Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer with several problems - suspect an infection

Started by Skybluesky , Jun 09 2018 04:25 AM

  • Please log in to reply

#1
Skybluesky
Posted 09 June 2018 - 04:25 AM

Skybluesky

    New Member

  • Member
  • Pip
  • 1 posts

So I hope I can explain all this right and I  thank in advance to anyone that can help.

 

I´m sure my computer has some sort of virus or something like it and I need help to find it and remove it.

The computer keeps crashing and freezing and there´s no way to use it for anything. It ´s constantly blocking - It´s a nightmare and I really don´t know what to do.

Because of this I´ve been trying to figure out what is wrong in the last weeks without success. But I suspect the infection is much older than that.

 

Task Manager has too may programs running - more than 100.

Some I´m not even using and these programs are all there at startup. I´m sure it´s not right - I remember when I installed Windows 10 upgrade and it always had around 10 programs maximum, maybe less.
 

I have Kaspersky Internet Security and it has some kind of problem with the Verification scan. Reinstalling Kaspersky didn´t resolve it. The complete scan starts everyday, and drags for hours stopping the computer. The only solution: shut down. Despite definitions to work only once a month, the scan keeps coming back everyday and it never finishes or finds any threat.

This seems to have stopped in the last days, after installing the latest version. I´m waiting to see if it´s really resolved.

Also, a shortcut for Karspersky on desktop stopped working and only happened to this shortcut – this is now resolved.
 

I can´t update windows - many updates fail installation.

Adobe Acrobat also doesn´t update, always fails – unistalled it

I also unistalled Flash player.

Windows Protection like Defender and other similar services seem to turn off or stop working without warning and I don´t know why. I wonder if it has a conflict with Kaspersky, but maybe it´s something else.
 

None of the programs or scanners I used found anything that resolved this, but some found PUP programs:

- Kaspersky´s Internet Security “complete verification” - found a “HEUR:Trojan.Script.Miner.gen” object that couldn´t be quarantined – it doesn´t have a path for a file there is only a web address.
 

- Kaspersky Virus Removal tool, also tried in Safe mode, administrator rights – found a PUP program “WebToolbar.Win64.SearchSuite.yl”

 

- Hitman Pro - found ILIVID and I removed all the keys and files that it indicated. It had a persistent icon on the notification area to download ilivid

- ESET premium Security - the log said it was unable to open many files

 

- Windows Defender Offline

- Windows System File checker, Scan Disk (CHCK) and DISM didn´t find any problem.

 

- Panda Cloud Cleaner found PUP files

- Emsisoft Emergency Kit - found Adware.SearchSuite.AB (B) (krnl.xmd)

- Norton Power Eraser doesn´t complete the scan. It closes suddenly and without any message. I can´t see if it left any logs cause I don´t know which program reads them.

- CCleaner says some dll files are missing but I´m not sure they´re not obsolete.

- Adware also found PUP files.
 

 

Whatever it is, I´m sure it´s still in the computer. Lately, it´s taking even longer to shutdown and start. The computer seems sometimes overwhelmed just by opening a simple program and takes long to do it.
 

I also have a doubt: how many users should there be in the registry, besides the ones that are created by the users?

Cause I have this impression that there are more users in the registry than should be.

And also while on Safe mode I saw on Task manager a DWM-1 user and it seems to be a windows thing, but how many of those like “Local Authority” and “System” does Windows have? There´s also UMFD.

 

 

I hope someone here can help in anyway. I really don´t know what next step should I take. Right now I´m trying windows fixing tools before trying everything else.

Kaspersky also has a tool for getting system info - it has useful information. I´m nit sure if I should post it here. If you want to see it, please let me know.

 

...............................................................................................................

Here are the Farbar logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by ACER (administrator) on ACER-PC (08-06-2018 19:17:09)
Running from C:\Users\ACER\Desktop
Loaded Profiles: ACER (Available Profiles: ACER & DefaultAppPool)
Platform: Windows 10 Home Version 1803 17134.48 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.22055.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-292349617-3537619796-2692666305-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-292349617-3537619796-2692666305-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-292349617-3537619796-2692666305-1000\...\Policies\Explorer: [NoLogoff] 0
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3de1fac4-b916-448f-a747-e5a362d2fc66}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{725606bd-e832-4f93-bb78-3c49e39e1486}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8c73366f-5326-4815-a1c3-8bc8a891ccef}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-292349617-3537619796-2692666305-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-19] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-19] (Oracle Corporation)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-06-06] (AO Kaspersky Lab)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-06-06] (AO Kaspersky Lab)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\IEExt\ie_plugin.dll [2018-06-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll [2018-06-06] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-292349617-3537619796-2692666305-1000 -> No Name - {3CF6E6FA-62EE-449C-A8CF-43C9F9CD5703} -  No File

