Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svhost and Iass.exe in the temp folder (after repeated swipes).


  • This topic is locked This topic is locked
5 replies to this topic

#1 SJ_Kraken

SJ_Kraken

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 17 June 2015 - 09:38 AM

Hello,

 

I have this problem, the Malwarebytes finds the files in c:\windows\temp and can delete them, but upon restart they are both active again in task manager and are back in c:\windows\temp.

 

 

 

Ps. I think I deleted for good Iass.exe but not totally sure.

 

 

Best.

 

 

 

 

********************************************** The scan***************************************************************

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by CerditoVolador (administrator) on CERDITO on 17-06-2015 11:32:45
Running from F:\escritorio b\programacion\manual fundamento\AVs
Loaded Profiles: CerditoVolador (Available Profiles: CerditoVolador)
Platform: Windows 8.1 Pro (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_160.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-14] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1672535792-2281391379-4272843834-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1672535792-2281391379-4272843834-1001\...\MountPoints2: {91ef858b-9c78-11e4-839e-74d02b359f22} - "G:\setup.exe"
Startup: C:\Users\CerditoVolador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-04-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1672535792-2281391379-4272843834-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.APEHA.ru
HKU\S-1-5-21-1672535792-2281391379-4272843834-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.cl.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\JAVA SDK\bin\ssv.dll [2015-05-28] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\JAVA SDK\bin\jp2ssv.dll [2015-05-28] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-29] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-29] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\CerditoVolador\AppData\Roaming\Mozilla\Firefox\Profiles\umjs2xyb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-17] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> F:\JAVA SDK\bin\dtplugin\npDeployJava1.dll [2015-05-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> F:\JAVA SDK\bin\plugin2\npjp2.dll [2015-05-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\CerditoVolador\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll [2012-11-19] (Wolfram Research, Inc.)
FF Plugin HKU\S-1-5-21-1672535792-2281391379-4272843834-1001: @my.com/Games -> C:\Users\CerditoVolador\AppData\Local\MyComGames\NPMyComDetector.dll [2015-05-26] (My.com, Inc)
FF Plugin HKU\S-1-5-21-1672535792-2281391379-4272843834-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\CerditoVolador\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\CerditoVolador\AppData\Roaming\Mozilla\Firefox\Profiles\umjs2xyb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-10]

Chrome:
=======
CHR Profile: C:\Users\CerditoVolador\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Brushed) - C:\Users\CerditoVolador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2014-07-24]
CHR Extension: (Adblock Plus) - C:\Users\CerditoVolador\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-02]
CHR Extension: (Motorola Connect) - C:\Users\CerditoVolador\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-10-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\CerditoVolador\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-20]
CHR Extension: (Google Mail Checker) - C:\Users\CerditoVolador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-07-24]
CHR Extension: (Google Wallet) - C:\Users\CerditoVolador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [967040 2015-03-20] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [244392 2015-05-11] (Foxit Software Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-12] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-28] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-26] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [565248 2013-10-07] () [File not signed]
S3 Survarium-Steam Update Service; F:\SteamLibrary\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [97912 2015-05-08] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-15] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-17] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 11:19 - 2015-06-17 11:24 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-17 11:19 - 2015-06-17 11:19 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-17 10:54 - 2015-06-17 10:54 - 00001096 _____ C:\Users\CerditoVolador\Desktop\JRT.txt
2015-06-17 10:19 - 2015-06-17 11:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 10:18 - 2015-06-17 10:18 - 00000828 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-17 10:18 - 2015-06-17 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-17 10:18 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-17 10:18 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-17 10:18 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 10:10 - 2015-06-17 10:22 - 00002168 _____ C:\Users\CerditoVolador\Desktop\Rkill.txt
2015-06-17 10:07 - 2015-06-17 10:07 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CERDITO-Windows-8.1-Pro-(64-bit).dat
2015-06-17 10:07 - 2015-06-17 10:07 - 00000000 ____D C:\RegBackup
2015-06-17 09:58 - 2015-06-17 11:32 - 00000000 ____D C:\FRST
2015-06-17 09:23 - 2015-06-17 11:05 - 00000000 ____D C:\AdwCleaner
2015-06-16 22:57 - 2015-06-16 22:57 - 00000774 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-06-16 11:01 - 2015-06-16 11:19 - 00000000 ____D C:\Users\CerditoVolador\Documents\my games
2015-06-12 17:30 - 2015-06-12 17:30 - 00000000 ____D C:\Users\CerditoVolador\AppData\Local\CEF
2015-06-09 15:29 - 2015-05-27 11:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 15:29 - 2015-05-27 11:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 15:29 - 2015-05-25 10:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 15:29 - 2015-05-25 10:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 15:29 - 2015-05-23 00:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 15:29 - 2015-05-23 00:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 15:29 - 2015-05-23 00:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 15:29 - 2015-05-23 00:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 15:29 - 2015-05-23 00:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 15:29 - 2015-05-22 23:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 15:29 - 2015-05-22 23:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 15:29 - 2015-05-22 23:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 15:29 - 2015-05-22 23:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 15:29 - 2015-05-22 23:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 15:29 - 2015-05-22 23:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 15:29 - 2015-05-22 23:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 15:29 - 2015-05-22 23:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 15:29 - 2015-05-22 23:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 15:29 - 2015-05-22 23:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 15:29 - 2015-05-22 23:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 15:29 - 2015-05-22 16:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 15:29 - 2015-05-22 16:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 15:29 - 2015-05-22 16:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 15:29 - 2015-05-22 15:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 15:29 - 2015-05-22 15:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 15:29 - 2015-05-22 15:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 15:29 - 2015-05-22 15:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 15:29 - 2015-05-22 15:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 15:29 - 2015-05-22 15:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 15:29 - 2015-05-22 15:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 15:29 - 2015-05-22 15:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 15:29 - 2015-05-22 15:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 15:29 - 2015-05-22 14:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 15:29 - 2015-05-22 14:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 15:29 - 2015-05-22 14:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 