943-9D18-CF8F-B118EE1C3B74} => C:\Users\Sofiaa\AppData\Roaming\niZHaUI.exe [1623-04-04] (Microsoft Corporation) <==== ATTENTION
Task: {F4D3DA7E-C319-4BB0-A762-63164B22F620} - System32\Tasks\{DA409434-5703-FFF2-6EF2-C96686C95FC8} => C:\Windows\SysWOW64\PfeUpEF.exe [1623-04-04] (Microsoft Corporation)
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
FirewallRules: [{D0916C3F-08C2-4F63-8D0D-57A67788CA43}] => (Allow) C:\Program Files (x86)\Yeahseed\Application\chrome.exe
C:\Program Files (x86)\Yeahseed
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:

*****************

Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"C:\Users\Sofiaa\AppData\Roaming\Dropbox\bin\Dropbox.exe" => not found
"C:\Users\Sofiaa\AppData\Roaming\Dropbox\bin\Dropbox.exe" => not found
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F}" => removed successfully
"HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7" => removed successfully
"HKLM\System\CurrentControlSet\Services\gupdate" => removed successfully
gupdate => service removed successfully
"HKLM\System\CurrentControlSet\Services\gupdatem" => removed successfully
gupdatem => service removed successfully
"HKLM\System\CurrentControlSet\Services\WCAssistantService" => removed successfully
WCAssistantService => service removed successfully
"HKLM\System\CurrentControlSet\Services\DrvAgent64" => removed successfully
DrvAgent64 => service removed successfully
"HKLM\System\CurrentControlSet\Services\MBfilt" => removed successfully
MBfilt => service removed successfully
"HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_4" => removed successfully
NTIOLib_1_0_4 => service removed successfully
"HKLM\System\CurrentControlSet\Services\VBAudioVMVAIOMME" => removed successfully
VBAudioVMVAIOMME => service removed successfully
"HKLM\System\CurrentControlSet\Services\WacHidRouterPro" => removed successfully
WacHidRouterPro => service removed successfully
"HKLM\System\CurrentControlSet\Services\wacomrouterfilter" => removed successfully
wacomrouterfilter => service removed successfully
C:\Users\Familia Silva\Desktop\keygen => moved successfully
C:\Users\Familia Silva\Desktop\Image-Line FL Studio Producer Edition 12.5.1 Build 5 + Patch [SadeemPC] => moved successfully
C:\Users\Sofiaa\Desktop\untitled.flp => moved successfully
C:\Users\Sofiaa\Desktop\q3we.flp => moved successfully
C:\Users\Public\Desktop\FL Studio 12 (64bit).lnk => moved successfully
C:\Users\Public\Desktop\FL Studio 12.lnk => moved successfully
C:\Users\Familia Silva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line => moved successfully
C:\Users\Familia Silva\AppData\Roaming\Image-Line => moved successfully
C:\ProgramData\lock.dat => moved successfully
C:\ProgramData\rwi.jhad => moved successfully
C:\Users\Sofiaa\AppData\Roaming\WidModule => moved successfully
C:\Windows\Tasks\{09EFC5AB-D230-AB81-74D2-4D2309EFC5AB}.job => moved successfully
C:\ProgramData\dahjService => moved successfully
C:\Windows\System32\Tasks\{DA409434-5703-FFF2-6EF2-C96686C95FC8} => moved successfully
C:\Windows\System32\Tasks\{312B53AD-E943-9D18-CF8F-B118EE1C3B74} => moved successfully
C:\Users\Sofiaa\AppData\Local\wbem.ini => moved successfully
C:\Users\Sofiaa\AppData\Roaming\Lavasoft => moved successfully
C:\Users\Sofiaa\AppData\Local\Lavasoft => moved successfully
C:\ProgramData\Lavasoft => moved successfully
C:\Program Files (x86)\Lavasoft => moved successfully
C:\Users\Sofiaa\AppData\Roaming\niZHaUI.exe => moved successfully
C:\Users\Sofiaa\AppData\Roaming\rCEajDayOvQ.exe => moved successfully
"HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}" => removed successfully
"HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}" => removed successfully
"HKU\S-1-5-21-1268683879-3191997658-603331031-1023_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => removed successfully
HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64" => removed successfully
"HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3073252B-F0A6-4A54-BB02-15451E7214A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3073252B-F0A6-4A54-BB02-15451E7214A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09EFC5AB-D230-AB81-74D2-4D2309EFC5AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59BCBE78-917D-4846-8829-4E33C36C529C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59BCBE78-917D-4846-8829-4E33C36C529C}" => removed successfully
"C:\Windows\System32\Tasks\{312B53AD-E943-9D18-CF8F-B118EE1C3B74}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{312B53AD-E943-9D18-CF8F-B118EE1C3B74}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4D3DA7E-C319-4BB0-A762-63164B22F620}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4D3DA7E-C319-4BB0-A762-63164B22F620}" => removed successfully
"C:\Windows\System32\Tasks\{DA409434-5703-FFF2-6EF2-C96686C95FC8}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DA409434-5703-FFF2-6EF2-C96686C95FC8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Web Companion" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0916C3F-08C2-4F63-8D0D-57A67788CA43}" => removed successfully
"C:\Program Files (x86)\Yeahseed" => not found

========= netsh advfirewall reset =========

OK.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

OK.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 72483512 B
Java, Flash, Steam htmlcache => 91796384 B
Windows/system/drivers => 14157623 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 116939332 B
systemprofile32 => 89161 B
LocalService => 132244 B
NetworkService => 66228 B
Familia Silva => 20841762 B
Sofiaa => 662905863 B
Utilizador padrão => 28713621 B
Convidado => 2652280 B

RecycleBin => 2933766903 B
EmptyTemp: => 3.7 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:12:53 ====


  • 0

#11
Bruce1270
Posted Yesterday, 04:48 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,697 posts
Hi

Here are next steps.

Step1 - AdwCleaner
  • Please download AdwCleaner from Malwarebytes to your desktop.
  • Right click and select Run as Admin.
  • Click I agree to accept EULA.
  • Click on Settings.
    Under Basic Repair Actions turn on:
    Reset Firewall
    Reset IPSec
    Reset Proxy
    Reset IE policies
    Reset Chrome Policies
    Reset TCP/IP
  • Click on Dashboard.
  • Click on Scan Now.
  • When scan finished click on Clean and Repair.
  • Once completed it may ask you to restart the computer. Please do so.
  • Upon reboot a log will be produced AdwCleaner[C*].txt
  • Please copy/paste the contents into your next reply.


    Step2 - Malwarebytes
  • Please download Malwarebytes to your desktop.
  • Double-click mb3-consumer-{version number}.exe and follow the prompts to install the program. Note: This will be the trial version for 14 days and then reverts to the free version.
  • Click on Scan Now

    MBAM1_Scan.jpg
  • The scan will automatically commence.

    MBAMscan2.jpg
  • If any threats are detected, Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

    MBAMScanfinished.jpg

    Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

    Things for your next post:
  • AdwCleaner[C*].txt
  • Malwarebytes log
  • How is the computer running now?

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Slow, Virus, Adware, Closing, Help

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP