Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very sluggish computer. Suspecting malware.


  • Please log in to reply

#1
Andre Silva

Andre Silva

    Member

  • Member
  • PipPipPip
  • 140 posts

Dear Experts,

 

I'm posting this topic due to a severely sluggish computer altogether. Internet browsers keep jamming and computer may need a major cleanup and possible software updates.

 

Thank you in advance for your kind cooperation. Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Izilda (administrator) on IZILDA-HP (03-02-2016 00:08:19)
Running from C:\Users\Izilda\Desktop
Loaded Profiles: Izilda (Available Profiles: Izilda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
(Dropbox, Inc.) C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-02-07] (IDT, Inc.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-27] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Run: [Google Update] => C:\Users\Izilda\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Run: [Dropbox Update] => C:\Users\Izilda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_Plugin.exe [1163456 2015-12-31] (Adobe Systems Incorporated)
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\MountPoints2: {520b7578-3f36-11e1-9d4c-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-27] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk [2014-05-30]
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2 192.168.1.1
Tcpip\..\Interfaces\{0211F5D2-0B48-4A83-8097-2D3C20677B0B}: [DhcpNameServer] 65.32.5.111 65.32.5.112 192.168.1.1
Tcpip\..\Interfaces\{894FB0E4-5432-4A2A-B791-AB7238B6F4E2}: [DhcpNameServer] 200.142.132.32 200.220.227.57
Tcpip\..\Interfaces\{E66EA923-D0B8-4739-A6C2-1045AE207BFE}: [DhcpNameServer] 75.114.81.1 75.114.81.2 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-02-18] (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-27] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-27] (Hewlett-Packard)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-02-18] (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-27] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files (x86)\OpenSubtitlesPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-27] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll [2011-09-07] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Izilda\AppData\Roaming\Mozilla\Firefox\Profiles\qb4mtwr7.default-1380586887777
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-31] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-31] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-03-15] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-02] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-28] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-08-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Izilda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: @talk.google.com/O1DPlugin -> C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Izilda\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Izilda\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Izilda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-12-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/bb -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-06-10] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/cef -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2015-01-17] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/uni -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-01-15] (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Izilda\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Izilda\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\Izilda\AppData\Roaming\Mozilla\Firefox\Profiles\qb4mtwr7.default-1380586887777\searchplugins\yahoo-avast.xml [2014-06-13]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2016-01-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-27]
FF HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-01-17] [not signed]
FF HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: GBBD Guardião - Itaú 30 horas - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-03-24] [not signed]
FF HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-05-04] [not signed]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Izilda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-15]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2015-09-15]
CHR HKU\S-1-5-21-3190529940-644357419-2377663512-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-06-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-27] (AVAST Software)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-08-13] (WildTangent)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-01-12] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-27] (AVAST Software)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30352 2015-05-02] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-02-03] (GAS Tecnologia)
R1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-08-26] (GAS Tecnologia)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-02-02] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-03 00:08 - 2016-02-03 00:09 - 00032578 _____ C:\Users\Izilda\Desktop\FRST.txt
2016-02-03 00:08 - 2016-02-03 00:08 - 00000000 ____D C:\FRST
2016-02-03 00:07 - 2016-02-03 00:07 - 02370560 _____ (Farbar) C:\Users\Izilda\Downloads\FRST64.exe
2016-02-03 00:07 - 2016-02-03 00:07 - 02370560 _____ (Farbar) C:\Users\Izilda\Desktop\FRST64.exe
2016-02-02 11:15 - 2016-02-02 11:15 - 00371785 _____ C:\Users\Izilda\Desktop\Banco do Brasil.pdf
2016-01-27 22:51 - 2016-01-27 22:51 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-27 22:51 - 2016-01-27 22:51 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-25 23:08 - 2016-01-25 23:08 - 00001495 _____ C:\Users\Izilda\Downloads\documento (10).pdf
2016-01-25 23:05 - 2016-01-25 23:05 - 00001503 _____ C:\Users\Izilda\Downloads\documento (9).pdf
2016-01-21 23:20 - 2016-01-21 23:28 - 00010294 _____ C:\Users\Izilda\Desktop\Copy of PALAVRAS-CHAVE - THOMPSON SINOP.xlsx
2016-01-21 23:08 - 2016-01-21 23:08 - 00196361 _____ C:\Users\Izilda\Downloads\Apresentacao SEO - 2016.pdf
2016-01-19 02:47 - 2016-01-19 02:47 - 00004136 _____ C:\Users\Izilda\Downloads\extrato-outubro-2015.pdf
2016-01-19 02:46 - 2016-01-19 02:47 - 00007169 _____ C:\Users\Izilda\Downloads\extrato-outubro-2015.ofx
2016-01-19 02:46 - 2016-01-19 02:46 - 00009221 _____ C:\Users\Izilda\Downloads\extrato-novembro2015.ofx
2016-01-19 02:46 - 2016-01-19 02:46 - 00004720 _____ C:\Users\Izilda\Downloads\extrato-novembro-2015.pdf
2016-01-19 02:45 - 2016-01-19 02:45 - 00007231 _____ C:\Users\Izilda\Downloads\extrato-dezembro2015.ofx
2016-01-19 02:45 - 2016-01-19 02:45 - 00004249 _____ C:\Users\Izilda\Downloads\extrato-dezembro2015.pdf
2016-01-19 01:18 - 2016-01-19 01:18 - 00009795 _____ C:\Users\Izilda\Downloads\extrato.ofx
2016-01-19 01:08 - 2016-01-19 01:08 - 00005905 _____ C:\Users\Izilda\Downloads\extrato.pdf
2016-01-18 22:45 - 2016-01-18 22:45 - 00016554 _____ C:\Users\Izilda\Downloads\5393996031.html
2016-01-17 03:03 - 2016-01-17 03:03 - 00659254 _____ C:\Users\Izilda\Downloads\SecureMessage.pdf
2016-01-17 02:59 - 2016-01-17 02:59 - 00623810 _____ C:\Users\Izilda\Downloads\12-20-2015 (2).pdf
2016-01-17 02:30 - 2016-01-17 02:30 - 00623810 _____ C:\Users\Izilda\Downloads\12-20-2015 (1).pdf
2016-01-17 02:28 - 2016-01-17 02:28 - 00015182 _____ C:\Users\Izilda\Downloads\Document.pdf
2016-01-17 02:28 - 2016-01-17 02:28 - 00015182 _____ C:\Users\Izilda\Downloads\Document (1).pdf
2016-01-15 08:19 - 2016-01-15 08:19 - 00308224 _____ C:\Users\Izilda\Downloads\Briefing - Logomarca-1.xls
2016-01-14 22:41 - 2016-01-14 22:41 - 00002436 _____ C:\Users\Izilda\Downloads\extratof2b_20160115.pdf
2016-01-14 22:18 - 2016-01-14 22:18 - 00009475 _____ C:\Users\Izilda\Desktop\relatorio-pamela-massuia-2015.xlsx
2016-01-14 22:06 - 2016-01-14 22:06 - 00002144 _____ C:\Users\Izilda\Downloads\cobrancasf2b_20160115 (2).txt
2016-01-14 22:01 - 2016-01-14 22:01 - 00004360 _____ C:\Users\Izilda\Downloads\cobrancasf2b_20160115 (1).txt
2016-01-14 21:58 - 2016-01-14 21:58 - 00004905 _____ C:\Users\Izilda\Downloads\cobrancasf2b_20160115.txt
2016-01-14 20:48 - 2016-01-14 20:48 - 00002439 _____ C:\Users\Izilda\Downloads\documento (8).pdf
2016-01-14 20:45 - 2016-01-14 20:45 - 00002438 _____ C:\Users\Izilda\Downloads\documento (7).pdf
2016-01-12 19:47 - 2015-12-11 13:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 19:47 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 19:47 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-12 19:47 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-12 19:47 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-12 19:47 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-12 19:47 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-12 19:47 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-12 19:47 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-12 19:46 - 2015-12-23 18:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-12 19:46 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-12 19:46 - 2015-12-12 13:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 19:46 - 2015-12-12 13:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-12 19:46 - 2015-12-12 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-12 19:46 - 2015-12-12 13:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-12 19:46 - 2015-12-12 13:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-12 19:46 - 2015-12-12 13:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 19:46 - 2015-12-12 13:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-12 19:46 - 2015-12-12 13:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-12 19:46 - 2015-12-12 13:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-12 19:46 - 2015-12-12 13:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 19:46 - 2015-12-12 13:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-12 19:46 - 2015-12-12 13:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-12 19:46 - 2015-12-12 13:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-12 19:46 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-12 19:46 - 2015-12-12 13:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 19:46 - 2015-12-12 13:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-12 19:46 - 2015-12-12 13:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-12 19:46 - 2015-12-12 13:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-12 19:46 - 2015-12-12 12:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-12 19:46 - 2015-12-12 12:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-12 19:46 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-12 19:46 - 2015-12-12 12:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-12 19:46 - 2015-12-12 12:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-12 19:46 - 2015-12-12 12:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 19:46 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-12 19:46 - 2015-12-12 12:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-12 19:46 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-12 19:46 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-12 19:46 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-12 19:46 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-12 19:46 - 2015-12-12 12:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-12 19:46 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-12 19:46 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-12 19:46 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-12 19:46 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-12 19:46 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-12 19:46 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-12 19:46 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-12 19:46 - 2015-12-12 12:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-12 19:46 - 2015-12-12 12:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 19:46 - 2015-12-12 12:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-12 19:46 - 2015-12-12 12:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-12 19:46 - 2015-12-12 12:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-12 19:46 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-12 19:46 - 2015-12-12 12:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 19:46 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-12 19:46 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-12 19:46 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-12 19:46 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-12 19:46 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-12 19:46 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-12 19:46 - 2015-12-12 12:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 19:46 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-12 19:46 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-12 19:46 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-12 19:46 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-12 19:46 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-12 19:46 - 2015-12-12 11:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 19:46 - 2015-12-12 11:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-12 19:46 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-12 19:46 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-12 19:46 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-12 19:46 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-12 19:46 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-12 19:46 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-12 19:46 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 19:46 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-12 19:46 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-12 19:46 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-12 19:46 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 19:46 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-12 19:46 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-12 19:46 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-12 19:46 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-12 19:46 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-12 19:46 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-12 19:46 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-12 19:46 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 19:46 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 19:46 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-12 19:46 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-12 19:46 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-12 19:46 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-12 19:46 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-12 19:46 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-12 19:46 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 19:46 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-12 19:46 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-12 19:46 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-12 19:46 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-12 19:46 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-12 19:46 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-12 19:46 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-12 19:46 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-12 19:46 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-12 19:46 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-12 19:46 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-12 19:46 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-12 19:46 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-12 19:46 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-12 19:46 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-12 19:46 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-12 19:46 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-12 19:46 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-12 19:46 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-12 19:46 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-12 19:46 - 2015-12-08 12:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-12 19:45 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-12 19:45 - 2015-12-08 14:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 19:45 - 2015-11-16 20:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-12 19:45 - 2015-11-16 20:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-12 19:45 - 2015-11-16 20:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-12 19:45 - 2015-11-16 20:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-12 19:45 - 2015-11-16 20:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-12 19:45 - 2015-11-16 20:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-12 19:45 - 2015-11-16 15:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-12 19:44 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 19:44 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-12 19:44 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-12 19:44 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-12 19:44 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-12 19:44 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-12 19:44 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-12 19:44 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-12 19:44 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-12 19:44 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-12 19:44 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-12 19:44 - 2015-12-30 14:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-12 19:44 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-12 19:44 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-12 19:44 - 2015-12-30 14:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-12 19:44 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-12 19:44 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-12 19:44 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-12 19:44 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-12 19:44 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-12 19:44 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-12 19:44 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-12 19:44 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-12 19:44 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-12 19:44 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-12 19:44 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-12 19:44 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-12 19:44 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-12 19:44 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-12 19:44 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-12 19:44 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-12 19:44 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-12 19:44 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-12 19:44 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-12 19:44 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-12 19:44 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-12 19:44 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-12 19:44 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-12 19:44 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-12 19:44 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-12 19:44 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-12 19:44 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-12 19:44 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-12 19:44 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-12 19:44 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-12 19:44 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-12 19:44 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-12 19:44 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-12 19:44 - 2015-12-30 12:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-12 19:44 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-12 19:44 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-12 19:44 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-12 19:44 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-12 19:44 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-12 19:44 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-12 19:44 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-12 19:44 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-12 19:44 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-12 19:44 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-12 19:44 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-12 19:44 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 19:44 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-12 19:44 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-12 19:44 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-12 00:05 - 2016-01-12 00:05 - 00176645 _____ C:\Users\Izilda\Downloads\TUTORIAL SISTEMA DE GESTAO DE CONTEUDO.pdf
2016-01-11 19:23 - 2016-01-11 19:23 - 01075253 _____ C:\Users\Izilda\Downloads\ISHRS-AM-PB-Portuguese-Brochure.pdf
2016-01-10 15:16 - 2016-01-10 15:17 - 00440628 _____ C:\Users\Izilda\Downloads\Contrato Web e Logomarca - Breno Frota.pdf
2016-01-10 12:28 - 2016-01-10 12:28 - 00002431 _____ C:\Users\Izilda\Downloads\documento (6).pdf
2016-01-10 01:21 - 2016-01-10 01:21 - 00001490 _____ C:\Users\Izilda\Downloads\documento (5).pdf
2016-01-07 02:10 - 2016-01-07 02:10 - 00001341 _____ C:\Users\Izilda\Downloads\documento (4).pdf
2016-01-07 02:07 - 2016-01-07 02:07 - 00137133 _____ C:\Users\Izilda\Downloads\Boleto Doctor Virtual.pdf
2016-01-07 01:20 - 2016-01-07 01:20 - 04456733 _____ C:\Users\Izilda\Desktop\gift_certificate.pdf
2016-01-07 00:47 - 2016-01-09 22:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-07 00:11 - 2016-01-07 00:11 - 00039853 _____ C:\Users\Izilda\Downloads\Silhouette_2.tiff
2016-01-07 00:11 - 2016-01-07 00:11 - 00034547 _____ C:\Users\Izilda\Downloads\Silhouette_7.tiff
2016-01-05 22:40 - 2016-01-05 22:40 - 00449062 _____ C:\Users\Izilda\Downloads\NUPEM LOGO.pdf
2016-01-05 01:12 - 2016-01-05 01:12 - 00001964 _____ C:\Users\Izilda\Downloads\documento (3).pdf
2016-01-05 00:54 - 2016-01-05 00:54 - 00001388 _____ C:\Users\Izilda\Downloads\cobrancasf2b_20160105 (4).txt
2016-01-05 00:54 - 2016-01-05 00:54 - 00001388 _____ C:\Users\Izilda\Desktop\pendencias-pamela-massuia.txt
2016-01-05 00:53 - 2016-01-05 00:53 - 00004188 _____ C:\Users\Izilda\Downloads\cobrancasf2b_20160105 (2).txt
2016-01-05 00:53 - 2016-01-05 00:53 - 00002180 _____ C:\Users\Izilda\Downloads\cobrancasf2b_20160105 (3).txt
2016-01-05 00:52 - 2016-01-05 00:52 - 00001034 _____ C:\Users\Izilda\Downloads\cobrancaf2b_20160105.pdf
2016-01-05 00:46 - 2016-01-05 00:46 - 00000580 _____ C:\Users\Izilda\Downloads\cobrancasf2b_20160105 (1).txt
2016-01-05 00:40 - 2016-01-05 00:40 - 00002180 _____ C:\Users\Izilda\Downloads\cobrancasf2b_20160105.txt
2016-01-04 23:42 - 2016-01-05 00:17 - 00000000 ____D C:\Users\Izilda\Desktop\Wordpress

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-03 00:09 - 2015-08-27 21:03 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-02-03 00:09 - 2012-03-06 21:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-03 00:09 - 2012-03-06 21:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-03 00:04 - 2012-03-06 21:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-03 00:04 - 2012-03-06 21:08 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-03 00:04 - 2012-01-14 22:08 - 00000000 ____D C:\Users\Izilda\AppData\Roaming\Skype
2016-02-02 23:47 - 2013-01-07 20:02 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job
2016-02-02 23:15 - 2015-06-16 01:05 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job
2016-02-02 23:06 - 2012-01-14 17:37 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E9E6BA8C-07EE-4923-A62A-9A3F663A7BF5}
2016-02-02 22:55 - 2013-05-25 23:50 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job
2016-02-02 22:43 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-02 22:43 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-02 21:35 - 2012-01-15 18:42 - 00000000 ____D C:\ProgramData\GbPlugin
2016-02-02 20:22 - 2015-06-16 01:05 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job
2016-02-02 18:47 - 2013-01-07 20:02 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job
2016-02-02 18:42 - 2013-01-07 20:02 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA
2016-02-02 18:42 - 2013-01-07 20:02 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core
2016-02-02 18:34 - 2015-11-19 03:05 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-02-02 18:27 - 2013-11-17 23:08 - 00000000 ___RD C:\Users\Izilda\Dropbox
2016-02-02 18:26 - 2013-11-17 23:04 - 00000000 ____D C:\Users\Izilda\AppData\Roaming\Dropbox
2016-02-02 18:25 - 2012-01-14 18:57 - 00000000 ____D C:\Users\Izilda\AppData\Local\CrashDumps
2016-02-02 18:24 - 2012-01-14 17:24 - 00000000 ____D C:\Users\Izilda\AppData\LocalLow\AuthenTec
2016-02-02 18:23 - 2012-11-30 16:58 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-02-02 18:23 - 2012-01-15 18:42 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-02-02 18:23 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 11:16 - 2012-11-01 09:59 - 05188096 ___SH C:\Users\Izilda\Desktop\Thumbs.db
2016-02-02 11:15 - 2012-04-10 18:32 - 00000000 ____D C:\Users\Izilda\AppData\Roaming\Nitro PDF
2016-02-01 22:08 - 2013-10-06 11:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-01 22:05 - 2012-11-25 14:51 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForIzilda.job
2016-02-01 01:55 - 2013-05-25 23:50 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job
2016-01-31 17:27 - 2012-11-25 14:51 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForIzilda
2016-01-28 00:51 - 2012-07-12 17:34 - 09390592 ___SH C:\Users\Izilda\Downloads\Thumbs.db
2016-01-28 00:45 - 2013-08-15 12:33 - 00001456 _____ C:\Users\Izilda\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-01-27 22:52 - 2013-10-06 11:38 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-27 22:52 - 2013-10-06 11:38 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-27 22:52 - 2013-10-06 11:38 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-01-27 22:51 - 2014-04-24 12:56 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-27 22:51 - 2014-01-08 13:24 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-27 22:51 - 2013-10-06 11:38 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-27 22:51 - 2013-10-06 11:38 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-27 22:51 - 2013-10-06 11:38 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-27 22:06 - 2012-05-28 10:27 - 00002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-27 22:06 - 2012-05-28 10:27 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-27 12:20 - 2012-04-10 18:29 - 00000000 ____D C:\Users\Izilda\AppData\Roaming\PrimoPDF
2016-01-27 12:09 - 2009-07-13 23:45 - 05096648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-26 23:12 - 2012-01-14 17:33 - 00125744 _____ C:\Users\Izilda\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-26 21:20 - 2012-01-14 22:08 - 00000000 ____D C:\ProgramData\Skype
2016-01-25 22:04 - 2012-11-30 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Migration
2016-01-25 21:45 - 2013-08-16 14:10 - 00000132 _____ C:\Users\Izilda\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-01-21 22:28 - 2012-11-23 00:31 - 00000000 ____D C:\Users\Izilda\Downloads\00-Fotos de Caetano
2016-01-19 02:33 - 2012-09-19 00:47 - 00000000 ____D C:\Users\Izilda\Desktop\Clientes
2016-01-19 01:06 - 2012-12-03 10:26 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForIZILDA-HP$
2016-01-19 01:06 - 2012-12-03 10:26 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForIZILDA-HP$.job
2016-01-13 04:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-13 04:15 - 2009-07-14 00:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-13 04:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-13 04:09 - 2012-11-20 16:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 04:09 - 2011-08-29 20:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 04:06 - 2014-12-11 10:26 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 04:06 - 2014-05-06 08:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 03:49 - 2013-03-14 06:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 03:45 - 2013-07-20 01:00 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 03:13 - 2012-01-29 12:01 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-12 21:45 - 2014-12-23 21:05 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-12 21:45 - 2013-07-18 16:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-10 13:40 - 2012-09-19 23:36 - 00000000 ____D C:\Users\Izilda\Desktop\Temporario
2016-01-09 22:01 - 2012-11-26 14:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2012-09-21 23:29 - 2013-02-26 23:36 - 0000132 _____ () C:\Users\Izilda\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-09-26 14:32 - 2013-07-11 19:01 - 0000132 _____ () C:\Users\Izilda\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-16 14:10 - 2016-01-25 21:45 - 0000132 _____ () C:\Users\Izilda\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-10-15 22:54 - 2013-10-15 22:54 - 0009321 _____ () C:\Users\Izilda\AppData\Roaming\Comma Separated Values (DOS).EML
2013-05-07 22:04 - 2013-05-07 22:04 - 0009327 _____ () C:\Users\Izilda\AppData\Roaming\Comma Separated Values (Windows).EML
2012-12-24 17:41 - 2014-12-03 15:34 - 0009316 _____ () C:\Users\Izilda\AppData\Roaming\Microsoft Excel 97-2003.EML
2013-06-19 13:30 - 2013-06-19 13:30 - 0012679 _____ () C:\Users\Izilda\AppData\Roaming\unins000.dat
2013-06-19 13:30 - 2013-06-19 13:30 - 0720594 _____ () C:\Users\Izilda\AppData\Roaming\unins000.exe
2015-05-04 13:32 - 2015-05-04 13:42 - 0035522 _____ () C:\Users\Izilda\AppData\Roaming\unins001.dat
2015-05-04 13:42 - 2015-05-04 13:41 - 0813729 _____ () C:\Users\Izilda\AppData\Roaming\unins001.exe
2014-03-24 11:11 - 2014-03-24 11:11 - 0016594 _____ () C:\Users\Izilda\AppData\Roaming\unins002.dat
2014-03-24 11:11 - 2014-03-24 11:11 - 0718497 _____ () C:\Users\Izilda\AppData\Roaming\unins002.exe
2014-01-02 17:26 - 2014-01-06 21:26 - 0000098 _____ () C:\Users\Izilda\AppData\Roaming\WB.CFG
2014-01-02 17:26 - 2014-01-06 21:26 - 0000005 _____ () C:\Users\Izilda\AppData\Roaming\WBPU-TTL.DAT
2012-09-23 22:32 - 2013-07-13 09:04 - 0001456 _____ () C:\Users\Izilda\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-08-15 12:33 - 2016-01-28 00:45 - 0001456 _____ () C:\Users\Izilda\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-01-22 12:10 - 2014-02-05 13:14 - 0004096 ____H () C:\Users\Izilda\AppData\Local\keyfile3.drm
2012-11-12 20:20 - 2012-11-12 20:20 - 0000892 _____ () C:\Users\Izilda\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\Izilda\AppData\Local\Temp\2lj4u2du.dll
C:\Users\Izilda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp71xpte.dll
C:\Users\Izilda\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-30 20:31