15:29 - 2015-05-22 14:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 15:29 - 2015-05-22 14:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 15:29 - 2015-05-22 10:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-09 15:29 - 2015-05-21 10:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-09 15:29 - 2015-05-21 10:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-09 15:29 - 2015-05-21 10:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-09 15:29 - 2015-05-21 10:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-09 15:29 - 2015-05-21 10:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-09 15:29 - 2015-05-21 10:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-09 15:29 - 2015-04-24 23:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 15:29 - 2015-04-24 23:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 15:29 - 2015-04-16 19:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-09 15:29 - 2015-04-16 03:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-09 15:29 - 2015-04-13 19:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-09 15:29 - 2015-04-13 19:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-09 15:29 - 2015-04-09 21:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-09 15:29 - 2015-04-09 21:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-09 15:29 - 2015-04-08 19:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-09 15:29 - 2015-04-08 19:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-09 15:29 - 2015-04-01 19:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-09 15:29 - 2015-04-01 19:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-09 15:29 - 2015-04-01 01:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-09 15:29 - 2015-04-01 01:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-09 15:29 - 2015-04-01 01:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-09 15:29 - 2015-04-01 01:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-09 15:29 - 2015-04-01 00:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-09 15:29 - 2015-04-01 00:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-09 15:29 - 2015-04-01 00:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-09 15:29 - 2015-03-31 23:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-09 15:29 - 2015-03-31 23:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 15:29 - 2015-03-31 23:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-09 15:29 - 2015-03-31 23:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-09 15:29 - 2015-03-31 23:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-09 15:29 - 2015-03-31 23:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-09 15:29 - 2015-03-20 00:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-09 15:29 - 2015-03-20 00:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-09 15:29 - 2015-03-19 23:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-09 15:29 - 2015-03-19 23:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-09 15:29 - 2015-03-01 22:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-09 15:29 - 2015-03-01 22:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-09 15:28 - 2015-05-22 23:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 15:28 - 2015-05-22 23:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 15:28 - 2015-05-22 15:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 15:28 - 2015-05-22 15:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 15:28 - 2015-05-22 15:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 15:28 - 2015-05-21 13:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-06 10:32 - 2015-06-06 10:32 - 00000085 _____ C:\Windows\wininit.ini
2015-06-06 10:32 - 2015-06-06 10:32 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-06-03 20:24 - 2015-06-03 20:24 - 00000000 ____D C:\Users\CerditoVolador\Documents\FLiNGTrainer
2015-06-03 01:48 - 2015-06-06 10:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-03 00:32 - 2015-06-16 00:43 - 00000000 ____D C:\Users\CerditoVolador\Documents\The Witcher 3
2015-06-03 00:21 - 2015-06-03 00:21 - 00001159 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
2015-06-03 00:21 - 2015-06-03 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2015-06-02 17:57 - 2015-06-02 17:57 - 00001040 _____ C:\Users\Public\Desktop\Expeditions - Conquistador.lnk
2015-06-02 17:57 - 2015-06-02 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expeditions - Conquistador [GOG.com]
2015-06-01 22:03 - 2015-06-01 22:03 - 00000000 ____D C:\Users\CerditoVolador\Documents\BeamNG.drive
2015-06-01 01:52 - 2015-06-01 01:52 - 00000000 ____D C:\Users\CerditoVolador\AppData\Local\GWX
2015-05-29 10:35 - 2015-05-29 10:35 - 00000000 _____ C:\Windows\SysWOW64\REN5ACF.tmp
2015-05-28 21:12 - 2015-05-28 21:14 - 00000000 ____D C:\Users\CerditoVolador\Desktop\java
2015-05-28 20:59 - 2015-05-28 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-05-27 14:15 - 2015-05-27 14:15 - 00008695 _____ C:\Users\CerditoVolador\Documents\Transferencia 1 palio
2015-05-27 13:10 - 2015-05-27 13:10 - 00000000 ____D C:\Users\CerditoVolador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2015-05-26 23:19 - 2015-05-27 13:10 - 00000126 _____ C:\Users\CerditoVolador\Desktop\Armored Warfare Early Access.url
2015-05-26 23:11 - 2015-05-26 23:11 - 00000000 ____D C:\Users\CerditoVolador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2015-05-26 23:10 - 2015-06-15 23:19 - 00000000 ____D C:\Users\CerditoVolador\AppData\Local\MyComGames
2015-05-24 20:01 - 2015-05-24 20:01 - 00059907 _____ C:\Users\CerditoVolador\Desktop\Presentation1.pptx
2015-05-24 19:17 - 2015-05-24 19:17 - 00000845 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk
2015-05-24 19:17 - 2015-05-24 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
2015-05-24 19:09 - 2015-05-30 19:37 - 00000000 ____D C:\Users\CerditoVolador\AppData\Roaming\BSplayer
2015-05-24 19:09 - 2015-05-24 19:09 - 00000000 ____D C:\Users\CerditoVolador\AppData\Roaming\BSplayer Pro
2015-05-20 16:31 - 2015-05-20 16:31 - 00040960 _____ C:\Users\CerditoVolador\Desktop\Check-list-examen-PCA-ver-5.1.xls
2015-05-19 00:54 - 2015-05-19 00:54 - 00000000 ____D C:\Users\CerditoVolador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AGOT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 11:29 - 2013-12-19 22:08 - 01829802 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-17 11:29 - 2013-12-19 22:07 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1672535792-2281391379-4272843834-1001
2015-06-17 11:29 - 2013-08-22 20:34 - 00809912 _____ C:\Windows\system32\perfh00A.dat
2015-06-17 11:29 - 2013-08-22 20:34 - 00166708 _____ C:\Windows\system32\perfc00A.dat
2015-06-17 11:28 - 2014-04-04 18:36 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-06-17 11:28 - 2013-12-19 23:32 - 00001060 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-17 11:26 - 2013-12-19 20:43 - 01253868 _____ C:\Windows\WindowsUpdate.log
2015-06-17 11:25 - 2014-02-13 23:13 - 00000000 ____D C:\Users\CerditoVolador\AppData\Roaming\Raptr
2015-06-17 11:24 - 2015-02-25 21:31 - 00037184 _____ C:\Windows\setupact.log
2015-06-17 11:24 - 2014-03-09 11:12 - 00001177 _____ C:\Windows\system32\Service_KMS.log
2015-06-17 11:24 - 2013-12-19 23:32 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-17 11:24 - 2013-12-19 20:41 - 00055126 _____ C:\Windows\PFRO.log
2015-06-17 11:24 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 11:10 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\L2Schemas
2015-06-17 11:00 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-17 10:34 - 2013-12-27 19:32 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-17 09:25 - 2014-07-29 16:29 - 00000992 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Manager.lnk
2015-06-17 09:23 - 2014-08-26 11:52 - 00000000 ____D C:\Users\CerditoVolador\AppData\Local\Adobe
2015-06-17 09:17 - 2013-12-27 19:32 - 00003726 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-16 23:50 - 2013-12-19 20:43 - 00000000 ____D C:\Users\CerditoVolador\AppData\Local\Packages
2015-06-16 22:59 - 2014-03-09 12:59 - 00001088 _____ C:\Windows\system32\AutoPico.log
2015-06-16 20:07 - 2015-02-03 20:03 - 00000000 ____D C:\Users\CerditoVolador\Desktop\UDD
2015-06-15 23:49 - 2013-12-23 00:59 - 00000000 ____D C:\Users\CerditoVolador\AppData\Roaming\uTorrent
2015-06-15 12:50 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-14 18:47 - 2015-05-15 11:32 - 00004990 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Cerdito-CerditoVolador Cerdito
2015-06-13 11:21 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-11 10:20 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache
2015-06-10 17:27 - 2014-03-09 00:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 17:26 - 2014-04-04 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-09 23:15 - 2013-08-22 11:44 - 05228848 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-09 20:53 - 2014-12-10 20:33 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-09 20:53 - 2014-07-10 09:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-09 20:53 - 2013-08-22 12:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-09 20:53 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-09 15:58 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-09 15:55 - 2013-12-20 08:33 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 15:51 - 2013-12-20 08:33 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 14:50 - 2014-04-03 23:24 - 00000000 ____D C:\Users\CerditoVolador\AppData\Local\CrashDumps
2015-06-06 10:32 - 2015-05-07 20:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-06 10:32 - 2013-12-19 23:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 13:18 - 2013-08-22 12:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 13:18 - 2013-08-22 12:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-03 00:32 - 2013-12-19 23:34 - 00000000 ____D C:\Users\CerditoVolador\AppData\Roaming\AIMP3
2015-06-03 00:21 - 2013-12-20 00:09 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-31 00:13 - 2014-01-27 18:32 - 00000000 ____D C:\Users\CerditoVolador\AppData\Roaming\vlc
2015-05-29 14:54 - 2013-12-19 20:43 - 00000000 ____D C:\Users\CerditoVolador
2015-05-29 10:49 - 2014-01-26 03:51 - 00000000 ____D C:\ProgramData\Oracle
2015-05-29 10:35 - 2014-10-16 22:56 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-29 10:35 - 2014-10-16 22:55 - 00000000 ____D C:\Program Files (x86)\Java
2015-05-28 21:04 - 2013-12-19 23:33 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-05-25 18:11 - 2015-05-05 21:42 - 00000000 ____D C:\Users\CerditoVolador\pseint
2015-05-23 23:42 - 2013-12-19 23:28 - 00004010 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F700C123-ECF6-4AD8-8486-DA54C1574BA1}
2015-05-20 17:13 - 2015-04-05 11:56 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 17:13 - 2015-04-05 11:56 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-19 11:55 - 2014-02-13 23:13 - 00000000 ____D C:\Program Files (x86)\Raptr

==================== Files in the root of some directories =======

2014-03-28 19:55 - 2014-03-28 19:55 - 0034816 _____ () C:\Users\CerditoVolador\AppData\Roaming\RZR_0070491c4361a1d2c443e45c4290.db
2015-02-12 15:25 - 2015-02-12 15:25 - 0002375 _____ () C:\Users\CerditoVolador\AppData\Local\recently-used.xbel
2015-05-17 10:57 - 2015-05-17 10:57 - 0000017 _____ () C:\Users\CerditoVolador\AppData\Local\resmon.resmoncfg
2014-02-03 01:33 - 2014-02-03 01:33 - 0017408 _____ () C:\Users\CerditoVolador\AppData\Local\WebpageIcons.db

Files to move or delete:
====================
C:\Users\CerditoVolador\AppData\Roaming\Origin\update.vbe


Some files in TEMP:
====================
C:\Users\CerditoVolador\AppData\Local\Temp\dllnt_dump.dll
C:\Users\CerditoVolador\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\CerditoVolador\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\CerditoVolador\AppData\Local\Temp\ose00000.exe
C:\Users\CerditoVolador\AppData\Local\Temp\ose00001.exe
C:\Users\CerditoVolador\AppData\Local\Temp\Quarantine.exe
C:\Users\CerditoVolador\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-14 18:47

==================== End of log ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 AM

Posted 19 June 2015 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [565248 2013-10-07] () [File not signed]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
C:\Users\CerditoVolador\AppData\Local\Temp\dllnt_dump.dll
C:\Users\CerditoVolador\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\CerditoVolador\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\CerditoVolador\AppData\Local\Temp\ose00000.exe
C:\Users\CerditoVolador\AppData\Local\Temp\ose00001.exe
C:\Users\CerditoVolador\AppData\Local\Temp\Quarantine.exe
C:\Users\CerditoVolador\AppData\Local\Temp\sqlite3.dll
C:\Program Files\KMSpico

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Let me know what problem persists.

#3 SJ_Kraken

SJ_Kraken
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 20 June 2015 - 07:12 PM

Hello Nasdaq;

 

Thanks for your answer and your help!.

 

***********************The log***************************

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by CerditoVolador at 2015-06-20 21:08:58 Run:1
Running from F:\escritorio b\programacion\manual fundamento\AVs
Loaded Profiles: CerditoVolador (Available Profiles: CerditoVolador)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [565248 2013-10-07] () [File not signed]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
C:\Users\CerditoVolador\AppData\Local\Temp\dllnt_dump.dll
C:\Users\CerditoVolador\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\CerditoVolador\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\CerditoVolador\AppData\Local\Temp\ose00000.exe
C:\Users\CerditoVolador\AppData\Local\Temp\ose00001.exe
C:\Users\CerditoVolador\AppData\Local\Temp\Quarantine.exe
C:\Users\CerditoVolador\AppData\Local\Temp\sqlite3.dll
C:\Program Files\KMSpico

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0" => key removed successfully
Service KMSELDI => Service removed successfully
AODDriver4.2.0 => Service removed successfully
C:\Users\CerditoVolador\AppData\Local\Temp\dllnt_dump.dll => moved successfully.
C:\Users\CerditoVolador\AppData\Local\Temp\Foxit Reader Updater.exe => moved successfully.
C:\Users\CerditoVolador\AppData\Local\Temp\jre-8u45-windows-au.exe => moved successfully.
C:\Users\CerditoVolador\AppData\Local\Temp\ose00000.exe => moved successfully.
C:\Users\CerditoVolador\AppData\Local\Temp\ose00001.exe => moved successfully.
C:\Users\CerditoVolador\AppData\Local\Temp\Quarantine.exe => moved successfully.
C:\Users\CerditoVolador\AppData\Local\Temp\sqlite3.dll => moved successfully.
C:\Program Files\KMSpico => moved successfully.
EmptyTemp: => 871.1 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:09:30 ====

 

 

 

Thanks bud!.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 AM

Posted 21 June 2015 - 07:49 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 SJ_Kraken

SJ_Kraken
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 21 June 2015 - 02:16 PM

Thanks again!, everything is running ok!, Great community!.

 

Best.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 AM

Posted 22 June 2015 - 06:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users