FireFox:
========
FF DefaultProfile: g267n27h.default-1519990235465
FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\g267n27h.default-1519990235465 [2018-06-08]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\g267n27h.default-1519990235465\features\{4d206da0-ac1c-4e89-9a83-8daf018c4e0b}\[email protected] [2018-06-07] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-06-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1232202.dll [2018-03-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-14] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-14] (Veetle Inc)
FF Plugin HKU\S-1-5-21-292349617-3537619796-2692666305-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ACER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR NewTab: Default ->  Not-active:"chrome-extension://nkbjepdnbaaiigmiahpomfppncejojko/newtab/newtab.html"
CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default [2018-06-08]
CHR Extension: (Apresentações) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Kaspersky Protection) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-06-06]
CHR Extension: (Documentos) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-15]
CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-15]
CHR Extension: (Folhas de cálculo) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos do Google offline) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-15]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-06]
CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-05-27]
CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\System Profile [2018-05-28]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [619640 2018-02-28] (AO Kaspersky Lab)
S4 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2016-11-08] (Seiko Epson Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe [416560 2018-06-06] (AO Kaspersky Lab)
S3 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 osrss; C:\WINDOWS\system32\osrss.dll [108584 2018-01-09] (Microsoft Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-03] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (The OpenVPN Project)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (AO Kaspersky Lab)
R1 epp; C:\EEK\bin64\epp.sys [142448 2018-05-24] (Emsisoft Ltd)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [72904 2017-12-27] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [122560 2018-02-02] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [85704 2018-04-27] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2017-03-30] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [220360 2018-06-06] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1191616 2018-05-05] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [180984 2018-06-06] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1112256 2018-06-06] (AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [58048 2018-01-15] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [83496 2017-12-11] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50648 2017-05-30] (AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45784 2017-11-29] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [236488 2018-06-02] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2018-05-30] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [258864 2018-06-02] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [109248 2018-06-02] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [177848 2018-06-02] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [100552 2018-02-17] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [176328 2018-02-17] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [203968 2018-02-24] (AO Kaspersky Lab)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-06-03] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-06-03] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-03] (Microsoft Corporation)
S3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-08 19:17 - 2018-06-08 19:18 - 000018370 _____ C:\Users\ACER\Desktop\FRST.txt
2018-06-08 19:15 - 2018-06-08 19:13 - 002413056 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe
2018-06-08 18:29 - 2018-06-08 18:48 - 000000000 ____D C:\ESD
2018-06-08 18:25 - 2018-06-08 18:25 - 000000000 ___HD C:\$Windows.~WS
2018-06-08 18:25 - 2018-06-08 18:25 - 000000000 ____D C:\$WINDOWS.~BT
2018-06-08 18:22 - 2018-06-08 18:22 - 000009298 _____ C:\Users\ACER\Desktop\MediaCreationTool1803.exe - Atalho.lnk
2018-06-08 11:14 - 2018-06-08 11:15 - 000009257 _____ C:\Users\ACER\Desktop\SoftwareRepairTool.exe - Atalho.lnk
2018-06-06 14:29 - 2018-06-06 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2018-06-06 14:29 - 2018-06-06 14:27 - 000002261 _____ C:\Users\Public\Desktop\Pagamento Seguro.lnk
2018-06-06 14:29 - 2018-06-06 14:27 - 000002215 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2018-06-04 17:46 - 2018-06-04 17:46 - 001138550 _____ C:\Users\ACER\Downloads\Task Manager.zip
2018-06-04 08:44 - 2018-06-04 08:44 - 000000000 ____D C:\ProgramData\s8tk
2018-06-04 08:41 - 2018-06-04 08:41 - 000000000 ____D C:\ProgramData\s8vc
2018-06-04 08:41 - 2018-06-04 08:41 - 000000000 ____D C:\ProgramData\s4gs
2018-06-04 08:41 - 2018-06-04 08:41 - 000000000 ____D C:\ProgramData\s4eo
2018-06-04 08:39 - 2018-06-04 08:39 - 000000000 ____D C:\ProgramData\sask
2018-06-04 08:39 - 2018-06-04 08:39 - 000000000 ____D C:\ProgramData\sa2k
2018-06-04 08:39 - 2018-06-04 08:39 - 000000000 ____D C:\ProgramData\s7pk
2018-06-03 09:17 - 2018-04-28 05:27 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-03 09:16 - 2018-04-28 15:19 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-03 09:16 - 2018-04-28 15:17 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-03 09:16 - 2018-04-28 15:04 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-03 09:16 - 2018-04-28 15:03 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-06-03 09:16 - 2018-04-28 15:00 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-06-03 09:16 - 2018-04-28 14:59 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-03 09:16 - 2018-04-28 14:58 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-06-03 09:16 - 2018-04-28 14:58 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-03 09:16 - 2018-04-28 14:58 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-03 09:16 - 2018-04-28 14:31 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-03 09:16 - 2018-04-28 14:28 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-03 09:16 - 2018-04-28 14:17 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-06-03 09:16 - 2018-04-28 14:16 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-03 09:16 - 2018-04-28 14:14 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-03 09:16 - 2018-04-28 14:13 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-03 09:16 - 2018-04-28 14:12 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-06-03 09:16 - 2018-04-28 12:20 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-03 09:16 - 2018-04-28 12:17 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-06-03 09:16 - 2018-04-28 12:04 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-03 09:16 - 2018-04-28 12:02 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-03 09:16 - 2018-04-28 11:58 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-03 09:16 - 2018-04-28 10:33 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-03 09:16 - 2018-04-28 10:30 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-03 09:16 - 2018-04-28 07:18 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-03 09:16 - 2018-04-28 05:37 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-03 09:16 - 2018-04-28 05:35 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-03 09:16 - 2018-04-28 05:35 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-03 09:16 - 2018-04-28 05:31 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-03 09:16 - 2018-04-28 05:31 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-06-03 09:16 - 2018-04-28 05:30 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-03 09:16 - 2018-04-28 05:29 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-03 09:16 - 2018-04-28 05:29 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-06-03 09:16 - 2018-04-28 05:29 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-03 09:16 - 2018-04-28 05:29 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-03 09:16 - 2018-04-28 05:29 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-06-03 09:16 - 2018-04-28 05:29 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-06-03 09:16 - 2018-04-28 05:29 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-06-03 09:16 - 2018-04-28 05:29 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-06-03 09:16 - 2018-04-28 05:29 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-03 09:16 - 2018-04-28 05:28 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-03 09:16 - 2018-04-28 05:28 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-03 09:16 - 2018-04-28 05:28 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-03 09:16 - 2018-04-28 05:28 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-03 09:16 - 2018-04-28 05:27 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-03 09:16 - 2018-04-28 05:27 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-03 09:16 - 2018-04-28 05:27 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-03 09:16 - 2018-04-28 05:27 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-03 09:16 - 2018-04-28 05:27 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-03 09:16 - 2018-04-28 05:27 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-03 09:16 - 2018-04-28 05:27 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-06-03 09:16 - 2018-04-28 05:14 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-03 09:16 - 2018-04-28 05:14 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-06-03 09:16 - 2018-04-28 05:13 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-03 09:16 - 2018-04-28 05:13 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-03 09:16 - 2018-04-28 05:13 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-06-03 09:16 - 2018-04-28 05:13 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-03 09:16 - 2018-04-28 05:13 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-06-03 09:16 - 2018-04-28 05:13 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-03 09:16 - 2018-04-28 05:12 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-03 09:16 - 2018-04-28 05:12 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-06-03 09:16 - 2018-04-28 05:12 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-03 09:16 - 2018-04-28 05:11 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-03 09:16 - 2018-04-28 05:05 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-03 09:16 - 2018-04-28 05:04 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-03 09:16 - 2018-04-28 05:04 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-03 09:16 - 2018-04-28 05:04 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-03 09:16 - 2018-04-28 05:02 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-06-03 09:16 - 2018-04-28 05:00 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-03 09:16 - 2018-04-28 05:00 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-03 09:16 - 2018-04-28 05:00 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-03 09:16 - 2018-04-28 04:59 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-03 09:16 - 2018-04-28 04:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-03 09:16 - 2018-04-28 04:59 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-03 09:16 - 2018-04-28 04:59 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-03 09:16 - 2018-04-28 04:59 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-03 09:16 - 2018-04-28 04:59 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-06-03 09:16 - 2018-04-28 04:58 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-03 09:16 - 2018-04-28 04:58 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-06-03 09:16 - 2018-04-28 04:58 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-03 09:16 - 2018-04-28 04:58 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-03 09:16 - 2018-04-28 04:58 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-03 09:16 - 2018-04-28 04:56 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-03 09:16 - 2018-04-28 04:56 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-03 09:16 - 2018-04-28 04:56 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-03 09:16 - 2018-04-28 04:56 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-03 09:16 - 2018-04-28 04:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-03 09:16 - 2018-04-28 04:56 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-03 09:16 - 2018-04-28 04:56 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-03 09:16 - 2018-04-28 04:55 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-03 09:16 - 2018-04-28 04:55 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-03 09:16 - 2018-04-28 04:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-03 09:16 - 2018-04-28 04:55 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-03 09:16 - 2018-04-28 04:55 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-06-03 09:16 - 2018-04-28 04:55 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-06-03 09:16 - 2018-04-28 04:54 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-03 09:16 - 2018-04-28 04:53 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-03 09:16 - 2018-04-28 04:52 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-03 09:16 - 2018-04-28 04:52 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-03 09:16 - 2018-04-28 04:52 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-03 09:16 - 2018-04-28 04:52 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-06-03 09:16 - 2018-04-28 04:51 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-03 09:16 - 2018-04-28 04:51 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-03 09:16 - 2018-04-28 04:51 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-06-03 09:16 - 2018-04-28 03:43 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-06-03 09:15 - 2018-04-28 15:03 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-06-03 09:15 - 2018-04-28 15:03 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-06-03 09:15 - 2018-04-28 15:02 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-06-03 09:15 - 2018-04-28 15:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-03 09:15 - 2018-04-28 15:01 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-06-03 09:15 - 2018-04-28 14:59 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-03 09:15 - 2018-04-28 14:58 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-03 09:15 - 2018-04-28 14:18 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-06-03 09:15 - 2018-04-28 14:16 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-06-03 09:15 - 2018-04-28 14:14 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-06-03 09:15 - 2018-04-28 14:14 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-03 09:15 - 2018-04-28 14:13 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-06-03 09:15 - 2018-04-28 11:58 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-06-03 09:15 - 2018-04-28 05:29 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-03 09:15 - 2018-04-28 05:03 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-06-03 09:15 - 2018-04-28 05:03 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-06-03 09:15 - 2018-04-28 05:03 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-06-03 09:15 - 2018-04-28 05:03 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-06-03 09:15 - 2018-04-28 05:02 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-06-03 09:15 - 2018-04-28 05:02 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-06-03 09:15 - 2018-04-28 05:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-06-03 09:15 - 2018-04-28 05:02 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-06-03 09:15 - 2018-04-28 05:01 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-03 09:15 - 2018-04-28 05:01 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-06-03 09:15 - 2018-04-28 05:01 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-03 09:15 - 2018-04-28 05:00 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-06-03 09:15 - 2018-04-28 04:59 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-03 09:15 - 2018-04-28 04:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-03 09:15 - 2018-04-28 04:57 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-03 09:15 - 2018-04-28 04:57 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-03 09:15 - 2018-04-28 04:57 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-06-03 09:15 - 2018-04-28 04:57 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-06-03 09:15 - 2018-04-28 04:56 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-03 09:15 - 2018-04-28 04:56 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-03 09:15 - 2018-04-28 04:56 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-06-03 09:15 - 2018-04-28 04:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-03 09:15 - 2018-04-28 04:55 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-03 09:15 - 2018-04-28 04:55 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-06-03 09:15 - 2018-04-28 04:54 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-06-03 09:15 - 2018-04-28 04:53 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-03 09:15 - 2018-04-28 04:53 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-06-03 09:15 - 2018-04-28 04:53 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-03 09:15 - 2018-04-28 04:53 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-06-03 09:15 - 2018-04-28 04:52 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-03 09:15 - 2018-04-28 03:42 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-02 22:57 - 2018-06-02 22:50 - 000225651 _____ C:\Users\ACER\Documents\secar-alimentos1.pdf
2018-06-02 22:54 - 2018-06-02 22:48 - 000357058 _____ C:\Users\ACER\Documents\figo cheio e estrela de figo_receita.pdf
2018-06-02 19:23 - 2018-06-02 19:27 - 000000000 ____D C:\AdwCleaner
2018-06-02 19:20 - 2018-06-02 19:20 - 000000000 ____D C:\Users\ACER\AppData\Local\AdAwareUpdater
2018-06-02 19:20 - 2018-06-02 19:20 - 000000000 ____D C:\Program Files\Common Files\adaware
2018-06-02 19:18 - 2018-06-02 19:18 - 000000000 ____D C:\ProgramData\adaware
2018-06-02 16:34 - 2018-06-02 16:34 - 000258864 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-06-02 16:33 - 2018-06-02 16:33 - 000236488 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-06-02 16:33 - 2018-06-02 16:33 - 000177848 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-06-02 16:33 - 2018-06-02 16:33 - 000109248 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2018-06-01 22:08 - 2018-06-01 22:08 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2018-06-01 10:58 - 2018-06-01 10:58 - 000003584 _____ C:\Users\ACER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-31 17:48 - 2018-05-31 17:48 - 000736822 _____ C:\Users\ACER\Downloads\kid-pants-by-made.pdf
2018-05-30 21:48 - 2018-05-30 21:48 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2018-05-30 19:19 - 2018-06-01 10:23 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-05-30 17:05 - 2018-05-30 17:05 - 000000000 ____D C:\ProgramData\Emsisoft
2018-05-30 11:23 - 2018-05-30 11:23 - 000000000 ____D C:\ProgramData\Synaptics
2018-05-30 10:54 - 2018-05-30 10:54 - 000000000 ____D C:\ProgramData\s6gg
2018-05-30 10:47 - 2018-05-30 10:47 - 000000000 ____D C:\ProgramData\sb4g
2018-05-30 10:47 - 2018-05-30 10:47 - 000000000 ____D C:\ProgramData\s1cg
2018-05-30 10:44 - 2018-05-30 10:44 - 000000000 ____D C:\ProgramData\sbjs
2018-05-30 10:44 - 2018-05-30 10:44 - 000000000 ____D C:\ProgramData\sbho
2018-05-30 10:44 - 2018-05-30 10:44 - 000000000 ____D C:\ProgramData\s4lk
2018-05-30 10:07 - 2018-05-30 10:07 - 000000000 ____D C:\ProgramData\sa44
2018-05-30 10:00 - 2018-05-30 10:00 - 000000000 ____D C:\ProgramData\s9ec
2018-05-30 10:00 - 2018-05-30 10:00 - 000000000 ____D C:\ProgramData\s5f4
2018-05-30 09:56 - 2018-05-30 09:56 - 000000000 ____D C:\ProgramData\sp0
2018-05-30 09:56 - 2018-05-30 09:56 - 000000000 ____D C:\ProgramData\s5m4
2018-05-30 09:56 - 2018-05-30 09:56 - 000000000 ____D C:\ProgramData\s4k8
2018-05-29 15:07 - 2018-05-29 15:07 - 000161435 _____ C:\Users\ACER\Downloads\Politica_de_Privacidade.pdf
2018-05-28 20:17 - 2018-05-28 20:17 - 000000080 ___SH C:\bootTel.dat
2018-05-28 13:43 - 2018-06-08 19:17 - 000000000 ____D C:\FRST
2018-05-27 17:23 - 2018-05-27 17:23 - 000005968 _____ C:\WINDOWS\SysWOW64\BroomData.bit
2018-05-27 17:23 - 2013-04-08 15:30 - 000022752 _____ C:\WINDOWS\system32\PCloudBroom64.exe
2018-05-27 16:11 - 2018-06-04 09:50 - 000003638 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-05-27 15:33 - 2015-09-14 13:03 - 000039672 _____ C:\WINDOWS\system32\Drivers\DasPtct.SYS
2018-05-27 15:33 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2018-05-27 15:31 - 2018-05-27 15:31 - 038191600 _____ (Panda Security ) C:\Users\ACER\Desktop\PandaCloudCleaner.exe
2018-05-27 12:49 - 2018-05-27 12:49 - 000000000 ____D C:\Users\ACER\AppData\Local\D3DSCache
2018-05-26 21:53 - 2018-05-26 21:53 - 000000000 ____D C:\ProgramData\ATI
2018-05-26 21:52 - 2018-05-26 21:52 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-26 21:48 - 2018-05-26 21:48 - 000000020 ___SH C:\Users\ACER\ntuser.ini
2018-05-26 21:46 - 2018-06-08 16:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-26 21:46 - 2018-06-03 09:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-26 21:46 - 2018-05-26 21:47 - 000003494 _____ C:\WINDOWS\System32\Tasks\EPSON XP-442 445 Series Update {3168F8E1-8176-40DB-AC77-178326BE3693}
2018-05-26 21:46 - 2018-05-26 21:46 - 000003456 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-26 21:46 - 2018-05-26 21:46 - 000003232 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-26 21:46 - 2018-05-26 21:46 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-292349617-3537619796-2692666305-1000
2018-05-26 21:46 - 2018-05-26 21:46 - 000002376 _____ C:\WINDOWS\System32\Tasks\{EE108CB9-0FD9-4617-8077-7A8F56237C89}
2018-05-26 21:46 - 2018-05-26 21:46 - 000002376 _____ C:\WINDOWS\System32\Tasks\{8D4E865F-5544-4FC5-84EF-C86B973AFFAA}
2018-05-26 21:46 - 2018-05-26 21:46 - 000002376 _____ C:\WINDOWS\System32\Tasks\{30D0762C-F47A-4744-AE86-A3EED836FD98}
2018-05-26 21:46 - 2018-05-26 21:46 - 000002348 _____ C:\WINDOWS\System32\Tasks\{4E279C54-51E4-407D-870A-E88055190A3D}
2018-05-26 21:46 - 2018-05-26 21:46 - 000002310 _____ C:\WINDOWS\System32\Tasks\{AD23E3EE-73DF-4C99-8C05-16F846F276D4}
2018-05-26 21:46 - 2018-05-26 21:46 - 000002280 _____ C:\WINDOWS\System32\Tasks\{14C11354-BA2B-4E67-A7CC-8A7CE3228917}
2018-05-26 21:46 - 2018-05-26 21:46 - 000002180 _____ C:\WINDOWS\System32\Tasks\{07AAB489-4446-428F-B7C4-1DA658579B63}
2018-05-26 21:46 - 2018-05-26 21:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2018-05-26 21:46 - 2018-05-26 21:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2018-05-26 21:46 - 2018-05-26 21:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2018-05-26 21:44 - 2018-05-26 21:46 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2018-05-26 21:44 - 2018-05-26 21:46 - 000011433 _____ C:\WINDOWS\diagerr.xml
2018-05-26 21:29 - 2018-05-26 21:29 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-26 21:25 - 2018-06-01 22:08 - 000000000 ____D C:\Users\DefaultAppPool
2018-05-26 21:25 - 2018-05-30 22:24 - 000000000 ____D C:\Users\ACER
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\DefaultAppPool\Os Meus Documentos
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\DefaultAppPool\Modelos
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\DefaultAppPool\Menu Iniciar
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Os Meus Vídeos
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\As Minhas Imagens
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\A Minha Música
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\DefaultAppPool\Definições Locais
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Histórico
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\ACER\Os Meus Documentos
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\ACER\Modelos
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\ACER\Menu Iniciar
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\ACER\Documents\Os Meus Vídeos
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\ACER\Documents\As Minhas Imagens
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\ACER\Documents\A Minha Música
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\ACER\Definições Locais
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-05-26 21:25 - 2018-05-26 21:25 - 000000000 _SHDL C:\Users\ACER\AppData\Local\Histórico
2018-05-26 21:25 - 2018-05-24 22:08 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\ATI
2018-05-26 21:25 - 2018-05-24 22:08 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Local\ATI
2018-05-26 21:25 - 2018-05-24 22:08 - 000000000 ____D C:\Users\ACER\AppData\Roaming\ATI
2018-05-26 21:25 - 2018-05-24 22:08 - 000000000 ____D C:\Users\ACER\AppData\Local\ATI
2018-05-26 21:25 - 2018-04-12 00:34 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-26 21:25 - 2018-04-12 00:34 - 000001105 _____ C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-26 21:25 - 2016-09-30 16:37 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2018-05-26 21:25 - 2016-09-30 16:37 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2018-05-26 21:25 - 2016-09-30 16:37 - 000000000 ____D C:\Users\ACER\AppData\Roaming\Media Center Programs
2018-05-26 21:25 - 2016-09-30 16:37 - 000000000 ____D C:\Users\ACER\AppData\Roaming\Macromedia
2018-05-26 21:21 - 2018-05-28 07:00 - 002028066 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-26 21:21 - 2018-05-26 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2018-05-26 21:21 - 2018-05-26 21:21 - 000000000 ____D C:\Program Files\ATI Technologies
2018-05-26 21:20 - 2018-05-26 21:20 - 000000000 ____D C:\ProgramData\USOShared
2018-05-26 21:19 - 2018-04-12 00:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-26 21:16 - 2018-06-08 16:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-26 21:16 - 2018-06-03 11:08 - 000352840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-26 20:45 - 2018-06-06 14:26 - 001112256 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2018-05-26 20:45 - 2018-06-06 14:26 - 000220360 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2018-05-26 20:45 - 2018-04-27 19:52 - 000085704 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2018-05-26 20:45 - 2018-02-24 05:17 - 000203968 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kneps.sys
2018-05-26 20:45 - 2018-02-17 02:50 - 000176328 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2018-05-26 20:45 - 2018-02-17 02:50 - 000100552 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwfp.sys
2018-05-26 20:45 - 2018-02-02 03:45 - 000122560 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupflt.sys
2018-05-26 20:45 - 2018-01-15 05:13 - 000058048 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2018-05-26 20:45 - 2017-12-11 11:49 - 000083496 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klmouflt.sys
2018-05-26 20:45 - 2017-11-29 07:03 - 000045784 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpnpflt.sys
2018-05-26 20:45 - 2017-05-30 18:51 - 000050648 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2018-05-26 20:44 - 2018-05-26 20:44 - 000000000 ___DL C:\Users\Public\Recorded TV (2)
2018-05-26 20:43 - 2018-05-26 22:14 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-26 20:43 - 2018-05-26 20:43 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2018-05-26 20:39 - 2018-05-26 20:43 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-26 20:29 - 2018-05-26 20:29 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-05-26 20:29 - 2018-05-26 20:29 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2018-05-26 20:29 - 2018-05-26 20:29 - 000000000 ____D C:\WINDOWS\system32\msmq
2018-05-26 20:29 - 2018-05-26 20:29 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-05-26 20:29 - 2018-05-26 20:29 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-26 20:29 - 2018-05-26 20:29 - 000000000 ____D C:\Program Files\MSBuild
2018-05-26 20:29 - 2018-05-26 20:29 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-26 20:29 - 2018-05-26 20:29 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-26 20:29 - 2018-05-26 20:29 - 000000000 ____D C:\inetpub
2018-05-26 20:26 - 2018-03-05 16:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-26 20:26 - 2018-03-05 16:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-26 20:26 - 2018-03-05 16:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-26 20:25 - 2018-02-14 16:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-26 20:25 - 2018-02-14 16:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-26 20:25 - 2018-02-14 16:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-26 20:11 - 2018-05-26 20:11 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-26 19:44 - 2018-06-08 18:48 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-26 17:43 - 2018-05-27 13:40 - 000000000 ____D C:\Users\ACER\AppData\Local\PlaceholderTileLogoFolder
2018-05-25 19:36 - 2018-05-27 13:32 - 000000032 _____ C:\WINDOWS\SysWOW64\Eu(12-20170911).OD
2018-05-25 19:36 - 2018-05-25 19:36 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-05-25 19:36 - 2018-01-03 19:39 - 000075328 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eubakup.sys
2018-05-25 19:36 - 2018-01-03 18:35 - 000206912 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EuFdDisk.sys
2018-05-25 19:36 - 2018-01-03 18:35 - 000032832 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eudskacs.sys
2018-05-25 19:36 - 2018-01-03 18:34 - 000062528 _____ C:\WINDOWS\system32\Drivers\EUBKMON.sys
2018-05-25 19:34 - 2018-05-27 13:36 - 000000000 ____D C:\Program Files (x86)\EaseUS
2018-05-25 18:48 - 2018-06-04 09:48 - 000000000 ____D C:\EEK
2018-05-25 18:40 - 2018-05-25 18:40 - 000000000 ____D C:\Users\ACER\AppData\Local\NPE
2018-05-25 18:25 - 2018-05-25 18:25 - 000000000 ____D C:\Users\ACER\AppData\Local\DBG
2018-05-25 18:22 - 2018-06-01 08:50 - 001125142 _____ C:\WINDOWS\ntbtlog.txt
2018-05-25 17:46 - 2018-05-25 17:46 - 000000000 ____D C:\Users\ACER\AppData\Local\Innovative Solutions
2018-05-25 13:58 - 2018-05-25 14:17 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-05-25 09:31 - 2018-05-25 09:31 - 000000000 ____D C:\Users\ACER\AppData\Local\Microsoft_Corporation
2018-05-25 08:58 - 2018-05-25 09:00 - 000004581 _____ C:\NetworkSettings.txt
2018-05-24 22:51 - 2018-05-24 22:51 - 000000000 ___DL C:\Users\Public\Recorded TV (1)
2018-05-24 22:44 - 2018-05-24 22:44 - 000000000 ___HD C:\Users\ACER\MicrosoftEdgeBackups
2018-05-24 22:40 - 2018-06-03 11:10 - 000000000 ___RD C:\Users\ACER\3D Objects
2018-05-24 22:15 - 2018-05-30 17:00 - 000000000 ____D C:\Users\ACER\AppData\Local\Packages
2018-05-24 22:08 - 2018-05-24 22:08 - 000000000 ____D C:\Users\Default\AppData\Roaming\ATI
2018-05-24 22:08 - 2018-05-24 22:08 - 000000000 ____D C:\Users\Default\AppData\Local\ATI
2018-05-24 22:08 - 2018-05-24 22:08 - 000000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2018-05-24 22:08 - 2018-05-24 22:08 - 000000000 ____D C:\Users\Default User\AppData\Local\ATI
2018-05-24 19:35 - 2018-05-24 19:35 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-05-24 18:57 - 2018-01-09 16:44 - 000108584 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-05-24 09:15 - 2018-05-24 09:54 - 000000000 ____D C:\Users\ACER\AppData\Roaming\Panda Security
2018-05-24 09:12 - 2018-05-24 09:55 - 000000000 ____D C:\ProgramData\Panda Security
2018-05-23 10:55 - 2018-06-01 10:55 - 000000000 ____D C:\Users\ACER\Documents\Trabalho etc
2018-05-23 08:46 - 2018-05-23 08:46 - 000000831 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2018-05-22 19:24 - 2018-05-22 20:41 - 000000000 ____D C:\KVRT_Data
2018-05-22 17:10 - 2018-05-30 11:15 - 000000000 ____D C:\ProgramData\SecTaskMan
2018-05-22 17:10 - 2018-05-23 18:07 - 000000000 ____D C:\ProgramData\HitmanPro

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-08 19:16 - 2017-01-20 11:31 - 000000000 ____D C:\Users\ACER\AppData\LocalLow\Mozilla
2018-06-08 19:13 - 2017-06-13 08:43 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-06-08 19:06 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-08 19:04 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-08 16:29 - 2018-04-11 22:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-06-08 12:37 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-08 11:24 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-06-08 11:22 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-06-08 11:14 - 2017-01-27 13:45 - 000000000 ____D C:\Users\ACER\AppData\Local\ElevatedDiagnostics
2018-06-08 11:07 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-06-07 18:50 - 2015-11-27 08:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-07 11:53 - 2018-03-01 19:44 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-07 11:53 - 2018-03-01 19:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-06 18:33 - 2016-06-15 16:46 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-06 14:38 - 2017-06-13 08:44 - 000000000 ____D C:\Program Files\Common Files\AV
2018-06-06 14:36 - 2018-03-23 10:57 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-06-06 14:29 - 2018-03-23 11:04 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-06-06 14:27 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-06 10:21 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-06 00:29 - 2018-04-12 00:41 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-06 00:29 - 2018-04-12 00:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-05 07:59 - 2011-06-06 09:11 - 000000000 ____D C:\Users\ACER\Documents\ANA
2018-06-04 20:36 - 2017-03-07 15:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-06-04 08:44 - 2011-04-30 22:36 - 000000000 ____D C:\Users\ACER\AppData\Roaming\SoftGrid Client
2018-06-03 11:10 - 2016-04-27 07:08 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-06-03 11:05 - 2018-04-12 17:43 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-06-03 11:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-03 11:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-03 11:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-06-03 11:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-06-03 11:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-03 11:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-03 11:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-03 11:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-06-03 11:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-06-03 11:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-03 11:05 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-03 11:05 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-03 10:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-03 09:14 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-06-01 18:52 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-01 08:45 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-01 08:45 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-05-31 21:49 - 2014-11-18 15:41 - 000000000 ____D C:\Users\ACER\AppData\Local\File Viewer
2018-05-30 16:56 - 2010-08-30 10:25 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-05-30 16:54 - 2011-04-30 22:52 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-05-30 16:46 - 2010-08-30 10:12 - 000000000 ____D C:\Program Files (x86)\Acer GameZone
2018-05-30 16:45 - 2011-12-04 14:56 - 000000000 ____D C:\ProgramData\CyberLink
2018-05-30 16:45 - 2010-08-30 10:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2018-05-30 16:45 - 2010-08-30 10:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-30 10:58 - 2014-12-25 16:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-28 13:41 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-28 07:00 - 2018-04-12 17:41 - 000867674 _____ C:\WINDOWS\system32\prfh0816.dat
2018-05-28 07:00 - 2018-04-12 17:41 - 000190008 _____ C:\WINDOWS\system32\prfc0816.dat
2018-05-27 19:50 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-27 11:14 - 2016-09-30 17:03 - 000000000 ____D C:\Users\ACER\AppData\Local\ConnectedDevicesPlatform
2018-05-27 07:53 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-26 22:15 - 2018-04-12 00:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-26 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-05-26 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-05-26 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-26 22:15 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-26 22:14 - 2018-05-08 09:00 - 000000000 ____D C:\WINDOWS\SysWOW64\%Data%
2018-05-26 22:14 - 2018-04-12 00:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-26 22:14 - 2018-04-12 00:38 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-05-26 22:14 - 2018-04-12 00:38 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-05-26 22:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-26 22:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\IME
2018-05-26 22:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\schemas
2018-05-26 22:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Resources
2018-05-26 22:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-05-26 22:14 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-26 22:14 - 2018-03-31 12:03 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.5
2018-05-26 22:14 - 2018-03-23 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-05-26 22:14 - 2018-01-12 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2018-05-26 22:14 - 2018-01-07 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Pro
2018-05-26 22:14 - 2017-12-02 14:49 - 000000000 ____D C:\Program Files\UNP
2018-05-26 22:14 - 2014-11-18 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Viewer Lite
2018-05-26 22:14 - 2014-06-20 19:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-26 22:14 - 2014-06-18 18:01 - 000000000 ____D C:\WINDOWS\SysWOW64\%Report%
2018-05-26 22:14 - 2012-05-12 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-05-26 22:14 - 2012-05-12 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2018-05-26 22:14 - 2012-01-09 11:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2018-05-26 22:14 - 2011-06-24 07:26 - 000000000 ____D C:\WINDOWS\system32\SPReview
2018-05-26 22:14 - 2011-06-24 07:24 - 000000000 ____D C:\WINDOWS\system32\EventProviders
2018-05-26 22:14 - 2011-05-04 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Português)
2018-05-26 22:14 - 2010-10-20 07:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9
2018-05-26 22:14 - 2010-10-20 07:02 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2018-05-26 22:14 - 2010-08-30 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager
2018-05-26 22:14 - 2010-08-30 10:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2018-05-26 22:14 - 2010-08-30 10:21 - 000000000 ____D C:\WINDOWS\oem
2018-05-26 22:14 - 2010-08-30 10:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-05-26 22:14 - 2010-08-30 10:10 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSobi v2
2018-05-26 22:14 - 2010-08-30 10:04 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-05-26 22:14 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-05-26 22:14 - 2009-07-14 04:20 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-05-26 21:48 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-26 21:48 - 2016-06-16 13:07 - 000000000 ____D C:\Windows10Upgrade
2018-05-26 21:47 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\windows nt
2018-05-26 21:47 - 2016-06-16 13:07 - 000000000 ___HD C:\$GetCurrent
2018-05-26 21:39 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-26 21:38 - 2018-04-12 00:38 - 000000000 __RSD C:\WINDOWS\media
2018-05-26 21:38 - 2016-06-16 22:25 - 000023220 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-26 21:21 - 2016-09-30 16:25 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2018-05-26 21:20 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-26 21:20 - 2016-09-30 16:27 - 001941280 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-05-26 21:20 - 2016-06-16 22:45 - 000000000 ____D C:\AMD
2018-05-26 21:19 - 2016-09-30 16:23 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-05-26 20:53 - 2018-04-12 00:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-26 20:44 - 2018-04-12 17:42 - 000000000 ____D C:\WINDOWS\OCR
2018-05-26 20:44 - 2018-01-12 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2018-05-26 20:44 - 2015-04-12 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Declarações Electrónicas
2018-05-26 20:43 - 2016-09-30 16:24 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-05-26 20:43 - 2016-09-30 16:24 - 000000000 ____D C:\Program Files\AMD
2018-05-26 20:43 - 2016-09-30 16:23 - 000000000 ____D C:\Program Files\Synaptics
2018-05-26 20:43 - 2016-09-30 16:23 - 000000000 ____D C:\Program Files\Realtek
2018-05-26 20:43 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files\Microsoft Games
2018-05-26 20:29 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-05-26 20:29 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-05-26 20:29 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-05-26 20:29 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-05-26 20:28 - 2018-04-12 00:35 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2018-05-26 20:28 - 2018-04-12 00:35 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2018-05-26 20:28 - 2018-04-12 00:35 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2018-05-26 20:28 - 2018-04-12 00:35 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2018-05-26 20:28 - 2018-04-12 00:35 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2018-05-26 20:28 - 2018-04-12 00:35 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2018-05-26 20:28 - 2018-04-12 00:35 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2018-05-26 20:28 - 2018-04-12 00:35 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2018-05-26 20:28 - 2018-04-12 00:35 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2018-05-26 20:28 - 2018-04-12 00:35 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2018-05-26 20:28 - 2018-04-12 00:35 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2018-05-26 20:28 - 2018-04-12 00:35 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2018-05-26 20:28 - 2018-04-12 00:35 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2018-05-26 20:28 - 2018-04-12 00:35 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2018-05-26 20:28 - 2018-04-12 00:35 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2018-05-26 20:28 - 2018-04-12 00:35 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2018-05-26 20:28 - 2018-04-12 00:35 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2018-05-26 20:28 - 2018-04-12 00:35 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2018-05-26 20:28 - 2018-04-12 00:35 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2018-05-26 20:28 - 2018-04-12 00:33 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2018-05-26 20:28 - 2018-04-12 00:33 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-05-26 20:28 - 2018-04-12 00:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2018-05-26 20:28 - 2018-04-12 00:33 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2018-05-26 20:28 - 2018-04-12 00:33 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2018-05-26 20:27 - 2018-04-12 00:35 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2018-05-26 20:27 - 2018-04-12 00:35 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2018-05-26 20:27 - 2018-04-12 00:35 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2018-05-26 20:27 - 2018-04-12 00:35 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2018-05-26 20:27 - 2018-04-12 00:35 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2018-05-26 20:27 - 2018-04-12 00:33 - 001409536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2018-05-26 20:27 - 2018-04-12 00:33 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2018-05-26 20:27 - 2018-04-12 00:33 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2018-05-26 20:27 - 2018-04-12 00:33 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2018-05-26 20:27 - 2018-04-12 00:33 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2018-05-26 20:27 - 2018-04-12 00:33 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2018-05-26 20:27 - 2018-04-12 00:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2018-05-26 20:27 - 2018-04-12 00:33 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2018-05-26 20:27 - 2018-04-12 00:33 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2018-05-26 20:27 - 2018-04-12 00:33 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2018-05-26 20:27 - 2018-04-12 00:33 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2018-05-26 19:26 - 2016-06-16 14:28 - 000000066 _____ C:\WINDOWS\progress.ini
2018-05-26 18:00 - 2016-06-16 13:07 - 000000723 _____ C:\Users\ACER\Desktop\Assistente de Atualização do Windows 10.lnk
2018-05-26 17:56 - 2016-06-16 13:07 - 000000735 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistente de Atualização do Windows 10.lnk
2018-05-26 09:36 - 2018-05-02 17:56 - 000000000 ____D C:\found.002
2018-05-25 22:44 - 2017-12-02 20:43 - 000000000 ____D C:\Users\ACER\Documents\contas ban
2018-05-25 18:40 - 2012-03-23 15:49 - 000000000 ____D C:\ProgramData\Norton
2018-05-25 09:27 - 2016-06-16 22:43 - 000000000 ___RD C:\Users\ACER\OneDrive
2018-05-24 23:00 - 2011-06-04 22:43 - 000000000 ____D C:\Program Files\Windows Live
2018-05-24 23:00 - 2010-10-20 07:02 - 000000000 ____D C:\Program Files (x86)\Windows Live
2018-05-24 22:41 - 2016-06-16 22:35 - 000000000 ____D C:\Users\ACER\AppData\Local\TileDataLayer
2018-05-24 19:35 - 2017-12-03 11:03 - 000000000 ____D C:\Program Files\rempl
2018-05-24 19:35 - 2017-07-02 17:39 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2018-05-24 11:58 - 2017-12-03 10:04 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-24 11:57 - 2011-06-04 22:37 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-22 17:09 - 2013-06-23 08:06 - 000000000 ____D C:\Program Files (x86)\Java
2018-05-17 22:52 - 2011-06-15 22:19 - 000002921 _____ C:\WINDOWS\wininit.ini

==================== Files in the root of some directories =======

2018-06-01 10:58 - 2018-06-01 10:58 - 000003584 _____ () C:\Users\ACER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-13 11:35 - 2012-04-28 10:00 - 000017408 _____ () C:\Users\ACER\AppData\Local\WebpageIcons.db
2016-06-13 11:35 - 2014-11-10 09:13 - 000000000 _____ () C:\Users\ACER\AppData\Local\{35606BAC-89AC-40FE-8F0F-EAD6D0104D73}
2016-06-13 11:35 - 2015-01-11 08:57 - 000000000 _____ () C:\Users\ACER\AppData\Local\{B2C4ECFA-4248-4E24-925F-61B9B8D51142}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-26 21:16

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by ACER (08-06-2018 19:19:06)
Running from C:\Users\ACER\Desktop
Windows 10 Home Version 1803 17134.48 (X64) (2018-05-26 20:48:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ACER (S-1-5-21-292349617-3537619796-2692666305-1000 - Administrator - Enabled) => C:\Users\ACER
Administrador (S-1-5-21-292349617-3537619796-2692666305-500 - Administrator - Disabled)
Convidado (S-1-5-21-292349617-3537619796-2692666305-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-292349617-3537619796-2692666305-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-292349617-3537619796-2692666305-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-292349617-3537619796-2692666305-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Internet Security (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.2.202 - Adobe Systems, Inc.)
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Assistente de Atualização do Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
ATI Catalyst Install Manager (HKLM\...\{BAF4695F-7867-D8B2-528A-A1EF2EE0A9EF}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Backup Manager Basic (HKLM-x32\...\{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
ccc-core-static (HKLM-x32\...\{28849F27-E11E-F067-C4B5-7F4CDB75D473}) (Version: 2010.0825.2205.37769 - Nome de sua empresa:) Hidden
Complemento Messenger (HKLM-x32\...\{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Creative Mass Storage Drivers (HKLM-x32\...\Creative Mass Storage Drivers) (Version:  - )
Creative Mass Storage Drivers (HKLM-x32\...\MuVo Driver) (Version:  - )
Creative System Information (HKLM-x32\...\SysInfo) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Duplicate Cleaner Pro 4.1.0 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 4.1.0 - DigitalVolcano Software Ltd)
Easy Photo Scan (HKLM-x32\...\{BB6241FF-8B76-45A5-95B9-888EDE8E47DC}) (Version: 1.00.0010 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{F05A434E-D3CF-4B44-9D3E-779D42090781}) (Version: 2.8.0.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON XP-442 445 Series Printer Uninstall (HKLM\...\EPSON XP-442 445 Series) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
eSobi v2 (HKLM-x32\...\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
File Identifier (HKLM-x32\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.6 - Sharpened Productions)
File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.2 - Sharpened Productions)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.62 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
IRS - Modelo 3 2015.0.21.0018 (HKLM-x32\...\4041-6604-5356-9627) (Version: 2015.0.21.0018 - AT)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Manuais EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.54.0.0 - Seiko Epson Corporation)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Clique-e-Use 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1006 - Microsoft Corporation)
Microsoft Office Starter 2010 - Português (HKLM-x32\...\{90140011-0066-0816-0000-0000000FF1CE}) (Version: 14.0.4763.1006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-292349617-3537619796-2692666305-1000\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
NTI Media Maker 9 (HKLM-x32\...\{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
PX Profile Update (HKLM-x32\...\{98A26988-E99C-2EA6-684A-3FFE6F3A90F9}) (Version: 1.00.1. - AMD) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)
TuneUp Utilities Language Pack (de-DE) (HKLM-x32\...\{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}) (Version: 12.0.3500.13 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-292349617-3537619796-2692666305-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DA171DF3-18B3-446E-BCA6-C08069850FD2}) (Version: 2.36.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
Visualizador do Microsoft PowerPoint (HKLM-x32\...\{95140000-00AF-0816-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{587139F5-9B76-4D5A-94C6-76E6B219BF7F}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-292349617-3537619796-2692666305-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} =>  -> No File
ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} =>  -> No File
ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} =>  -> No File
ContextMenuHandlers1: [CopyPathExt] -> {7E41911F-13AA-11D3-A831-00104B9E30B5} =>  -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-06-06] (AO Kaspersky Lab)
ContextMenuHandlers2: [CopyPathExt] -> {7E41911F-13AA-11D3-A831-00104B9E30B5} =>  -> No File
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-06-06] (AO Kaspersky Lab)
ContextMenuHandlers4: [CopyPathExt] -> {7E41911F-13AA-11D3-A831-00104B9E30B5} =>  -> No File
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-06-06] (AO Kaspersky Lab)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll [2018-06-06] (AO Kaspersky Lab)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B3D94A9-1C4F-4331-B0A1-65C3E29FD758} - System32\Tasks\{4E279C54-51E4-407D-870A-E88055190A3D} => C:\Windows\system32\pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Creative\Support\System Information\CTSI.exe"
Task: {1328B193-7830-455A-BF1C-C1D49756CCF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-03] (Microsoft Corporation)
Task: {16910690-5FE7-4BD1-8F28-C15AA8EFF2D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-03] (Microsoft Corporation)
Task: {36C036CB-EEBF-4D1D-8CE2-11EE8F921333} - System32\Tasks\{EE108CB9-0FD9-4617-8077-7A8F56237C89} => C:\Windows\system32\pcalua.exe -a C:\Users\ACER\AppData\Local\Temp\jre-8u66-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {97321992-C161-4735-869A-F4CA1C3598D0} - System32\Tasks\{8D4E865F-5544-4FC5-84EF-C86B973AFFAA} => C:\Windows\system32\pcalua.exe -a C:\Users\ACER\AppData\Local\Temp\jre-8u71-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {9862F9F8-432E-4928-ACD9-DD76084C9667} - System32\Tasks\{AD23E3EE-73DF-4C99-8C05-16F846F276D4} => C:\Windows\system32\pcalua.exe -a C:\Users\ACER\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe -c /UNINSTALL PARTNER=11147
Task: {A17AC0F7-77B0-4730-8E94-E293354B0503} - System32\Tasks\{30D0762C-F47A-4744-AE86-A3EED836FD98} => C:\Windows\system32\pcalua.exe -a C:\Users\ACER\AppData\Local\Temp\jre-8u73-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {A9E41B88-EBEF-47B1-84F2-78D197736BEA} - System32\Tasks\{14C11354-BA2B-4E67-A7CC-8A7CE3228917} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\ACER\Searches\setup_basic_2436.exe -d C:\Users\ACER\Searches
Task: {B139E471-282A-4649-8462-959257D086E2} - System32\Tasks\{07AAB489-4446-428F-B7C4-1DA658579B63} => C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {B50623BD-B489-4071-862C-03D4C8E5E4A4} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {C09E8E74-8F7E-4CCC-BE1D-DC5589CB934D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-03] (Microsoft Corporation)
Task: {C117BAEE-FABA-4E6D-BC8F-F11559FD65F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-15] (Google Inc.)
Task: {C9D7C0DA-5849-4F43-9578-BC38AFD143E6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-03] (Microsoft Corporation)
Task: {CF01B094-0975-458C-AE7B-564165962AA2} - System32\Tasks\EPSON XP-442 445 Series Update {3168F8E1-8176-40DB-AC77-178326BE3693} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRDE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {D4951A5F-86A1-4762-B6AC-26AB0AA61A69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-15] (Google Inc.)
Task: {E59D220E-E17F-4452-A8C4-B339F23CA7DE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {EC8DB41E-4CD8-41AF-B775-0001236A1883} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON XP-442 445 Series Update {3168F8E1-8176-40DB-AC77-178326BE3693}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRDE.EXE:/EXE:{3168F8E1-8176-40DB-AC77-178326BE3693} /F:UpdateWORKGROUP\ACER-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 00:35 - 2018-04-12 17:43 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 000465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 001081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 [121]
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 [134]
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 [146]
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F [144]
AlternateDataStreams: C:\ProgramData\Temp:798A3728 [118]
AlternateDataStreams: C:\ProgramData\Temp:93EB7685 [143]
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE [149]
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D [129]
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [272]
AlternateDataStreams: C:\ProgramData\Temp:E3C56885 [119]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-292349617-3537619796-2692666305-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ACER\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Amazing-Lighthouse-Wallpaper-05-2560x1600.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
HKLM\...\StartupApproved\Run: => "PLFSetI"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LManager"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKU\S-1-5-21-292349617-3537619796-2692666305-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

03-06-2018 15:12:14 Cópia de Segurança do Windows
03-06-2018 19:00:05 Cópia de Segurança do Windows
08-06-2018 11:15:57 Microsoft Software Repair Tool

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2018 05:24:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: MicrosoftEdgeCP.exe, versão: 11.0.17134.48, carimbo de data/hora: 0x5ae3f17b
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000409
Desvio de falha: 0x000000000000008c
ID do processo com falha: 0x110c
Hora de início da aplicação com falha: 0x01d3ff451dbcb8ce
Caminho da aplicação com falha: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Caminho do módulo com falha: unknown
ID do Relatório: 5b5d8a86-8480-48c7-9ebc-748b79b16a77
Nome completo do pacote com falha: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
ID da aplicação relativa ao pacote com falha: ContentProcess

Error: (06/08/2018 11:40:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: MicrosoftEdgeCP.exe, versão: 11.0.17134.48, carimbo de data/hora: 0x5ae3f17b
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000409
Desvio de falha: 0x000000000000008c
ID do processo com falha: 0x217c
Hora de início da aplicação com falha: 0x01d3ff151e06f1ab
Caminho da aplicação com falha: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Caminho do módulo com falha: unknown
ID do Relatório: e1b3278f-0f20-4d4e-b468-7ee5e6747be3
Nome completo do pacote com falha: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
ID da aplicação relativa ao pacote com falha: ContentProcess

Error: (06/08/2018 10:52:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa explorer.exe versão 10.0.17134.1 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo de Segurança e Manutenção.

ID do Processo: 1838

Hora de Início: 01d3ff0dc1802159

Hora de Cessação: 56842

Caminho da Aplicação: C:\Windows\explorer.exe

ID do Relatório: 97c26bda-6904-468f-aa71-920c2be4a858

Nome completo do pacote com falha:

ID da aplicação relativa ao pacote com falha:

Error: (06/06/2018 02:58:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: MicrosoftEdgeCP.exe, versão: 11.0.17134.48, carimbo de data/hora: 0x5ae3f17b
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000409
Desvio de falha: 0x000000000000008c
ID do processo com falha: 0x76c
Hora de início da aplicação com falha: 0x01d3fd9e70560c15
Caminho da aplicação com falha: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Caminho do módulo com falha: unknown
ID do Relatório: 269e5a7e-a182-430b-a348-5bac3910de90
Nome completo do pacote com falha: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
ID da aplicação relativa ao pacote com falha: ContentProcess

Error: (06/05/2018 07:51:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: MicrosoftEdgeCP.exe, versão: 11.0.17134.48, carimbo de data/hora: 0x5ae3f17b
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000409
Desvio de falha: 0x000000000000008c
ID do processo com falha: 0x178c
Hora de início da aplicação com falha: 0x01d3fc999c83662d
Caminho da aplicação com falha: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Caminho do módulo com falha: unknown
ID do Relatório: 25949d57-ec78-44f4-8c66-635f711b0975
Nome completo do pacote com falha: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
ID da aplicação relativa ao pacote com falha: ContentProcess

Error: (06/04/2018 02:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: MicrosoftEdgeCP.exe, versão: 11.0.17134.48, carimbo de data/hora: 0x5ae3f17b
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000409
Desvio de falha: 0x000000000000008c
ID do processo com falha: 0x147c
Hora de início da aplicação com falha: 0x01d3fc0c3cf2119c
Caminho da aplicação com falha: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Caminho do módulo com falha: unknown
ID do Relatório: a0fd91fd-f052-49f9-a744-19d1b1130e15
Nome completo do pacote com falha: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
ID da aplicação relativa ao pacote com falha: ContentProcess

Error: (06/04/2018 08:56:11 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Apenas informações.
(Patch task for {90140011-0066-0816-0000-0000000FF1CE}): DownloadLatest Failed: Não existem ligações de rede ativas presentemente. O 'Serviço de transferência inteligente em segundo plano' (BITS) tentará novamente quando estiver ligado um adaptador.

Error: (06/04/2018 07:18:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: MicrosoftEdgeCP.exe, versão: 11.0.17134.48, carimbo de data/hora: 0x5ae3f17b
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000409
Desvio de falha: 0x000000000000008c
ID do processo com falha: 0x6ac
Hora de início da aplicação com falha: 0x01d3fbcbe0546559
Caminho da aplicação com falha: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Caminho do módulo com falha: unknown
ID do Relatório: 4dd67bc7-47c2-44c8-9112-75f0ae9f1658
Nome completo do pacote com falha: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
ID da aplicação relativa ao pacote com falha: ContentProcess


System errors:
=============
Error: (06/08/2018 04:53:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Iniciação para a aplicação de Servidor COM com CLSID
Windows.SecurityCenter.WscBrokerManager
 e APPID
Indisponível
 ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (06/08/2018 04:53:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Iniciação para a aplicação de Servidor COM com CLSID
Windows.SecurityCenter.WscBrokerManager
 e APPID
Indisponível
 ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (06/08/2018 04:53:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Iniciação para a aplicação de Servidor COM com CLSID
Windows.SecurityCenter.WscBrokerManager
 e APPID
Indisponível
 ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (06/08/2018 04:50:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Iniciação para a aplicação de Servidor COM com CLSID
Windows.SecurityCenter.WscDataProtection
 e APPID
Indisponível
 ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (06/08/2018 04:26:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Iniciação para a aplicação de Servidor COM com CLSID
Windows.SecurityCenter.WscDataProtection
 e APPID
Indisponível
 ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (06/08/2018 02:25:51 PM) (Source: DCOM) (EventID: 10016) (User: ACER-PC)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao SID (S-1-5-21-292349617-3537619796-2692666305-1000) de utilizador ACER-PC\ACER a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (06/08/2018 02:21:52 PM) (Source: DCOM) (EventID: 10016) (User: ACER-PC)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao SID (S-1-5-21-292349617-3537619796-2692666305-1000) de utilizador ACER-PC\ACER a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (06/08/2018 02:20:46 PM) (Source: DCOM) (EventID: 10016) (User: ACER-PC)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao SID (S-1-5-21-292349617-3537619796-2692666305-1000) de utilizador ACER-PC\ACER a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.


Windows Defender:
===================================
Date: 2018-06-08 16:06:07.843
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {A09C3E2C-AFEF-4050-ACF1-9B4C6CB05BBA}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2018-06-08 14:16:40.542
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {053672F0-0C4D-4828-A4A3-B76E1C55DB70}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2018-06-08 10:20:40.847
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {A8333381-C3D4-48D9-A834-BBFE0205D09E}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2018-06-08 10:13:44.587
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {8AD9CE7C-A944-4D48-8B29-2FEA17304BC3}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2018-06-06 15:43:31.110
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {8AF15F7B-065D-40A6-AB15-314E79DCD36D}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2018-06-05 10:44:22.003
Description:
Antivírus do Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura:
Versão de Assinatura Anterior: 1.269.518.0
Origem de Atualização: Centro Microsoft de Proteção Contra Software Maligno
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\Serviço de rede
Versão de Motor Atual:
Versão de Motor Anterior: 1.1.14901.4
Código de Erro: 0x80072ee7
Descrição do Erro: Não foi possível processar o nome ou o endereço do servidor

Date: 2018-06-05 10:44:22.002
Description:
Antivírus do Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura:
Versão de Assinatura Anterior: 1.269.518.0
Origem de Atualização: Centro Microsoft de Proteção Contra Software Maligno
Tipo de Assinatura: AntiSpyware
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\Serviço de rede
Versão de Motor Atual:
Versão de Motor Anterior: 1.1.14901.4
Código de Erro: 0x80072ee7
Descrição do Erro: Não foi possível processar o nome ou o endereço do servidor

Date: 2018-06-05 10:44:22.001
Description:
Antivírus do Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura:
Versão de Assinatura Anterior: 1.269.518.0
Origem de Atualização: Centro Microsoft de Proteção Contra Software Maligno
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\Serviço de rede
Versão de Motor Atual:
Versão de Motor Anterior: 1.1.14901.4
Código de Erro: 0x80072ee7
Descrição do Erro: Não foi possível processar o nome ou o endereço do servidor

Date: 2018-06-05 10:44:21.977
Description:
Antivírus do Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura:
Versão de Assinatura Anterior: 1.269.518.0
Origem de Atualização: Centro Microsoft de Proteção Contra Software Maligno
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\Serviço de rede
Versão de Motor Atual:
Versão de Motor Anterior: 1.1.14901.4
Código de Erro: 0x80072ee7
Descrição do Erro: Não foi possível processar o nome ou o endereço do servidor

Date: 2018-06-05 10:44:21.976
Description:
Antivírus do Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura:
Versão de Assinatura Anterior: 1.269.518.0
Origem de Atualização: Centro Microsoft de Proteção Contra Software Maligno
Tipo de Assinatura: AntiSpyware
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\Serviço de rede
Versão de Motor Atual:
Versão de Motor Anterior: 1.1.14901.4
Código de Erro: 0x80072ee7
Descrição do Erro: Não foi possível processar o nome ou o endereço do servidor

CodeIntegrity:
===================================

Date: 2018-06-01 17:51:26.322
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$Recycle.Bin\S-1-5-21-292349617-3537619796-2692666305-1000\$RZ0XOOI.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-01 17:51:26.282
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$Recycle.Bin\S-1-5-21-292349617-3537619796-2692666305-1000\$RZ0XOOI.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-01 17:51:26.252
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$Recycle.Bin\S-1-5-21-292349617-3537619796-2692666305-1000\$RZ0XOOI.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-01 17:51:26.230
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\$Recycle.Bin\S-1-5-21-292349617-3537619796-2692666305-1000\$RZ0XOOI.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-01 17:51:20.151
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ACER\Pictures\Saved Pictures\Windows.old\WINDOWS\System32\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-01 17:51:20.114
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ACER\Pictures\Saved Pictures\Windows.old\WINDOWS\System32\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-01 17:51:20.087
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ACER\Pictures\Saved Pictures\Windows.old\WINDOWS\System32\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-01 17:51:20.058
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\ACER\Pictures\Saved Pictures\Windows.old\WINDOWS\System32\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 48%
Total physical RAM: 3958.71 MB
Available physical RAM: 2038.16 MB
Total Virtual: 7926.71 MB
Available Virtual: 5749.07 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:207.22 GB) NTFS

\\?\Volume{703b65b1-dc0b-11df-94e5-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{703b65b0-dc0b-11df-94e5-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 1E308DF6)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by Skybluesky, 09 June 2018 - 04:41 AM.

  • 0

Advertisements

#2
RKinner
Posted 13 June 2018 - 05:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Can I see a fresh FRST scan with Addition.txt checked?

 

Also

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP