Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

windows 10 freezes after a few minutes, rebooting doesn't help [So

Started by lizglass , May 01 2016 11:07 PM

This topic is locked

#1
lizglass

Posted 01 May 2016 - 11:07 PM

Member

Member
159 posts

For the last 48 hours I have been trying to find the cause of this behavior. Ran all the old cleaning tools (I was a helper here about 10 years ago...) but nothing seems to work, I even uninstalled Avast, in the hopes that Windows Defender would do the job...

I am a too old dog to learn all the new tricks. Here is my FRST scan log, I appreciate your help very much!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-04-2016

Ran by Liz (administrator) on LIZ-PC (02-05-2016 06:11:38)

Running from C:\Users\Liz\Desktop

Loaded Profiles: Liz (Available Profiles: Liz & Jonathan & Coralie & Jeremy & DefaultAppPool)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe

(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe

(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe

(Almico Software (almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)

HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-10-18] (Motorola Solutions, Inc.)

HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)

HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)

HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1

HKU\S-1-5-21-513658400-2124063526-4095330266-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

Startup: C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S10 Password Vault.lnk [2016-05-01]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{01a6d0f1-3f38-41f2-b984-3f8aca8f7476}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{207fa523-3544-4612-b8e0-e1428cfd7839}: [DhcpNameServer] 10.3.22.1

Tcpip\..\Interfaces\{a724828c-de6d-4309-bdeb-5a9a4fc85727}: [DhcpNameServer] 10.3.152.1

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-513658400-2124063526-4095330266-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-513658400-2124063526-4095330266-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com

SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-29] (Oracle Corporation)

BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)

BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-29] (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:

========

FF ProfilePath: C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\ada4cehe.default-1434727774377

FF DefaultSearchEngine: Google

FF SelectedSearchEngine: Google

FF Homepage: hxxps://www.google.com/?trackid=sp-006

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-29] ()

FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-29] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)

FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-29] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-29] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-513658400-2124063526-4095330266-1000: gastecnologia.com.br/sf/uni -> C:\Users\Liz\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-08-26] (GAS Tecnologia)

FF user.js: detected! => C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\ada4cehe.default-1434727774377\user.js [2016-01-21]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Aimersoft\Video Converter Ultimate\[email protected] => not found

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found

FF HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Liz\AppData\Local\GAS Tecnologia\GBBD\uni\xpi

FF Extension: Guardião - Itaú 30 horas - C:\Users\Liz\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2015-07-31] [not signed]

FF HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/ig",""

CHR Profile: C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Translate) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-18]

CHR Extension: (Angry Birds) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-07-31]

CHR Extension: (Send to OneNote) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokbjibjnekbfdjilfpoknnokaffoinp [2016-03-09]

CHR Extension: (Google Drive) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2016-01-10]

CHR Extension: (YouTube) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (Add to Amazon Wish List) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2015-07-31]

CHR Extension: (Google Search) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]

CHR Extension: (Search by Image (by Google)) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-07-31]

CHR Extension: (Gmail Offline) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-07-31]

CHR Extension: (Web Lab) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe [2015-07-31]

CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-07-31]

CHR Extension: (Google Docs Offline) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]

CHR Extension: (AdBlock) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-18]

CHR Extension: (Disconnect Search) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2016-02-18]

CHR Extension: (Disconnect) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-02-18]

CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2015-07-31]

CHR Extension: (Movi Kanti Revo) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkcgeghhfjiglphfppinecpcpnnbne [2015-07-31]

CHR Extension: (Office Online) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-03-09]

CHR Extension: (OneDrive) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2016-03-09]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]

CHR Extension: (My Chrome Theme) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-26]

CHR Extension: (Origami Player) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2015-07-31]

CHR Extension: (Gmail) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-31]

CHR HKU\S-1-5-21-513658400-2124063526-4095330266-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)

S3 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)

S3 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]

S3 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)

R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]

R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)

R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)

R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)

S3 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2818896 2014-01-20] (CybelSoft)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

S3 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2014-12-16] (Sony Corporation)

S3 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-12-13] (RealNetworks, Inc.)

S3 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)

S2 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [238592 2016-04-13] (Golden Frog, GmbH.) [File not signed]

R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-19] (GAS Tecnologia LTDA)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)

R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)

R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-31] (REALiX™)

S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [12309440 2011-09-25] (Intel Corporation) [File not signed]

S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2013-10-23] (CybelSoft)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-11-10] (Intel Corporation)

R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-05-22] (Synaptics Incorporated)

S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2015-09-29] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)

S3 tapvyprvpn; C:\Windows\System32\drivers\tapvyprvpn.sys [44896 2015-09-28] (The OpenVPN Project)

R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)

U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-02 00:23 - 2016-05-02 00:24 - 00060013 _____ C:\Users\Liz\Desktop\Addition.txt

2016-05-02 00:20 - 2016-05-02 06:12 - 00022726 _____ C:\Users\Liz\Desktop\FRST.txt

2016-05-02 00:19 - 2016-05-02 00:19 - 00001060 _____ C:\Users\Liz\Desktop\FRST64 (1).lnk

2016-05-02 00:06 - 2016-05-02 00:08 - 02377216 _____ (Farbar) C:\Users\Liz\Downloads\FRST64 (1).exe

2016-05-01 23:35 - 2016-05-01 23:45 - 00000000 ____D C:\Program Files (x86)\SpeedFan

2016-05-01 23:35 - 2016-05-01 23:35 - 00001078 _____ C:\Users\Liz\Desktop\SpeedFan.lnk

2016-05-01 23:35 - 2016-05-01 23:35 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo

2016-05-01 23:32 - 2016-05-01 23:32 - 02218504 _____ C:\Users\Liz\Downloads\instspeedfan451.exe

2016-05-01 10:57 - 2016-05-01 10:59 - 00000288 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Liz.job

2016-05-01 10:57 - 2016-05-01 10:57 - 00002466 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Liz

2016-05-01 09:28 - 2016-05-01 09:36 - 43232552 _____ (IObit ) C:\Users\Liz\Downloads\IObit-Malware-Fighter-Setup.exe

2016-05-01 09:07 - 2016-05-01 09:07 - 00000000 ____H C:\asc_rdflag

2016-05-01 07:24 - 2016-05-01 07:25 - 00058314 _____ C:\Users\Liz\Downloads\Addition.txt

2016-05-01 07:23 - 2016-05-02 06:11 - 00000000 ____D C:\FRST

2016-05-01 07:23 - 2016-05-01 07:25 - 00068951 _____ C:\Users\Liz\Downloads\FRST.txt

2016-05-01 07:21 - 2016-05-01 07:22 - 02377216 _____ (Farbar) C:\Users\Liz\Desktop\FRST64.exe

2016-04-29 10:30 - 2016-04-29 10:30 - 00406888 _____ C:\Users\Liz\Desktop\INSS Arlette_Ano 2015.pdf

2016-04-29 10:28 - 2016-04-29 10:28 - 00406888 _____ C:\Users\Liz\Downloads\1490184756_Ano 2015.pdf

2016-04-29 07:32 - 2016-04-29 07:31 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2016-04-29 04:46 - 2016-04-29 04:46 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-04-29 04:46 - 2016-04-29 04:46 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-04-29 04:37 - 2016-04-29 04:37 - 00987728 _____ (Google Inc.) C:\Users\Liz\Downloads\ChromeSetup.exe

2016-04-28 21:37 - 2016-04-28 21:37 - 00735476 _____ C:\Users\Liz\Desktop\Cambio ITAU pag 6.pdf

2016-04-28 21:35 - 2016-04-28 21:35 - 05006413 _____ C:\Users\Liz\Downloads\Cambio ITAU.pdf

2016-04-28 11:55 - 2016-04-28 11:54 - 00463744 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys(3060).1461841555640

2016-04-28 11:55 - 2016-04-28 11:54 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys(3062).1461841588906

2016-04-28 11:55 - 2016-04-28 11:52 - 01065720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys(3061).1461841588906

2016-04-28 10:41 - 2016-04-28 10:42 - 04399278 _____ (IObit ) C:\Users\Liz\Downloads\Unconfirmed 419942.crdownload

2016-04-27 23:59 - 2016-04-27 23:59 - 00000000 ____D C:\Users\Liz\Documents\SmartDraw

2016-04-26 23:02 - 2016-04-26 23:02 - 00297096 _____ C:\Users\Liz\Downloads\136197830.PDF

2016-04-21 20:44 - 2016-04-21 20:44 - 01866220 _____ C:\Users\Liz\Downloads\lavie111.ppsm

2016-04-21 20:34 - 2016-04-21 20:43 - 01865216 _____ C:\Users\Liz\Downloads\lavie111.pps

2016-04-21 20:32 - 2016-04-21 20:32 - 00204033 _____ C:\Users\Liz\Downloads\BookingContract_it.pdf

2016-04-20 09:55 - 2016-04-20 09:55 - 01404992 _____ C:\Users\Liz\Downloads\Franco Moretti, Dominique Pestre, Bankspeak, NLR 92, March-April 2015.pdf

2016-04-18 12:46 - 2016-04-28 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Golden Frog, GmbH

2016-04-18 12:46 - 2016-04-18 12:46 - 00001034 _____ C:\Users\Public\Desktop\VyprVPN.lnk

2016-04-18 12:29 - 2016-04-18 12:29 - 06795264 _____ C:\WINDOWS\system32\config\drivers.iodefrag.bak

2016-04-13 12:45 - 2016-04-06 20:32 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2016-04-13 12:45 - 2016-04-06 20:32 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2016-04-13 12:03 - 2016-03-29 12:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2016-04-13 12:03 - 2016-03-29 07:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2016-04-13 12:03 - 2016-03-29 07:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-04-13 12:03 - 2016-03-29 07:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-04-13 12:03 - 2016-03-29 07:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-04-13 12:03 - 2016-03-29 07:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-04-13 12:03 - 2016-03-29 07:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-04-13 12:03 - 2016-03-29 07:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-04-13 12:03 - 2016-03-29 07:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-04-13 12:02 - 2016-03-29 12:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-04-13 12:02 - 2016-03-29 08:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2016-04-13 12:02 - 2016-03-29 07:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-04-13 12:00 - 2016-04-02 05:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2016-04-13 12:00 - 2016-04-02 05:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2016-04-13 12:00 - 2016-04-02 05:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2016-04-13 12:00 - 2016-04-02 05:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll

2016-04-13 12:00 - 2016-03-29 11:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2016-04-13 12:00 - 2016-03-29 09:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2016-04-13 12:00 - 2016-03-29 08:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-04-13 12:00 - 2016-03-29 08:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-04-13 12:00 - 2016-03-29 08:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-04-13 12:00 - 2016-03-29 08:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2016-04-13 12:00 - 2016-03-29 08:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2016-04-13 12:00 - 2016-03-29 08:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2016-04-13 12:00 - 2016-03-29 07:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll

2016-04-13 12:00 - 2016-03-29 07:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-04-13 11:59 - 2016-04-02 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2016-04-13 11:59 - 2016-04-02 06:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll

2016-04-13 11:59 - 2016-04-02 05:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll

2016-04-13 11:59 - 2016-04-02 05:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll

2016-04-13 11:59 - 2016-04-02 05:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll

2016-04-13 11:59 - 2016-04-02 05:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2016-04-13 11:59 - 2016-04-02 05:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2016-04-13 11:59 - 2016-04-02 05:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-04-13 11:59 - 2016-04-02 05:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2016-04-13 11:59 - 2016-03-29 12:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2016-04-13 11:59 - 2016-03-29 12:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2016-04-13 11:59 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2016-04-13 11:59 - 2016-03-29 12:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2016-04-13 11:59 - 2016-03-29 12:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2016-04-13 11:59 - 2016-03-29 12:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll

2016-04-13 11:59 - 2016-03-29 12:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2016-04-13 11:59 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2016-04-13 11:59 - 2016-03-29 11:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2016-04-13 11:59 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll

2016-04-13 11:59 - 2016-03-29 11:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys

2016-04-13 11:59 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll

2016-04-13 11:59 - 2016-03-29 11:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe

2016-04-13 11:59 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2016-04-13 11:59 - 2016-03-29 11:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2016-04-13 11:59 - 2016-03-29 11:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe

2016-04-13 11:59 - 2016-03-29 10:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2016-04-13 11:59 - 2016-03-29 10:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2016-04-13 11:59 - 2016-03-29 10:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe

2016-04-13 11:59 - 2016-03-29 10:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2016-04-13 11:59 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2016-04-13 11:59 - 2016-03-29 10:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2016-04-13 11:59 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll

2016-04-13 11:59 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2016-04-13 11:59 - 2016-03-29 09:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys

2016-04-13 11:59 - 2016-03-29 09:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll

2016-04-13 11:59 - 2016-03-29 09:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll

2016-04-13 11:59 - 2016-03-29 09:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2016-04-13 11:59 - 2016-03-29 09:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll

2016-04-13 11:59 - 2016-03-29 09:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2016-04-13 11:59 - 2016-03-29 09:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2016-04-13 11:59 - 2016-03-29 09:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2016-04-13 11:59 - 2016-03-29 09:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2016-04-13 11:59 - 2016-03-29 09:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2016-04-13 11:59 - 2016-03-29 09:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll

2016-04-13 11:59 - 2016-03-29 09:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll

2016-04-13 11:59 - 2016-03-29 09:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll

2016-04-13 11:59 - 2016-03-29 09:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll

2016-04-13 11:59 - 2016-03-29 09:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll

2016-04-13 11:59 - 2016-03-29 09:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll

2016-04-13 11:59 - 2016-03-29 09:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll

2016-04-13 11:59 - 2016-03-29 09:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2016-04-13 11:59 - 2016-03-29 09:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll

2016-04-13 11:59 - 2016-03-29 09:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll

2016-04-13 11:59 - 2016-03-29 09:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll

2016-04-13 11:59 - 2016-03-29 09:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll

2016-04-13 11:59 - 2016-03-29 09:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2016-04-13 11:59 - 2016-03-29 09:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll

2016-04-13 11:59 - 2016-03-29 09:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys

2016-04-13 11:59 - 2016-03-29 09:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2016-04-13 11:59 - 2016-03-29 09:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2016-04-13 11:59 - 2016-03-29 09:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2016-04-13 11:59 - 2016-03-29 09:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll

2016-04-13 11:59 - 2016-03-29 09:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll

2016-04-13 11:59 - 2016-03-29 09:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-04-13 11:59 - 2016-03-29 09:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll

2016-04-13 11:59 - 2016-03-29 09:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll

2016-04-13 11:59 - 2016-03-29 09:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2016-04-13 11:59 - 2016-03-29 09:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2016-04-13 11:59 - 2016-03-29 09:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll

2016-04-13 11:59 - 2016-03-29 09:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2016-04-13 11:59 - 2016-03-29 09:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2016-04-13 11:59 - 2016-03-29 09:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll

2016-04-13 11:59 - 2016-03-29 09:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll

2016-04-13 11:59 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2016-04-13 11:59 - 2016-03-29 08:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2016-04-13 11:59 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2016-04-13 11:59 - 2016-03-29 08:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll

2016-04-13 11:59 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

2016-04-13 11:59 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll

2016-04-13 11:59 - 2016-03-29 08:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll

2016-04-13 11:59 - 2016-03-29 08:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll

2016-04-13 11:59 - 2016-03-29 08:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll

2016-04-13 11:59 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll

2016-04-13 11:59 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll

2016-04-13 11:59 - 2016-03-29 08:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2016-04-13 11:59 - 2016-03-29 08:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2016-04-13 11:59 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2016-04-13 11:59 - 2016-03-29 08:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2016-04-13 11:59 - 2016-03-29 08:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll

2016-04-13 11:59 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll

2016-04-13 11:59 - 2016-03-29 08:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll

2016-04-13 11:59 - 2016-03-29 08:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-04-13 11:59 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2016-04-13 11:59 - 2016-03-29 08:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll

2016-04-13 11:59 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll

2016-04-13 11:59 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2016-04-13 11:59 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll

2016-04-13 11:59 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll

2016-04-13 11:59 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll

2016-04-13 11:59 - 2016-03-29 08:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2016-04-13 11:59 - 2016-03-29 08:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2016-04-13 11:59 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll

2016-04-13 11:59 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll

2016-04-13 11:59 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2016-04-13 11:59 - 2016-03-29 08:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2016-04-13 11:59 - 2016-03-29 08:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-04-13 11:59 - 2016-03-29 08:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-04-13 11:59 - 2016-03-29 08:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll

2016-04-13 11:59 - 2016-03-29 08:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll

2016-04-13 11:59 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-04-13 11:59 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2016-04-13 11:59 - 2016-03-29 07:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2016-04-13 11:59 - 2016-03-29 07:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2016-04-13 11:59 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll

2016-04-13 11:59 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2016-04-13 11:59 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll

2016-04-13 11:59 - 2016-03-29 07:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-04-13 11:59 - 2016-03-29 07:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll

2016-04-13 11:59 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll

2016-04-13 11:58 - 2016-04-02 06:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll

2016-04-13 11:58 - 2016-04-02 06:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

2016-04-13 11:58 - 2016-04-02 05:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll

2016-04-13 11:58 - 2016-04-02 05:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll

2016-04-13 11:58 - 2016-04-02 05:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll

2016-04-13 11:58 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll

2016-04-13 11:58 - 2016-04-02 05:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll

2016-04-13 11:58 - 2016-04-02 05:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll

2016-04-13 11:58 - 2016-04-02 05:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2016-04-13 11:58 - 2016-04-02 05:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2016-04-13 11:58 - 2016-03-29 12:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2016-04-13 11:58 - 2016-03-29 12:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll

2016-04-13 11:58 - 2016-03-29 12:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2016-04-13 11:58 - 2016-03-29 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll

2016-04-13 11:58 - 2016-03-29 11:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2016-04-13 11:58 - 2016-03-29 11:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll

2016-04-13 11:58 - 2016-03-29 11:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2016-04-13 11:58 - 2016-03-29 11:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-04-13 11:58 - 2016-03-29 11:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe

2016-04-13 11:58 - 2016-03-29 11:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll

2016-04-13 11:58 - 2016-03-29 11:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll

2016-04-13 11:58 - 2016-03-29 11:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll

2016-04-13 11:58 - 2016-03-29 10:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2016-04-13 11:58 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll

2016-04-13 11:58 - 2016-03-29 10:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys

2016-04-13 11:58 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll

2016-04-13 11:58 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll

2016-04-13 11:58 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll

2016-04-13 11:58 - 2016-03-29 10:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll

2016-04-13 11:58 - 2016-03-29 10:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys

2016-04-13 11:58 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll

2016-04-13 11:58 - 2016-03-29 10:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2016-04-13 11:58 - 2016-03-29 10:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll

2016-04-13 11:58 - 2016-03-29 10:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll

2016-04-13 11:58 - 2016-03-29 10:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll

2016-04-13 11:58 - 2016-03-29 10:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

2016-04-13 11:58 - 2016-03-29 10:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe

2016-04-13 11:58 - 2016-03-29 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll

2016-04-13 11:58 - 2016-03-29 10:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll

2016-04-13 11:58 - 2016-03-29 09:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe

2016-04-13 11:58 - 2016-03-29 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll

2016-04-13 11:58 - 2016-03-29 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2016-04-13 11:58 - 2016-03-29 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2016-04-13 11:58 - 2016-03-29 09:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll

2016-04-13 11:58 - 2016-03-29 09:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll

2016-04-13 11:58 - 2016-03-29 09:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll

2016-04-13 11:58 - 2016-03-29 09:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll

2016-04-13 11:58 - 2016-03-29 09:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys

2016-04-13 11:58 - 2016-03-29 09:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll

2016-04-13 11:58 - 2016-03-29 09:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll

2016-04-13 11:58 - 2016-03-29 09:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys

2016-04-13 11:58 - 2016-03-29 09:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll

2016-04-13 11:58 - 2016-03-29 09:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe

2016-04-13 11:58 - 2016-03-29 09:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll

2016-04-13 11:58 - 2016-03-29 09:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll

2016-04-13 11:58 - 2016-03-29 09:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll

2016-04-13 11:58 - 2016-03-29 09:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll

2016-04-13 11:58 - 2016-03-29 09:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll

2016-04-13 11:58 - 2016-03-29 09:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2016-04-13 11:58 - 2016-03-29 09:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll

2016-04-13 11:58 - 2016-03-29 09:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

2016-04-13 11:58 - 2016-03-29 09:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll

2016-04-13 11:58 - 2016-03-29 09:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll

2016-04-13 11:58 - 2016-03-29 09:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2016-04-13 11:58 - 2016-03-29 09:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll

2016-04-13 11:58 - 2016-03-29 09:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll

2016-04-13 11:58 - 2016-03-29 09:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2016-04-13 11:58 - 2016-03-29 09:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys

2016-04-13 11:58 - 2016-03-29 09:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll

2016-04-13 11:58 - 2016-03-29 09:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll

2016-04-13 11:58 - 2016-03-29 09:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

2016-04-13 11:58 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll

2016-04-13 11:58 - 2016-03-29 09:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll

2016-04-13 11:58 - 2016-03-29 09:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys

2016-04-13 11:58 - 2016-03-29 09:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2016-04-13 11:58 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll

2016-04-13 11:58 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll

2016-04-13 11:58 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll

2016-04-13 11:58 - 2016-03-29 09:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll

2016-04-13 11:58 - 2016-03-29 09:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2016-04-13 11:58 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll

2016-04-13 11:58 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2016-04-13 11:58 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll

2016-04-13 11:58 - 2016-03-29 09:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll

2016-04-13 11:58 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll

2016-04-13 11:58 - 2016-03-29 09:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll

2016-04-13 11:58 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll

2016-04-13 11:58 - 2016-03-29 09:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll

2016-04-13 11:58 - 2016-03-29 09:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2016-04-13 11:58 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll

2016-04-13 11:58 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe

2016-04-13 11:58 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll

2016-04-13 11:58 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll

2016-04-13 11:58 - 2016-03-29 09:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys

2016-04-13 11:58 - 2016-03-29 09:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll

2016-04-13 11:58 - 2016-03-29 09:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll

2016-04-13 11:58 - 2016-03-29 09:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

2016-04-13 11:58 - 2016-03-29 08:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll

2016-04-13 11:58 - 2016-03-29 08:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe

2016-04-13 11:58 - 2016-03-29 08:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

2016-04-13 11:58 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll

2016-04-13 11:58 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll

2016-04-13 11:58 - 2016-03-29 08:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2016-04-13 11:58 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll

2016-04-13 11:58 - 2016-03-29 08:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll

2016-04-13 11:58 - 2016-03-29 08:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll

2016-04-13 11:58 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2016-04-13 11:58 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll

2016-04-13 11:58 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll

2016-04-13 11:58 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2016-04-13 11:58 - 2016-03-29 08:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll

2016-04-13 11:58 - 2016-03-29 08:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll

2016-04-13 11:58 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll

2016-04-13 11:58 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll

2016-04-13 11:58 - 2016-03-29 08:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll

2016-04-13 11:58 - 2016-03-29 08:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll

2016-04-13 11:58 - 2016-03-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll

2016-04-13 11:58 - 2016-03-29 08:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2016-04-13 11:58 - 2016-03-29 08:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll

2016-04-13 11:58 - 2016-03-29 08:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll

2016-04-13 11:58 - 2016-03-29 08:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll

2016-04-13 11:58 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll

2016-04-13 11:58 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

2016-04-13 11:58 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll

2016-04-13 11:58 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

2016-04-13 11:58 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll

2016-04-13 11:58 - 2016-03-29 08:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll

2016-04-13 11:58 - 2016-03-29 08:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL

2016-04-13 11:58 - 2016-03-29 08:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll

2016-04-13 11:58 - 2016-03-29 07:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll

2016-04-13 11:58 - 2016-03-29 07:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll

2016-04-13 11:58 - 2016-03-29 07:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll

2016-04-13 11:58 - 2016-03-29 07:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL

2016-04-13 11:58 - 2016-03-29 07:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL

2016-04-13 11:58 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL

2016-04-13 11:58 - 2016-03-29 07:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll

2016-04-13 11:57 - 2016-03-29 10:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2016-04-13 11:57 - 2016-03-29 09:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2016-04-13 11:57 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2016-04-13 11:57 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll

2016-04-13 11:57 - 2016-03-29 09:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS

2016-04-13 11:57 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2016-04-13 11:57 - 2016-03-29 09:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll

2016-04-13 11:57 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll

2016-04-13 09:38 - 2016-04-13 09:39 - 00658944 _____ C:\Users\Liz\Downloads\Les_salopards.pps

2016-04-08 22:20 - 2016-04-08 22:20 - 03213048 _____ (Banco Itaú) C:\Users\Liz\Downloads\DiagnosticoItau.exe

2016-04-08 21:24 - 2016-04-08 21:27 - 00018301 _____ C:\Users\Liz\Desktop\demission.odt

2016-04-05 06:13 - 2016-04-05 06:13 - 00001447 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk

2016-04-05 06:13 - 2016-04-05 06:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller

2016-04-05 06:12 - 2016-05-01 09:09 - 00000248 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_Liz.job

2016-04-05 06:12 - 2016-05-01 07:55 - 00002248 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk

2016-04-05 06:12 - 2016-04-05 06:12 - 00003296 _____ C:\WINDOWS\System32\Tasks\ASC9_PerformanceMonitor

2016-04-05 06:12 - 2016-04-05 06:12 - 00002412 _____ C:\WINDOWS\System32\Tasks\ASC9_SkipUac_Liz

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-02 04:30 - 2016-02-03 12:56 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-05-02 00:24 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-05-02 00:18 - 2016-01-21 02:01 - 00222208 ___SH C:\Users\Liz\Desktop\Thumbs.db

2016-05-02 00:17 - 2016-02-05 20:26 - 00086016 ___SH C:\Users\Liz\Downloads\Thumbs.db

2016-05-01 23:59 - 2013-08-26 16:04 - 00000000 ____D C:\Users\Liz\Documents\Arlette docs

2016-05-01 23:53 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-05-01 23:22 - 2013-11-10 22:04 - 00000000 ____D C:\ProgramData\ProductData

2016-05-01 23:20 - 2016-02-03 12:56 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-05-01 23:20 - 2015-12-22 06:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-05-01 23:20 - 2014-01-25 12:25 - 00000476 _____ C:\WINDOWS\Tasks\SDMsgUpdate (Local).job

2016-05-01 23:20 - 2014-01-25 12:25 - 00000468 _____ C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

2016-05-01 11:20 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\registration

2016-05-01 10:18 - 2012-04-13 18:25 - 00000000 ____D C:\Users\Liz\AppData\Local\ElevatedDiagnostics

2016-05-01 09:11 - 2015-12-22 05:32 - 00000000 ____D C:\Users\Liz

2016-05-01 09:07 - 2016-03-20 20:36 - 92127232 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak

2016-05-01 09:07 - 2016-03-20 20:36 - 00647168 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak

2016-05-01 09:07 - 2016-03-20 20:36 - 00163840 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak

2016-05-01 09:07 - 2016-03-20 20:36 - 00040960 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak

2016-05-01 07:54 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF

2016-05-01 07:54 - 2012-04-15 14:00 - 00000000 ____D C:\Users\Liz\Desktop\computer tools

2016-05-01 06:52 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI

2016-05-01 06:52 - 2012-04-13 16:27 - 00000000 ____D C:\ProgramData\AVAST Software

2016-05-01 06:52 - 2012-04-13 16:27 - 00000000 ____D C:\Program Files\AVAST Software

2016-04-30 16:21 - 2012-04-13 18:01 - 00000000 ____D C:\Users\Liz\AppData\Roaming\Skype

2016-04-30 09:49 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-04-30 00:04 - 2012-04-13 16:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-04-29 21:39 - 2016-01-21 12:07 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-04-29 21:39 - 2012-04-13 18:01 - 00000000 ____D C:\ProgramData\Skype

2016-04-29 14:21 - 2015-12-22 14:07 - 00891110 _____ C:\WINDOWS\system32\perfh00C.dat

2016-04-29 14:21 - 2015-12-22 14:07 - 00180336 _____ C:\WINDOWS\system32\perfc00C.dat

2016-04-29 14:21 - 2015-12-22 05:31 - 02071126 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-04-29 07:32 - 2014-12-30 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-04-29 07:31 - 2012-05-20 00:43 - 00000000 ____D C:\Program Files (x86)\Java

2016-04-29 07:24 - 2014-12-21 23:14 - 00001141 _____ C:\Users\Public\Desktop\VLC media player.lnk

2016-04-29 04:46 - 2012-04-13 16:29 - 00000000 ____D C:\Program Files (x86)\Google

2016-04-29 04:24 - 2014-01-25 12:20 - 00000000 ____D C:\Program Files (x86)\SmartDraw CI

2016-04-28 19:43 - 2012-04-13 16:29 - 00000000 ____D C:\Users\Liz\AppData\Local\Google

2016-04-28 13:39 - 2015-12-22 05:32 - 00000000 ____D C:\Users\Jonathan

2016-04-28 13:39 - 2015-12-22 05:32 - 00000000 ____D C:\Users\Jeremy

2016-04-28 13:39 - 2015-12-22 05:32 - 00000000 ____D C:\Users\DefaultAppPool

2016-04-28 13:39 - 2015-12-22 05:32 - 00000000 ____D C:\Users\Coralie

2016-04-28 13:38 - 2015-12-06 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare

2016-04-28 13:38 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2016-04-28 13:38 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\L2Schemas

2016-04-28 13:38 - 2014-02-23 23:14 - 00000000 ____D C:\Users\Liz\AppData\Roaming\ProductData

2016-04-28 13:38 - 2014-01-25 12:25 - 00000000 ____D C:\Users\Liz\AppData\System

2016-04-28 13:38 - 2013-12-13 15:29 - 00000000 ____D C:\Users\Liz\AppData\LocalLow\ADSRemoval

2016-04-28 13:38 - 2012-10-27 03:23 - 00000000 ____D C:\Users\Liz\AppData\LocalLow\IObit

2016-04-28 13:38 - 2012-04-13 17:08 - 00000000 ____D C:\Users\Liz\AppData\Roaming\Efficient Calendar Free

2016-04-28 13:38 - 2012-04-13 16:52 - 00000000 ____D C:\Users\Liz\AppData\Roaming\vlc

2016-04-28 13:38 - 2012-04-13 16:44 - 00000000 ____D C:\Users\Liz\AppData\Roaming\IObit

2016-04-28 13:38 - 2012-04-13 16:44 - 00000000 ____D C:\ProgramData\IObit

2016-04-28 13:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SystemResources

2016-04-28 13:21 - 2015-10-30 08:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep

2016-04-28 13:21 - 2015-10-30 08:28 - 00000000 ____D C:\WINDOWS\servicing

2016-04-28 13:20 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache

2016-04-28 13:20 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Globalization

2016-04-28 13:18 - 2013-09-20 14:51 - 00000000 ____D C:\ProgramData\Oracle

2016-04-28 13:14 - 2016-02-07 04:44 - 00000000 ____D C:\Program Files (x86)\VyprVPN

2016-04-25 00:40 - 2015-08-20 23:48 - 00000000 ____D C:\Users\Liz\.oracle_jre_usage

2016-04-20 09:57 - 2012-04-13 07:14 - 00000000 ____D C:\Users\Liz\Documents\readings

2016-04-13 23:49 - 2015-12-22 05:19 - 00275400 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-04-13 23:48 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI(3067)

2016-04-13 23:48 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI(2460)

2016-04-13 23:45 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2016-04-13 23:45 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-04-13 23:45 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr

2016-04-13 12:55 - 2013-07-23 06:47 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-04-13 12:47 - 2015-08-02 10:26 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-04-13 00:10 - 2015-08-26 08:05 - 00000000 ____D C:\Users\Liz\AppData\Local\Packages

2016-04-10 19:55 - 2012-10-11 22:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-04-09 15:29 - 2016-01-10 07:44 - 00001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-04-09 15:29 - 2015-12-06 07:32 - 00001224 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2016-04-09 15:29 - 2014-08-17 16:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-04-05 06:13 - 2012-04-13 16:44 - 00000000 ____D C:\Program Files (x86)\IObit

==================== Files in the root of some directories =======

2013-07-16 15:56 - 2013-07-16 15:56 - 133170918 _____ () C:\Program Files (x86)\openoffice1.cab

2013-07-16 15:54 - 2013-07-16 15:54 - 2260992 _____ () C:\Program Files (x86)\openoffice400.msi

2013-07-16 15:54 - 2013-07-16 15:54 - 0000279 _____ () C:\Program Files (x86)\setup.ini

2014-12-17 13:11 - 2014-12-17 13:11 - 0000071 _____ () C:\Users\Liz\AppData\Roaming\mbam.context.scan

2014-07-21 19:14 - 2014-07-21 19:15 - 0033268 _____ () C:\Users\Liz\AppData\Roaming\unins000.dat

2014-07-21 19:15 - 2014-07-21 19:15 - 0717985 _____ () C:\Users\Liz\AppData\Roaming\unins000.exe

2013-12-19 01:45 - 2014-03-05 04:29 - 0000160 _____ () C:\Users\Liz\AppData\Roaming\WB.CFG

2015-08-08 17:00 - 2015-08-11 18:43 - 0006144 _____ () C:\Users\Liz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2016-03-14 01:17 - 2016-03-14 01:17 - 0000000 _____ () C:\Users\Liz\AppData\Local\{39A8128C-98F1-454E-990D-3823FFFF51B4}

Some files in TEMP:

====================

C:\Users\Liz\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Liz\AppData\Local\Temp\sfareca00001.dll

C:\Users\Liz\AppData\Local\Temp\sfextra.dll

C:\Users\Liz\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-28 23:15

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-04-2016

Ran by Liz (2016-05-02 00:23:03)

Running from C:\Users\Liz\Desktop

Windows 10 Home Version 1511 (X64) (2015-12-22 06:33:02)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-513658400-2124063526-4095330266-500 - Administrator - Disabled)

Coralie (S-1-5-21-513658400-2124063526-4095330266-1002 - Limited - Enabled) => C:\Users\Coralie

DefaultAccount (S-1-5-21-513658400-2124063526-4095330266-503 - Limited - Disabled)

Guest (S-1-5-21-513658400-2124063526-4095330266-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-513658400-2124063526-4095330266-1057 - Limited - Enabled)

Jeremy (S-1-5-21-513658400-2124063526-4095330266-1041 - Limited - Enabled) => C:\Users\Jeremy

Jonathan (S-1-5-21-513658400-2124063526-4095330266-1001 - Limited - Enabled) => C:\Users\Jonathan

Liz (S-1-5-21-513658400-2124063526-4095330266-1000 - Administrator - Enabled) => C:\Users\Liz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\uTorrent) (Version: 3.3.1.30003 - BitTorrent Inc.)

7-Zip 15.12 (HKLM-x32\...\{23170F69-40C1-2701-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)

Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.12.0 - IObit)

Amazon Music (HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\Amazon Amazon Music) (Version: 4.0.0.1205 - Amazon Services LLC)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

AMD Catalyst Install Manager (HKLM\...\{8DF1EF50-AEB6-902C-F68C-4683C45784E6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)

Aplicativo Itaú (HKLM-x32\...\{DB13E590-A006-4556-8DF4-67EB5F1B2EB5}) (Version: 1.0.57 - Banco Itaú)

AtelierDuLivre (HKLM-x32\...\AtelierDuLivre) (Version: - e-center)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)

CanoScan Toolbox Ver4.6 (HKLM-x32\...\{088A077A-8028-408C-AE7B-4512AE2A65A0}) (Version: - )

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)

Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden

Dell Digital Delivery (HKLM-x32\...\{31045ECE-019D-4DDF-A5C8-5C51A3FE50EE}) (Version: 1.7.4501.0 - Dell Products, LP)

Dell Driver Download Manager (HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)

Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)

Dell System Detect (HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)

Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)

Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)

Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)

Dropbox (HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)

Efficient Calendar Free 3.71 (HKLM-x32\...\Efficient Calendar Free_is1) (Version: - Efficient Software)

Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{cc3a3e9f-5960-4162-9538-497b3a82b52e}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries)

Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)

GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

Google+ Auto Backup (HKLM-x32\...\{D4C4A751-F7F3-4DCA-B825-9AC391BFFC3F}) (Version: 1.0.19.76 - Google)

Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.8.0.1 - )

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)

Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)

Internet Movil Tigo 4G (HKLM-x32\...\Internet Movil Tigo 4G) (Version: 23.009.11.01.279 - Huawei Technologies Co.,Ltd)

IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)

IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.6.101 - IObit)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)

IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)

IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.2 - Receita Federal do Brasil)

Java 8 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218072F0}) (Version: 8.0.720.15 - Oracle Corporation)

Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)

Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)

Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Ma-Config.com (64 bits) (HKLM\...\{D1EFA0BF-0069-410B-B7EA-92AEEC4DD18F}) (Version: 7.1.2.4 - Cybelsoft)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Media Player (HKLM-x32\...\Media Player) (Version: 3.7.2.4 - Orange) <==== ATTENTION

Media Player Codec Pack 4.3.4 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.4 - Media Player Codec Pack)

Media Player Packages (HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\Media Player Packages) (Version: - ) <==== ATTENTION

MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden

MergeModule_x86 (x32 Version: 9.1.00 - Sony Corporation) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{26784146-6E05-3FF9-9335-786C7C0FB5BE}) (Version: - )

Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)

Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)

Orange Web Player 1.213932 (HKLM-x32\...\Orange Web Player_is1) (Version: - Orange)

paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)

PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.1.00.12152 - Sony Corporation)

PMB_ModeEditor (x32 Version: 9.1.00 - Sony Corporation) Hidden

PMB_ServiceUploader (x32 Version: 9.1.00 - Sony Corporation) Hidden

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)

QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)

Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden

S10 Password Vault 4.2 (HKLM-x32\...\{C5C55D62-F61F-470C-B749-992EC581DFEB}) (Version: 4.2 - S10 Software)

SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden

Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)

Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)

SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden

SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )

Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)

VyprVPN (HKLM-x32\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.8.0.6614 - Golden Frog, GmbH.)

Warsaw 1.8.0.10356 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.8.0.10356 - GAS Tecnologia)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Liz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Liz\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Liz\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Liz\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\FileCoAuth.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-513658400-2124063526-4095330266-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Liz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01D72AEE-0200-4F62-B20C-C2246E22F3DB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {09A51BBB-3DCE-4EBC-A34D-B5E211CC6B51} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe

Task: {0B5B5271-34E9-40AF-A8EF-56970BEC282A} - System32\Tasks\Uninstaller_SkipUac_Liz => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-04] (IObit)

Task: {0BA95B5B-9178-49ED-AF7B-FA8C8CC34B8E} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-01-07] (IObit)

Task: {0C102CB1-583A-4CE6-8395-0DB21847A34A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

Task: {0E1A3593-A4FB-4FA9-8A70-6EEDC117C812} - System32\Tasks\{226D356A-6CDF-4E04-B191-9344AE961CE3} => pcalua.exe -a C:\Users\Liz\Desktop\Audio_IDT_W7_A03_Setup-8H18M_ZPE.exe -d C:\Users\Liz\Desktop

Task: {0E423626-9786-414A-BD02-E13C7F2326F5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {122A1D22-C49A-481C-9221-8B2928A094D1} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)

Task: {1270B2DC-D577-49E0-9BFE-41CC3266EB0C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

Task: {1276CF2F-9A21-4F72-A8C7-F3931E378D19} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {12B2B407-EC06-4AA1-AC90-268B8AC246D9} - \RNUpgradeHelperResumePrompt_Liz -> No File <==== ATTENTION

Task: {2811E9A6-EEA6-4B2C-8772-13A92502C583} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-12-17] (IObit)

Task: {2993BB91-8A4F-4E2B-8D82-5896B393FC9B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

Task: {2A520643-0217-408E-836B-A47B7E9674D4} - System32\Tasks\{B5B369A2-C5B3-468A-B6A7-1E8B1B1D4C8E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.114/en/abandoninstall?page=tsProgressBar

Task: {2A95B730-41B9-44B6-9BE4-57121098BC4D} - System32\Tasks\Driver Booster SkipUAC (Liz) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-01-07] (IObit)

Task: {2E0144E5-F3CC-44A7-B085-C9C408EC3273} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {2E93C3EB-19B0-4E4E-AE25-C7283DE1B46F} - System32\Tasks\{A422477C-D6A6-4DFE-AA59-507EE67EDB34} => pcalua.exe -a "C:\Arquivos de Programas RFB\GCME2013\GCME2013.exe" -d C:\ARQUIV~1\GCME2013

Task: {3609D873-561B-43DD-ACBA-B34C85A42251} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {3CCDA263-F6D0-4131-853F-EB8D6641082B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

Task: {4175FBA1-455E-495C-868E-F3F7D5A89DFE} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe

Task: {445183DC-7CFA-4E6D-A382-11AD9F1DD604} - System32\Tasks\{4AE7C422-D30A-419E-8881-A57EEA7EB914} => pcalua.exe -a C:\PROGRA~2\SYNCRO~1\UNWISE.EXE -c C:\PROGRA~2\SYNCRO~1\INSTALL.LOG

Task: {44E24468-BF48-48CF-9825-BC17F203A98C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-513658400-2124063526-4095330266-1002Core => C:\Users\Coralie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)

Task: {4501C5A4-759C-4B34-BEF3-1286F153581E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {527BBD32-0C8B-45D6-8552-9E9442674991} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

Task: {57990F70-4297-4017-9CCD-FF229592A35E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-513658400-2124063526-4095330266-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {61F50C86-CCEF-42ED-AB99-CF966C7D8C49} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {6B18AD5F-5296-4F6F-BB70-45D96E645AEC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {7007D8A8-B8ED-4C72-A638-27A2FE1CADCB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-513658400-2124063526-4095330266-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {7289793E-52F6-4F43-9862-39AB67B90E3B} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)

Task: {7347CA06-2DFB-4753-A035-31FE1C841D5E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)

Task: {74B1BCD6-5D7B-41BC-8EA5-EE7FD6C2DBAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {756DD177-221A-48FC-A9F9-48E83FD477CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {77884467-0B4E-47E7-9ADF-8D3244B54E84} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {7CBEE45C-8959-4CB6-95EE-288859D7620C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {7E8B6209-3E83-4149-9918-326B0119F625} - System32\Tasks\ASC9_SkipUac_Liz => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-03-18] (IObit)

Task: {82B21782-3BD9-4FF2-8EF6-A0C8B91C5426} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-03-15] (IObit)

Task: {838550EB-243D-415F-B770-9CA4BEE67EB5} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-04] (IObit)

Task: {8534EFFC-B309-49BC-A509-FD6A1BCA35B9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {8B3ADA6E-76D5-4A88-9152-7601DA556060} - System32\Tasks\{0FB74B46-04E5-4EBF-83E7-7F63680B82E6} => pcalua.exe -a C:\Users\Liz\Downloads\4200fvst648620a_64en\SetupSG.exe -d C:\Users\Liz\Downloads\4200fvst648620a_64en

Task: {91C54B39-54E6-4580-9D42-19D9ABE5386C} - \CCleanerSkipUAC -> No File <==== ATTENTION

Task: {92008976-E3FB-44EC-90AF-FC3F0F55E3A1} - System32\Tasks\{56009B3F-5A3D-44B0-A14B-2111AED5622F} => pcalua.exe -a "C:\Users\Liz\Desktop\OpenOffice 4.0.1 (en-US) Installation Files\setup.exe" -d "C:\Users\Liz\Desktop\OpenOffice 4.0.1 (en-US) Installation Files"

Task: {A289E819-F567-43E7-9B84-00B8D3AFBE05} - System32\Tasks\SafeZone scheduled Autoupdate 1458723094 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

Task: {A548413C-7790-4BB5-8335-E6B0EB9C9CAC} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

Task: {A6C45357-828C-496D-BB2A-9091F28C83E8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

Task: {A7081EDE-93B3-495B-8055-FC52E5184444} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe

Task: {A80AE3D4-A931-45EA-8856-3A480B3BBEF2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

Task: {A9FF03BA-9879-4E07-A194-2A49F0A60B1E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {AAC9B8FF-39DA-4B70-88B3-61894D4ECD94} - System32\Tasks\{D18434EA-DCF2-4745-BE96-1A87B22765EF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.114/en/abandoninstall?page=tsProgressBar

Task: {AC5C8A0D-913A-4C6D-BF9E-57F1DC4DB241} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-513658400-2124063526-4095330266-1002UA => C:\Users\Coralie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)

Task: {B04BBCAD-73C8-497C-8A7A-B010A16E5AC7} - System32\Tasks\SDMsgUpdate (Local) => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe

Task: {B148C5E8-E5F2-4306-BB1A-6623AEA1E65F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)

Task: {B170E1F5-09ED-4D03-8AC8-7C351D87A11D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)

Task: {B25C6147-1523-46C0-A1E1-C1FC75B8AA95} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe

Task: {B266A3B2-120A-4C57-82C9-23484B659168} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {BB189EA4-2EBF-410B-A927-A06C6E749E5F} - System32\Tasks\{2052F977-C4B1-4F7E-BEC4-4362AB804625} => pcalua.exe -a "C:\Users\Liz\Downloads\Audio_IDT_W7_A03_Setup-8H18M_ZPE (1).exe" -d C:\Users\Liz\Downloads

Task: {BC14EF28-35CB-4837-B3DC-602050CAEDE7} - System32\Tasks\{FF38D237-785B-42C1-978E-32592D0886E2} => pcalua.exe -a "C:\Users\Liz\Desktop\drivers dell\Video_ATI_W7_A10_Setup-G22HG_ZPE.exe" -d "C:\Users\Liz\Desktop\drivers dell"

Task: {BD0A2F61-8DB2-4D6C-81F6-F27352440D74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-29] (Adobe Systems Incorporated)

Task: {BD1A7C0A-7B77-48D8-B2AB-E1F982E2720B} - System32\Tasks\SDMsgUpdate (TE) => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe

Task: {C3E9761B-773D-46AC-978D-0E2CF521775C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {C4405DA1-5F2F-42FD-970C-8D790F77287C} - System32\Tasks\{5302B25A-8FEC-4A1B-A508-B3CD542B49BA} => pcalua.exe -a C:\Users\Liz\Downloads\4200fvst8611a_xpen\SetupSG.exe -d C:\Users\Liz\Downloads\4200fvst8611a_xpen

Task: {C6357615-B471-4A21-AC13-A222A792900C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {CCB08714-90EB-4E7F-BB5B-773A60DB6835} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

Task: {CDDFAEFD-4D10-4966-8AD1-FA534D12808A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-513658400-2124063526-4095330266-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe

Task: {D6F630B6-2313-461A-9F00-4234DDCD65C0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

Task: {D760D32F-13A8-4851-B462-4F90BD15DBC5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {DC05620C-3E28-4AC1-B0D9-5793D99AC79F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {E03D04D7-4D8D-41BB-9B61-14AF4135639B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

Task: {E13C14EA-DD8B-4D68-B09E-D4896DC1EE67} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {E55BDC8F-E76D-4C38-9BE4-FEF582BAFE43} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {EB2BB122-2277-4B1D-83D4-1B3FB3249DCB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {EBE34FBA-99CC-4821-B4CC-216C2E75CBB0} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)

Task: {F289D35C-2EF7-4550-96C2-605AF9ECF3C0} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-12-09] (IObit)

Task: {F6E3000E-8A41-42F3-8210-7B205E715531} - System32\Tasks\{41F43034-E4AA-44A4-BC64-1DA44532A35B} => pcalua.exe -a "C:\Users\Liz\Documents\Downloads\CNET TechTracker\copy13-cstbwin5012aea15.exe" -d "C:\Users\Liz\AppData\Roaming\CBS Interactive\CNET TechTracker"

Task: {F7BD199A-E705-4A38-91B1-6C6F2379605E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

Task: {F9B5703C-00C3-4264-8839-53D6E7A1C340} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {FCD45ED9-1CE3-4728-A784-779CD483339E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\ASC9_SkipUac_Liz.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

Task: C:\WINDOWS\Tasks\Driver Booster Scan.job => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe

Task: C:\WINDOWS\Tasks\Driver Booster Update.job => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-513658400-2124063526-4095330266-1002Core.job => C:\Users\Coralie\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-513658400-2124063526-4095330266-1002UA.job => C:\Users\Coralie\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe`-PLocal -V21020204 -SSDNI.ini -A -Mhxxp:/www.smartdraw.com/msgs/messagecheck.asp

Task: C:\WINDOWS\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe\-PTE -V21020204 -SSDU.ini -A -Mhxxp:/www.smartdraw.com/msgs/messagecheck.asp

Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Liz.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2016-04-13 12:03 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-04-13 12:03 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2014-12-20 09:54 - 2014-10-24 15:16 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll

2015-12-22 14:12 - 2015-12-22 14:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2016-04-13 11:57 - 2016-04-02 05:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2016-04-13 11:59 - 2016-04-02 05:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-04-13 11:59 - 2016-04-02 04:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-04-13 12:03 - 2016-04-02 04:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-04-13 12:03 - 2016-04-02 05:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2013-11-10 22:04 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll

2016-04-05 06:12 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl

2016-04-05 06:12 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl

2016-04-05 06:12 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl

2016-01-07 14:43 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll

2016-01-07 14:43 - 2015-10-27 15:05 - 00618784 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\ProductStatistics.dll

2016-04-05 06:12 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll

2016-04-05 06:12 - 2015-12-28 13:49 - 00629536 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll

2014-03-06 01:11 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl

2014-03-06 01:11 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl

2014-03-06 01:11 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl

2014-03-06 01:11 - 2013-12-12 19:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll

2014-03-06 01:11 - 2013-10-16 23:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll

2014-03-06 01:11 - 2013-05-16 20:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll

2014-03-06 01:11 - 2013-05-16 20:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll

2016-04-05 06:13 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl

2016-04-05 06:13 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

2016-05-01 23:45 - 2016-05-01 23:45 - 00158720 _____ () C:\Users\Liz\AppData\Local\Temp\sfareca00001.dll

2016-05-01 23:45 - 2016-05-01 23:45 - 00192512 _____ () C:\Users\Liz\AppData\Local\Temp\sfamcc00001.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\google.com -> www.google.com

IE trusted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\google.com.br -> www.google.com.br

IE trusted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\itau.b.br -> www.itau.b.br

IE trusted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\itau.com.br -> hxxps://bankline.itau.com.br

IE trusted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\itau.com.br -> bankline.itau.com.br

IE trusted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br

IE trusted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\1-se.com -> 1-se.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\1001movie.com -> 1001movie.com

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\1001night.biz -> 1001night.biz

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\100gal.net -> 100gal.net

IE restricted site: HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-12-06 08:41 - 00000822 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-513658400-2124063526-4095330266-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Liz\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dsc02945.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Advanced SystemCare 5 =>

MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

MSCONFIG\startupreg: ModemOnHold =>

MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun

MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe

MSCONFIG\startupreg: RealDownloader =>

MSCONFIG\startupreg: StartCCC =>

MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

MSCONFIG\startupreg: TkBellExe =>

HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\StartupApproved\Run: => "GarminExpressTrayApp"

HKU\S-1-5-21-513658400-2124063526-4095330266-1000\...\StartupApproved\Run: => "BingSvc"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808

FirewallRules: [{50600F31-C9F3-4EF4-964D-E75276EF209B}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe

FirewallRules: [{375083F9-34BB-4E45-9285-7154FB01F183}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{34F3E9E3-B88B-4654-BB16-A11C0CF72E6B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{E86C516E-2489-4C77-B7F5-848C7115A4B4}] => (Allow) LPort=1900

FirewallRules: [{DFCEEC05-F995-48D8-9BF8-12C276B5DC73}] => (Allow) LPort=2869

FirewallRules: [{DF1E50A3-67D0-42CB-B535-945421A8AD7A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [UDP Query User{A085CBB8-0330-41E3-B64E-F537896DA88D}C:\program files (x86)\atelierdulivre\atelierdulivre\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\atelierdulivre\atelierdulivre\jre\bin\javaw.exe

FirewallRules: [TCP Query User{4F600B4A-EAC9-4AF6-B375-CDE9567E5DCD}C:\program files (x86)\atelierdulivre\atelierdulivre\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\atelierdulivre\atelierdulivre\jre\bin\javaw.exe

FirewallRules: [{C74AE4A9-1800-4731-A7F0-AA151E697D3A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{B0DB0EC7-C147-4593-B1A6-1B3DED6115A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [UDP Query User{F980D3A6-3398-4A97-8649-AB0C7B0BA0CB}C:\users\liz\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\liz\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [TCP Query User{7BDA3939-762F-4B29-9B3F-8D4F9242F3D7}C:\users\liz\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\liz\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [{63B0D9E1-73E8-4B67-AAF5-DF8E8AA15BEE}] => (Allow) C:\Users\Liz\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{A9EB7A87-C770-419C-8EB7-A97E28A3A9BA}] => (Allow) C:\Users\Liz\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{12F4CD76-1AD8-4344-8EB3-63005FBEF99D}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe

FirewallRules: [{D69FF71F-5613-4699-9B34-7641B777D047}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe

FirewallRules: [{0DDBE976-4F21-4357-AC59-F4EC139560E5}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

FirewallRules: [{FA61889A-DDAB-4BA2-996B-CB6FDCDC6046}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

FirewallRules: [{FCFB5E2C-8751-44D9-B595-B097BABAA4FF}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

FirewallRules: [{B54F283E-4CD9-44D7-9E52-C9DB3DEE7E54}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe

FirewallRules: [{68094B4E-560F-4210-999C-1C83F1CBEBBD}] => (Allow) C:\Program Files\ma-config.com\MaConfigAgent.exe

FirewallRules: [{8AE9ECBE-7968-4AD1-9186-CED34EC8788A}] => (Allow) C:\Program Files\ma-config.com\MaConfigAgent.exe

FirewallRules: [{1310D6A6-B06A-4755-8465-8F03C0E6FDAA}] => (Allow) LPort=48114

FirewallRules: [{155095DC-17B1-41B8-B366-551D1796F684}] => (Allow) LPort=48113

FirewallRules: [UDP Query User{01E2F9BE-BAF3-466D-BC1A-D4BD09F3FEBB}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [TCP Query User{A0D971FC-9CB6-4EA6-BF1E-861F96B8BFBE}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [{BA5F9815-E416-494D-87D3-F1C91B1B2418}] => (Allow) C:\Windows\SysWOW64\msiexec.exe

FirewallRules: [{C26C1EA0-06A0-440F-84A3-9D98558A8EB9}] => (Allow) C:\Windows\SysWOW64\msiexec.exe

FirewallRules: [UDP Query User{854503BD-6965-4036-9CE4-EA6F9213E431}C:\users\coralie\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\coralie\appdata\local\facebook\video\skype\facebookvideocalling.exe

FirewallRules: [TCP Query User{69993C8E-8E03-4EE2-B006-B84E3BCF90DC}C:\users\coralie\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\coralie\appdata\local\facebook\video\skype\facebookvideocalling.exe

FirewallRules: [{AEC2103F-DBAE-4993-880A-2906252CFF61}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

FirewallRules: [{CF1FCDE4-CCD6-4D48-9089-24AA81020BC5}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

FirewallRules: [{133ECF3F-2131-4C2D-B414-5B2CC9964C47}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

FirewallRules: [{ED9C2843-4361-46FD-82BA-E5357B2C2D75}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

FirewallRules: [{E675103E-0B77-40B9-BEF7-9B3E3734E9BB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{67313D4A-5B38-4C63-9C99-BD990C83305C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-04-2016 11:14:52 Scheduled Checkpoint

21-04-2016 20:05:04 Picasa 3 restore point

28-04-2016 11:06:55 Restore Operation

01-05-2016 02:08:26 Avast Free Antivirus restore point

==================== Faulty Device Manager Devices =============

Name: TAP-VyprVPN Adapter V9

Description: TAP-VyprVPN Adapter V9

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: TAP-VyprVPN Provider V9

Service: tapvyprvpn

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (05/01/2016 11:29:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LIZ-PC)

Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/01/2016 11:29:00 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program HxTsr.exe version 16.0.6769.4089 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 19fc

Start Time: 01d1a3f02e8ddfe4

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40891.0_x64__8wekyb3d8bbwe\HxTsr.exe

Report Id: b3987a47-0fe3-11e6-9c7d-782bcbf93964

Faulting package full name: microsoft.windowscommunicationsapps_17.6769.40891.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/01/2016 11:28:19 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (05/01/2016 11:27:08 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 1d84

Start Time: 01d1a3efd338c146

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40891.0_x64__8wekyb3d8bbwe\HxTsr.exe

Report Id: 631a938d-0fe3-11e6-9c7d-782bcbf93964

Faulting package full name: microsoft.windowscommunicationsapps_17.6769.40891.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/01/2016 11:26:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LIZ-PC)

Error: (05/01/2016 11:26:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LIZ-PC)

Description: Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/01/2016 11:20:11 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: STacSV64.exe, version: 1.0.6365.0, time stamp: 0x4e68a05a

Faulting module name: STacSV64.exe, version: 1.0.6365.0, time stamp: 0x4e68a05a

Exception code: 0xc0000005

Fault offset: 0x0000000000021500

Faulting process id: 0x648

Faulting application start time: 0xSTacSV64.exe0

Faulting application path: STacSV64.exe1

Faulting module path: STacSV64.exe2

Report Id: STacSV64.exe3

Faulting package full name: STacSV64.exe4

Faulting package-relative application ID: STacSV64.exe5

Error: (05/01/2016 08:31:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LIZ-PC)

Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/01/2016 05:02:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LIZ-PC)

Description: Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:

=============

Error: (05/01/2016 11:28:54 PM) (Source: DCOM) (EventID: 10010) (User: LIZ-PC)

Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca

Error: (05/01/2016 11:27:42 PM) (Source: Service Control Manager) (EventID: 7005) (User: )

Description: The LoadUserProfile call failed with the following error:

%%1009

Error: (05/01/2016 11:26:20 PM) (Source: DCOM) (EventID: 10010) (User: LIZ-PC)

Description: Microsoft.MicrosoftOfficeHub.AppXrqs94aemecwbtd1veqtvyn34m9ks80g7.mca

Error: (05/01/2016 11:24:15 PM) (Source: Service Control Manager) (EventID: 7005) (User: )

Description: The LoadUserProfile call failed with the following error:

%%1009

Error: (05/01/2016 11:23:59 PM) (Source: Service Control Manager) (EventID: 7005) (User: )

Description: The LoadUserProfile call failed with the following error:

%%1009

Error: (05/01/2016 11:22:43 PM) (Source: Service Control Manager) (EventID: 7005) (User: )

Description: The LoadUserProfile call failed with the following error:

%%1009

Error: (05/01/2016 11:22:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Sony Digital Media Server service terminated with the following error:

%%2147500037

Error: (05/01/2016 11:20:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the VyprVPN service to connect.

Error: (05/01/2016 11:20:12 PM) (Source: Service Control Manager) (EventID: 7005) (User: )

Description: The LoadUserProfile call failed with the following error:

%%1009

Error: (05/01/2016 11:20:12 PM) (Source: Service Control Manager) (EventID: 7005) (User: )

Description: The LoadUserProfile call failed with the following error:

%%1009

CodeIntegrity:

===================================

Date: 2016-05-01 20:30:54.038

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-01 20:30:54.020

Date: 2016-05-01 20:30:53.987

Date: 2016-05-01 20:30:53.968

Date: 2016-05-01 20:30:53.930

Date: 2016-05-01 20:30:53.912

Date: 2016-05-01 20:30:53.881

Date: 2016-05-01 20:30:53.862

Date: 2016-05-01 20:30:53.821

Date: 2016-05-01 20:30:53.803

==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz

Percentage of memory in use: 24%

Total physical RAM: 4003.17 MB

Available physical RAM: 3040.91 MB

Total Virtual: 8099.17 MB

Available Virtual: 6569.14 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.33 GB) (Free:420.12 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive e: (THE SALT OF THE EARTH) (CDROM) (Total:7.61 GB) (Free:0 GB) UDF

Drive t: (windows 10) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 2BD605AC)

Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)

Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=581.3 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=99 MB) - (Type=OF Extended)

==================== End of Addition.txt ============================

#2
Jr0x

Posted 05 May 2016 - 08:56 AM

Malware removal team

Malware Removal
1,830 posts

Hi lizglass,

Welcome to :welcome:

. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.

Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
If there is anything you are unclear of, please ask before you start the fix.
Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
There may be delayed response to you as we may live in different timezone.
Inform me of anything that happens unexpectedly during the fix at any point of time.
As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

Let's get started.

It could very well be due to hardware issue that is causing your machine to freeze. But let's make sure that it isn't caused by malware issue first.

Anyhow, I need to see a new FRST log.

Re-Scan with Farbar's Recovery Scan Tool (FRST)

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.

#3
lizglass

Posted 05 May 2016 - 09:21 AM

Member

Topic Starter
Member
159 posts

Thanks for helping me! I am currently in France and will try to answer you asap, this is really annoying...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016

Ran by Liz (administrator) on LIZ-PC (05-05-2016 17:12:49)

Running from C:\Users\Liz\Downloads

Loaded Profiles: Liz (Available Profiles: Liz & Jonathan & Coralie & Jeremy & DefaultAppPool)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe

(Golden Frog, GmbH.) C:\Program Files (x86)\VyprVPN\VyprVPNService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe

(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe