Inactive-A AVG won't finish removing threats so I followed your instructions and runned the farbar tool

Status
Not open for further replies.
2016-04-22 10:38 - 2016-04-22 10:38 - 00000000 ____D C:\Users\Public\Documents\IHeeaWA
2016-04-22 10:33 - 2016-04-26 09:34 - 00000000 ____D C:\WINDOWS\system32\log
2016-04-22 00:55 - 2016-04-22 00:55 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-04-22 00:55 - 2016-04-22 00:55 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-04-20 23:32 - 2016-04-21 21:03 - 00590406 _____ C:\Users\gustavo\Desktop\Resumé - Gustavo Visconti - Español.pdf
2016-04-20 23:21 - 2016-04-20 23:21 - 00000000 ____D C:\Users\gustavo\Documents\Custom Office Templates
2016-04-20 22:19 - 2016-04-26 06:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-20 22:18 - 2016-04-20 22:18 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-04-20 22:17 - 2016-04-20 22:18 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-04-20 22:17 - 2016-04-20 22:17 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-04-20 22:14 - 2016-04-20 22:14 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-04-20 22:14 - 2016-04-20 22:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-04-20 22:13 - 2016-04-20 22:13 - 00000000 __RHD C:\MSOCache
2016-04-20 17:41 - 2016-04-20 19:28 - 00000000 ____D C:\Users\gustavo\Downloads\Microsoft Office Professional Plus 2013
2016-04-20 15:45 - 2016-04-26 09:30 - 00000943 _____ C:\Users\gustavo\Desktop\µTorrent.lnk
2016-04-20 15:45 - 2016-04-26 09:30 - 00000923 _____ C:\Users\gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-04-20 15:43 - 2016-04-26 11:29 - 00000000 ____D C:\Users\gustavo\AppData\Roaming\uTorrent
2016-04-20 15:42 - 2016-04-20 15:42 - 01959424 _____ (BitTorrent Inc.) C:\Users\gustavo\Downloads\uTorrent.exe
2016-04-20 10:08 - 2016-04-20 10:16 - 00987728 _____ (Google Inc.) C:\Users\gustavo\Downloads\ChromeSetup.exe
2016-04-19 14:45 - 2016-04-19 14:46 - 00193041 _____ C:\Users\gustavo\Downloads\Resumé - Gustavo Visconti - Español.docx (2).pdf
2016-04-16 21:28 - 2016-04-16 21:28 - 00180058 _____ C:\Users\gustavo\Downloads\Resumé - Gustavo Visconti - Español.docx (1).pdf
2016-04-16 21:28 - 2016-04-16 21:28 - 00180058 _____ C:\Users\gustavo\Desktop\Resumé - Gustavo Visconti - Español.docx (1).pdf
2016-04-14 17:53 - 2016-04-14 17:53 - 00181898 _____ C:\Users\gustavo\Downloads\Resumé - Gustavo Visconti - Español.docx.pdf
2016-04-13 00:13 - 2016-04-13 00:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-13 00:06 - 2016-04-13 00:07 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-13 00:05 - 2016-04-13 00:06 - 04282368 _____ C:\Users\gustavo\Downloads\MS_Office_2016_Key_Working_For_Activation.iso
2016-04-12 23:53 - 2016-04-12 23:53 - 00003712 _____ C:\WINDOWS\System32\Tasks\KMSAuto
2016-04-12 23:53 - 2016-04-12 23:53 - 00002488 _____ C:\WINDOWS\KMSAutoLite.ini
2016-04-12 23:41 - 2016-04-12 23:41 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-04-12 20:46 - 2016-04-01 23:43 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-12 20:46 - 2016-04-01 22:56 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-12 20:46 - 2016-04-01 22:51 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-12 20:46 - 2016-04-01 22:49 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-12 20:46 - 2016-04-01 22:48 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 20:46 - 2016-04-01 22:45 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-12 20:46 - 2016-04-01 22:44 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-12 20:46 - 2016-04-01 22:39 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 20:46 - 2016-04-01 22:37 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 20:46 - 2016-04-01 22:37 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 20:46 - 2016-04-01 22:30 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 20:46 - 2016-03-29 05:52 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 20:46 - 2016-03-29 05:52 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 20:46 - 2016-03-29 05:50 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-12 20:46 - 2016-03-29 05:50 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 20:46 - 2016-03-29 05:50 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 20:46 - 2016-03-29 05:50 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 20:46 - 2016-03-29 05:48 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-12 20:46 - 2016-03-29 05:32 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-12 20:46 - 2016-03-29 05:26 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-12 20:46 - 2016-03-29 05:07 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 20:46 - 2016-03-29 04:58 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-12 20:46 - 2016-03-29 04:47 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-12 20:46 - 2016-03-29 04:43 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-12 20:46 - 2016-03-29 04:41 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 20:46 - 2016-03-29 04:38 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-12 20:46 - 2016-03-29 04:14 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-12 20:46 - 2016-03-29 04:11 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 20:46 - 2016-03-29 03:56 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-12 20:46 - 2016-03-29 03:36 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-12 20:46 - 2016-03-29 03:32 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-12 20:46 - 2016-03-29 03:31 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 20:46 - 2016-03-29 03:28 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-12 20:46 - 2016-03-29 03:28 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-12 20:46 - 2016-03-29 03:16 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-12 20:46 - 2016-03-29 03:09 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-12 20:46 - 2016-03-29 03:08 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-12 20:46 - 2016-03-29 03:07 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-12 20:46 - 2016-03-29 03:06 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-12 20:46 - 2016-03-29 03:04 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-12 20:46 - 2016-03-29 02:58 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-12 20:46 - 2016-03-29 02:57 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-12 20:46 - 2016-03-29 02:53 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-12 20:46 - 2016-03-29 02:52 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-12 20:46 - 2016-03-29 02:50 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-12 20:46 - 2016-03-29 02:49 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-12 20:46 - 2016-03-29 02:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-12 20:46 - 2016-03-29 02:46 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-12 20:46 - 2016-03-29 02:46 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-12 20:46 - 2016-03-29 02:45 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-12 20:46 - 2016-03-29 02:45 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-12 20:46 - 2016-03-29 02:44 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-12 20:46 - 2016-03-29 02:44 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-12 20:46 - 2016-03-29 02:44 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-12 20:46 - 2016-03-29 02:43 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-12 20:46 - 2016-03-29 02:42 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-12 20:46 - 2016-03-29 02:42 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-12 20:46 - 2016-03-29 02:42 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-12 20:46 - 2016-03-29 02:41 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-12 20:46 - 2016-03-29 02:40 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-12 20:46 - 2016-03-29 02:40 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-12 20:46 - 2016-03-29 02:37 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 20:46 - 2016-03-29 02:37 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-12 20:46 - 2016-03-29 02:36 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-12 20:46 - 2016-03-29 02:35 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-12 20:46 - 2016-03-29 02:32 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-12 20:46 - 2016-03-29 02:32 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-12 20:46 - 2016-03-29 02:32 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-12 20:46 - 2016-03-29 02:30 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-12 20:46 - 2016-03-29 02:30 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-12 20:46 - 2016-03-29 02:29 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-12 20:46 - 2016-03-29 02:26 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-12 20:46 - 2016-03-29 02:26 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-12 20:46 - 2016-03-29 02:18 