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Izilda (2016-02-03 00:10:11)
Running from C:\Users\Izilda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-14 22:23:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3190529940-644357419-2377663512-500 - Administrator - Disabled)
Guest (S-1-5-21-3190529940-644357419-2377663512-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3190529940-644357419-2377663512-1003 - Limited - Enabled)
Izilda (S-1-5-21-3190529940-644357419-2377663512-1001 - Administrator - Enabled) => C:\Users\Izilda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.271 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 12 v.12.0.1 (HKLM-x32\...\Ashampoo Burning Studio 12_is1) (Version: 12.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 12 v.12.0.3 (HKLM-x32\...\{91B33C97-93EB-244C-F687-71D85E45A206}_is1) (Version: 12.0.3 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{942836D4-5395-652B-F1E8-A7C5B039910C}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2245 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ColorMania 3.2 (HKLM-x32\...\ColorMania_is1) (Version: 3.2 - Blacksun Software)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Files Opened (HKLM-x32\...\Files Opened) (Version: 1.0 - )
FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
GBBD Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.7.1.1 - )
Google Apps Migration For Microsoft Outlook® 4.0.27.0 (HKLM-x32\...\{8806AF1D-5161-489E-9E17-086CCC518931}) (Version: 4.0.27.0 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.8.440.1250 (HKLM-x32\...\{091C294E-F243-432C-93E1-DEC4C2B9635B}) (Version: 3.8.440.1250 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2012) (Version: 1.0 - Receita Federal do Brasil)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
IZArc 3.81 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 3.81 Build 1550 - Ivan Zahariev)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LinkAssistant (HKLM-x32\...\seopowersuite) (Version:  - )
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13291.0 - Linksys LLC)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Módulo Adicional de Segurança CAIXA (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: Módulo Adicional de Segurança CAIXA - )
Módulo de Segurança - Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.1.2 - )
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MP3 Skype Recorder (HKLM-x32\...\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}) (Version: 3.1.3 - Alexander Nikiforov)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nitro PDF Professional (HKLM\...\{EB8FF6C8-811B-4395-8584-EF4C7A0C8199}) (Version: 6.2.0.44 - Nitro PDF Software)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
OmniPage SE 2.0 (HKLM-x32\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
OpenSubtitlesPlayer V4.X (HKLM-x32\...\OpenSubtitlesPlayer_is1) (Version:  - ALLCinema Ltd.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.00.11271 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.5.33 - Intuit)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.01 - Serpro - Serviço Federal de Processamento de Dados)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Samsung Drive Manager (HKLM-x32\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.172 - Clarus, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VOIP Recorder (HKLM-x32\...\{68EAD428-8B16-4CE3-832B-6E63B11852C0}) (Version: 1.0.51 - PenBay Networks)
Warsaw 1.11.1.24 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.11.1.24 - GAS Tecnologia)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01349F0A-062F-4458-A4D5-C2CD2096CD52} - System32\Tasks\Google Updater and Installer => C:\Users\Izilda\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {05E7E90B-C156-49C2-B80B-5A7B90F6B2D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {09EC1C04-6923-4186-8E0D-CC9C67862FC7} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {0EE9EEF0-21B1-45E3-B7CF-F59434679A53} - System32\Tasks\{086040D7-8B51-4901-9C99-9A59D7D1A236} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMain
Task: {109083C1-DC1D-41C0-9B37-5E48DBCCC782} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA => C:\Users\Izilda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {162C6DBE-2A6F-4E34-983E-0228EF8D5CE0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA => C:\Users\Izilda\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2B5735E1-1A6B-4663-8B1B-0515FE3D3388} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.)
Task: {2C7FFEAB-6D34-456B-BBC7-96D4D89DCE86} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2016-01-19] (Microsoft)
Task: {33D9E3D2-3090-46CA-B65A-8F6D8252BC0B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {375C903F-EA55-443B-8DF2-2FF88F2810D0} - System32\Tasks\HPCeeScheduleForIZILDA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {39F4CE9A-491A-456E-81A3-466580B215D4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04] (Oracle Corporation)
Task: {46A1D5B8-B8BC-42A4-8B4C-896BF7D220E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {4A8D5191-FB50-4913-B647-28F8127490B5} - System32\Tasks\HPCeeScheduleForIzilda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {52B00829-D5E0-4CFA-B215-1688F579EAF2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3190529940-644357419-2377663512-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5405D664-CF1F-4CB1-AEC3-ABA939175BDD} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3190529940-644357419-2377663512-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5646EDF7-CD9A-429C-B416-447A718EC110} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA => C:\Users\Izilda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-25] (Facebook Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {68F197BB-6884-4036-99D3-9243F0151B8C} - System32\Tasks\Programa de atualização online DivX => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10] ()
Task: {72F3921D-97C4-40B3-818F-D1E2DA7D5CE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-01-06] (HP Inc.)
Task: {83F4C23B-7893-493B-BCB8-96DF9CC368A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-27] (AVAST Software)
Task: {91714A50-1F70-4A57-8597-98231B2A9C68} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A11333F8-35ED-40EE-93E9-F13E4CF02024} - System32\Tasks\{3B50766E-2CFC-4C09-8635-19261323916F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {A36E4DB2-84F2-48BC-A73C-D51DF4508E26} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core => C:\Users\Izilda\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {BDB3F131-E378-40F8-BF88-5ACD639EFBAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BF7828A7-805C-4008-8F81-7813F60ED84A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-21] (AVAST Software)
Task: {CE8569CD-0C75-4E0B-A578-E79F5FABA946} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E36D2026-0BAC-493A-AE87-CCE85EE86C23} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core => C:\Users\Izilda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {E806086C-1DEF-4DDD-8390-B3F6AADA642F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F677F74D-9A50-466C-93BC-71F975AA0061} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2015-11-30] (Hewlett-Packard)
Task: {F901E352-4CCA-4A9B-B554-6813BD358146} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core => C:\Users\Izilda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-25] (Facebook Inc.)
Task: {FD787783-8007-426F-9F75-11D693F3A23C} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job => C:\Users\Izilda\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job => C:\Users\Izilda\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job => C:\Users\Izilda\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job => C:\Users\Izilda\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job => C:\Users\Izilda\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job => C:\Users\Izilda\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForIZILDA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForIzilda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-04-07 22:20 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2012-04-10 18:28 - 2009-12-20 20:42 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll
2011-04-02 01:06 - 2011-04-02 01:06 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-06-02 10:18 - 2015-06-02 10:18 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-01-12 11:39 - 2011-01-12 11:39 - 00123712 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NPShellExtension64.dll
2011-04-02 01:06 - 2011-04-02 01:06 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-04 14:25 - 2011-03-04 14:25 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-02 00:57 - 2011-04-02 00:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-04-08 09:57 - 2011-04-08 09:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2016-01-27 22:51 - 2016-01-27 22:51 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-27 22:51 - 2016-01-27 22:51 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-01 22:09 - 2016-02-01 22:09 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020101\algo.dll
2016-01-27 22:51 - 2016-01-27 22:51 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-02 18:24 - 2016-02-02 18:24 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020201\algo.dll
2012-11-28 11:13 - 2012-11-28 11:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 11:13 - 2012-11-28 11:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-13 01:33 - 2015-10-30 19:59 - 00034768 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-13 01:35 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-13 01:35 - 2015-12-08 16:36 - 00022848 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-13 01:35 - 2015-12-08 16:36 - 00023352 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-13 01:35 - 2015-12-08 16:36 - 00042296 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-13 01:33 - 2015-10-30 19:59 - 00116688 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-13 01:33 - 2015-10-30 19:59 - 00093640 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-13 01:33 - 2015-10-30 19:59 - 00018376 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00019760 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00105928 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-13 01:33 - 2015-10-30 19:59 - 00392144 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-13 01:33 - 2015-12-08 16:36 - 00381752 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-13 01:33 - 2015-10-30 19:59 - 00692688 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-13 01:35 - 2015-12-08 16:36 - 00020816 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00109520 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-13 01:35 - 2015-12-08 16:36 - 01737032 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-13 01:35 - 2015-12-08 16:36 - 00020808 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00020800 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00021840 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-13 01:35 - 2015-12-08 16:36 - 00038696 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00024528 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-13 01:35 - 2015-10-30 20:00 - 00020936 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00114640 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00021320 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00124880 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00030160 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00043472 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00175560 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00028616 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00048592 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-13 01:35 - 2015-12-08 16:36 - 00024392 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-13 01:35 - 2015-10-30 20:00 - 00036296 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-13 01:33 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-13 01:35 - 2015-12-08 16:36 - 00117056 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00023376 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-13 01:33 - 2015-10-30 19:59 - 00134608 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-13 01:33 - 2015-10-30 19:59 - 00134088 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-13 01:35 - 2015-10-30 20:00 - 00240584 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-13 01:35 - 2015-12-08 16:36 - 00020280 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00052024 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-13 01:35 - 2015-12-08 16:36 - 00021304 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00350152 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-13 01:35 - 2015-12-08 16:36 - 00084792 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-13 01:33 - 2015-12-08 16:36 - 01826608 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-13 01:33 - 2015-10-30 20:00 - 00083912 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 03891504 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 01950000 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00519984 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00133936 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00225080 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00207672 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00024904 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00486704 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-13 01:33 - 2015-12-08 16:36 - 00357680 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 16:45 - 2015-10-30 20:01 - 00019920 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 16:45 - 2015-10-30 20:00 - 00786904 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-01 22:58 - 2015-10-30 20:00 - 00063448 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 16:45 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\Izilda\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2016-01-27 22:51 - 2016-01-27 22:51 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-04-08 09:57 - 2011-04-08 09:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2016-01-27 22:05 - 2016-01-27 12:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-27 22:05 - 2016-01-27 12:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Windows\System32:5B1620CE_Bb.gbp
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\bb.com.br -> hxxps://seg.bb.com.br
IE trusted site: HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-15 13:29 - 00000002 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Izilda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{65744CAD-129D-47B9-95E8-C8FB8FE23DA1}C:\users\izilda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\izilda\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{BB3A7506-3EF3-478D-AD7C-47A82F222CE1}C:\users\izilda\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\izilda\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{4DE35125-ECDA-4A50-BE10-4934E30ECCC0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{03757B5A-B849-494C-85EB-8B6BFB16256E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2FFBE398-304F-4BB0-97D8-6FA7F5CE3172}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{26B19BCB-C411-415B-A17C-643D4F2D5D33}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{22B7D6B7-41EF-4D3B-A595-1345EFF42D8C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6EED024B-5CA2-4F03-8BEC-0E38C2321113}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{499108A3-3DF5-4A85-AACA-C415AD34014E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED84B0DF-B4B7-459A-B19A-D5BFF40D0D5B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{53BA55F1-7B4F-46C2-A49D-4C7F9A7D14E6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Vono\Vono\Vono.exe] => Enabled:%applicationname%
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Vono\Vono\Vono.exe] => Enabled:%applicationname%

==================== Restore Points =========================

13-09-2015 19:44:15 End of disinfection
20-09-2015 21:00:44 Windows Update
25-09-2015 11:49:43 Windows Update
29-09-2015 21:10:26 Windows Update
04-10-2015 00:48:10 Windows Update
07-10-2015 22:58:13 Windows Update
08-10-2015 21:37:37 avast! antivirus system restore point
13-10-2015 18:09:58 Windows Update
14-10-2015 02:01:51 Windows Update
15-10-2015 02:00:28 Windows Update
20-10-2015 21:31:57 Windows Update
01-11-2015 01:13:41 Windows Update
06-11-2015 03:50:58 Windows Update
10-11-2015 22:57:13 Windows Update
11-11-2015 03:02:06 Windows Update
13-11-2015 03:00:35 Windows Update
18-11-2015 19:04:12 Windows Update
24-11-2015 23:29:35 Windows Update
28-11-2015 01:13:43 Windows Update
03-12-2015 00:40:17 Windows Update
07-12-2015 00:23:31 Windows Update
09-12-2015 00:10:49 Windows Update
13-12-2015 17:49:35 Windows Update
19-12-2015 00:36:51 Windows Update
19-12-2015 03:00:11 Windows Update
22-12-2015 22:09:44 Windows Update
26-12-2015 02:08:58 Windows Update
31-12-2015 01:27:49 Windows Update
05-01-2016 21:40:25 Windows Update
09-01-2016 22:14:45 Windows Update
13-01-2016 03:02:34 Windows Update
21-01-2016 22:03:12 Windows Update
27-01-2016 12:23:26 Windows Update
30-01-2016 19:27:48 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2016 06:25:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GbpSv.exe, version: 0.0.0.0, time stamp: 0x55df083e
Faulting module name: gbieh.dll, version: 4.15.0.15, time stamp: 0x5601b694
Exception code: 0xc0000417
Fault offset: 0x00157968
Faulting process id: 0x4dc
Faulting application start time: 0xGbpSv.exe0
Faulting application path: GbpSv.exe1
Faulting module path: GbpSv.exe2
Report Id: GbpSv.exe3

Error: (02/02/2016 06:23:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/02/2016 10:49:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2016 10:07:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GbpSv.exe, version: 0.0.0.0, time stamp: 0x55df083e
Faulting module name: gbieh.dll, version: 4.15.0.15, time stamp: 0x5601b694
Exception code: 0xc0000417
Fault offset: 0x00157968
Faulting process id: 0xa40
Faulting application start time: 0xGbpSv.exe0
Faulting application path: GbpSv.exe1
Faulting module path: GbpSv.exe2
Report Id: GbpSv.exe3

Error: (02/01/2016 10:06:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2016 07:44:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GbpSv.exe, version: 0.0.0.0, time stamp: 0x55df083e
Faulting module name: gbieh.dll, version: 4.15.0.15, time stamp: 0x5601b694
Exception code: 0xc0000417
Fault offset: 0x00157968
Faulting process id: 0xb04
Faulting application start time: 0xGbpSv.exe0
Faulting application path: GbpSv.exe1
Faulting module path: GbpSv.exe2
Report Id: GbpSv.exe3

Error: (01/30/2016 07:41:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2016 07:31:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2016 07:18:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c117d5
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c117d5
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x16a8
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3

Error: (01/30/2016 07:11:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/02/2016 10:24:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/02/2016 06:26:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (02/02/2016 06:24:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (02/02/2016 06:24:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (02/02/2016 06:23:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
gbpddreg

Error: (02/02/2016 10:50:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (02/02/2016 10:49:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbpddreg svc service failed to start due to the following error:
%%2

Error: (02/02/2016 10:49:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
gbpddreg

Error: (02/01/2016 10:16:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/01/2016 10:13:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.


CodeIntegrity:
===================================
  Date: 2013-09-30 17:32:16.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-30 17:32:16.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-30 17:32:16.400
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-25 11:52:48.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-25 11:52:48.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-25 11:52:48.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-15 15:36:40.810
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-15 15:36:40.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-15 15:36:40.778
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-10 23:35:24.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A8-3500M APU with Radeon™ HD Graphics
Percentage of memory in use: 50%
Total physical RAM: 7658.9 MB
Available physical RAM: 3817.05 MB
Total Virtual: 15316.01 MB
Available Virtual: 10967.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:578.92 GB) (Free:100.59 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.96 GB) (Free:1.86 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Setup) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Start by uninstalling

 

Warsaw 1.11.1.24 64 bits

 

Most of your errors have to do with it.  

 

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
In either case continue:
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
 
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
 
Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 
 

  • 0

#3
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hello RKinner,

 

Thank you for your fast reply and kind assistance. Highly appreciated! I'm executing your instructions as we speak. Will revert to you asap.

 

Cheers - Andre


  • 0

#4
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

RKinner,

Windows Resource Protection did not find any integrity violations.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/02/2016 9:50:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/12/2015 3:23:27 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/11/2015 6:37:28 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 09/09/2015 10:28:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/09/2015 6:42:13 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Validity Sensors (WBF) (PID=0018) (location Port_#0002.Hub_#0003) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 06/09/2015 6:42:13 AM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 06/09/2015 6:19:13 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Validity Sensors (WBF) (PID=0018) (location Port_#0002.Hub_#0003) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 06/09/2015 6:19:13 AM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 02/08/2015 4:45:10 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/07/2015 12:49:16 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/07/2015 1:47:26 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/07/2015 3:00:55 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/07/2015 2:06:28 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 30/06/2015 3:38:50 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/06/2015 3:16:16 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 24/06/2015 2:35:38 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/06/2015 3:26:40 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/06/2015 12:04:44 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/05/2015 3:37:58 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Validity Sensors (WBF) (PID=0018) (location Port_#0002.Hub_#0003) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 4 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 14/05/2015 3:37:58 AM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 14/05/2015 3:37:53 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Validity Sensors (WBF) (PID=0018) (location Port_#0002.Hub_#0003) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/02/2016 1:41:42 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 04/02/2016 1:41:29 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 04/02/2016 1:40:45 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  gbpddreg

Log: 'System' Date/Time: 03/02/2016 11:58:44 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 03/02/2016 11:49:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 03/02/2016 11:48:45 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  gbpddreg

Log: 'System' Date/Time: 03/02/2016 1:38:35 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 03/02/2016 3:24:05 AM
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.

Log: 'System' Date/Time: 02/02/2016 11:26:06 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 02/02/2016 11:24:46 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 02/02/2016 11:24:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 02/02/2016 11:23:43 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  gbpddreg

Log: 'System' Date/Time: 02/02/2016 3:50:04 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 02/02/2016 3:49:48 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 02/02/2016 3:49:27 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  gbpddreg

Log: 'System' Date/Time: 02/02/2016 3:16:33 AM
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 10. The internal error state is 10.

Log: 'System' Date/Time: 02/02/2016 3:13:31 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.

Log: 'System' Date/Time: 02/02/2016 3:08:48 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 02/02/2016 3:07:06 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 02/02/2016 3:06:46 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/02/2016 1:40:42 AM
Type: Warning Category: 0
Event: 2511 Source: Server
The server service was unable to recreate the share My Apps because the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps no longer exists.  Please run "net share My Apps /delete" to delete the share, or recreate the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps.

Log: 'System' Date/Time: 04/02/2016 1:40:24 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 04/02/2016 1:40:13 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\268bfa16b503.

Log: 'System' Date/Time: 04/02/2016 1:39:20 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/02/2016 11:48:45 PM
Type: Warning Category: 0
Event: 2511 Source: Server
The server service was unable to recreate the share My Apps because the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps no longer exists.  Please run "net share My Apps /delete" to delete the share, or recreate the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps.

Log: 'System' Date/Time: 03/02/2016 11:48:24 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 03/02/2016 11:48:13 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\268bfa16b503.

Log: 'System' Date/Time: 02/02/2016 11:23:43 PM
Type: Warning Category: 0
Event: 2511 Source: Server
The server service was unable to recreate the share My Apps because the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps no longer exists.  Please run "net share My Apps /delete" to delete the share, or recreate the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps.

Log: 'System' Date/Time: 02/02/2016 11:23:36 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 02/02/2016 11:23:19 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\268bfa16b503.

Log: 'System' Date/Time: 02/02/2016 3:49:27 PM
Type: Warning Category: 0
Event: 2511 Source: Server
The server service was unable to recreate the share My Apps because the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps no longer exists.  Please run "net share My Apps /delete" to delete the share, or recreate the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps.

Log: 'System' Date/Time: 02/02/2016 3:49:07 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 02/02/2016 3:48:49 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\268bfa16b503.

Log: 'System' Date/Time: 02/02/2016 3:06:20 AM
Type: Warning Category: 0
Event: 2511 Source: Server
The server service was unable to recreate the share My Apps because the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps no longer exists.  Please run "net share My Apps /delete" to delete the share, or recreate the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps.

Log: 'System' Date/Time: 02/02/2016 3:05:48 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 02/02/2016 3:05:37 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\268bfa16b503.

Log: 'System' Date/Time: 31/01/2016 12:47:27 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 31/01/2016 7:19:38 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.cfl.rr.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 31/01/2016 12:40:50 AM
Type: Warning Category: 0
Event: 2511 Source: Server
The server service was unable to recreate the share My Apps because the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps no longer exists.  Please run "net share My Apps /delete" to delete the share, or recreate the directory C:\ProgramData\BlueStacks\UserData\Library\My Apps.

Log: 'System' Date/Time: 31/01/2016 12:40:42 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/02/2016 9:53:48 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/02/2016 1:40:48 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/02/2016 1:39:14 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   2 user registry handles leaked from \Registry\User\S-1-5-21-3190529940-644357419-2377663512-1001:
Process 1832 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3190529940-644357419-2377663512-1001
Process 1832 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3190529940-644357419-2377663512-1001\Software\Microsoft\Windows\CurrentVersion\UNINSTALL\Google Chrome


Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    89.51    0 K    24 K    0            
procexp64.exe    3.28    30,632 K    51,384 K    6668    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
gbpsv.exe    1.33    31,836 K    35,916 K    912    G-Buster Browser Defense - Service    GAS Tecnologia    (Verified) GAS INFORMATICA LTDA
Interrupts    0.78    0 K    0 K    n/a    Hardware Interrupts and DPCs        
Skype.exe    0.88    158,908 K    208,724 K    4696    Skype     Skype Technologies S.A.    (Verified) Skype Software Sarl
firefox.exe    0.67    289,280 K    319,912 K    3540    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dwm.exe    0.67    35,028 K    32,768 K    1240    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.58    87,876 K    117,528 K    5392    Google Chrome    Google Inc.    (Verified) Google Inc
System    0.53    408 K    7,872 K    4            
csrss.exe    0.46    3,724 K    9,884 K    572    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.45    116,364 K    235,064 K    4944    Google Chrome    Google Inc.    (Verified) Google Inc
RNowSvc.exe    0.39    2,060 K    4,768 K    2760    Windows Service App    Roxio    (Verified) Sonic Solutions
AvastSvc.exe    0.31    103,856 K    41,188 K    1836    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
gbpsv.exe    0.27    39,444 K    41,908 K    3616    G-Buster Browser Defense - Service    GAS Tecnologia    (Verified) GAS INFORMATICA LTDA
chrome.exe    0.20    74,992 K    130,584 K    1468    Google Chrome    Google Inc.    (Verified) Google Inc
explorer.exe    0.19    55,420 K    67,660 K    3608    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.17    167,444 K    198,472 K    4940    Google Chrome    Google Inc.    (Verified) Google Inc
svchost.exe    0.14    39,312 K    54,960 K    1072    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
AvastUI.exe    0.04    22,724 K    26,268 K    4288    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
svchost.exe    0.04    17,004 K    18,480 K    1696    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe    0.04    4,068 K    7,996 K    2952    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    0.02    89,728 K    135,768 K    6540    Google Chrome    Google Inc.    (Verified) Google Inc
CCC.exe    0.02    103,012 K    23,600 K    5324    Catalyst Control Center: Host application    ATI Technologies Inc.    (No signature was present in the subject) ATI Technologies Inc.
chrome.exe    0.02    68,548 K    78,940 K    3100    Google Chrome    Google Inc.    (Verified) Google Inc
lsm.exe    0.01    2,924 K    4,736 K    628    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
MOM.exe    0.01    40,092 K    5,548 K    2912    Catalyst Control Center: Monitoring program    Advanced Micro Devices Inc.    (No signature was present in the subject) Advanced Micro Devices Inc.
SearchIndexer.exe    0.01    37,788 K    16,832 K    4500    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
AppleMobileDeviceService.exe    0.01    3,220 K    9,592 K    2052    MobileDeviceService    Apple Inc.    (Verified) Apple Inc.
svchost.exe    0.01    16,344 K    17,328 K    1808    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    < 0.01    124,988 K    238,844 K    5388    Google Chrome    Google Inc.    (Verified) Google Inc
csrss.exe    < 0.01    2,600 K    5,088 K    464    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
WUDFHost.exe    < 0.01    7,756 K    7,740 K    1560    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
taskhost.exe    < 0.01    12,120 K    17,884 K    2604    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    < 0.01    14,692 K    12,584 K    4996    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    52,884 K    27,504 K    5644    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
lsass.exe    < 0.01    5,496 K    12,804 K    620    Local Security Authority Process    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
WLIDSVC.EXE    < 0.01    7,832 K    15,372 K    2984    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
YCMMirage.exe    < 0.01    1,744 K    760 K    4756    YouCam Mirage    CyberLink    (Verified) CyberLink
svchost.exe    < 0.01    218,636 K    227,724 K    388    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
ezSharedSvcHost.exe    < 0.01    1,572 K    5,432 K    2220    Shared EasyBits services for Windows    EasyBits Software AS    (Verified) EasyBits Software AS
svchost.exe    < 0.01    5,644 K    11,376 K    4912    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
TeamViewer_Service.exe    < 0.01    5,464 K    13,568 K    2928    TeamViewer 10    TeamViewer GmbH    (Verified) TeamViewer
HPConnectionManager.exe    < 0.01    79,824 K    87,800 K    5868    HPConnectionManager    Hewlett-Packard Development Company L.P.    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
SynTPEnh.exe    < 0.01    9,512 K    13,628 K    4128    Synaptics TouchPad Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
stacsv64.exe    < 0.01    12,904 K    9,036 K    1112    IDT PC Audio    IDT, Inc.    (Verified) Microsoft Windows Hardware Compatibility Publisher
hpservice.exe    < 0.01    1,808 K    4,948 K    1480    HpService    Hewlett-Packard Company    (Verified) Microsoft Windows Hardware Compatibility Publisher
WmiPrvSE.exe        8,724 K    14,576 K    5016    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        1,564 K    3,660 K    2584    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
winlogon.exe        3,168 K    7,808 K    692    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,680 K    4,688 K    540    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        2,164 K    5,828 K    876    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        2,192 K    6,168 K    4344    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        11,156 K    16,656 K    5312    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
TrueSuiteService.exe        1,636 K    5,284 K    868    HP Service    HP    (Verified) AuthenTec
TouchControl.exe        4,468 K    13,716 K    3844    TouchControl    HP    (Verified) AuthenTec
taskeng.exe        2,576 K    6,716 K    4516    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
SZDrvSvc.exe        1,520 K    4,880 K    2892    SZDrvSvc    Clarus, Inc.    (No signature was present in the subject) Clarus, Inc.
SynTPHelper.exe        1,588 K    3,788 K    4272    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        5,012 K    10,276 K    776    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,936 K    8,860 K    960    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        10,208 K    16,660 K    1040    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        23,648 K    20,852 K    404    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,048 K    6,992 K    1224    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        2,796 K    6,012 K    1424    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        2,060 K    5,712 K    2864    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        6,164 K    11,484 K    2112    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
sttray64.exe        9,120 K    19,740 K    4412    IDT PC Audio    IDT, Inc.    (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe        9,136 K    15,076 K    2000    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        576 K    1,256 K    324    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        5,036 K    10,928 K    612    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
RIconMan.exe        2,500 K    6,072 K    2392    Realtek Card Reader Icon Tool.    Realsil Microelectronics Inc.    (No signature was present in the subject) Realsil Microelectronics Inc.
procexp.exe        2,452 K    7,776 K    2104    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PresentationFontCache.exe        35,172 K    34,956 K    1904    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
PMBDeviceInfoProvider.exe        1,432 K    4,720 K    2724    Device Information Provider    Sony Corporation    (Verified) Sony Corporation
notepad.exe        10,556 K    25,892 K    6624    Notepad    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
notepad.exe        3,616 K    9,076 K    1012    Notepad    Microsoft Corporation    (Verified) Microsoft Windows
NitroPDFReaderDriverService3x64.exe        1,676 K    3,996 K    2648    Nitro PDF Spool Service    Nitro PDF Software    (Verified) Nitro PDF Software
NitroPDFDriverServicex64.exe        1,640 K    4,012 K    2612    Solid Spool Service    Nitro PDF Software    (Verified) Nitro PDF Software
jusched.exe        5,120 K    14,212 K    1276    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
jucheck.exe        6,076 K    14,352 K    4056    Java Update Checker    Oracle Corporation    (Verified) Oracle America
HPWMISVC.exe        1,500 K    5,144 K    2368    HP Quick Launch WMI Service    Hewlett-Packard Development Company, L.P.    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company, L.P.
HPSA_Service.exe        23,704 K    17,116 K    3596    HP Support Assistant Service    Hewlett-Packard Company    (Verified) Hewlett-Packard Company
hpqWmiEx.exe        3,956 K    8,656 K    5972    HP Software Framework WMI Service    Hewlett-Packard Company    (Verified) Hewlett-Packard Company
hpCMSrv.exe        4,096 K    9,240 K    5936    HP Connection Manager Service    Hewlett-Packard Development Company L.P.    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Development Company L.P.
HPClientServices.exe        4,124 K    8,340 K    2264    HP Client Services    Hewlett-Packard Company    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
GWX.exe        4,288 K    944 K    3948    GWX    Microsoft Corporation    (Verified) Microsoft Windows
Fuel.Service.exe        4,840 K    10,184 K    1912    AMD Fuel Service    Advanced Micro Devices, Inc.    (No signature was present in the subject) Advanced Micro Devices, Inc.
Dropbox.exe        123,520 K    133,288 K    5020    Dropbox    Dropbox, Inc.    (Verified) Dropbox
chrome.exe        39,820 K    70,604 K    5132    Google Chrome    Google Inc.    (Verified) Google Inc
BioMonitor.exe        1,760 K    5,452 K    2656    BioMonitor    HP    (Verified) AuthenTec
audiodg.exe        16,960 K    17,084 K    6476    Windows Audio Device Graph Isolation     Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
atiesrxx.exe        1,768 K    4,616 K    128    AMD External Events Service Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe        2,632 K    6,808 K    1544    AMD External Events Client Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe        1,264 K    4,064 K    1376    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
AESTSr64.exe        1,320 K    3,016 K    1944    Andrea filters APO access service (64-bit)    Andrea Electronics Corporation    (Verified) Microsoft Windows Hardware Compatibility Publisher
AdobeARM.exe        3,836 K    13,448 K    3672    Adobe Reader and Acrobat Manager    Adobe Systems Incorporated    (Verified) Adobe Systems
ABRTMon.exe        4,464 K    9,040 K    4904    ABRTMon    Clarus, Inc.    (No signature was present in the subject) Clarus, Inc.
 

Attached Files


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

OK.  If you uninstalled Warsaw it left a lot of itself behind and it's still causing errors.

 

Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix PC will reboot.
A fix log will be generated please post that.  
 
the above removes all traces of Warsaw and anything else from GAS so you will probably need to reinstall your Brazilian banking software if you still use it.
 
 

Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
Speccy is not really happy with your hard drive.  I see an awful lot of errors:
 
BB
Attribute name Reported Uncorrectable Errors
Real value 4,320,787,496,960
Current 100
Worst 100
Threshold 0
Raw Value 0003010000
Status Good
BC
Attribute name Command Timeout
Real value 21,475,426,304
Current 100
Worst 100
Threshold 0
Raw Value 0000090000
Status Good
 
This could be part of your slowness if it has to keep resending commands to the hard drive.  Back up any data you don't want to lose.  It may decide to stop working altogether.
 
Looks like you might have dropped it too: 
Attribute name G-sense error rate
Real value 2,811
Current 90
Worst 90
Threshold 0
Raw Value 0000000AFB
Status Good
 
 

  • 0

#6
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

RKinner,

 

I ran the fix but my computer crashed, went to blue screen and dumped physical memory. Upon restart, my Avast does not load. It produced Fixlog.txt below. However, I get an error when trying to run file as administrator.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Izilda (2016-02-03 23:23:26) Run:1
Running from C:\Users\Izilda\Desktop
Loaded Profiles: Izilda (Available Profiles: Izilda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-02-03] (GAS Tecnologia)
R1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-08-26] (GAS Tecnologia)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-02-02] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
2016-02-02 18:34 - 2015-11-19 03:05 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-02-02 18:23 - 2012-01-15 18:42 - 00000000 ____D C:\Program Files (x86)\GbPlugin
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
Task: {0EE9EEF0-21B1-45E3-B7CF-F59434679A53} - System32\Tasks\{086040D7-8B51-4901-9C99-9A59D7D1A236} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsMain
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job => C:\Users\Izilda\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job => C:\Users\Izilda\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job => C:\Users\Izilda\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job => C:\Users\Izilda\AppData\Local\Facebook\Update\FacebookUpdate.exe
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Windows\System32:5B1620CE_Bb.gbp
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4
CMD: mkdir "C:\ProgramData\BlueStacks\UserData\Library\My Apps"
CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows"
EmptyTemp:

*****************

GbpSv => Unable to stop service.
GbpSv => service removed successfully
Warsaw Technology => service not found.
gbpddfac => Service stopped successfully.
gbpddfac => service removed successfully
gbpddfac => service not found.
GbpKm => service removed successfully
GBPRCM => Unable to stop service.
GBPRCM => service removed successfully
Warsaw_PP => Service stopped successfully.
Warsaw_PP => service removed successfully
wsddfac => Service stopped successfully.
wsddfac => service removed successfully
wsddpp => Service stopped successfully.
wsddpp => service removed successfully
gbpddreg => service removed successfully
VBoxAswDrv => service could not remove
C:\Windows\system32\Drivers\wsddfac.sys => moved successfully

"C:\Program Files (x86)\GbPlugin" folder move:

Could not move "C:\Program Files (x86)\GbPlugin" => Scheduled to move on reboot.

"HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}" => key removed successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}" => key removed successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}" => key removed successfully
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EE9EEF0-21B1-45E3-B7CF-F59434679A53}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EE9EEF0-21B1-45E3-B7CF-F59434679A53}" => key removed successfully
C:\Windows\System32\Tasks\{086040D7-8B51-4901-9C99-9A59D7D1A236} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{086040D7-8B51-4901-9C99-9A59D7D1A236}" => key removed successfully
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job => moved successfully
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removed successfully.
C:\Windows\System32 => ":5B1620CE_Bb.gbp" ADS removed successfully.
C:\Windows\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removed successfully.
"C:\Windows\system32\Drivers\wsddfac.sys" => ":X5ZN8aGXs4" ADS not found.

=========  mkdir "C:\ProgramData\BlueStacks\UserData\Library\My Apps" =========


========= End of CMD: =========


=========  reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    IconServiceLib    REG_SZ    IconCodecService.dll
    DdeSendTimeout    REG_DWORD    0x0
    DesktopHeapLogging    REG_DWORD    0x1
    GDIProcessHandleQuota    REG_DWORD    0x2710
    ShutdownWarningDialogTimeout    REG_DWORD    0xffffffff
    USERNestedWindowLimit    REG_DWORD    0x32
    USERPostMessageLimit    REG_DWORD    0x2710
    USERProcessHandleQuota    REG_DWORD    0x2710
    (Default)    REG_SZ    mnmsrvc
    DeviceNotSelectedTimeout    REG_SZ    15
    Spooler    REG_SZ    yes
    TransmissionRetryTimeout    REG_SZ    90
    AppInit_DLLs    REG_SZ    
    LoadAppInit_DLLs    REG_DWORD    0x1


========= End of CMD: =========

EmptyTemp: => 1 GB temporary data Removed.
 

Attached Thumbnails

  • Capture.JPG

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

If FRST can't run as admin can other programs?  

 

Since you say Avast won't run it must have been this line:

 

U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

 

that annoyed it.  

 

Normally that means the file is not there but in this case it appears that the file just was hiding and Avast got mad when I killed it.

 

Can you uninstall/reinstall Avast?  http://files.avast.c...virus_setup.exe

 

If you can't reinstall Avast or it doesn't help then

 

Normally we would just make a fixlist and restore the whole thing

 

RestoreQuarantine:

 

But if we can't run FRST as admin then I guess that's out

 

See if you can do a system restore to the last restore point  Frst shows one:

 

30-01-2016 19:27:48 Windows Update

 

But it usually creates one before it does something so there may be a newer one.

 

 

  1. Open System Restore by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_818. In the search box, type System Restore, and then, in the list of results, click System Restore.‍ 18abb370-ac1e-4b6b-b663-e028a75bf05b_48. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

  2. Click Recommended restore, and then click Next.

    If there isn't a recommended restore point, follow the steps below to choose a specific restore point.

  3. Review the restore point, and then click Finish.


  • 0

#8
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hello RKinner,

 

Thanks for your reply. I will have to resume this in the afternoon when I'm back home. Please stand by.

 

Basically when I ran the fix, the computer dumped physical memory and my user account lost administrator privileges for all programs. I will do the system restore as advised. Will get back to you asap.

 

Cheers!


  • 0

#9
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hi RKinner,

 

I'm here. I'm trying to do a system restore but it's not allowing me to. I lost administrator privilege altogether. I'm going to try again now. I'm attaching the error screen shot.

 

Any idea on how to proceed?

 

Thank you!

Attached Thumbnails

  • error-restore.JPG

Edited by Andre Silva, 04 February 2016 - 09:35 PM.

  • 0

#10
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

No luck at all, sir. System Restore does not complete successfully. I cannot run as administrator any of the programs. Please advise on how I should proceed. Thank you!!!


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

If you can't uninstall Avast then see if you can do this:

 

http://www.geekstogo...l/#entry2151691


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Also you might try:

 

 
 
 
I've seen it fix similar problems.

  • 0

#13
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

RKinner. Thanks for your patience. I will resume today asap. Please stand by.

 

- Andre


  • 0

#14
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

RKinner, how are you?

 

I ran both fixes. However, I still don't have administrative privileges with my user account. Malwarebytes found no malware. And FRST generated the following log.

 

Please advise on next steps. Thank you!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by SYSTEM on MININT-55CCQBN (07-02-2016 21:49:33)
Running from h:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-02-07] (IDT, Inc.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-27] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\Izilda\...\Run: [Google Update] => C:\Users\Izilda\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\Izilda\...\Run: [Dropbox Update] => C:\Users\Izilda\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-15] (Dropbox, Inc.)
HKU\Izilda\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-01] (Advanced Micro Devices, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-27] (AVAST Software)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-08-13] (WildTangent)
S2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-01-12] (Nitro PDF Software)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-27] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-27] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-27] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-27] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-27] (AVAST Software)
S3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30352 2015-05-02] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-02-06] (GAS Tecnologia)
S1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-08-26] (GAS Tecnologia)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
S3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
S3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
S2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-01-30] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 18:40 - 2016-02-07 18:40 - 02370560 _____ (Farbar) C:\Users\Izilda\Downloads\FRST64(1).exe
2016-02-06 20:50 - 2016-02-06 22:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-06 09:48 - 2016-02-06 22:39 - 00000000 ____D C:\Users\Izilda\Desktop\mbar
2016-02-06 09:47 - 2016-02-06 09:47 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Izilda\Desktop\mbar-1.09.3.1001.exe
2016-02-05 15:16 - 2016-02-05 15:17 - 02370560 _____ (Farbar) C:\Users\Izilda\Downloads\FRST64.exe
2016-02-04 22:26 - 2016-02-04 22:26 - 00063238 _____ C:\Users\Izilda\Desktop\Amazon.pdf
2016-02-04 20:37 - 2016-02-04 20:37 - 00249984 _____ C:\Windows\ntbtlog.txt
2016-02-04 20:16 - 2016-02-04 20:16 - 00000934 _____ C:\Users\Izilda\Desktop\safe-mode.txt
2016-02-04 15:06 - 2016-01-27 19:52 - 01065208 _____ (AVAST Software) C:\Windows\System32\Drivers\asw503F.tmp
2016-02-04 15:06 - 2016-01-27 19:52 - 00464256 _____ (AVAST Software) C:\Windows\System32\Drivers\asw55DF.tmp
2016-02-04 15:06 - 2016-01-27 19:52 - 00097648 _____ (AVAST Software) C:\Windows\System32\Drivers\asw534E.tmp
2016-02-04 15:06 - 2016-01-27 19:51 - 00386096 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2016-02-04 15:06 - 2016-01-27 19:51 - 00273784 _____ (AVAST Software) C:\Windows\System32\Drivers\asw566D.tmp
2016-02-04 15:06 - 2016-01-27 19:51 - 00155304 _____ (AVAST Software) C:\Windows\System32\Drivers\asw591C.tmp
2016-02-04 15:06 - 2016-01-27 19:51 - 00093528 _____ (AVAST Software) C:\Windows\System32\Drivers\asw51A7.tmp
2016-02-04 15:06 - 2016-01-27 19:51 - 00065224 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5504.tmp
2016-02-04 15:06 - 2016-01-27 19:51 - 00028656 _____ (AVAST Software) C:\Windows\System32\Drivers\asw51E6.tmp
2016-02-03 22:42 - 2016-02-03 22:48 - 00007720 _____ C:\Users\Izilda\Desktop\Fixlog.txt
2016-02-03 21:30 - 2016-01-27 19:52 - 01065208 _____ (AVAST Software) C:\Windows\System32\Drivers\aswD18F.tmp
2016-02-03 21:30 - 2016-01-27 19:52 - 00464256 _____ (AVAST Software) C:\Windows\System32\Drivers\aswD9ED.tmp
2016-02-03 21:30 - 2016-01-27 19:52 - 00097648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswD7AA.tmp
2016-02-03 21:30 - 2016-01-27 19:51 - 00273784 _____ (AVAST Software) C:\Windows\System32\Drivers\aswDC4E.tmp
2016-02-03 21:30 - 2016-01-27 19:51 - 00155304 _____ (AVAST Software) C:\Windows\System32\Drivers\aswE0A3.tmp
2016-02-03 21:30 - 2016-01-27 19:51 - 00093528 _____ (AVAST Software) C:\Windows\System32\Drivers\aswD2D7.tmp
2016-02-03 21:30 - 2016-01-27 19:51 - 00065224 _____ (AVAST Software) C:\Windows\System32\Drivers\aswD940.tmp
2016-02-03 21:30 - 2016-01-27 19:51 - 00028656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswD604.tmp
2016-02-03 20:23 - 2016-02-03 20:24 - 00007438 _____ C:\Users\Izilda\Desktop\Fixlog-old.txt
2016-02-03 20:23 - 2016-02-03 20:23 - 00000000 ____D C:\ProgramData\BlueStacks
2016-02-03 19:25 - 2016-02-03 19:27 - 00389823 _____ C:\Users\Izilda\Desktop\speccy.txt
2016-02-03 19:08 - 2016-02-03 19:08 - 00011998 _____ C:\Users\Izilda\Desktop\System Idle Process.txt
2016-02-03 19:03 - 2016-02-03 19:08 - 00030999 _____ C:\Users\Izilda\Desktop\post-back.txt
2016-02-03 17:34 - 2016-02-03 17:34 - 00000000 ____D C:\Users\Izilda\AppData\Roaming\IDT
2016-02-02 21:08 - 2016-02-07 21:49 - 00000000 ____D C:\FRST
2016-01-27 19:51 - 2016-01-27 19:51 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-25 20:08 - 2016-01-25 20:08 - 00001495 _____ C:\Users\Izilda\Downloads\documento (10).pdf
2016-01-25 20:05 - 2016-01-25 20:05 - 00001503 _____ C:\Users\Izilda\Downloads\documento (9).pdf
2016-01-21 20:08 - 2016-01-21 20:08 - 00196361 _____ C:\Users\Izilda\Downloads\Apresentacao SEO - 2016.pdf
2016-01-18 23:47 - 2016-01-18 23:47 - 00004136 _____ C:\Users\Izilda\Downloads\extrato-outubro-2015.pdf
2016-01-18 23:46 - 2016-01-18 23:47 - 00007169 _____ C:\Users\Izilda\Downloads\extrato-outubro-2015.ofx
2016-01-18 23:46 - 2016-01-18 23:46 - 00009221 _____ C:\Users\Izilda\Downloads\extrato-novembro2015.ofx
2016-01-18 23:46 - 2016-01-18 23:46 - 00004720 _____ C:\Users\Izilda\Downloads\extrato-novembro-2015.pdf
2016-01-18 23:45 - 2016-01-18 23:45 - 00007231 _____ C:\Users\Izilda\Downloads\extrato-dezembro2015.ofx
2016-01-18 23:45 - 2016-01-18 23:45 - 00004249 _____ C:\Users\Izilda\Downloads\extrato-dezembro2015.pdf
2016-01-18 22:18 - 2016-01-18 22:18 - 00009795 _____ C:\Users\Izilda\Downloads\extrato.ofx
2016-01-18 22:08 - 2016-01-18 22:08 - 00005905 _____ C:\Users\Izilda\Downloads\extrato.pdf
2016-01-18 19:45 - 2016-01-18 19:45 - 00016554 _____ C:\Users\Izilda\Downloads\5393996031.html
2016-01-17 00:03 - 2016-01-17 00:03 - 00659254 _____ C:\Users\Izilda\Downloads\SecureMessage.pdf
2016-01-16 23:59 - 2016-01-16 23:59 - 00623810 _____ C:\Users\Izilda\Downloads\12-20-2015 (2).pdf
2016-01-16 23:30 - 2016-01-16 23:30 - 00623810 _____ C:\Users\Izilda\Downloads\12-20-2015 (1).pdf
2016-01-16 23:28 - 2016-01-16 23:28 - 00015182 _____ C:\Users\Izilda\Downloads\Document.pdf
2016-01-16 23:28 - 2016-01-16 23:28 - 00015182 _____ C:\Users\Izilda\Downloads\Document (1).pdf
2016-01-15 05:19 - 2016-01-15 05:19 - 00308224 _____ C:\Users\Izilda\Downloads\Briefing - Logomarca-1.xls
2016-01-14 19:41 - 2016-01-14 19:41 - 00002436 _____ C:\Users\Izilda\Downloads\extratof2b_20160115.pdf
2016-01-14 19:06 - 2016-01-14 19:06 - 00002144 _____ C:\Users\Izilda\Downloads\cobrancasf2b_20160115 (2).txt
2016-01-14 19:01 - 2016-01-14 19:01 - 00004360 _____ C:\Users\Izilda\Downloads\cobrancasf2b_20160115 (1).txt
2016-01-14 18:58 - 2016-01-14 18:58 - 00004905 _____ C:\Users\Izilda\Downloads\cobrancasf2b_20160115.txt
2016-01-14 17:48 - 2016-01-14 17:48 - 00002439 _____ C:\Users\Izilda\Downloads\documento (8).pdf
2016-01-14 17:45 - 2016-01-14 17:45 - 00002438 _____ C:\Users\Izilda\Downloads\documento (7).pdf
2016-01-12 16:47 - 2015-12-11 10:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2016-01-12 16:47 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 16:47 - 2015-12-08 11:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2016-01-12 16:47 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\System32\mapistub.dll
2016-01-12 16:47 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\System32\mapi32.dll
2016-01-12 16:47 - 2015-11-13 15:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\fixmapi.exe
2016-01-12 16:47 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-12 16:47 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-12 16:47 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-12 16:46 - 2015-12-23 15:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2016-01-12 16:46 - 2015-12-23 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-12 16:46 - 2015-12-12 10:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2016-01-12 16:46 - 2015-12-12 10:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2016-01-12 16:46 - 2015-12-12 10:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2016-01-12 16:46 - 2015-12-12 10:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2016-01-12 16:46 - 2015-12-12 10:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2016-01-12 16:46 - 2015-12-12 10:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2016-01-12 16:46 - 2015-12-12 10:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2016-01-12 16:46 - 2015-12-12 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2016-01-12 16:46 - 2015-12-12 10:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2016-01-12 16:46 - 2015-12-12 10:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2016-01-12 16:46 - 2015-12-12 10:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2016-01-12 16:46 - 2015-12-12 10:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2016-01-12 16:46 - 2015-12-12 10:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2016-01-12 16:46 - 2015-12-12 10:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-12 16:46 - 2015-12-12 10:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2016-01-12 16:46 - 2015-12-12 10:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2016-01-12 16:46 - 2015-12-12 10:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2016-01-12 16:46 - 2015-12-12 10:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2016-01-12 16:46 - 2015-12-12 09:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2016-01-12 16:46 - 2015-12-12 09:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2016-01-12 16:46 - 2015-12-12 09:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-12 16:46 - 2015-12-12 09:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-01-12 16:46 - 2015-12-12 09:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2016-01-12 16:46 - 2015-12-12 09:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2016-01-12 16:46 - 2015-12-12 09:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-12 16:46 - 2015-12-12 09:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2016-01-12 16:46 - 2015-12-12 09:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-12 16:46 - 2015-12-12 09:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-12 16:46 - 2015-12-12 09:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-12 16:46 - 2015-12-12 09:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-12 16:46 - 2015-12-12 09:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2016-01-12 16:46 - 2015-12-12 09:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-12 16:46 - 2015-12-12 09:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-12 16:46 - 2015-12-12 09:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-12 16:46 - 2015-12-12 09:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-12 16:46 - 2015-12-12 09:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-12 16:46 - 2015-12-12 09:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-12 16:46 - 2015-12-12 09:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-12 16:46 - 2015-12-12 09:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2016-01-12 16:46 - 2015-12-12 09:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2016-01-12 16:46 - 2015-12-12 09:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2016-01-12 16:46 - 2015-12-12 09:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2016-01-12 16:46 - 2015-12-12 09:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2016-01-12 16:46 - 2015-12-12 09:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-12 16:46 - 2015-12-12 09:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2016-01-12 16:46 - 2015-12-12 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-12 16:46 - 2015-12-12 09:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-12 16:46 - 2015-12-12 09:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-12 16:46 - 2015-12-12 09:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-12 16:46 - 2015-12-12 09:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-12 16:46 - 2015-12-12 09:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-12 16:46 - 2015-12-12 09:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2016-01-12 16:46 - 2015-12-12 09:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-12 16:46 - 2015-12-12 09:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-12 16:46 - 2015-12-12 09:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-12 16:46 - 2015-12-12 09:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-12 16:46 - 2015-12-12 09:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-12 16:46 - 2015-12-12 08:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2016-01-12 16:46 - 2015-12-12 08:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2016-01-12 16:46 - 2015-12-12 08:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-12 16:46 - 2015-12-12 08:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-12 16:46 - 2015-12-12 08:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-12 16:46 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-12 16:46 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-12 16:46 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-12 16:46 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 16:46 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-12 16:46 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-12 16:46 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-12 16:46 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 16:46 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-12 16:46 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-12 16:46 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-12 16:46 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-12 16:46 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-12 16:46 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-12 16:46 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-12 16:46 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 16:46 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 16:46 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-12 16:46 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-12 16:46 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-12 16:46 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-12 16:46 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-12 16:46 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-12 16:46 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 16:46 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-12 16:46 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-12 16:46 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-12 16:46 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-12 16:46 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-12 16:46 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-12 16:46 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-12 16:46 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-12 16:46 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-12 16:46 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-12 16:46 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\System32\WMVENCOD.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\System32\WMSPDMOE.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2adec.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\System32\WMADMOD.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\System32\MSMPEG2ENC.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\System32\WMADMOE.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\System32\mcmde.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\System32\WMSPDMOD.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\System32\WMVSDECD.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\System32\MP4SDECD.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\System32\WMVXENCD.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\MFWMAAEC.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\System32\WMVSENCD.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\System32\SysFxUI.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\System32\VIDRESZR.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\System32\qasf.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\System32\RESAMPLEDMO.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\System32\MPG4DECD.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\System32\MP43DECD.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\COLORCNV.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\MP3DMOD.DLL
2016-01-12 16:46 - 2015-12-08 11:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\devenum.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\System32\mfvdsp.dll
2016-01-12 16:46 - 2015-12-08 11:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2016-01-12 16:46 - 2015-12-08 11:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\ksuser.dll
2016-01-12 16:46 - 2015-12-08 11:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\System32\ksproxy.ax
2016-01-12 16:46 - 2015-12-08 11:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2016-01-12 16:46 - 2015-12-08 11:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2016-01-12 16:46 - 2015-12-08 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2016-01-12 16:46 - 2015-12-08 10:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2016-01-12 16:46 - 2015-12-08 10:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2016-01-12 16:46 - 2015-12-08 09:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2016-01-12 16:45 - 2015-12-08 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-12 16:45 - 2015-12-08 11:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2016-01-12 16:45 - 2015-11-16 17:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2016-01-12 16:45 - 2015-11-16 17:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2016-01-12 16:45 - 2015-11-16 17:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2016-01-12 16:45 - 2015-11-16 17:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2016-01-12 16:45 - 2015-11-16 17:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2016-01-12 16:45 - 2015-11-16 17:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2016-01-12 16:45 - 2015-11-16 12:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2016-01-12 16:44 - 2015-12-30 11:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2016-01-12 16:44 - 2015-12-30 11:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2016-01-12 16:44 - 2015-12-30 11:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2016-01-12 16:44 - 2015-12-30 11:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2016-01-12 16:44 - 2015-12-30 11:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2016-01-12 16:44 - 2015-12-30 11:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2016-01-12 16:44 - 2015-12-30 11:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2016-01-12 16:44 - 2015-12-30 11:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2016-01-12 16:44 - 2015-12-30 11:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2016-01-12 16:44 - 2015-12-30 11:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2016-01-12 16:44 - 2015-12-30 11:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2016-01-12 16:44 - 2015-12-30 11:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2016-01-12 16:44 - 2015-12-30 11:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2016-01-12 16:44 - 2015-12-30 11:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2016-01-12 16:44 - 2015-12-30 11:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2016-01-12 16:44 - 2015-12-30 11:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2016-01-12 16:44 - 2015-12-30 11:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2016-01-12 16:44 - 2015-12-30 11:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2016-01-12 16:44 - 2015-12-30 10:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2016-01-12 16:44 - 2015-12-30 10:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2016-01-12 16:44 - 2015-12-30 10:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2016-01-12 16:44 - 2015-12-30 10:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2016-01-12 16:44 - 2015-12-30 10:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2016-01-12 16:44 - 2015-12-30 10:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2016-01-12 16:44 - 2015-12-30 10:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2016-01-12 16:44 - 2015-12-30 10:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2016-01-12 16:44 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2016-01-12 16:44 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2016-01-12 16:44 - 2015-12-30 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-12 16:44 - 2015-12-30 10:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-12 16:44 - 2015-12-30 10:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-12 16:44 - 2015-12-30 10:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-12 16:44 - 2015-12-30 10:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-12 16:44 - 2015-12-30 10:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-12 16:44 - 2015-12-30 10:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-12 16:44 - 2015-12-30 10:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-12 16:44 - 2015-12-30 10:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-12 16:44 - 2015-12-30 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-12 16:44 - 2015-12-30 10:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-12 16:44 - 2015-12-30 10:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-12 16:44 - 2015-12-30 10:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-12 16:44 - 2015-12-30 10:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-12 16:44 - 2015-12-30 10:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-12 16:44 - 2015-12-30 10:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-12 16:44 - 2015-12-30 10:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-12 16:44 - 2015-12-30 10:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-12 16:44 - 2015-12-30 10:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 09:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2016-01-12 16:44 - 2015-12-30 09:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2016-01-12 16:44 - 2015-12-30 09:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2016-01-12 16:44 - 2015-12-30 09:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-12 16:44 - 2015-12-30 09:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2016-01-12 16:44 - 2015-12-30 09:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2016-01-12 16:44 - 2015-12-30 09:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2016-01-12 16:44 - 2015-12-30 09:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2016-01-12 16:44 - 2015-12-30 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2016-01-12 16:44 - 2015-12-30 09:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-12 16:44 - 2015-12-30 09:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-12 16:44 - 2015-12-30 09:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-12 16:44 - 2015-12-30 09:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-12 16:44 - 2015-12-30 09:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-12 16:44 - 2015-12-30 09:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 09:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 09:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 16:44 - 2015-12-30 09:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-12 16:44 - 2015-12-08 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-12 16:44 - 2015-12-08 11:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2016-01-11 21:05 - 2016-01-11 21:05 - 00176645 _____ C:\Users\Izilda\Downloads\TUTORIAL SISTEMA DE GESTAO DE CONTEUDO.pdf
2016-01-11 16:23 - 2016-01-11 16:23 - 01075253 _____ C:\Users\Izilda\Downloads\ISHRS-AM-PB-Portuguese-Brochure.pdf
2016-01-10 12:16 - 2016-01-10 12:17 - 00440628 _____ C:\Users\Izilda\Downloads\Contrato Web e Logomarca - Breno Frota.pdf
2016-01-10 09:28 - 2016-01-10 09:28 - 00002431 _____ C:\Users\Izilda\Downloads\documento (6).pdf
2016-01-09 22:21 - 2016-01-09 22:21 - 00001490 _____ C:\Users\Izilda\Downloads\documento (5).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 18:43 - 2012-11-30 13:58 - 00327680 _____ C:\Windows\System32\Ikeext.etl
2016-02-07 18:41 - 2009-07-13 21:13 - 00786622 _____ C:\Windows\System32\PerfStringBackup.INI
2016-02-07 18:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-02-07 18:15 - 2015-06-15 22:05 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job
2016-02-07 18:10 - 2012-03-06 18:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-07 17:47 - 2013-01-07 17:02 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job
2016-02-07 17:33 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-07 17:33 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-07 17:15 - 2015-06-15 22:05 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job
2016-02-07 16:55 - 2013-05-25 20:50 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job
2016-02-07 16:10 - 2012-03-06 18:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-07 15:47 - 2013-01-07 17:02 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job
2016-02-07 09:26 - 2013-11-17 20:08 - 00000000 ___RD C:\Users\Izilda\Dropbox
2016-02-07 09:26 - 2013-11-17 20:04 - 00000000 ____D C:\Users\Izilda\AppData\Roaming\Dropbox
2016-02-07 09:25 - 2012-01-14 14:24 - 00000000 ____D C:\Users\Izilda\AppData\LocalLow\AuthenTec
2016-02-06 22:55 - 2013-05-25 20:50 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job
2016-02-06 22:44 - 2015-08-27 18:03 - 00028888 _____ (GAS Tecnologia) C:\Windows\System32\Drivers\gbpddfac64.sys
2016-02-06 22:44 - 2012-01-15 15:42 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-02-06 22:44 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-06 20:50 - 2015-05-18 21:30 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-02-06 17:57 - 2012-01-14 14:37 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E9E6BA8C-07EE-4923-A62A-9A3F663A7BF5}
2016-02-06 09:49 - 2015-05-18 21:29 - 00109272 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2016-02-05 15:11 - 2012-04-10 15:32 - 00000000 ____D C:\Users\Izilda\AppData\Roaming\Nitro PDF
2016-02-04 23:57 - 2013-08-15 09:33 - 00001456 _____ C:\Users\Izilda\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-02-04 23:53 - 2012-01-14 19:08 - 00000000 ____D C:\Users\Izilda\AppData\Roaming\Skype
2016-02-04 23:32 - 2012-09-19 20:36 - 00000000 ____D C:\Users\Izilda\Desktop\Temporario
2016-02-04 22:27 - 2012-11-01 06:59 - 05205504 ___SH C:\Users\Izilda\Desktop\Thumbs.db
2016-02-04 20:00 - 2015-05-04 10:34 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2016-02-04 19:59 - 2015-12-03 15:28 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-02-04 19:59 - 2015-05-04 10:34 - 00000000 ____D C:\Program Files\Diebold
2016-02-04 19:59 - 2015-04-08 20:42 - 00000000 ___SD C:\Windows\System32\GWX
2016-02-04 19:59 - 2012-09-19 12:12 - 00000000 ___RD C:\Users\Izilda\Desktop\Applications
2016-02-04 19:59 - 2012-09-18 21:22 - 00000000 ____D C:\Users\Izilda\Desktop\Doctor Virtual
2016-02-04 19:59 - 2012-01-14 14:26 - 00000000 ____D C:\Users\Izilda\AppData\Local\Hewlett-Packard
2016-02-04 19:59 - 2012-01-14 14:23 - 00000000 ____D C:\users\Izilda
2016-02-04 19:59 - 2011-08-29 17:31 - 00000000 ____D C:\ProgramData\RoxioNow
2016-02-04 19:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-02-04 16:06 - 2012-11-25 11:51 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForIzilda
2016-02-04 16:06 - 2012-11-25 11:51 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForIzilda.job
2016-02-04 16:05 - 2012-03-06 18:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-04 16:05 - 2012-03-06 18:08 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-04 15:42 - 2013-01-07 17:02 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA
2016-02-04 15:42 - 2013-01-07 17:02 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core
2016-02-04 15:06 - 2015-10-08 18:43 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-04 15:06 - 2013-10-06 08:38 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-04 05:41 - 2011-10-06 09:58 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-03 20:59 - 2012-01-14 15:57 - 00000000 ____D C:\Users\Izilda\AppData\Local\CrashDumps
2016-02-03 15:48 - 2012-01-15 15:42 - 00000000 ____D C:\ProgramData\GbPlugin
2016-02-02 22:11 - 2012-07-12 14:34 - 09390592 ___SH C:\Users\Izilda\Downloads\Thumbs.db
2016-01-30 16:22 - 2015-11-19 00:05 - 00101080 _____ (GAS Tecnologia) C:\Windows\System32\Drivers\wsddfac.sys
2016-01-27 19:52 - 2013-10-06 08:38 - 01065208 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2016-01-27 19:52 - 2013-10-06 08:38 - 00464256 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2016-01-27 19:52 - 2013-10-06 08:38 - 00097648 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2016-01-27 19:51 - 2014-04-24 09:56 - 00028656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2016-01-27 19:51 - 2014-01-08 10:24 - 00155304 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2016-01-27 19:51 - 2013-10-06 08:38 - 00273784 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2016-01-27 19:51 - 2013-10-06 08:38 - 00093528 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2016-01-27 19:51 - 2013-10-06 08:38 - 00065224 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2016-01-27 09:20 - 2012-04-10 15:29 - 00000000 ____D C:\Users\Izilda\AppData\Roaming\PrimoPDF
2016-01-27 09:09 - 2009-07-13 20:45 - 05096648 _____ C:\Windows\System32\FNTCACHE.DAT
2016-01-26 20:12 - 2012-01-14 14:33 - 00125744 _____ C:\Users\Izilda\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-26 18:20 - 2012-01-14 19:08 - 00000000 ____D C:\ProgramData\Skype
2016-01-25 18:45 - 2013-08-16 11:10 - 00000132 _____ C:\Users\Izilda\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-01-21 19:28 - 2012-11-22 21:31 - 00000000 ____D C:\Users\Izilda\Downloads\00-Fotos de Caetano
2016-01-18 23:33 - 2012-09-18 21:47 - 00000000 ____D C:\Users\Izilda\Desktop\Clientes
2016-01-18 22:06 - 2012-12-03 07:26 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForIZILDA-HP$
2016-01-18 22:06 - 2012-12-03 07:26 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForIZILDA-HP$.job
2016-01-13 01:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-01-13 01:09 - 2012-11-20 13:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 01:09 - 2011-08-29 17:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 01:06 - 2014-12-11 07:26 - 00000000 ____D C:\Windows\System32\appraiser
2016-01-13 01:06 - 2014-05-06 05:02 - 00000000 ___SD C:\Windows\System32\CompatTel
2016-01-13 00:45 - 2013-07-19 22:00 - 00000000 ____D C:\Windows\System32\MRT
2016-01-13 00:13 - 2012-01-29 09:01 - 143671360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-01-12 18:45 - 2014-12-23 18:05 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-09 19:01 - 2016-01-06 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-09 19:01 - 2012-11-26 11:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

Some files in TEMP:
====================
C:\Users\Izilda\AppData\Local\Temp\2lj4u2du.dll
C:\Users\Izilda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp71xpte.dll
C:\Users\Izilda\AppData\Local\Temp\SkypeSetup.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2015-12-08 16:35] - [2015-11-10 10:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A

C:\Windows\SysWOW64\User32.dll
[2015-12-08 16:35] - [2015-11-10 10:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2015-09-20 18:02
Restore point date: 2015-09-25 08:50
Restore point date: 2015-09-29 18:10
Restore point date: 2015-10-03 21:49
Restore point date: 2015-10-07 19:58
Restore point date: 2015-10-08 18:40
Restore point date: 2015-10-13 15:10
Restore point date: 2015-10-13 23:02
Restore point date: 2015-10-14 23:00
Restore point date: 2015-10-20 18:32
Restore point date: 2015-10-31 22:14
Restore point date: 2015-11-06 00:51
Restore point date: 2015-11-10 19:58
Restore point date: 2015-11-11 00:02
Restore point date: 2015-11-13 00:01
Restore point date: 2015-11-18 16:04
Restore point date: 2015-11-24 20:30
Restore point date: 2015-11-27 22:14
Restore point date: 2015-12-02 21:40
Restore point date: 2015-12-06 21:24
Restore point date: 2015-12-08 21:11
Restore point date: 2015-12-13 14:50
Restore point date: 2015-12-18 21:37
Restore point date: 2015-12-19 00:00
Restore point date: 2015-12-22 19:10
Restore point date: 2015-12-25 23:09
Restore point date: 2015-12-30 22:28
Restore point date: 2016-01-05 18:41
Restore point date: 2016-01-09 19:15
Restore point date: 2016-01-13 00:02
Restore point date: 2016-01-21 19:03
Restore point date: 2016-01-27 09:24
Restore point date: 2016-01-30 16:28
Restore point date: 2016-02-03 21:40
Restore point date: 2016-02-04 05:25
Restore point date: 2016-02-04 15:48
Restore point date: 2016-02-04 19:37
Restore point date: 2016-02-06 00:47

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 7658.9 MB
Available physical RAM: 6549.06 MB
Total Virtual: 7657.05 MB
Available Virtual: 6535.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:578.92 GB) (Free:93.31 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (RECOVERY) (Fixed) (Total:16.96 GB) (Free:1.86 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: (Setup) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS
Drive h: (ANDRE) (Removable) (Total:1.89 GB) (Free:0.81 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.13 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1813033F)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=578.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)


LastRegBack: 2016-01-30 17:31

==================== End of FRST.txt ============================


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Sorry for the delay.  We were traveling yesterday and got back too late to do any work on the forum.

 

Let's use System Restore to go back to when we started and see if that undoes my mess.

 

Since you can run FRST from a USB I assume you can get to the System Recovery Options menu.  From there click on System Restore and then try to find the one dated  2016-01-30 16:28

 

and let it restore to that date.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP