Ir ao conteúdo
  • Cadastre-se
freed03

Vírus Falso Avast no pendrive

Recommended Posts

Recentemente emprestei um pendrive para uma pessoa e acabei pegando um vírus. Quando conecto o pendrive no meu PC aparece a seguinte mensagem:

Imagem 1

 

Porém, não possuo o avast instalado no meu PC. Em seguida, tudo que estava no pendrive some e gera apenas um atalho e pastas ocultas (como mostra a foto a seguir):3.png.c5a10fb785efccba75672b465b391935.png 

 

Se eu clicar nessa icone do cadeado, é aberto um prompt de comando dizendo "Arquivos escaneados pelo Avast." que logo em seguida é fechado. Nas propriedades desse atalho aparecem as seguintes informações:

5.png.c525646ff7f8f30d44b3ecbd4c8785e6.png

 

Os arquivos originais do pendrive ficam localizados nessa pasta Securet. Já na pasta Cookie estão os seguintes arquivos:

4.png.b4000b609b914b640ce6fa0faca9feeb.png

 

Tentei formatar o pendrive, escaneei com o McAfee Antivirus Plus tanto o pendrive quanto o PC e nada de parar com esse problema. Agora a pouco, vários prompts de comando começaram a abrir e fechar bem rápido, reiniciei o PC e parou de acontecer isso, mas o pendrive continua com o mesmo problema. Procurei sobre como resolver isso pela internet toda e não acho solução. Tentei também o processo de apagar o wscript.exe, mas sem sucesso. Agradeço desde já caso consigam me ajudar!

 

Log: ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, freed03.


Bem-vindo(a) ao Clube do Hardware

Meu nome é Ronaldo e "nome de usuário" Roni_.


1  -  Estou analisando o seu caso.


         Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.


2  -  Por favor, observe o seguinte:


•    Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;

•    O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro.

•    Sempre coloque suas respostas neste tópico... Não abra outro !

•    Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las.

•    Respeite a ordem das instruções passadas.

•    Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

•       Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP)

•    Siga os passos abaixo:


De início,


Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.
 
Baixe o anexo desse post (ZAScript.txt) e salve no mesmo local do ZA-Scan.
 
Execute novamente o ZA-Scan.exe, aguarde e ao final poste o conteúdo do log.
 
Abrirá um bloco de notas com o resultado. Anexe o log na próxima resposta.
 

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

 

 

A seguir,


Baixe o MCShield Anti-Malware Tool e salve no desktop.


Dê um duplo-clique no MCShield-Setup.exe para instalar a ferramenta.


* No Windows Vista e Windows 7:

Clique com o direito sobre o MCShield-Setup.exe e selecione  Executar como Administrador


Caso surja uma mensagem de confirmação do Windows questionando se Deseja permitir que o programa a seguir faça alterações neste computador? clique em Sim.

 

Clique no botão Next:


mcshield-anti-malware-1-tutorial.jpg


Em seguida clique em I Agree:


mcshield-anti-malware-2-tutorial.jpg


Clique em Next:


mcshield-anti-malware-3-tutorial.jpg


Depois disto clique no botão Install:


mcshield-anti-malware-4-tutorial.jpg


Em Language altere para Português Brasil. Clique então no botão Run! e aguarde a varredura:


mcshield-anti-malware-5-tutorial.jpg


Abra a ferramenta e na aba Escaneamentos marque também os itens Sempre exibir itens ocultos em unidades flash e Modo interativo, ficando então desta forma exibida na imagem abaixo:


mcshield-anti-malware-6-tutorial.jpg


Conecte todos as unidades removíveis e clique em OK.


mcshield-anti-malware-7-tutorial.jpg


Aguarde o escaneamento.

 

Assim que a verificação for concluída, abra o programa > Na aba Logs clique em Salvar, postando o mesmo em sua resposta.

 

Além de fazer a remoção das ameaças de seu computador e mídias removíveis, este programa conta também com uma boa proteção residente que visa prevenir e bloquear novas infecções.
 

ZAScript.txt

  • Obrigado 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado, roni_!

Logs:

MCShield-AllScan 

zoek-results.logs.txt

 

adicionado 53 minutos depois

Parece que com o MCShield o vírus foi apagado de vez. Testei os dois pendrives que estavam infectados e nenhum apareceu mais aquele problema. Muitíssimo obrigado, roni_!!!! 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde;

dando prosseguimento:

 

1.   Faça o download do ADWCleaner e salve no desktop.

 

LINK 1 

ou

 

LINK 2

 

Execute o adwcleaner.exe.


** Usuários do Windows Vista, Windows 7 e 8:

 

Clique com o botão direito do mouse sobre o arquivo, depois clique em VRIfczU.png&key=5282c4a6c61404ea9f26d3aa

 

OBS: Para usuários do Windows 8, caso haja bloqueio pelo Smart Screen, clique em Mais Opções e em Executar assim mesmo.

 

Clique em Examinar.

 

Em seguida clique em Limpar.

 

A ferramenta solicitará que o computador seja reiniciado; apenas aceite.

 

Ao final clique em Relatório; será aberto o bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

 

2.  

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

 

Faça o download da ferramenta Shortcut Cleaner e salve na sua área de trabalho:

>>link<<

 

Execute o sc-cleaner.exe

 

Apos o termino da execução uma mensagem irá aparecer informando que terminou.

 

Clique em OK e um bloco de notas será aberto.

 

Anexe este log na sua próxima resposta.


3.   Faça o download da ferramenta ZHPCleaner e salve no desktop (área de trabalho).

>>Link<<


Execute o arquivo ZHPcleaner.exe.


** Usuários do Windows Vista, Windows 7 e 8:

 

Clique com o botão direito do mouse sobre o arquivo, depois clique em VRIfczU.png&key=5282c4a6c61404ea9f26d3aa

 

OBS: Para usuários do Windows 8, caso haja bloqueio pelo Smart Screen, clique em Mais Opções e em Executar assim mesmo.

 

Clique no botão Scanner e aguarde a verificação.

 

Em seguida clique no botão Reparar.

 

Após concluído, caso o log não seja exibido, clique no botão Relatório e salve o log.

 

Copie e cole o seu conteúdo na próxima resposta.


4.   Baixe o Malwarebytes' Anti-Malware (MBAM)

 

Link 1

ou

Link 2


Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

 

•    Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.

 

•    Marque a caixa Executar Malwarebytes Anti-Malware  e clique no botão Concluir.

 

•    Se o programa estiver em inglês, acesse a aba Settings; em Language procure pelo idioma Português (Brasil).

 

•    Acesse a aba Configurações, clique em Detecção e proteção e marque Procurar por Rootkits.

 

•    Volte a aba Painel e clique no botão Verificar Agora.

 

•    A ferramenta irá atualizar e em seguida iniciar o exame. Aguarde, pois pode demorar.

 

•    Se houver itens encontrados, certifique-se de que estão todos marcados e clique no botão Aplicar Ações.

 

•    Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC

 

•    Após a conclusão da remoção, clique na aba Histórico e em Registros dos Aplicativos;

 

•    clique sobre o arquivo "Registro de verificação" (mbam-log) com a data da varredura realizada, e então abrirá uma janela;

 

•    Na janela que abrir clique em Exportar e salve o log no seu desktop.


    2mwt7yh.jpg


•    NÃO USE O FORMATO .XML PARA EXPORTAR O LOG.

 

•    O log de Proteção é desnecessário para a análise, exporte sempre o log correto.

 

•    Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log AdwCleaner:

AdwCleaner[C3].txt

 

Log ScCleaner:

sc-cleaner.txt

 

Log ZHPCleaner:

ZHPCleaner.txt

 

Log Malwarebytes:

mb-scan.txt

 

Não estou conseguindo mais mudar os programas padrões que uso. Eles ficam voltando para os originais do windows e aparece a seguinte mensagem:

An app default was reset

An app caused a problem with the default app settings for (extensão do arquivo) files, so it was reset to (programa padrão).

 

Mesmo eu não alterando nenhum programa, continua aparecendo essa mensagem.

Compartilhar este post


Link para o post
Compartilhar em outros sites

bom dia;

Sobre os programas, acesse este link e veja se resolve:
>>>Link<<<

 

Prosseguindo;

 

Baixe o Farbar Recovery Scan Tool e salve na sua área de trabalho.

64 bit (x64)

Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Selecione, copie e cole o conteúdo do FRST.txt em sua próxima resposta e anexe o Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log Addition.txt: Addition.txt

 

Log FRST.txt: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by fredg (administrator) on FRED-PC (23-03-2018 15:21:52)
Running from C:\Users\fredg\Desktop
Loaded Profiles: fredg (Available Profiles: fredg & frarq)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\UPDMGR\5.9.117.1\mcupdatemgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MHN\AlertHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP) C:\Program Files (x86)\HP\HP 3D DriveGuard\AccelerometerSt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(KoshyJohn.com) C:\Users\fredg\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2018-01-26] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2016-02-10] (Autodesk, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [692160 2016-01-19] (Autodesk, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [701984 2017-07-13] (HP Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\HP\HP 3D DriveGuard\AccelerometerST.exe [133952 2016-09-28] (HP)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2018-01-17] (Intel)
HKLM-x32\...\Run: [HDD Regenerator] => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03222018000917523\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [404016 2017-10-25] (Microsoft Corporation)
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [HP Officejet 7610 series (NET)] => C:\Program Files\HP\HP Officejet 7610 series\Bin\ScanToPCActivationApp.exe [2631784 2012-10-21] (Hewlett-Packard Co.)
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [小米云服务] => C:\Users\fredg\AppData\Local\MiCloudPC\update.exe [1524136 2017-08-14] (GitHub)
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [Memory Cleaner] => C:\Users\fredg\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe [1035912 2017-09-18] (KoshyJohn.com)
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [dowll] => C:\Users\fredg\AppData\Roaming\fredg\Clow.vbe
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [Spotify Web Helper] => C:\Users\fredg\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-02] (Spotify Ltd)
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated) <==== ATTENTION
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated) <==== ATTENTION
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [404016 2017-10-25] (Microsoft Corporation)
Startup: C:\Users\fredg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2016-09-12]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\fredg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 7110 series (Network).lnk [2017-01-20]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 7110 series (Network).lnk -> C:\Program Files\HP\HP Officejet 7110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9d04c4d7-6cfc-4cac-98d8-f3c35b784df6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cf915970-ae6a-4d96-87fd-db672fa7dade}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HRTE
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HRTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-02] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-02] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-02] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-01-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-01-25] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: ilnon12z.default
FF ProfilePath: C:\Users\fredg\AppData\Roaming\Mozilla\Firefox\Profiles\ilnon12z.default [2018-03-19]
FF Homepage: Mozilla\Firefox\Profiles\ilnon12z.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\ilnon12z.default -> about:newtab
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-01-30] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-01-30] (Adobe Systems)

Chrome: 
=======
CHR NewTab: Default ->  Active:"chrome-extension://nnnkddnnlpamobajfibfdgfnbcnkgngh/home/home.html"
CHR Profile: C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default [2018-03-23]
CHR Extension: (Apresentações) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-19]
CHR Extension: (Kindle Cloud Reader) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldnnhmpcmipijphdbchbfdmnafnjia [2018-03-19]
CHR Extension: (3DTin) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi [2018-03-19]
CHR Extension: (Documentos) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-19]
CHR Extension: (Google Drive) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-19]
CHR Extension: (YouTube) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-19]
CHR Extension: (Adobe Acrobat) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-03-19]
CHR Extension: (Planilhas) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-19]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-03-19]
CHR Extension: (Documentos Google off-line) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-19]
CHR Extension: (Vysor) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2018-03-22]
CHR Extension: (AdBlock) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-19]
CHR Extension: (Pinterest Save Button) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-03-19]
CHR Extension: (Cisco WebEx Extension) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-03-19]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-19]
CHR Extension: (Infinity New Tab (Pro)) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnnkddnnlpamobajfibfdgfnbcnkgngh [2018-03-19]
CHR Extension: (AdSkipper) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2018-03-19]
CHR Extension: (Psykopaint) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2018-03-19]
CHR Extension: (Gmail) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-19]
CHR Extension: (Chrome Media Router) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0037141521772140mcinstcleanup; C:\WINDOWS\TEMP\003714~1.EXE [1031928 2018-03-22] (McAfee, Inc.)
S4 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1222664 2016-01-19] (Autodesk Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-01-30] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-02-03] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-08] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-08] (Dropbox, Inc.)
S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.)
S4 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [2183440 2014-12-10] (DIAL GmbH)
S4 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2018-01-17] (Intel)
S4 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [1701480 2018-01-26] (Intel Corporation)
S4 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] ()
S4 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1319208 2017-07-05] (HP Inc.)
S4 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-09-22] (HP)
S4 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38752 2016-09-26] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S4 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc.)
S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53680 2018-02-05] (AnchorFree Inc.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18488 2016-03-08] (Intel Corporation)
S4 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2018-01-10] (Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-14] (Intel(R) Corporation)
S4 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S4 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-18] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-02-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-01-17] ()
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-24] (Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-24] (Electronic Arts)
S4 PDF Architect 5 Manager; C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985904 2017-02-28] (© pdfforge GmbH.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2016-07-16] ()
S4 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2018-01-26] (Realtek Semiconductor)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [182544 2018-01-11] ()
S4 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-03] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-03] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed]
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2018-01-17] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [53760 2017-12-18] (HP)
S3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-01-03] (AnchorFree Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69560 2018-01-26] (Intel Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-11] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [33448 2016-12-07] ()
R0 EPMVolFlt; C:\WINDOWS\System32\drivers\EPMVolFlt.sys [30320 2017-11-23] (Windows (R) Codename Longhorn DDK provider)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382392 2018-01-26] (Intel Corporation)
S3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-07-13] (ELAN Microelectronic Corp.)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed]
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [39936 2017-12-18] (HP)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-07-13] (REALiX(tm))
S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2018-01-10] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-21] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC)
S3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw04.sys [3556072 2017-07-30] (Intel Corporation)
S3 NETwNs64; C:\WINDOWS\System32\drivers\Netwsw04.sys [3471880 2017-10-26] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8614888 2018-01-17] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-11-16] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782816 2017-11-16] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41512 2018-01-11] ()
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-02-22] (Anchorfree Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-03] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-03] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-03] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-23 15:21 - 2018-03-23 15:24 - 000030879 _____ C:\Users\fredg\Desktop\FRST.txt
2018-03-23 15:21 - 2018-03-23 15:21 - 000000000 ____D C:\FRST
2018-03-23 15:20 - 2018-03-23 15:20 - 001388448 _____ C:\Users\Public\ASR.dat
2018-03-23 15:18 - 2018-03-23 15:18 - 002403328 _____ (Farbar) C:\Users\fredg\Desktop\FRST64.exe
2018-03-22 22:57 - 2018-03-22 22:57 - 000001860 _____ C:\Users\fredg\Desktop\mb-scan.txt
2018-03-20 17:18 - 2018-03-21 00:21 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-20 17:17 - 2018-03-20 17:17 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-20 17:17 - 2018-03-20 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-20 17:17 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-20 17:10 - 2018-03-20 17:17 - 070573424 _____ (Malwarebytes ) C:\Users\fredg\Desktop\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4420.exe
2018-03-20 17:01 - 2018-03-20 17:05 - 000049104 _____ C:\Users\fredg\Desktop\ZHPCleaner.html
2018-03-20 17:01 - 2018-03-20 17:05 - 000021795 _____ C:\Users\fredg\Desktop\ZHPCleaner.txt
2018-03-20 16:43 - 2018-03-20 17:05 - 000000000 ____D C:\Users\fredg\AppData\Roaming\ZHP
2018-03-20 16:43 - 2018-03-20 16:43 - 000000882 _____ C:\Users\fredg\Desktop\ZHPCleaner.lnk
2018-03-20 16:43 - 2018-03-20 16:43 - 000000000 ____D C:\Users\fredg\AppData\Local\ZHP
2018-03-20 16:42 - 2018-03-20 16:42 - 003102592 _____ C:\Users\fredg\Desktop\ZHPCleaner.exe
2018-03-20 16:38 - 2018-03-20 16:40 - 000001838 _____ C:\Users\fredg\Desktop\sc-cleaner.txt
2018-03-20 16:23 - 2018-03-20 16:23 - 000472016 _____ (Bleeping Computer, LLC) C:\Users\fredg\Desktop\sc-cleaner.exe
2018-03-19 14:28 - 2018-03-19 14:28 - 000001339 _____ C:\Users\fredg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee WebAdvisor.lnk
2018-03-19 14:19 - 2018-03-19 14:19 - 000002132 _____ C:\Users\Public\Desktop\McAfee® AntiVirus Plus.lnk
2018-03-19 14:19 - 2018-03-19 14:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-03-19 14:18 - 2017-10-09 23:14 - 000218336 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2018-03-19 14:17 - 2018-03-19 14:26 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-03-19 14:16 - 2018-03-19 14:20 - 000000000 ____D C:\Program Files\McAfee
2018-03-19 14:16 - 2018-03-19 14:16 - 000000000 ____D C:\Program Files\McAfee.com
2018-03-19 14:15 - 2018-03-22 23:28 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-19 14:09 - 2018-01-26 15:48 - 000475600 _____ (McAfee LLC) C:\WINDOWS\system32\mfevtps.exe
2018-03-19 13:51 - 2018-03-19 13:51 - 000000000 ____D C:\Users\fredg\AppData\Local\DBG
2018-03-19 13:05 - 2018-03-19 13:05 - 000004796 _____ C:\Users\fredg\Desktop\MCShield-AllScans.txt
2018-03-19 12:53 - 2018-03-23 15:06 - 000000000 ____D C:\ProgramData\MCShield
2018-03-19 12:53 - 2018-03-19 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2018-03-19 12:53 - 2018-03-19 12:53 - 000000000 ____D C:\Program Files (x86)\MCShield
2018-03-19 07:29 - 2018-03-19 07:29 - 000000000 ____D C:\Users\fredg\AppData\Local\NetworkTiles
2018-03-19 07:28 - 2018-03-19 06:22 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2018-03-18 22:03 - 2018-03-18 22:03 - 002856736 _____ (MyCity) C:\Users\fredg\Desktop\MCShield-Setup.exe
2018-03-18 17:35 - 2018-03-19 14:28 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-03-18 17:12 - 2018-03-18 17:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-03-18 14:15 - 2018-03-18 14:15 - 000000000 ____D C:\zoek_backup
2018-03-18 12:55 - 2018-03-18 12:55 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-18 12:45 - 2018-03-18 13:12 - 000629606 _____ C:\WINDOWS\ntbtlog.txt
2018-03-18 12:39 - 2018-03-18 12:39 - 000000000 _____ C:\Users\fredg\AppData\Local\{0D4446B2-8224-42BF-8D5F-3EF814DC9ACD}
2018-03-18 12:22 - 2018-03-18 12:22 - 000000000 ____D C:\Users\fredg\AppData\Roaming\pwclean
2018-03-18 12:02 - 2018-03-18 12:02 - 008222496 _____ (Malwarebytes) C:\Users\fredg\Downloads\adwcleaner_7.0.8.0.exe
2018-03-18 11:57 - 2018-03-18 11:57 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2517E4C3.sys
2018-03-18 11:57 - 2018-03-18 11:57 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5A65448E.sys
2018-03-18 10:03 - 2018-03-02 00:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-18 10:03 - 2018-03-02 00:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-18 10:03 - 2018-03-02 00:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-18 10:03 - 2018-03-02 00:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-18 10:03 - 2018-03-02 00:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-18 10:03 - 2018-03-02 00:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-18 10:03 - 2018-03-01 23:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-18 10:03 - 2018-03-01 17:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-18 10:03 - 2018-03-01 04:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-18 10:03 - 2018-03-01 04:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-18 10:03 - 2018-03-01 04:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-18 10:03 - 2018-03-01 04:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-18 10:03 - 2018-03-01 04:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-18 10:03 - 2018-03-01 04:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-18 10:03 - 2018-03-01 04:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-18 10:03 - 2018-03-01 04:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-18 10:03 - 2018-03-01 04:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-18 10:03 - 2018-03-01 04:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-18 10:03 - 2018-03-01 04:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-18 10:03 - 2018-03-01 04:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-18 10:03 - 2018-03-01 04:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-18 10:03 - 2018-03-01 04:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-18 10:03 - 2018-03-01 04:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-18 10:03 - 2018-03-01 04:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-18 10:03 - 2018-03-01 04:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-18 10:03 - 2018-03-01 04:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-18 10:03 - 2018-03-01 04:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-18 10:03 - 2018-03-01 04:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-18 10:03 - 2018-03-01 04:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-18 10:03 - 2018-03-01 04:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-18 10:03 - 2018-03-01 04:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-18 10:03 - 2018-03-01 04:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-18 10:03 - 2018-03-01 04:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-18 10:03 - 2018-03-01 04:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-18 10:03 - 2018-03-01 04:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-18 10:03 - 2018-03-01 04:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-18 10:03 - 2018-03-01 04:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-18 10:03 - 2018-03-01 04:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-18 10:03 - 2018-03-01 04:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-18 10:03 - 2018-03-01 04:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-18 10:03 - 2018-03-01 04:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-18 10:03 - 2018-03-01 04:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-18 10:03 - 2018-03-01 04:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-18 10:03 - 2018-03-01 04:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-18 10:03 - 2018-03-01 04:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-18 10:03 - 2018-03-01 04:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-18 10:03 - 2018-03-01 04:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-18 10:03 - 2018-03-01 04:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-18 10:03 - 2018-03-01 04:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-18 10:03 - 2018-03-01 04:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-18 10:03 - 2018-03-01 03:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-18 10:03 - 2018-03-01 03:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-18 10:03 - 2018-03-01 03:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-18 10:03 - 2018-03-01 03:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-18 10:03 - 2018-03-01 03:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-18 10:03 - 2018-03-01 03:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-18 10:03 - 2018-03-01 03:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-18 10:03 - 2018-03-01 03:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-18 10:03 - 2018-03-01 03:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-18 10:03 - 2018-03-01 03:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-18 10:03 - 2018-03-01 03:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-18 10:03 - 2018-03-01 03:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-18 10:03 - 2018-03-01 03:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-18 10:03 - 2018-03-01 03:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-18 10:03 - 2018-03-01 03:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-18 10:03 - 2018-03-01 03:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-18 10:03 - 2018-03-01 03:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-18 10:03 - 2018-03-01 03:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-18 10:03 - 2018-03-01 03:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-18 10:03 - 2018-03-01 03:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-18 10:03 - 2018-03-01 03:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-18 10:03 - 2018-03-01 03:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-18 10:03 - 2018-03-01 03:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-18 10:03 - 2018-03-01 03:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-18 10:03 - 2018-03-01 03:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-18 10:03 - 2018-03-01 03:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-18 10:03 - 2018-03-01 02:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-18 10:03 - 2018-03-01 02:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-18 10:03 - 2018-03-01 02:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-18 10:03 - 2018-03-01 02:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-18 10:03 - 2018-03-01 02:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-18 10:03 - 2018-03-01 02:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-18 10:03 - 2018-03-01 02:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-18 10:03 - 2018-03-01 02:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-18 10:03 - 2018-03-01 02:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-18 10:03 - 2018-03-01 02:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-18 10:03 - 2018-03-01 02:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-18 10:03 - 2018-03-01 02:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-18 10:03 - 2018-03-01 02:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-18 10:03 - 2018-03-01 02:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-18 10:03 - 2018-03-01 02:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-18 10:03 - 2018-03-01 02:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-18 10:03 - 2018-03-01 02:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-18 10:03 - 2018-03-01 02:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-18 10:03 - 2018-03-01 02:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-18 10:03 - 2018-03-01 02:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-18 10:03 - 2018-03-01 02:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-18 10:03 - 2018-03-01 02:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-18 10:03 - 2018-03-01 02:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-18 10:03 - 2018-03-01 02:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-18 10:03 - 2018-03-01 02:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-18 10:03 - 2018-03-01 02:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-18 10:03 - 2018-03-01 02:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-18 10:03 - 2018-03-01 02:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-18 10:03 - 2018-03-01 02:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-18 10:03 - 2018-03-01 02:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-18 10:03 - 2018-03-01 02:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-18 10:03 - 2018-03-01 02:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-18 10:03 - 2018-03-01 02:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-18 10:03 - 2018-03-01 02:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-18 10:03 - 2018-03-01 02:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-18 10:03 - 2018-03-01 02:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-18 10:03 - 2018-03-01 02:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-18 10:03 - 2018-03-01 02:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-18 10:03 - 2018-03-01 02:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-18 10:03 - 2018-03-01 02:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-18 10:03 - 2018-03-01 02:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-18 10:03 - 2018-03-01 02:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-18 10:03 - 2018-03-01 02:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-18 10:03 - 2018-03-01 02:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-18 10:03 - 2018-03-01 02:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-18 10:03 - 2018-03-01 02:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-18 10:03 - 2018-03-01 02:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-18 10:03 - 2018-03-01 02:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-18 10:03 - 2018-03-01 02:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-18 10:03 - 2018-03-01 02:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-18 10:03 - 2018-03-01 02:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-18 10:03 - 2018-03-01 02:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-18 10:03 - 2018-03-01 02:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-18 10:03 - 2018-03-01 02:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-18 10:03 - 2018-03-01 02:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-18 10:03 - 2018-03-01 02:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-18 10:03 - 2018-03-01 02:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-18 10:03 - 2018-03-01 02:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-18 10:03 - 2018-03-01 02:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-18 10:03 - 2018-03-01 02:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-18 10:03 - 2018-03-01 02:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-18 10:03 - 2018-03-01 02:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-18 10:03 - 2018-03-01 02:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-18 10:03 - 2018-03-01 02:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-18 10:03 - 2018-03-01 02:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-18 10:03 - 2018-03-01 02:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-18 10:03 - 2018-03-01 02:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-18 10:03 - 2018-03-01 02:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-18 10:03 - 2018-03-01 02:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-18 10:03 - 2018-03-01 02:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-18 10:03 - 2018-03-01 02:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-18 10:03 - 2018-03-01 02:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-18 10:03 - 2018-03-01 02:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-18 10:03 - 2018-02-21 23:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-18 10:03 - 2018-02-21 23:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-18 10:03 - 2018-02-21 23:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-18 10:03 - 2018-02-21 23:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-18 10:03 - 2018-02-21 23:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-18 10:03 - 2018-02-21 23:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-18 10:03 - 2018-02-21 23:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-18 10:03 - 2018-02-21 23:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-18 10:03 - 2018-02-21 23:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-18 10:03 - 2018-02-21 23:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-18 10:03 - 2018-02-21 23:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-18 10:03 - 2018-02-21 23:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-18 10:03 - 2018-02-21 23:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-18 10:03 - 2018-02-21 23:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-18 10:03 - 2018-02-21 23:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-18 10:03 - 2018-02-21 23:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-18 10:03 - 2018-02-21 22:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-18 10:03 - 2018-02-21 22:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-18 10:03 - 2018-02-21 22:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-18 10:03 - 2018-02-21 22:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-18 10:03 - 2018-02-21 22:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-18 10:03 - 2018-02-21 22:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-18 10:03 - 2018-02-21 22:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-18 10:03 - 2018-02-21 22:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-18 10:03 - 2018-02-21 21:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-18 10:03 - 2018-02-21 21:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-18 10:03 - 2018-02-21 21:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-18 10:03 - 2018-02-21 21:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-18 10:03 - 2018-02-21 21:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-18 10:03 - 2018-02-21 21:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-18 10:03 - 2018-02-21 21:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-18 10:03 - 2018-02-21 21:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-18 10:03 - 2018-02-21 21:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-18 10:03 - 2018-02-21 21:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-17 19:26 - 2018-03-17 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-15 08:50 - 2018-03-15 08:50 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-03-15 08:50 - 2018-03-15 08:50 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-03-15 08:50 - 2018-03-15 08:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-03-15 08:50 - 2018-03-15 08:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-03-10 16:37 - 2018-03-10 18:48 - 000000000 ____D C:\Users\fredg\Desktop\New folder
2018-03-10 15:33 - 2018-03-10 15:33 - 000324379 _____ C:\Users\fredg\Desktop\mergedReport.pdf
2018-03-08 14:42 - 2018-03-19 13:50 - 000000000 ____D C:\Users\fredg\Desktop\Apresentação Edna e Evellyn
2018-03-07 16:49 - 2018-03-20 22:10 - 000000578 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-03-06 15:51 - 2018-03-06 16:03 - 123746472 _____ (HP Development Company, L.P. ) C:\Users\fredg\Downloads\sp84148.exe
2018-03-03 14:45 - 2018-03-05 16:28 - 000000000 ____D C:\Users\fredg\Desktop\Boletão
2018-02-25 15:14 - 2018-02-25 15:14 - 000000000 ____D C:\Users\fredg\AppData\Local\Simplify3D
2018-02-25 15:13 - 2018-02-25 15:14 - 000000000 ____D C:\Program Files\Simplify3D-4.0.0
2018-02-25 15:13 - 2018-02-25 15:13 - 000001870 _____ C:\Users\Public\Desktop\Simplify3D.lnk
2018-02-25 15:13 - 2018-02-25 15:13 - 000000000 __SHD C:\ProgramData\ms-drivers
2018-02-25 15:13 - 2018-02-25 15:13 - 000000000 __SHD C:\ProgramData\icsxml
2018-02-25 15:13 - 2018-02-25 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simplify3D Software
2018-02-25 15:06 - 2018-02-25 15:06 - 000028570 _____ C:\Users\fredg\Downloads\Simplify3d.v3.0.3d.printing.application.windows.x86.x64.torrent
2018-02-24 21:03 - 2018-03-17 18:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-21 16:36 - 2018-02-21 16:36 - 000000000 ___RD C:\Users\fredg\Creative Cloud Files

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-23 15:08 - 2017-10-27 22:37 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{184EBAEA-6704-429D-A33D-516DEB38A8CF}
2018-03-22 22:59 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-22 22:58 - 2017-09-29 10:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-22 22:58 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-22 22:53 - 2017-10-27 21:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-22 00:07 - 2017-10-27 22:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-22 00:07 - 2017-10-27 22:00 - 000000000 ____D C:\Users\fredg
2018-03-21 23:41 - 2017-10-27 22:37 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3809071994-1686498011-1761039581-1001
2018-03-21 23:40 - 2016-07-08 21:59 - 000002374 _____ C:\Users\fredg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-21 23:25 - 2016-07-08 21:59 - 000000000 __RDL C:\Users\fredg\OneDrive
2018-03-21 23:19 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-21 01:56 - 2016-07-10 02:13 - 000000000 ____D C:\Users\fredg\AppData\Local\Spotify
2018-03-21 01:53 - 2016-07-10 02:12 - 000000000 ____D C:\Users\fredg\AppData\Roaming\Spotify
2018-03-21 00:18 - 2017-09-29 05:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-03-20 20:40 - 2016-07-08 21:59 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-20 17:17 - 2016-09-08 20:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-20 16:24 - 2016-12-14 22:10 - 000000000 ____D C:\AdwCleaner
2018-03-19 18:51 - 2017-09-29 10:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-19 17:30 - 2016-06-25 11:10 - 000000000 ____D C:\ProgramData\McAfee
2018-03-19 17:27 - 2017-10-27 21:59 - 001213670 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-19 14:28 - 2017-09-29 10:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-03-19 14:27 - 2017-09-29 05:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-19 14:27 - 2017-07-09 22:46 - 000000000 ____D C:\Program Files\Common Files\AV
2018-03-19 14:26 - 2017-07-09 22:39 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-03-19 14:25 - 2017-10-27 22:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-03-19 14:15 - 2017-10-27 22:37 - 000003442 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-03-19 14:06 - 2017-08-02 15:52 - 000000000 ____D C:\Users\fredg\Downloads\Instaladores
2018-03-18 17:16 - 2015-10-30 03:28 - 000000000 ____D C:\Users\Default.migrated
2018-03-18 14:06 - 2016-09-28 17:49 - 000000132 _____ C:\Users\fredg\AppData\Roaming\Adobe PNG Format CS6 Prefs
2018-03-18 11:41 - 2016-07-08 21:50 - 000000000 __SHD C:\Users\fredg\IntelGraphicsProfiles
2018-03-18 11:15 - 2016-09-20 23:22 - 000000000 ___RD C:\Users\fredg\3D Objects
2018-03-18 11:15 - 2015-11-02 15:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-18 11:13 - 2017-10-27 21:53 - 005728352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-18 11:10 - 2016-08-13 13:24 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForfredg.job
2018-03-18 11:07 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-18 11:07 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-18 11:07 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-18 10:32 - 2017-09-29 10:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-18 10:14 - 2017-09-29 10:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-18 09:32 - 2017-09-29 10:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-17 21:39 - 2016-07-10 00:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-17 21:34 - 2017-10-27 22:37 - 000003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForfredg
2018-03-17 21:31 - 2017-10-10 15:09 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-17 21:31 - 2016-07-10 00:33 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-17 19:29 - 2016-04-01 15:56 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-17 18:43 - 2017-10-27 22:00 - 000000000 ____D C:\Users\frarq
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\setup
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-17 18:42 - 2017-09-29 05:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-03-17 18:42 - 2016-06-25 10:43 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-03-17 18:41 - 2017-09-29 11:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-03-17 18:41 - 2017-09-29 11:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-03-17 18:41 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-17 18:41 - 2017-09-29 05:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-03-17 18:41 - 2017-09-29 05:45 - 000000000 ____D C:\WINDOWS\servicing
2018-03-17 18:41 - 2017-07-13 09:50 - 000000000 ____D C:\Users\fredg\AppData\LocalLow\IObit
2018-03-17 18:41 - 2017-01-06 23:40 - 000000000 ____D C:\Users\fredg\AppData\LocalLow\Heroes and Generals
2018-03-17 18:41 - 2016-08-13 21:03 - 000000000 ____D C:\ProgramData\FLEXnet
2018-03-17 18:41 - 2016-08-13 20:27 - 000000000 ____D C:\ProgramData\Autodesk
2018-03-17 18:29 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-03-17 18:06 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\registration
2018-03-17 18:03 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SystemApps
2018-03-17 17:57 - 2017-04-19 14:04 - 000000000 ____D C:\Users\fredg\AppData\LocalLow\Sun
2018-03-17 17:55 - 2016-09-29 14:46 - 000000000 ____D C:\Users\fredg\AppData\LocalLow\Google
2018-03-16 19:11 - 2017-10-27 22:02 - 000000000 ____D C:\Users\fredg\AppData\Local\Packages
2018-03-10 17:48 - 2016-09-22 19:24 - 000000000 ____D C:\Users\fredg\AppData\Local\ElevatedDiagnostics
2018-03-10 09:33 - 2016-08-13 21:05 - 000239424 _____ C:\Users\fredg\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-09 14:11 - 2016-08-13 21:33 - 000000000 ___RD C:\Users\fredg\Desktop\A R Q
2018-03-02 20:47 - 2017-10-27 22:37 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-03-02 18:09 - 2018-01-16 21:38 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 18:09 - 2018-01-16 21:38 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-25 17:26 - 2016-07-08 22:14 - 000000000 ____D C:\Program Files (x86)\Steam
2018-02-25 15:12 - 2017-03-18 19:17 - 000000000 ____D C:\Users\fredg\AppData\Roaming\BitTorrent
2018-02-23 19:26 - 2017-03-07 18:32 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-21 16:35 - 2017-11-29 10:15 - 000000000 ___HD C:\adobeTemp
2018-02-21 16:34 - 2016-08-13 21:18 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-02-21 16:33 - 2016-07-08 21:50 - 000000000 ____D C:\Users\fredg\AppData\Roaming\Adobe
2018-02-21 16:32 - 2016-08-13 21:14 - 000000000 ____D C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2018-03-23 15:20 - 2018-03-23 15:20 - 001388448 _____ () C:\Users\Public\ASR.dat
2017-02-03 02:35 - 2017-02-03 03:19 - 000000132 _____ () C:\Users\fredg\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-09-28 17:49 - 2018-03-18 14:06 - 000000132 _____ () C:\Users\fredg\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-07-31 17:29 - 2017-07-31 17:29 - 000001456 _____ () C:\Users\fredg\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-02-06 16:23 - 2018-02-06 16:23 - 000007617 _____ () C:\Users\fredg\AppData\Local\Resmon.ResmonCfg
2018-03-18 12:39 - 2018-03-18 12:39 - 000000000 _____ () C:\Users\fredg\AppData\Local\{0D4446B2-8224-42BF-8D5F-3EF814DC9ACD}

Files to move or delete:
====================
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe


Some files in TEMP:
====================
2018-03-20 16:13 - 2015-01-26 13:34 - 000015752 _____ (Autodesk, Inc.) C:\Users\fredg\AppData\Local\Temp\AcDeltree.exe
2018-03-20 16:13 - 2018-03-20 16:19 - 001962752 _____ (Flexera Software LLC) C:\Users\fredg\AppData\Local\Temp\FNP_ACT_InstallerCA.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-18 08:49

==================== End of FRST.txt ============================

Compartilhar este post


Link para o post
Compartilhar em outros sites

fixlist.txtfixlist.txt

 

Bom dia;

 

1   -   Baixe o anexo deste post e salve-o no desktop.
 
Execute o FRST e clique no botão Corrigir.
 
Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.
 
Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

 

 

2   -   Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer.

Salve-o em seu desktop.

Duplo clique no ícone em seu desktop.


          Marque "YES, I accept the Terms of Use."

          Clique em Start.

          Aceite qualquer aviso de segurança de seu browser.

          Em Computer scan settings:

                                  marque "Enable detection of potentially unwanted applications"


          Clique em Advanced settings e faça o seguinte:


          desmarque:

               º Remove found threats

 

          marque:

               º Scan archives

               º Scan for potentially unsafe applications

               º Enable Anti-Stealth technology


          clique em Start


Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.

Quando o scan terminar, clique em List Threats

Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.

Clique em Back.

Clique em Finish.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde!

Log Farbar:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by fredg (28-03-2018 15:48:37) Run:1
Running from C:\Users\fredg\Desktop
Loaded Profiles: fredg (Available Profiles: fredg & frarq)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated) <==== ATTENTION
HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated) <==== ATTENTION
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

"HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2" => removed successfully
"HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 227830870 B
Java, Flash, Steam htmlcache => 527974260 B
Windows/system/drivers => 3304361 B
Edge => 4608 B
Chrome => 1024731538 B
Firefox => 3949026 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 162821 B
systemprofile32 => 0 B
LocalService => 146940 B
NetworkService => 444002 B
fredg => 293899756 B
frarq => 31886 B

RecycleBin => 6235024618 B
EmptyTemp: => 7.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:55:10 ====

 

ESET log:

 

C:\AdwCleaner\quarantine\frAQBc8Wsa\{BAAB946F-7E00-41F4-BEC7-B8CCF758E012}\setup.msi    a variant of Win32/UwS.SlimDrivers.A application
C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\File System\078\p\00\00000000    a variant of Win32/Packed.VMProtect.ABD trojan
C:\Users\fredg\Desktop\A R Q\Blocos e Famílias\Familias REVIT\acessórios-objetos\spsetup116.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\fredg\Desktop\Backup PC\Fred\Familias REVIT\acessórios-objetos\spsetup116.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\fredg\Desktop\Backup PC\Fred\Lumion v5.0\L.5.pro.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\fredg\Documents\Programas ARQ\AUTODESK.REVIT.ARCHITECTURE.V2014-ISO\rac2014.iso    a variant of Win32/Keygen.HA potentially unsafe application
C:\Users\fredg\Downloads\ccsetup532pro.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\fredg\Downloads\Adobe After Effects CC 2017 v14.0.1 + Crack [SadeemPC]\Crack\Adobe CC 2017 XFORCE Activation.zip    BAT/HostsChanger.A potentially unsafe application
C:\Users\fredg\Downloads\Instaladores\Adobe.InDesign.CC.2017.v12.0.x64.rar    a variant of Win32/HackTool.Patcher.CH potentially unsafe application
C:\Users\fredg\Downloads\Instaladores\Office 2016 AIO.iso    MSIL/HackTool.Agent.BD potentially unsafe application
C:\Users\fredg\Downloads\Instaladores\SkullCracked-Cinema 4D R18.rar    a variant of Win32/Packed.VMProtect.ABD trojan
C:\Users\fredg\Downloads\Instaladores\xf-adsk2016_x64.7z    a variant of Win32/Keygen.OX potentially unsafe application
C:\Users\fredg\Downloads\Instaladores\Adobe Photoshop CC 2017 v18.0.1 (x86x64) Incl Crack + Portable [SadeemPC]\Crack\Adobe CC 2017 XFORCE Activation.zip    BAT/HostsChanger.A potentially unsafe application
C:\Users\fredg\Downloads\Instaladores\Adobe Photoshop CC 2017 v18.0.1 (x86x64) Incl Crack + Portable [SadeemPC]\Crack\Adobe CC 2015.5 XFORCE Activation\disable_activation.cmd    BAT/HostsChanger.A potentially unsafe application
C:\Users\fredg\Downloads\Instaladores\Autodesk AutoCAD 2016 (x64)\64 Bit {X64}\Keygen\xf-adsk2016_x64.exe    a variant of Win32/Keygen.OX potentially unsafe application
C:\Users\fredg\Downloads\Instaladores\Autodesk Revit 2016 R2 x64 + Revit Extensions + Crack\Autodesk Revit 2016_\Autodesk_Revit_2016_R2\xf-adsk2016_x64.7z    a variant of Win32/Keygen.OX potentially unsafe application
C:\Users\fredg\Downloads\Instaladores\AUTODESK.REVIT.ARCHITECTURE.V2014-ISO\rac2014.iso    a variant of Win32/Keygen.HA potentially unsafe application
C:\Users\fredg\Downloads\Instaladores\AUTODESK.REVIT.V2017.WIN64-ISO\rvt2017_x64.iso    a variant of Win32/Keygen.OX potentially unsafe application
C:\Users\fredg\Downloads\Instaladores\Cinema 4D R18\Crack\xf-c4dr18.exe    a variant of Win32/Packed.VMProtect.ABD trojan
C:\Users\fredg\Downloads\Instaladores\Lumion 8\Lumion 8.0 Pro + Serial Number Reading Tool - [CrackzSoft]\Lumion8.0 Pro Serial number reading tool.rar    a variant of Win32/Packed.EnigmaProtector.J suspicious application

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá freed03, boa tarde;

 

Execute novamente o Eset e deixe marcado Remove found threats;

Quando o scan terminar, clique em List Threats

Copie e cole o conteúdo em sua próxima resposta.

Clique em Back.

Clique em Finish.

Clique em Finish.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Roni_!

Alguns arquivos foram colocados em quarentena pelo outro antivirus que uso (McAfee Antivirus Plus), por isso não aparecem na lista abaixo, mas já deletei todos.

 

Log ESET: 

 

C:\AdwCleaner\quarantine\frAQBc8Wsa\{BAAB946F-7E00-41F4-BEC7-B8CCF758E012}\setup.msi    a variant of Win32/UwS.SlimDrivers.A application    deleted
C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\File System\078\p\00\00000000    a variant of Win32/Packed.VMProtect.ABD trojan    deleted
C:\Users\fredg\Desktop\A R Q\Blocos e Famílias\Familias REVIT\acessórios-objetos\spsetup116.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    cleaned by deleting
C:\Users\fredg\Desktop\Backup PC\Fred\Familias REVIT\acessórios-objetos\spsetup116.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    cleaned by deleting
C:\Users\fredg\Documents\Programas ARQ\AUTODESK.REVIT.ARCHITECTURE.V2014-ISO\rac2014.iso    a variant of Win32/Keygen.HA potentially unsafe application    deleted
C:\Users\fredg\Downloads\ccsetup532pro.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\fredg\Downloads\Instaladores\Adobe.InDesign.CC.2017.v12.0.x64.rar    a variant of Win32/HackTool.Patcher.CH potentially unsafe application    deleted
C:\Users\fredg\Downloads\Instaladores\Office 2016 AIO.iso    MSIL/HackTool.Agent.BD potentially unsafe application    deleted
C:\Users\fredg\Downloads\Instaladores\SkullCracked-Cinema 4D R18.rar    a variant of Win32/Packed.VMProtect.ABD trojan    deleted
C:\Users\fredg\Downloads\Instaladores\xf-adsk2016_x64.7z    a variant of Win32/Keygen.OX potentially unsafe application    deleted
C:\Users\fredg\Downloads\Instaladores\Adobe After Effects CC 2017 v14.0.1 + Crack [SadeemPC]\Crack\Adobe CC 2017 XFORCE Activation.zip    BAT/HostsChanger.A potentially unsafe application    deleted
C:\Users\fredg\Downloads\Instaladores\Adobe Photoshop CC 2017 v18.0.1 (x86x64) Incl Crack + Portable [SadeemPC]\Crack\Adobe CC 2017 XFORCE Activation.zip    BAT/HostsChanger.A potentially unsafe application    deleted
C:\Users\fredg\Downloads\Instaladores\Adobe Photoshop CC 2017 v18.0.1 (x86x64) Incl Crack + Portable [SadeemPC]\Crack\Adobe CC 2015.5 XFORCE Activation\disable_activation.cmd    BAT/HostsChanger.A potentially unsafe application    cleaned by deleting
C:\Users\fredg\Downloads\Instaladores\Autodesk AutoCAD 2016 (x64)\64 Bit {X64}\Keygen\xf-adsk2016_x64.exe    a variant of Win32/Keygen.OX potentially unsafe application    cleaned by deleting
C:\Users\fredg\Downloads\Instaladores\Autodesk Revit 2016 R2 x64 + Revit Extensions + Crack\Autodesk Revit 2016_\Autodesk_Revit_2016_R2\xf-adsk2016_x64.7z    a variant of Win32/Keygen.OX potentially unsafe application    deleted
C:\Users\fredg\Downloads\Instaladores\AUTODESK.REVIT.ARCHITECTURE.V2014-ISO\rac2014.iso    a variant of Win32/Keygen.HA potentially unsafe application    deleted
C:\Users\fredg\Downloads\Instaladores\AUTODESK.REVIT.V2017.WIN64-ISO\rvt2017_x64.iso    a variant of Win32/Keygen.OX potentially unsafe application    deleted (after the next restart)
C:\Users\fredg\Downloads\Instaladores\Lumion 8\Lumion 8.0 Pro + Serial Number Reading Tool - [CrackzSoft]\Lumion8.0 Pro Serial number reading tool.rar    a variant of Win32/Packed.EnigmaProtector.J suspicious application    deleted

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite;

 

Para finalizar,


1.   Faça o download do Delfix by Xplode  e salve na sua área de trabalho.

 

Dê dois cliques no delfix.exe para executá-lo.

 

** Usuários do Windows Vista ou Windows 7 clique com o lado direito do mouse sobre o arquivo delfix.exe, depois clique emVRIfczU.png&key=5282c4a6c61404ea9f26d3aa

 

Selecione as caixas conforme figura abaixo.


2mez6ld.png


Clique no botão Executar.

 

Ao final será gerado um log, mas não é necessário postar. 

 


2.     O Ccleaner é um excelente utilitário de limpeza para o computador.


Caso queira,


Faça o download dele aqui CCleaner  e salve na sua área de trabalho.

 

    •   Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.


    •   Clique duas vezes nesta pasta;


    •   Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;


    •   Coloque o nome de backups.


    •   Abra o programa e clique em Executar Limpeza;


    •   Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...


    •   Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima !

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×