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-12 20:46 - 2016-03-29 02:14 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-12 20:46 - 2016-03-29 02:13 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-12 20:46 - 2016-03-29 02:12 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-12 20:46 - 2016-03-29 02:09 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-12 20:46 - 2016-03-29 02:07 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-12 20:46 - 2016-03-29 02:07 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-12 20:46 - 2016-03-29 02:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 20:46 - 2016-03-29 02:06 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 20:46 - 2016-03-29 02:05 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-12 20:46 - 2016-03-29 02:04 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-12 20:46 - 2016-03-29 02:04 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-12 20:46 - 2016-03-29 02:02 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-12 20:46 - 2016-03-29 02:02 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-12 20:46 - 2016-03-29 02:01 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-12 20:46 - 2016-03-29 02:01 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-12 20:46 - 2016-03-29 02:00 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-12 20:46 - 2016-03-29 01:58 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-12 20:46 - 2016-03-29 01:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-12 20:46 - 2016-03-29 01:57 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 20:46 - 2016-03-29 01:56 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-12 20:46 - 2016-03-29 01:49 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-12 20:46 - 2016-03-29 01:47 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-12 20:46 - 2016-03-29 01:44 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-12 20:46 - 2016-03-29 01:35 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-12 20:46 - 2016-03-29 01:35 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-12 20:46 - 2016-03-29 01:35 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-12 20:46 - 2016-03-29 01:35 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 20:46 - 2016-03-29 01:32 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-12 20:46 - 2016-03-29 01:31 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-12 20:46 - 2016-03-29 01:28 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-12 20:46 - 2016-03-29 01:26 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-12 20:46 - 2016-03-29 01:22 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-12 20:46 - 2016-03-29 01:21 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-12 20:46 - 2016-03-29 01:21 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-12 20:46 - 2016-03-29 01:19 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-12 20:46 - 2016-03-29 01:15 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-12 20:46 - 2016-03-29 01:13 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-12 20:46 - 2016-03-29 01:11 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 20:46 - 2016-03-29 01:11 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 20:46 - 2016-03-29 01:09 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 20:46 - 2016-03-29 01:08 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 20:46 - 2016-03-29 01:08 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-12 20:46 - 2016-03-29 01:07 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 20:46 - 2016-03-29 01:06 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-12 20:46 - 2016-03-29 00:57 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-12 20:46 - 2016-03-29 00:57 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 20:46 - 2016-03-29 00:56 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-12 20:46 - 2016-03-29 00:55 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-12 20:45 - 2016-04-01 23:40 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-12 20:45 - 2016-04-01 23:40 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 20:45 - 2016-04-01 23:40 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-12 20:45 - 2016-04-01 23:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-12 20:45 - 2016-04-01 22:59 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-12 20:45 - 2016-04-01 22:59 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-12 20:45 - 2016-04-01 22:55 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-12 20:45 - 2016-04-01 22:55 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-12 20:45 - 2016-04-01 22:53 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-12 20:45 - 2016-04-01 22:53 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-12 20:45 - 2016-04-01 22:38 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-12 20:45 - 2016-04-01 22:33 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-12 20:45 - 2016-03-29 05:53 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-12 20:45 - 2016-03-29 05:45 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-12 20:45 - 2016-03-29 05:41 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-12 20:45 - 2016-03-29 05:35 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-12 20:45 - 2016-03-29 05:32 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-12 20:45 - 2016-03-29 04:58 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-12 20:45 - 2016-03-29 04:58 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-12 20:45 - 2016-03-29 04:55 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-12 20:45 - 2016-03-29 04:55 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-12 20:45 - 2016-03-29 04:49 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-12 20:45 - 2016-03-29 04:48 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-12 20:45 - 2016-03-29 04:41 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-12 20:45 - 2016-03-29 04:40 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-12 20:45 - 2016-03-29 04:39 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-12 20:45 - 2016-03-29 04:38 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-12 20:45 - 2016-03-29 04:37 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-12 20:45 - 2016-03-29 04:14 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-12 20:45 - 2016-03-29 04:11 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-12 20:45 - 2016-03-29 04:02 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-12 20:45 - 2016-03-29 03:56 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-12 20:45 - 2016-03-29 03:56 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-12 20:45 - 2016-03-29 03:55 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-12 20:45 - 2016-03-29 03:54 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-12 20:45 - 2016-03-29 03:53 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-12 20:45 - 2016-03-29 03:51 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-12 20:45 - 2016-03-29 03:47 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-12 20:45 - 2016-03-29 03:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-12 20:45 - 2016-03-29 03:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-12 20:45 - 2016-03-29 03:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-12 20:45 - 2016-03-29 03:37 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-12 20:45 - 2016-03-29 03:37 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-12 20:45 - 2016-03-29 03:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-12 20:45 - 2016-03-29 03:36 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-12 20:45 - 2016-03-29 03:30 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-12 20:45 - 2016-03-29 03:30 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-12 20:45 - 2016-03-29 03:30 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-12 20:45 - 2016-03-29 03:29 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-12 20:45 - 2016-03-29 03:27 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-12 20:45 - 2016-03-29 03:27 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 20:45 - 2016-03-29 03:27 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-12 20:45 - 2016-03-29 03:27 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-12 20:45 - 2016-03-29 03:25 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-12 20:45 - 2016-03-29 03:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-12 20:45 - 2016-03-29 03:25 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-12 20:45 - 2016-03-29 03:24 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 20:45 - 2016-03-29 03:23 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-12 20:45 - 2016-03-29 03:22 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-12 20:45 - 2016-03-29 03:21 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-12 20:45 - 2016-03-29 03:21 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-12 20:45 - 2016-03-29 03:20 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-12 20:45 - 2016-03-29 03:20 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 20:45 - 2016-03-29 03:20 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-12 20:45 - 2016-03-29 03:20 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-12 20:45 - 2016-03-29 03:20 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-12 20:45 - 2016-03-29 03:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-12 20:45 - 2016-03-29 03:18 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-12 20:45 - 2016-03-29 03:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-12 20:45 - 2016-03-29 03:16 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-12 20:45 - 2016-03-29 03:14 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-12 20:45 - 2016-03-29 03:12 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-12 20:45 - 2016-03-29 03:06 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-12 20:45 - 2016-03-29 03:05 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-12 20:45 - 2016-03-29 03:05 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-12 20:45 - 2016-03-29 03:04 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-12 20:45 - 2016-03-29 03:04 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-12 20:45 - 2016-03-29 03:04 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-12 20:45 - 2016-03-29 03:03 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-12 20:45 - 2016-03-29 03:02 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-12 20:45 - 2016-03-29 03:02 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-12 20:45 - 2016-03-29 03:00 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-12 20:45 - 2016-03-29 03:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 20:45 - 2016-03-29 02:56 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-12 20:45 - 2016-03-29 02:53 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-12 20:45 - 2016-03-29 02:53 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-12 20:45 - 2016-03-29 02:51 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 20:45 - 2016-03-29 02:50 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-12 20:45 - 2016-03-29 02:50 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-12 20:45 - 2016-03-29 02:50 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-12 20:45 - 2016-03-29 02:49 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-12 20:45 - 2016-03-29 02:48 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-12 20:45 - 2016-03-29 02:47 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-12 20:45 - 2016-03-29 02:47 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-12 20:45 - 2016-03-29 02:47 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-12 20:45 - 2016-03-29 02:44 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-12 20:45 - 2016-03-29 02:41 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-12 20:45 - 2016-03-29 02:41 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-12 20:45 - 2016-03-29 02:41 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 20:45 - 2016-03-29 02:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-12 20:45 - 2016-03-29 02:41 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-12 20:45 - 2016-03-29 02:39 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-12 20:45 - 2016-03-29 02:39 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-12 20:45 - 2016-03-29 02:39 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-12 20:45 - 2016-03-29 02:38 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-12 20:45 - 2016-03-29 02:38 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-12 20:45 - 2016-03-29 02:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 20:45 - 2016-03-29 02:36 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-12 20:45 - 2016-03-29 02:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-12 20:45 - 2016-03-29 02:35 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-12 20:45 - 2016-03-29 02:34 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-12 20:45 - 2016-03-29 02:33 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-12 20:45 - 2016-03-29 02:30 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-12 20:45 - 2016-03-29 02:30 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 20:45 - 2016-03-29 02:29 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-12 20:45 - 2016-03-29 02:29 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-12 20:45 - 2016-03-29 02:25 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-12 20:45 - 2016-03-29 02:23 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-12 20:45 - 2016-03-29 02:23 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-12 20:45 - 2016-03-29 02:22 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 20:45 - 2016-03-29 02:22 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-12 20:45 - 2016-03-29 02:19 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-12 20:45 - 2016-03-29 02:12 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-12 20:45 - 2016-03-29 02:12 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 20:45 - 2016-03-29 02:11 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-12 20:45 - 2016-03-29 02:10 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-12 20:45 - 2016-03-29 02:09 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-12 20:45 - 2016-03-29 02:09 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-12 20:45 - 2016-03-29 02:08 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-12 20:45 - 2016-03-29 02:06 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-12 20:45 - 2016-03-29 02:04 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-12 20:45 - 2016-03-29 02:04 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-12 20:45 - 2016-03-29 02:02 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 20:45 - 2016-03-29 02:02 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 20:45 - 2016-03-29 02:02 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-12 20:45 - 2016-03-29 02:02 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-12 20:45 - 2016-03-29 02:02 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-12 20:45 - 2016-03-29 02:02 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-12 20:45 - 2016-03-29 02:01 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-12 20:45 - 2016-03-29 02:01 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-12 20:45 - 2016-03-29 01:59 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-12 20:45 - 2016-03-29 01:59 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-12 20:45 - 2016-03-29 01:58 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-12 20:45 - 2016-03-29 01:57 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-12 20:45 - 2016-03-29 01:57 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-12 20:45 - 2016-03-29 01:57 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-12 20:45 - 2016-03-29 01:53 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-12 20:45 - 2016-03-29 01:52 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-12 20:45 - 2016-03-29 01:43 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-12 20:45 - 2016-03-29 01:40 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 20:45 - 2016-03-29 01:36 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-12 20:45 - 2016-03-29 01:35 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-12 20:45 - 2016-03-29 01:35 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-12 20:45 - 2016-03-29 01:34 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 20:45 - 2016-03-29 01:34 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-12 20:45 - 2016-03-29 01:31 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-12 20:45 - 2016-03-29 01:30 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-12 20:45 - 2016-03-29 01:15 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-12 20:45 - 2016-03-29 01:13 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-12 20:45 - 2016-03-29 01:05 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-12 20:45 - 2016-03-29 00:58 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-12 20:45 - 2016-03-29 00:57 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-12 20:45 - 2016-03-29 00:56 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-12 20:45 - 2016-03-29 00:55 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-12 20:45 - 2016-03-29 00:51 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 20:10 - 2016-04-26 09:31 - 00002484 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-04-12 20:10 - 2016-04-26 09:31 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-04-12 20:10 - 2016-04-26 09:31 - 00002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-04-12 20:10 - 2016-04-26 09:31 - 00002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-04-12 20:10 - 2016-04-26 09:31 - 00002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-04-12 20:10 - 2016-04-26 09:31 - 00002396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-04-12 20:10 - 2016-04-26 09:31 - 00002392 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-04-12 20:10 - 2016-04-12 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office 2016
2016-04-12 19:15 - 2016-04-12 19:15 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-12 17:44 - 2016-04-12 17:44 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2016-04-12 17:30 - 2016-04-12 17:33 - 00003804 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2016-04-12 17:30 - 2016-04-12 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-04-12 17:29 - 2016-04-26 09:20 - 00000000 ____D C:\Program Files\KMSpico
2016-04-12 17:27 - 2016-04-12 17:28 - 02939808 _____ C:\Users\gustavo\Downloads\activador by Roberto.rar
2016-04-12 17:23 - 2016-04-26 12:04 - 00000000 ____D C:\Program Files (x86)\PPRX
2016-04-12 17:20 - 2016-04-12 17:23 - 08687104 _____ (suprx) C:\Users\gustavo\Downloads\sharewithus-2016.exe
2016-03-31 16:10 - 2016-03-31 16:10 - 02841957 _____ C:\Users\gustavo\Downloads\Trabajo de Grado Completo (1).pdf
2016-03-29 22:17 - 2016-04-27 11:17 - 00000000 ____D C:\Users\gustavo\Desktop\TESIS YAYA
2016-03-29 22:17 - 2016-03-29 22:17 - 00000000 ____D C:\Users\gustavo\Downloads\New folder
2016-03-29 20:22 - 2016-03-29 20:22 - 00009548 _____ C:\Users\gustavo\Downloads\Gato público total como porcentaje del PIB.xlsx
2016-03-29 20:10 - 2016-03-29 20:10 - 00074240 _____ C:\Users\gustavo\Downloads\7_1_7.xls
2016-03-29 20:09 - 2016-03-29 20:09 - 00220672 _____ C:\Users\gustavo\Downloads\CAP1.xls
2016-03-29 17:12 - 2016-03-29 17:12 - 00051712 _____ C:\Users\gustavo\Downloads\4_5_7.xls
2016-03-29 17:11 - 2016-03-29 17:11 - 01142272 _____ C:\Users\gustavo\Downloads\4_4_2.xls
2016-03-29 17:09 - 2016-03-29 17:09 - 00080896 _____ C:\Users\gustavo\Downloads\5_2_2.xls
2016-03-29 17:08 - 2016-03-29 17:08 - 00991744 _____ C:\Users\gustavo\Downloads\5_2_4 (1).xls
2016-03-29 17:05 - 2016-04-02 23:45 - 00991744 _____ C:\Users\gustavo\Downloads\5_2_4.xls
2016-03-29 16:39 - 2016-03-29 16:39 - 00248576 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-27 11:17 - 2014-09-12 19:07 - 00000000 ____D C:\Users\gustavo\AppData\Local\Packages
2016-04-27 11:10 - 2015-10-30 02:54 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-27 11:06 - 2015-02-22 21:22 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-27 10:06 - 2014-09-12 19:33 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{85027A90-13B9-424E-8FFD-7BA10B70D1D8}
2016-04-27 09:07 - 2015-10-30 02:54 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-27 09:02 - 2015-12-04 08:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-04-27 02:53 - 2014-10-03 15:18 - 00000000 ____D C:\ProgramData\MFAData
2016-04-26 22:06 - 2015-02-22 21:22 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-26 12:24 - 2014-11-24 14:53 - 00000000 ____D C:\Users\gustavo\Desktop\Accesos directos
2016-04-26 12:05 - 2015-10-30 02:51 - 00000000 ____D C:\WINDOWS\INF
2016-04-26 12:04 - 2016-03-13 17:06 - 00000000 ____D C:\Program Files (x86)\Twitter Hacker Pro 2.8.9
2016-04-26 11:32 - 2015-07-30 22:44 - 00883044 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-26 11:27 - 2014-12-20 11:23 - 00000000 ___RD C:\Users\gustavo\iCloudDrive
2016-04-26 11:26 - 2015-12-05 05:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-26 11:26 - 2015-12-04 08:13 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-26 11:19 - 2015-10-30 01:58 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-04-26 10:07 - 2015-10-30 02:54 - 00000000 ____D C:\WINDOWS\tracing
2016-04-26 09:32 - 2015-07-30 23:04 - 00001034 _____ C:\Users\gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-04-26 09:32 - 2015-07-30 22:52 - 00002416 _____ C:\Users\gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-26 09:32 - 2015-06-22 09:49 - 00000714 _____ C:\Users\gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-04-26 09:31 - 2016-01-28 23:15 - 00001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-26 09:31 - 2016-01-28 22:56 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-26 09:31 - 2015-12-04 08:17 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-26 09:31 - 2015-08-22 19:58 - 00001256 _____ C:\Users\Public\Desktop\MATLAB R2010a.lnk
2016-04-26 09:31 - 2015-03-05 01:49 - 00000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2014.lnk
2016-04-26 09:31 - 2015-03-05 01:23 - 00002056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.7.1 64-bit.lnk
2016-04-26 09:31 - 2015-03-04 11:29 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.1.lnk
2016-04-26 09:31 - 2015-03-04 10:20 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2016-04-26 09:31 - 2015-03-04 09:49 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
2016-04-26 09:31 - 2015-03-04 07:23 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2016-04-26 09:31 - 2015-03-03 20:34 - 00001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2016-04-26 09:31 - 2015-03-03 16:45 - 00001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-04-26 09:31 - 2014-09-12 19:35 - 00002162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-26 09:30 - 2015-10-03 09:52 - 00001298 _____ C:\Users\gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\ReadCube.lnk
2016-04-26 08:18 - 2016-03-13 22:23 - 00000000 ____D C:\Users\gustavo\AppData\Local\CrashDumps
2016-04-26 08:11 - 2015-12-04 08:14 - 00000000 ____D C:\Users\gustavo
2016-04-26 06:17 - 2015-10-30 02:54 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-04-25 15:30 - 2014-09-12 19:19 - 00000000 __RDO C:\Users\gustavo\OneDrive
2016-04-25 14:58 - 2016-03-25 21:44 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-25 12:49 - 2013-08-22 08:55 - 00000167 _____ C:\WINDOWS\win.ini
2016-04-24 09:26 - 2015-07-19 15:50 - 00000000 ____D C:\Users\gustavo\AppData\Roaming\Skype
2016-04-23 11:04 - 2015-10-30 02:54 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-23 11:04 - 2015-06-25 09:47 - 00000000 ____D C:\Users\gustavo\AppData\Local\ElevatedDiagnostics
2016-04-22 10:27 - 2015-12-04 08:11 - 00345952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-22 01:48 - 2015-10-30 02:54 - 00000000 ____D C:\Program Files\Common Files\System
2016-04-22 01:41 - 2015-10-30 02:54 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-21 17:55 - 2015-10-30 01:58 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-20 22:18 - 2015-10-30 04:37 - 00000000 ____D C:\WINDOWS\ShellNew
2016-04-20 22:17 - 2016-01-28 18:35 - 00000000 ____D C:\Program Files\Microsoft Office
2016-04-20 22:17 - 2015-10-30 02:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-20 14:17 - 2016-01-26 11:04 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2016-04-18 09:04 - 2016-01-08 10:46 - 00071936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avguniva.sys
2016-04-16 21:41 - 2015-10-30 02:54 - 00000000 ____D C:\WINDOWS\rescache
2016-04-14 10:54 - 2015-03-20 12:18 - 00051968 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx64.sys
2016-04-14 00:22 - 2015-10-30 02:54 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 00:22 - 2015-10-30 02:54 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 00:22 - 2015-10-30 02:54 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 00:22 - 2015-10-30 02:54 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 00:15 - 2016-01-31 22:12 - 00000000 ____D C:\Users\gustavo\Desktop\EXPO
2016-04-13 00:15 - 2014-10-03 12:30 - 00000000 ____D C:\Users\gustavo\Desktop\My Shared Folder
2016-04-13 00:14 - 2015-11-15 16:09 - 00000000 ____D C:\Users\gustavo\Desktop\Cancilleria
2016-04-13 00:07 - 2015-07-30 22:48 - 00000840 __RSH C:\ProgramData\ntuser.pol
2016-04-12 23:25 - 2015-10-30 02:41 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-12 23:23 - 2014-09-16 06:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 23:18 - 2014-09-16 06:11 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-10 13:47 - 2015-07-19 15:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-10 13:47 - 2015-07-19 15:50 - 00000000 ____D C:\ProgramData\Skype
2016-04-06 14:02 - 2015-10-30 02:56 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 14:02 - 2015-10-30 02:56 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-09-12 20:11 - 2015-11-21 08:51 - 0000034 _____ () C:\Users\gustavo\AppData\Roaming\AdobeWLCMCache.dat
2015-07-16 18:37 - 2015-07-16 18:37 - 0000000 _____ () C:\Users\gustavo\AppData\Local\{C72FDF29-07A6-4B52-BD6E-6198A83CACB9}
2015-12-04 08:12 - 2015-12-04 08:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\gustavo\AppData\Local\Temp\avguirn_08164994610.exe
C:\Users\gustavo\AppData\Local\Temp\avguirn_081982142389.exe
C:\Users\gustavo\AppData\Local\Temp\avguirn_082049670441.exe
C:\Users\gustavo\AppData\Local\Temp\dllnt_dump.dll
C:\Users\gustavo\AppData\Local\Temp\ReadCubeTray64.exe
C:\Users\gustavo\AppData\Local\Temp\RemoteMouse.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-22 00:26

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by gustavo (2016-04-27 11:19:01)
Running from C:\Users\gustavo\Downloads
Windows 10 Pro Version 1511 (X64) (2015-12-05 10:32:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2067883112-1484101570-4244796366-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2067883112-1484101570-4244796366-503 - Limited - Disabled)
Guest (S-1-5-21-2067883112-1484101570-4244796366-501 - Limited - Disabled)
gustavo (S-1-5-21-2067883112-1484101570-4244796366-1001 - Administrator - Enabled) => C:\Users\gustavo
HomeGroupUser$ (S-1-5-21-2067883112-1484101570-4244796366-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\...\uTorrent) (Version: 3.4.6.42178 - BitTorrent Inc.)
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{7F823F8E-4348-11E4-8BF8-81763C49AA32}) (Version: 15.1.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.2.0.069 - Adobe Systems Incorporated)
Adobe Muse CC 2014 (HKLM-x32\...\{4FC5F06E-31E5-4C22-9449-CB41B62D1897}) (Version: 2014.3.0.1176 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ares 2.2.5 (HKLM-x32\...\Ares) (Version: 2.2.5-Build#3049 - Seekar Ltd)
AVG (Version: 16.71.7596 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4563 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.71.7596 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.9.726 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cuevana Storm version 0.3b (HKLM-x32\...\{2AFB4518-E1D7-4D74-B4FC-C65AE00E531D}_is1) (Version: 0.3b - Cuevana)
Dropbox (HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
EViews 4 (HKLM-x32\...\{011A5720-AD17-11D4-8B12-00104B1F716F}) (Version: - )
FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden
FXCM Trading Station (HKLM-x32\...\FXCM Trading Station) (Version: 011415 - )
FXCM Trading Station (x32 Version: 011415 - FXCM) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.75 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.)
Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Converter 16 (HKLM-x32\...\Movavi Video Converter 16) (Version: 16.2.0 - Movavi)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.2 (HKLM\...\{6CB00039-29CC-42A1-8ED2-820821DA2B8A}) (Version: 5.0.2 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ReadCube (HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\...\ReadCube) (Version: - Labtiva, Inc.)
Remote Mouse version 2.70 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.70 - Remote Mouse)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Software Informer 1.5.1315.0 (HKLM\...\Software Informer_is1) (Version: - Informer Technologies, Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.5.4 - Splashtop Inc.)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version: - Media Converters)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
WinX HD Video Converter Deluxe 5.9.0 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2067883112-1484101570-4244796366-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\gustavo\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2067883112-1484101570-4244796366-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2067883112-1484101570-4244796366-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2067883112-1484101570-4244796366-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2067883112-1484101570-4244796366-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B71D37F-DFC3-4C43-B29E-3E091C93C225} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2CD3809D-8F72-41C4-844B-526A96B734ED} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {325383CD-7F91-4608-8B8F-43123870D456} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {522FCD62-B6FA-40F8-B61E-656C059C59DA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5EB083A7-6C08-4D04-9DFE-6FC78F21AB97} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6913CB75-4BA1-41C0-8145-947B2DED1B12} - System32\Tasks\KMSAuto => C:\Windows\KMSAuto.exe
Task: {6956EEEA-5F11-4B67-B96E-3008195F5653} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {6B5582B3-6198-4E08-89F1-37598072921D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {88E9D42A-A3CA-4157-A352-97B8422F3C99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8C92A4C9-A24D-492D-8F01-F7948857AED2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8DD13D7C-F086-4D6E-AC3F-2446C908CC65} - System32\Tasks\{897BE0C6-4067-4356-929B-739972958433} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.18.0.112/en/abandoninstall?page=tsProgressBar
Task: {90285027-F871-48AC-999D-EA1AE11402EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {951A5FC5-178A-4FB3-A470-8557BC3A9F8E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for GUSTAVO-gustavo Gustavo => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2016-02-09] (Microsoft Corporation)
Task: {9CA4FAD3-DE52-4293-A740-1F3E5ED5D668} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe
Task: {A3D812A8-D1F7-4085-85E8-BDC6F710E79C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {ACAD368E-97EC-4E73-B15E-B72BB0009AB9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B63F2353-8A25-4CDF-B208-87F05EFFD1D9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B73862B4-353C-40C6-8FD7-DDE83A5FE8F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {BA6980F0-E4E4-4038-A288-F1F0E560085D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {BC9B744C-7500-498F-BB63-64046A7B31C0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E039DD87-49A2-4EEC-BC5D-886725F2C543} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {E45B6CBF-8662-4569-9A19-662B5C2A3380} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {E496E459-1718-4BE1-9075-76FB72300080} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-12] (Microsoft Corporation)
Task: {E612931B-00B5-4126-B8FB-37145F4D8343} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EE155EB4-C0C8-4E8C-91C4-C530CBE75F45} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FE0414D2-9590-481E-A979-8B0F49B5A2A0} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2067883112-1484101570-4244796366-1001

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:48 - 2015-10-30 02:48 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-12 19:15 - 2016-04-03 04:34 - 00172224 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-04-12 20:46 - 2016-03-29 05:50 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 20:46 - 2016-03-29 05:50 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-02-11 15:13 - 2015-02-11 15:13 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-04-25 15:29 - 2016-04-25 15:29 - 00959176 _____ () C:\Users\gustavo\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-11-10 15:45 - 2015-11-10 15:45 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-19 11:20 - 2016-04-19 11:22 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-12 20:45 - 2016-04-01 22:28 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 00:09 - 2015-12-06 23:44 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-12 20:45 - 2016-04-01 22:55 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-12 20:45 - 2016-04-01 22:56 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-04-12 20:46 - 2016-03-29 05:50 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-03-28 19:20 - 2016-03-28 19:28 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-28 19:20 - 2016-03-28 19:28 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-05 00:05 - 2016-03-05 00:15 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-12 20:46 - 2016-04-01 22:33 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-12 20:45 - 2016-04-01 22:30 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-04-12 20:46 - 2016-04-01 22:29 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-12 20:46 - 2016-04-01 22:32 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-12 20:45 - 2016-04-01 22:28 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 02:48 - 2015-10-30 04:37 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 02:48 - 2015-10-30 04:37 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 02:48 - 2015-10-30 04:37 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 02:48 - 2015-10-30 04:37 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 02:48 - 2015-10-30 04:37 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 02:48 - 2015-10-30 04:37 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 02:48 - 2015-10-30 04:37 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 02:48 - 2015-10-30 04:37 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 02:48 - 2015-10-30 04:37 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-04-19 11:20 - 2016-04-19 11:22 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 11:20 - 2016-04-19 11:25 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-10 15:45 - 2015-11-10 15:45 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-07 19:51 - 2014-07-07 19:51 - 00410744 ____N () C:\WINDOWS\SYSTEM32\TrueColor5.2\LcProxy2.ax
2014-07-07 19:51 - 2014-07-07 19:51 - 00749168 ____N () C:\WINDOWS\SYSTEM32\TrueColor5.2\CAL2.dll
2016-04-20 10:24 - 2016-04-13 04:07 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\libglesv2.dll
2016-04-20 10:24 - 2016-04-13 04:06 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\Software\Classes\.exe: exefile => <===== ATTENTION
HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\Software\Classes\exefile: <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:55 - 2014-10-03 15:38 - 00000860 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\gustavo\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\...\StartupApproved\StartupFolder: => "Enviar a OneNote.lnk"
HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\...\StartupApproved\Run: => "ares"
HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\...\StartupApproved\Run: => "ReadCube"
HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\...\StartupApproved\Run: => "Remote Mouse"
HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\...\StartupApproved\Run: => "Software Informer"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FC569416-8C22-4392-9698-B3267DB6D009}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{D4B29755-F8A3-4C90-8ADA-6A54A958BF4B}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{77322D15-C089-4F7D-81F8-155087EB05E7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D664CAD6-D522-420B-96E0-EE6AACDE0AAC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [UDP Query User{35A74A15-156C-421F-B2C4-170DACA312FA}C:\program files\matlab\r2010a\bin\win64\matlab.exe] => (Block) C:\program files\matlab\r2010a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{2E617372-FF48-49B6-8096-E96FD534D0A8}C:\program files\matlab\r2010a\bin\win64\matlab.exe] => (Block) C:\program files\matlab\r2010a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{E7E04B37-E9C4-4D4B-8C56-758D2FB6DC75}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7A47B1D0-316F-43B5-B9A2-DC1A298539B2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{DD9AAB1B-56FD-4938-848D-1DD146E39F73}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{EAA8D249-708B-4AEA-A56A-0036963BBC72}] => (Allow) C:\Users\gustavo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{3D92A0A8-1CE0-4BD8-84CC-1AEA8DD2C101}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{F1D9F1F8-452D-45DE-853E-1AF25099F596}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{1468103F-82DD-47CE-841D-440E69A8C567}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{0C3DB24D-8836-4067-803D-F07AFEE8109D}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{17771E87-A27A-4456-972E-574BEE3DF9E1}C:\program files (x86)\ares\chatserver.exe] => (Block) C:\program files (x86)\ares\chatserver.exe
FirewallRules: [UDP Query User{36FC04FE-654C-406F-BD09-2E6E99592D33}C:\program files (x86)\ares\chatserver.exe] => (Block) C:\program files (x86)\ares\chatserver.exe
FirewallRules: [TCP Query User{82257466-074B-484A-9AB8-60DC105FDEA1}C:\program files\common files\microsoft shared\ink\tabtip.exe] => (Allow) C:\program files\common files\microsoft shared\ink\tabtip.exe
FirewallRules: [UDP Query User{70068778-536B-4DA3-8AD1-7F5B71744421}C:\program files\common files\microsoft shared\ink\tabtip.exe] => (Allow) C:\program files\common files\microsoft shared\ink\tabtip.exe
FirewallRules: [TCP Query User{C9EE7D3A-63BD-42B1-AAE7-72A27E17F832}C:\program files (x86)\ares\chatserver.exe] => (Allow) C:\program files (x86)\ares\chatserver.exe
FirewallRules: [UDP Query User{C65F2E79-402F-4EAA-A42B-D7E209EA0312}C:\program files (x86)\ares\chatserver.exe] => (Allow) C:\program files (x86)\ares\chatserver.exe
FirewallRules: [TCP Query User{562FFDD5-E987-4690-B5F8-ACC75400D31E}C:\program files (x86)\cuevana storm\cuevana storm.exe] => (Allow) C:\program files (x86)\cuevana storm\cuevana storm.exe
FirewallRules: [UDP Query User{07EB46B6-6D8E-4C1F-8B32-5C6E5F3E50FF}C:\program files (x86)\cuevana storm\cuevana storm.exe] => (Allow) C:\program files (x86)\cuevana storm\cuevana storm.exe
FirewallRules: [{BC6F587E-E576-4447-A9EA-96DCA437D261}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{45C25111-3A10-445E-B18D-D73D3CF14409}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{60755EBD-79F4-4130-985E-5A2C4E1DFB68}C:\program files\adobe\adobe muse cc 2014\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2014\muse.exe
FirewallRules: [UDP Query User{CD3B2B91-BE13-47D6-A60F-E681CBCCC8E6}C:\program files\adobe\adobe muse cc 2014\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2014\muse.exe
FirewallRules: [TCP Query User{17DBADD5-3175-4208-823B-FC6B72C84E9B}C:\program files\common files\microsoft shared\ink\inputpersonalization.exe] => (Allow) C:\program files\common files\microsoft shared\ink\inputpersonalization.exe
FirewallRules: [UDP Query User{251EC650-A25A-4904-A63B-7826DB079D17}C:\program files\common files\microsoft shared\ink\inputpersonalization.exe] => (Allow) C:\program files\common files\microsoft shared\ink\inputpersonalization.exe
FirewallRules: [TCP Query User{7C35EE1A-D1EE-48E3-A936-62D20095F4DC}C:\windows\system32\mobsync.exe] => (Allow) C:\windows\system32\mobsync.exe
FirewallRules: [UDP Query User{45826E44-E49C-48CA-BE1E-5874A09D3FDC}C:\windows\system32\mobsync.exe] => (Allow) C:\windows\system32\mobsync.exe
FirewallRules: [{BE0D6739-43C5-4759-A827-33C581E23EF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC283E6D-5193-4C71-94A1-1B9D158834A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{329AC10A-BAB3-4630-9F30-71D7FCDF470E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55337B9B-C146-4AA9-B51F-2ED16DD2D9B1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{025717E7-8E5E-4958-806E-541C6CA23396}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{06BD66B1-928F-4312-A7B8-FEA91A75B81F}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{C4C446F4-61F7-4813-AD5E-797B416AAF3A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{92EDC824-82C9-444F-B98A-0C904FF7B338}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9B3D82FB-7067-4EEC-80C6-4624A5AFE4AE}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{946BFA5E-78CB-46A9-9486-EF266A663E6B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{C731F5A9-562E-4412-BAFC-82AC4F96B970}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{660613EB-738B-43A0-9589-0A1071A81736}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{D46F0EF2-4A41-4373-97F0-4D6B1F5BF85F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{999D8A7F-A935-4A77-96E1-14C24440ADBE}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{297C1949-8FDE-4FE6-BD13-477ECC9FDA9B}C:\program files (x86)\pprx\pprx.exe] => (Block) C:\program files (x86)\pprx\pprx.exe
FirewallRules: [UDP Query User{39F05A9B-55E4-44F4-BF89-869DCF9BA19E}C:\program files (x86)\pprx\pprx.exe] => (Block) C:\program files (x86)\pprx\pprx.exe
FirewallRules: [{572DBBF2-EE20-494B-A0E2-E597B85B8E49}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DB43B940-83AD-46A5-9FEA-CED3A2B12F6E}] => (Allow) C:\Users\gustavo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{57C9A875-1763-4443-92EC-870A4D7A665C}] => (Allow) C:\Users\gustavo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8F16A624-0987-4738-BD84-01FA7B2E26D2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A0FDDE52-EA89-4EEC-A252-DBC746858514}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{78DD54FB-A1D5-4256-A737-B5E96A4CB88E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{27964FE0-10A7-49E4-980E-E1D50770B5A7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E696B570-708F-42C8-94EF-F0B98FA83005}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1BFC8B16-F8BC-41A6-825E-C8400C6C3D7F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7C245761-833D-41CE-9A61-254E669A9D35}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{87C71479-9272-4C76-84A3-91317154E1F5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FA93144A-33C4-48E6-BAE6-2C3DCC8DFDD7}] => (Allow) C:\ProgramData\IHeeaWA\protect\protect.exe
FirewallRules: [{79EE078B-DD06-4821-A4F2-5B89C074B8E1}] => (Allow) LPort=1688
FirewallRules: [{EC70938C-42A9-49F7-A24A-35E309465308}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{AEA461B7-B4CE-4C3C-A60D-5F2D45D3E226}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
FirewallRules: [{620EEF2C-286F-49E1-8A7B-2660240A9EC2}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
FirewallRules: [{6B2580E3-D1C3-4D77-B8CA-E7B83B44D7F2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{25D7FB37-EFF5-4FBB-B32C-628B40D1B997}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{D6AEBD40-5E72-4A98-A552-1EAF988130E7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{BB333E16-AB74-430E-99C9-8ECAC57E4B6B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D0B15C2E-3676-4CAF-A344-9EC547A70562}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{8A95D5FA-56EA-4A6F-B2BD-991A0DAAF59D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Surface Pro UEFI
Description: Surface Pro UEFI
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: Microsoft Corporation
Service:
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Surface Pro Embedded Controller Firmware
Description: Surface Pro Embedded Controller Firmware
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: Microsoft Corporation
Service:
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: HID-compliant touch screen
Description: HID-compliant touch screen
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2016 09:02:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15260609

Error: (04/27/2016 09:02:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15260609

Error: (04/27/2016 09:02:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/27/2016 04:48:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4813

Error: (04/27/2016 04:48:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4813

Error: (04/27/2016 04:48:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/27/2016 04:48:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3656

Error: (04/27/2016 04:48:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3656

Error: (04/27/2016 04:48:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/27/2016 04:48:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2484


System errors:
=============
Error: (04/27/2016 09:06:12 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (04/27/2016 02:53:40 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (04/27/2016 01:05:10 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (04/27/2016 12:48:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/26/2016 10:49:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (04/26/2016 10:11:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (04/26/2016 09:54:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/26/2016 08:53:55 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (04/26/2016 08:49:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/26/2016 08:49:52 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.


CodeIntegrity:
===================================
Date: 2016-04-27 09:03:21.809
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-27 09:03:21.766
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-26 22:47:10.563
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-26 22:47:10.504
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-26 20:50:30.926
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-26 20:50:30.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-26 11:30:07.403
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-26 11:30:07.375
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-26 11:30:07.339
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-26 11:30:07.308
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz
Percentage of memory in use: 59%
Total physical RAM: 4001.07 MB
Available physical RAM: 1622.8 MB
Total Virtual: 9234.1 MB
Available Virtual: 5129.02 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:113.06 GB) (Free:7.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 71A695BE)

Partition: GPT.

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.6 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by gustavo (2016-04-28 08:52:37) Run:1
Running from C:\Users\gustavo\Desktop
Loaded Profiles: gustavo (Available Profiles: gustavo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
2014-09-12 20:11 - 2015-11-21 08:51 - 0000034 _____ () C:\Users\gustavo\AppData\Roaming\AdobeWLCMCache.dat
2015-07-16 18:37 - 2015-07-16 18:37 - 0000000 _____ () C:\Users\gustavo\AppData\Local\{C72FDF29-07A6-4B52-BD6E-6198A83CACB9}
2015-12-04 08:12 - 2015-12-04 08:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\gustavo\AppData\Local\Temp\avguirn_08164994610.exe
C:\Users\gustavo\AppData\Local\Temp\avguirn_081982142389.exe
C:\Users\gustavo\AppData\Local\Temp\avguirn_082049670441.exe
C:\Users\gustavo\AppData\Local\Temp\dllnt_dump.dll
C:\Users\gustavo\AppData\Local\Temp\ReadCubeTray64.exe
C:\Users\gustavo\AppData\Local\Temp\RemoteMouse.exe
Task: {0B71D37F-DFC3-4C43-B29E-3E091C93C225} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {325383CD-7F91-4608-8B8F-43123870D456} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {522FCD62-B6FA-40F8-B61E-656C059C59DA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {5EB083A7-6C08-4D04-9DFE-6FC78F21AB97} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {88E9D42A-A3CA-4157-A352-97B8422F3C99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8C92A4C9-A24D-492D-8F01-F7948857AED2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ACAD368E-97EC-4E73-B15E-B72BB0009AB9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B63F2353-8A25-4CDF-B208-87F05EFFD1D9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BC9B744C-7500-498F-BB63-64046A7B31C0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E612931B-00B5-4126-B8FB-37145F4D8343} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EE155EB4-C0C8-4E8C-91C4-C530CBE75F45} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\Software\Classes\.exe: exefile => <===== ATTENTION
HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\Software\Classes\exefile: <===== ATTENTION

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\gustavo\AppData\Roaming\AdobeWLCMCache.dat => moved successfully
C:\Users\gustavo\AppData\Local\{C72FDF29-07A6-4B52-BD6E-6198A83CACB9} => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\gustavo\AppData\Local\Temp\avguirn_08164994610.exe => moved successfully
C:\Users\gustavo\AppData\Local\Temp\avguirn_081982142389.exe => moved successfully
C:\Users\gustavo\AppData\Local\Temp\avguirn_082049670441.exe => moved successfully
C:\Users\gustavo\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\gustavo\AppData\Local\Temp\ReadCubeTray64.exe => moved successfully
C:\Users\gustavo\AppData\Local\Temp\RemoteMouse.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B71D37F-DFC3-4C43-B29E-3E091C93C225}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B71D37F-DFC3-4C43-B29E-3E091C93C225}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{325383CD-7F91-4608-8B8F-43123870D456}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{325383CD-7F91-4608-8B8F-43123870D456}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{522FCD62-B6FA-40F8-B61E-656C059C59DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{522FCD62-B6FA-40F8-B61E-656C059C59DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EB083A7-6C08-4D04-9DFE-6FC78F21AB97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EB083A7-6C08-4D04-9DFE-6FC78F21AB97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88E9D42A-A3CA-4157-A352-97B8422F3C99}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88E9D42A-A3CA-4157-A352-97B8422F3C99}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C92A4C9-A24D-492D-8F01-F7948857AED2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C92A4C9-A24D-492D-8F01-F7948857AED2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ACAD368E-97EC-4E73-B15E-B72BB0009AB9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACAD368E-97EC-4E73-B15E-B72BB0009AB9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B63F2353-8A25-4CDF-B208-87F05EFFD1D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B63F2353-8A25-4CDF-B208-87F05EFFD1D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC9B744C-7500-498F-BB63-64046A7B31C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC9B744C-7500-498F-BB63-64046A7B31C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E612931B-00B5-4126-B8FB-37145F4D8343}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E612931B-00B5-4126-B8FB-37145F4D8343}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE155EB4-C0C8-4E8C-91C4-C530CBE75F45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE155EB4-C0C8-4E8C-91C4-C530CBE75F45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-2067883112-1484101570-4244796366-1001\Software\Classes\exefile => key not found.


The system needed a reboot.

==== End of Fixlog 08:52:44 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 0.99.93
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
AVG AntiVirus Free Edition
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AVG Web TuneUp
Google Chrome (49.0.2623.112)
Google Chrome (50.0.2661.75)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by gustavo (administrator) on 29-04-2016 at 09:24:09
Running from "C:\Users\gustavo\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Apparently, the last scan came out clean. But the thing in that Malwarebytes is always detecting this webpage:
 

Attachments

  • Virus.PNG
    Virus.PNG
    13 KB · Views: 1
Reset Chrome...
Click on "Customize and control Google Chrome":
p22003758.gif

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
  • Close all Chrome windows and tabs.
  • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  • Click Programs and Features.
  • Double-click Google Chrome.
  • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
829
uber_beetle
uber_beetle

Latest posts

Back