Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Claymore Cryptonote cpu miner - Help please


  • Please log in to reply
7 replies to this topic

#1 jjxerox

jjxerox

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 29 July 2015 - 11:54 AM

Hi,

 

It appears that I'm infected with Claymore Cryptonote cpu miner (svchost in temp folder and logs for the miner results appearing right there, and cpu usage near 100% on idle). I have run FRCS and here is the log (also attached).

 

I need help please. Thank you

 

LOG:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Juanjo (administrator) on JUANJO-DESKTOP (29-07-2015 18:50:17)
Running from D:\Downloads
Loaded Profiles: Juanjo (Available Profiles: Juanjo)
Platform: Windows 8.1 Pro (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Windows\SysWOW64\ASGT.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
() D:\Programas\No-IP\ducservice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LenovoEMC Ltd.) C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
() C:\Program Files\Core Temp\Core Temp.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\Juanjo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
() C:\Users\Juanjo\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Pushbullet Inc) C:\Users\Juanjo\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(Pushbullet Inc) C:\Users\Juanjo\AppData\Local\Temp\pushbullet_watchdog.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Dropbox, Inc.) C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Juanjo\Documents\GIGABYTE\AIVIA GHOST\Tilt.exe
() C:\Users\Juanjo\Documents\GIGABYTE\AIVIA GHOST\GHOSTOPEN.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Programas\Evernote\Evernote\EvernoteClipper.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Jeroen Pelgrims) C:\Users\Juanjo\AppData\Local\Apps\2.0\AAB08A1X.X76\MH6EZ770.VZV\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\WizIQ Desktop\WizIQ Desktop.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(GOG.com) D:\Juegos\GalaxyClient\GalaxyClient.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(GOG.com) D:\Juegos\GalaxyClient\GalaxyClient Helper.exe
(Razer, Inc.) C:\Users\Juanjo\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.87.58.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.87.58.0\OverwolfHelper64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.87.58.0\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.87.58.0\OverwolfBrowser.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\Temp\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [PC Monitor Operations] => "D:\Programas\PC Monitor\pcmontask.exe"
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Tilt] => C:\Users\Juanjo\Documents\GIGABYTE\AIVIA GHOST\Tilt.exe [733184 2013-06-28] ()
HKLM-x32\...\Run: [ghost] => C:\Users\Juanjo\Documents\GIGABYTE\AIVIA GHOST\ghostopen.exe [191488 2012-09-18] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7780696 2013-08-22] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-01-26] (Razer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-24] (Valve Corporation)
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3125976 2013-09-23] (Disc Soft Ltd)
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [Google Update] => C:\Users\Juanjo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-29] (Google Inc.)
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [NoIPDUCv4] => D:\Programas\No-IP\DUC40.exe [270336 2013-01-24] ()
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [MouseServer] => "D:\Programas\MouseServer\MouseServer.exe"
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [Spotify Web Helper] => C:\Users\Juanjo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-07-24] (Spotify Ltd)
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [BitTorrent Sync] => D:\Programas\BitTorrent Sync\BTSync.exe [4173664 2015-02-18] (BitTorrent, Inc.)
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [Amazon Cloud Player] => C:\Users\Juanjo\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-07-19] (Overwolf LTD)
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc)
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [GoogleChromeAutoLaunch_338C4EC1E1B8B50A4095DCE730AC163C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-25] (Google Inc.)
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5961864 2015-06-03] (Plex, Inc.)
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [GalaxyClient] => D:\Juegos\GalaxyClient\GalaxyClient.exe [7247416 2015-07-20] (GOG.com)
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\...\Run: [Dropbox Update] => C:\Users\Juanjo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe [2701560 2013-11-14] (ASUS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-09-27]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LenovoEMC Storage Manager.lnk [2013-09-27]
ShortcutTarget: LenovoEMC Storage Manager.lnk -> C:\Program Files (x86)\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe (LenovoEMC)
Startup: C:\Users\Juanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-09-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Juanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-07-10]
ShortcutTarget: EvernoteClipper.lnk -> D:\Programas\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Juanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms [2013-09-27] ()
Startup: C:\Users\Juanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WizIQ Desktop.lnk [2014-10-22]
ShortcutTarget: WizIQ Desktop.lnk -> C:\Program Files (x86)\WizIQ Desktop\WizIQ Desktop.exe ()
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-07-07] (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3611156902-4057863661-1296392449-1001\User: Group Policy Restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.es.msn.com/?ocid=iehp
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001 -> {1FDE51A3-3971-4131-AB0D-C79391D657A3} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225823&CUI=UN15329247742537314&UM=1
SearchScopes: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> D:\Programas\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
DPF: HKLM-x32 {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} https://www5.aeat.es/es13/h/tgvicab.cab
DPF: HKLM-x32 {947B00D2-962D-4A35-9E48-98EE6A442B41} https://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: HKLM-x32 {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: 127.0.0.1 activation.acronis.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{8E21D8A8-5963-4B15-A72F-4414934B6C5C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{9F8EDF19-4EEA-43FD-B61F-6958DAD7F250}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Juanjo\AppData\Roaming\Mozilla\Firefox\Profiles\voszhuzj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> D:\Programas\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> D:\Programas\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Programas\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programas\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> D:\Programas\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programas\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-25] (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> D:\Programas\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-08-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> D:\Programas\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-08-06] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-04] (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Juanjo\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll [2012-11-19] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3611156902-4057863661-1296392449-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Juanjo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3611156902-4057863661-1296392449-1001: @talk.google.com/O1DPlugin -> C:\Users\Juanjo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3611156902-4057863661-1296392449-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Juanjo\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3611156902-4057863661-1296392449-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Juanjo\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3611156902-4057863661-1296392449-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Juanjo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3611156902-4057863661-1296392449-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-04] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Juanjo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Juanjo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
 
Chrome: 
=======
CHR Profile: C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-21]
CHR Extension: (Duolingo on the Web) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-04-18]
CHR Extension: (Google Docs) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-21]
CHR Extension: (Google Drive) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-21]
CHR Extension: (WOT) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-22]
CHR Extension: (YouTube) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-21]
CHR Extension: (Google Cast) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-05-14]
CHR Extension: (Adblock Plus) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-22]
CHR Extension: (Pushbullet) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-04]
CHR Extension: (Google Search) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-21]
CHR Extension: (Google Calendar) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-03-11]
CHR Extension: (Google Sheets) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-21]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-02-06]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-07-29]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-03-02]
CHR Extension: (Disconnect) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-01-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-21]
CHR Extension: (tviso-extension) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmmeiimpckggkicjmjoldhpifoelbnfl [2015-06-25]
CHR Extension: (Ghostery) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-21]
CHR Extension: (Enhanced Steam) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-06-19]
CHR Extension: (Gmail) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-21]
CHR Profile: C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-20]
CHR Extension: (Duolingo on the Web) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-05-20]
CHR Extension: (Google Docs) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-20]
CHR Extension: (Google Drive) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-20]
CHR Extension: (Please enter your password) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-05-20]
CHR Extension: (WOT) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-20]
CHR Extension: (YouTube) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-20]
CHR Extension: (Google Cast) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-05-20]
CHR Extension: (Facebook) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-05-20]
CHR Extension: (Adblock Plus) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-20]
CHR Extension: (Pushbullet) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-05-20]
CHR Extension: (Google Search) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-20]
CHR Extension: (Gmail Offline) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-05-20]
CHR Extension: (Google Calendar) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-05-20]
CHR Extension: (Google Sheets) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-05-20]
CHR Extension: (HTTPS Everywhere) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-05-20]
CHR Extension: (The QR Code Generator) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2015-05-20]
CHR Extension: (Save to Google Drive) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-05-20]
CHR Extension: (feedly) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-05-20]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-05-20]
CHR Extension: (DownFlickr - Flickr Downloader) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\idiemcijhbenngdhkdiipmpkafnkbkeg [2015-05-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-20]
CHR Extension: (Hangouts) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-20]
CHR Extension: (Webutation) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2015-05-20]
CHR Extension: (Save to Pocket) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-20]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-05-20]
CHR Extension: (Enhanced Steam) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-05-20]
CHR Extension: (Moosti) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pdkkfpnoobbihpjbophkgcibemmmidhk [2015-05-20]
CHR Extension: (Gmail) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-20]
CHR Extension: (Inbox by Gmail) - C:\Users\Juanjo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-05-20]
CHR HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe [69448 2015-05-28] (Google Inc.)
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [654552 2013-09-23] (Disc Soft Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)
S3 GalaxyClientService; D:\Juegos\GalaxyClient\GalaxyClientService.exe [1718840 2015-07-20] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6871608 2015-07-20] (GOG.com)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
R2 NoIPDUCService4; D:\Programas\No-IP\ducservice.exe [11264 2013-01-24] () [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1001200 2015-07-19] (Overwolf LTD)
R2 PCloudd; C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [215040 2013-07-07] (LenovoEMC Ltd.) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-04-23] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-01-26] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-11] (Razer, Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [335360 2014-12-17] (Company) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2013-10-18] (Disc Soft Ltd)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [31648 2013-12-16] (REALiX™)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 NANMp50; C:\Windows\System32\Drivers\NANMp50.sys [46776 2010-03-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NANSp50; C:\Windows\System32\Drivers\NANSp50.sys [45752 2010-03-25] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1327104 2013-10-08] (C-Media Electronics Inc)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [40664 2013-12-17] (The OpenVPN Project)
R3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [42192 2015-07-13] (Razer Inc)
R3 RzDxgk; C:\WINDOWS\system32\drivers\RzDxgk.sys [129472 2013-11-21] (Razer, Inc.)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-11-21] (Razer, Inc.)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [42192 2015-07-13] (Razer Inc)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-08-28] (Splashtop Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-07-01] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-07-01] (Acronis)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-05-17] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-07-29] ()
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
R3 ALSysIO; \??\C:\Users\Juanjo\AppData\Local\Temp\ALSysIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-29 18:50 - 2015-07-29 18:50 - 00000000 ____D C:\FRST
2015-07-29 18:32 - 2015-07-29 18:32 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-28 19:53 - 2015-07-28 19:53 - 00000000 ____D C:\ProgramData\VsTelemetry
2015-07-28 17:55 - 2015-07-25 15:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-27 17:34 - 2015-07-27 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseGit
2015-07-27 17:34 - 2015-07-27 17:34 - 00000000 ____D C:\Program Files\TortoiseGit
2015-07-27 17:34 - 2015-07-27 17:34 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2015-07-26 18:57 - 2015-07-26 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-07-26 18:56 - 2015-07-26 18:57 - 00000000 ____D C:\Program Files (x86)\Git
2015-07-26 18:34 - 2015-07-26 18:56 - 00000000 ____D C:\Users\Juanjo\.gradle
2015-07-26 17:50 - 2015-07-26 17:50 - 00000000 ____D C:\Users\Juanjo\GitHub
2015-07-26 12:44 - 2015-07-26 12:44 - 00000000 ____D C:\Users\Juanjo\AppData\Roaming\JetBrains
2015-07-26 12:43 - 2015-07-26 12:43 - 00000000 ____D C:\Users\Juanjo\.AndroidStudio1.2
2015-07-26 12:32 - 2015-07-26 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-07-26 12:32 - 2015-01-30 10:02 - 00084992 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelHaxm.sys
2015-07-26 12:28 - 2015-07-26 12:28 - 00000000 ____D C:\Users\Juanjo\AppData\Local\Android
2015-07-26 12:28 - 2015-07-26 12:28 - 00000000 ____D C:\Program Files\Android
2015-07-24 16:45 - 2015-07-29 17:20 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-07-23 17:54 - 2015-07-23 17:54 - 00000000 ____D C:\Users\Juanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-21 17:52 - 2015-07-14 16:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-21 17:52 - 2015-07-14 16:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-21 17:52 - 2015-07-14 16:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-21 17:52 - 2015-07-14 16:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 18:12 - 2015-07-20 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2015-07-20 17:26 - 2015-07-20 17:24 - 00321632 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-07-20 17:26 - 2015-07-20 17:24 - 00206944 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-07-20 17:26 - 2015-07-20 17:24 - 00206432 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-07-20 17:24 - 2015-07-20 17:24 - 00000000 _____ C:\WINDOWS\SysWOW64\REN1111.tmp
2015-07-15 17:58 - 2015-07-15 17:58 - 00000000 ____D C:\Users\Juanjo\AppData\Local\CEF
2015-07-15 15:58 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 15:58 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 15:58 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 15:58 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 15:58 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 15:58 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 15:58 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 15:58 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 15:58 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 15:58 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 15:58 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 15:58 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 15:58 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 15:58 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 15:58 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 15:58 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 15:58 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 15:58 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 15:58 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 15:58 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 15:58 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 15:58 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 15:58 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 15:58 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 15:58 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 15:58 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 15:58 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 15:58 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 15:58 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 15:58 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 15:58 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 15:58 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 15:58 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 15:58 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 15:58 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 15:58 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 15:58 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 15:58 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 15:58 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 15:58 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-15 15:58 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-15 15:58 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-15 15:58 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-15 15:58 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-15 15:58 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-15 15:57 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 15:57 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 15:57 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 15:57 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 15:57 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 15:57 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 15:57 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 15:57 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 15:57 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 15:57 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 15:57 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-15 15:57 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 15:57 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 15:57 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 15:57 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 15:57 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 15:57 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 15:57 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 15:57 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 15:57 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 15:57 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 15:57 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 15:57 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 15:57 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 15:57 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 15:57 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 15:57 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 15:57 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 15:57 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 15:57 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 15:57 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 15:57 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 15:57 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 15:57 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 15:57 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 15:57 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 15:57 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 15:57 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 15:57 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 15:57 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 15:57 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 15:57 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 15:57 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 15:57 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 15:57 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 15:57 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 15:57 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 15:57 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 15:57 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 15:57 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 15:57 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 15:57 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 15:57 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 15:57 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 15:57 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-15 15:57 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-15 15:57 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-15 15:57 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 15:57 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-15 15:57 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 15:57 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-15 15:57 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 15:57 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 15:57 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-15 15:57 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-15 15:57 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 15:57 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-15 15:57 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 15:57 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 15:57 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-15 15:57 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-15 15:57 - 2015-03-09 04:02 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2015-07-14 17:17 - 2015-07-14 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-07-13 09:34 - 2015-07-13 09:34 - 01730328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-07-13 09:34 - 2015-07-13 09:34 - 00200920 _____ (Razer Inc) C:\WINDOWS\system32\Drivers\rzudd.sys
2015-07-13 09:34 - 2015-07-13 09:34 - 00042192 _____ (Razer Inc) C:\WINDOWS\system32\Drivers\rzvkeyboard.sys
2015-07-13 09:34 - 2015-07-13 09:34 - 00042192 _____ (Razer Inc) C:\WINDOWS\system32\Drivers\rzdaendpt.sys
2015-07-10 15:41 - 2015-07-10 15:41 - 00000000 ____D C:\Users\Juanjo\AppData\Local\EvernoteNW
2015-07-10 15:38 - 2015-07-10 15:38 - 00000000 ____D C:\Users\Juanjo\AppData\Local\Evernote
2015-07-10 15:38 - 2015-07-10 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-07-10 12:37 - 2015-07-10 12:37 - 00000000 ____D C:\Program Files\Sublime Text 3
2015-07-09 20:12 - 2015-07-14 18:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-09 19:51 - 2015-07-09 19:52 - 00000220 _____ C:\Users\Juanjo\Desktop\The Witcher 3 Wild Hunt.url
2015-07-05 19:50 - 2015-07-18 10:42 - 00780130 _____ C:\WINDOWS\system32\perfh019.dat
2015-07-05 19:50 - 2015-07-18 10:42 - 00161168 _____ C:\WINDOWS\system32\perfc019.dat
2015-07-05 19:50 - 2015-07-05 19:49 - 00340322 _____ C:\WINDOWS\system32\perfi019.dat
2015-07-05 19:50 - 2015-07-05 19:49 - 00041610 _____ C:\WINDOWS\system32\perfd019.dat
2015-07-05 19:49 - 2015-07-05 19:49 - 00000000 ____D C:\WINDOWS\SysWOW64\ru
2015-07-05 19:49 - 2015-07-05 19:49 - 00000000 ____D C:\WINDOWS\system32\ru
2015-07-02 16:51 - 2013-07-02 17:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\WINDOWS\system32\Drivers\IOMap64.sys
2015-06-30 23:37 - 2015-06-30 23:37 - 00008586 _____ C:\Users\Juanjo\Desktop\Libro1.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-29 18:48 - 2015-06-19 00:37 - 00001036 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611156902-4057863661-1296392449-1001UA.job
2015-07-29 18:35 - 2013-10-18 16:50 - 01191383 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-29 18:05 - 2013-09-27 10:06 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3611156902-4057863661-1296392449-1001
2015-07-29 18:02 - 2013-10-05 09:37 - 00000838 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-29 18:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-29 18:01 - 2013-09-27 11:04 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-29 17:57 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-29 17:52 - 2013-10-29 23:25 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3611156902-4057863661-1296392449-1001UA.job
2015-07-29 17:50 - 2014-10-27 22:19 - 00000000 ____D C:\Users\Juanjo\AppData\Roaming\TS3Client
2015-07-29 17:47 - 2014-10-26 22:36 - 00000000 ____D C:\Users\Juanjo\AppData\Local\Overwolf
2015-07-29 17:47 - 2013-09-27 10:59 - 00000000 ____D C:\Users\Juanjo\AppData\Roaming\Dropbox
2015-07-29 17:46 - 2015-03-04 23:43 - 00000000 ____D C:\Users\Juanjo\AppData\Local\Pushbullet
2015-07-29 17:46 - 2015-01-17 15:30 - 00000000 ___RD C:\Users\Juanjo\Google Drive
2015-07-29 17:46 - 2013-12-23 02:10 - 00000000 ____D C:\Users\Juanjo\AppData\Roaming\BitTorrent Sync
2015-07-29 17:46 - 2013-10-18 17:49 - 00000000 ____D C:\Users\Juanjo\AppData\Local\Deployment
2015-07-29 17:46 - 2013-09-27 13:31 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-29 17:46 - 2013-09-27 11:04 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-29 17:20 - 2014-04-25 08:30 - 00178632 _____ C:\WINDOWS\PFRO.log
2015-07-29 17:20 - 2014-04-24 23:43 - 00038311 _____ C:\WINDOWS\setupact.log
2015-07-29 17:20 - 2013-09-27 11:10 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-07-29 17:20 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-29 07:11 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-29 07:09 - 2015-03-11 00:18 - 00000000 ____D C:\Users\Juanjo\AppData\Roaming\qBittorrent
2015-07-29 00:52 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-28 22:44 - 2013-10-18 16:45 - 00000000 ____D C:\Users\Juanjo
2015-07-28 22:42 - 2013-10-15 23:05 - 00000000 ____D C:\Users\Juanjo\AppData\Roaming\Skype
2015-07-28 20:48 - 2015-06-19 00:37 - 00000984 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3611156902-4057863661-1296392449-1001Core.job
2015-07-28 20:16 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-28 16:50 - 2013-10-29 23:25 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3611156902-4057863661-1296392449-1001Core.job
2015-07-28 15:58 - 2013-11-11 12:29 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9C10161E-B12A-44C1-A840-5F812E5966BF}
2015-07-27 21:12 - 2015-03-07 13:12 - 00000000 ____D C:\Users\Juanjo\AppData\Roaming\GitHub
2015-07-27 21:12 - 2015-03-07 13:12 - 00000000 ____D C:\Users\Juanjo\AppData\Local\GitHub
2015-07-27 15:47 - 2015-03-28 01:35 - 00003110 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3611156902-4057863661-1296392449-1001
2015-07-27 15:47 - 2015-03-28 01:35 - 00000000 ___RD C:\Users\Juanjo\OneDrive
2015-07-26 19:14 - 2013-12-15 22:37 - 00000000 ____D C:\Users\Juanjo\AppData\Roaming\Spotify
2015-07-26 19:09 - 2013-09-29 11:15 - 00000000 ____D C:\Users\Juanjo\AppData\Local\CrashDumps
2015-07-26 18:52 - 2014-08-26 22:08 - 00000000 ____D C:\Users\Juanjo\.android
2015-07-26 17:49 - 2015-03-07 13:12 - 00002191 _____ C:\Users\Juanjo\Desktop\Git Shell.lnk
2015-07-26 16:41 - 2013-12-15 22:37 - 00000000 ____D C:\Users\Juanjo\AppData\Local\Spotify
2015-07-26 12:32 - 2013-09-27 11:09 - 00000000 ____D C:\Program Files\Intel
2015-07-26 12:24 - 2013-09-27 13:53 - 00000000 ____D C:\Users\Juanjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-25 19:31 - 2015-06-21 18:29 - 00000000 ____D C:\Users\Juanjo\Documents\The Witcher 3
2015-07-25 10:02 - 2015-04-06 20:54 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-24 16:45 - 2013-08-22 16:44 - 00622016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-23 21:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-23 17:39 - 2013-12-19 22:41 - 00001957 _____ C:\Users\Juanjo\Desktop\Razer Synapse 2.0.lnk
2015-07-23 17:33 - 2014-05-29 21:11 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-07-20 17:26 - 2013-10-25 18:40 - 00000000 ____D C:\ProgramData\Oracle
2015-07-20 17:24 - 2015-03-08 12:12 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-07-20 17:24 - 2014-10-18 19:38 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-20 17:24 - 2013-10-29 09:04 - 00000000 ____D C:\Program Files\Java
2015-07-20 02:04 - 2015-06-14 10:22 - 00000000 ____D C:\Users\Juanjo\AppData\Local\Plex Media Server
2015-07-19 20:43 - 2015-06-19 00:37 - 00003984 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3611156902-4057863661-1296392449-1001UA
2015-07-19 20:43 - 2015-06-19 00:37 - 00003604 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3611156902-4057863661-1296392449-1001Core
2015-07-19 10:46 - 2013-09-28 00:44 - 00000000 ____D C:\Users\Juanjo\AppData\Roaming\vlc
2015-07-18 13:14 - 2013-09-28 08:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-18 13:13 - 2013-09-28 09:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-18 10:42 - 2013-09-30 06:04 - 02964522 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-18 10:42 - 2013-09-27 11:40 - 00962130 _____ C:\WINDOWS\system32\perfh00A.dat
2015-07-18 10:42 - 2013-09-27 11:40 - 00205438 _____ C:\WINDOWS\system32\perfc00A.dat
2015-07-17 23:02 - 2013-09-30 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-16 16:48 - 2013-10-29 23:25 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3611156902-4057863661-1296392449-1001UA
2015-07-16 16:46 - 2013-10-29 23:25 - 00003712 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3611156902-4057863661-1296392449-1001Core
2015-07-16 01:18 - 2015-04-06 20:54 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-16 01:18 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-16 01:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-16 01:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-07-15 21:56 - 2013-09-27 11:04 - 00004110 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 21:56 - 2013-09-27 11:04 - 00003874 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 16:08 - 2015-04-15 07:31 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-15 16:08 - 2015-02-06 01:04 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-15 16:07 - 2012-07-26 07:26 - 00000167 _____ C:\WINDOWS\win.ini
2015-07-15 16:06 - 2013-09-27 11:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-14 20:02 - 2013-10-05 09:37 - 00003726 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 17:17 - 2015-03-11 00:18 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2015-07-14 17:06 - 2015-01-06 23:51 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-13 23:10 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 12:37 - 2015-03-08 11:37 - 00000000 ____D C:\Users\Juanjo\AppData\Local\Sublime Text 3
2015-07-09 20:14 - 2014-08-27 18:38 - 00000000 ____D C:\Users\Juanjo\AppData\Local\Adobe
2015-07-09 20:12 - 2013-10-16 18:55 - 00000000 ____D C:\ProgramData\Adobe
2015-07-09 20:12 - 2013-10-16 18:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-05 19:49 - 2013-09-30 05:51 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-05 19:49 - 2013-09-30 05:48 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-07-05 19:49 - 2013-09-30 05:48 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-07-05 19:49 - 2013-09-30 05:48 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-07-05 19:49 - 2013-09-30 05:48 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-07-05 19:49 - 2013-09-30 05:48 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-07-05 19:49 - 2013-09-30 05:48 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-07-05 19:49 - 2013-09-30 05:48 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-07-05 19:49 - 2013-09-30 05:48 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-07-05 19:49 - 2013-09-27 13:16 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Com
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\IME
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Help
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\FileManager
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-07-05 19:49 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-07-05 19:49 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-07-05 19:49 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-07-05 19:49 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-07-05 19:49 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-07-05 19:49 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-07-05 19:49 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\servicing
2015-07-05 12:08 - 2013-09-27 11:48 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-03 08:43 - 2013-09-27 11:43 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-01 20:09 - 2013-09-27 09:59 - 00000000 ____D C:\Users\Juanjo\AppData\Local\VirtualStore
2015-07-01 19:53 - 2013-09-27 09:59 - 00000000 ____D C:\Users\Juanjo\AppData\Local\Packages
2015-07-01 19:05 - 2013-10-25 09:02 - 00000022 _____ C:\WINDOWS\GPU-Z.INI
2015-06-30 19:52 - 2014-08-25 19:24 - 00000000 ____D C:\Program Files (x86)\Pushbullet
 
==================== Files in the root of some directories =======
 
2015-03-02 19:51 - 2015-03-02 19:51 - 0000604 ____H () C:\Program Files (x86)\_43_S
2013-12-10 03:16 - 2013-12-09 21:29 - 0012005 _____ () C:\Users\Juanjo\AppData\Roaming\alsoft.ini
2013-10-20 14:27 - 2014-05-30 18:06 - 0216064 _____ () C:\Users\Juanjo\AppData\Roaming\RZR_0010d9d84bb2b52b8d8d20d9cca4.db
2014-11-28 17:14 - 2014-11-28 17:25 - 0599214 _____ () C:\Users\Juanjo\AppData\Roaming\Scorch_Install.log
2014-01-11 00:19 - 2014-01-11 00:19 - 0000394 ___SH () C:\Users\Juanjo\AppData\Local\69ff07055291669bb2b218.72821112
2013-12-20 20:57 - 2013-12-20 20:57 - 1065984 _____ () C:\Users\Juanjo\AppData\Local\file__0.localstorage
2013-12-29 12:11 - 2013-12-29 12:11 - 0000001 _____ () C:\Users\Juanjo\AppData\Local\llftool.4.40.agreement
2013-11-10 13:46 - 2013-11-11 11:38 - 0000600 _____ () C:\Users\Juanjo\AppData\Local\PUTTY.RND
2013-09-27 13:48 - 2015-06-24 21:18 - 0007615 _____ () C:\Users\Juanjo\AppData\Local\Resmon.ResmonCfg
 
Files to move or delete:
====================
C:\Users\Juanjo\AppData\Roaming\Origin\update.vbe
 
 
Some files in TEMP:
====================
C:\Users\Juanjo\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Juanjo\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Juanjo\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Juanjo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeyrs_m.dll
C:\Users\Juanjo\AppData\Local\Temp\EyesLauncher.exe
C:\Users\Juanjo\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Juanjo\AppData\Local\Temp\i4jdel0.exe
C:\Users\Juanjo\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Juanjo\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Juanjo\AppData\Local\Temp\npp.6.7.5.Installer.exe
C:\Users\Juanjo\AppData\Local\Temp\pushbullet_watchdog.exe
C:\Users\Juanjo\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Juanjo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Juanjo\AppData\Local\Temp\Sublime Text Update Installer.exe
C:\Users\Juanjo\AppData\Local\Temp\uninstall.2950.exe
C:\Users\Juanjo\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-29 17:31
 
==================== End of log ============================

Attached Files


Edited by jjxerox, 30 July 2015 - 08:45 AM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:50 PM

Posted 29 July 2015 - 07:29 PM

:welcome:
 
Download the attached file and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Download AdwCleaner from here. Save the file to the desktop.
 
 
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
 
Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

AdwScan.jpg?


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

 

Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop

  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.

Extra Note:
 
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

The log is available throughout History ->Application logs. Please post it contents in your next reply.
 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 jjxerox

jjxerox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 30 July 2015 - 10:25 AM

Hello JSntgRvr! Thanks for your reply!

 

I ran MalwareBytes yesterday night (all before I received your reply), and I'll attach the reports from yesterday. They are the ones that have the word "Past" in the name.

 

Here are the logs (I'l also attach them to the reply) (THANKS AGAIN!):

 

Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Juanjo (2015-07-30 15:46:41) Run:1
Running from D:\Downloads
Loaded Profiles: Juanjo (Available Profiles: Juanjo)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
GroupPolicyUsers\S-1-5-21-3611156902-4057863661-1296392449-1001\User: Group Policy Restriction detected <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
R3 ALSysIO; \??\C:\Users\Juanjo\AppData\Local\Temp\ALSysIO64.sys [X]
2015-03-02 19:51 - 2015-03-02 19:51 - 0000604 ____H () C:\Program Files (x86)\_43_S
2013-12-10 03:16 - 2013-12-09 21:29 - 0012005 _____ () C:\Users\Juanjo\AppData\Roaming\alsoft.ini
2013-10-20 14:27 - 2014-05-30 18:06 - 0216064 _____ () C:\Users\Juanjo\AppData\Roaming\RZR_0010d9d84bb2b52b8d8d20d9cca4.db
2014-11-28 17:14 - 2014-11-28 17:25 - 0599214 _____ () C:\Users\Juanjo\AppData\Roaming\Scorch_Install.log
2014-01-11 00:19 - 2014-01-11 00:19 - 0000394 ___SH () C:\Users\Juanjo\AppData\Local\69ff07055291669bb2b218.72821112
2013-12-20 20:57 - 2013-12-20 20:57 - 1065984 _____ () C:\Users\Juanjo\AppData\Local\file__0.localstorage
2013-12-29 12:11 - 2013-12-29 12:11 - 0000001 _____ () C:\Users\Juanjo\AppData\Local\llftool.4.40.agreement
2013-11-10 13:46 - 2013-11-11 11:38 - 0000600 _____ () C:\Users\Juanjo\AppData\Local\PUTTY.RND
2013-09-27 13:48 - 2015-06-24 21:18 - 0007615 _____ () C:\Users\Juanjo\AppData\Local\Resmon.ResmonCfg
C:\Users\Juanjo\AppData\Roaming\Origin\update.vbe
C:\Users\Juanjo\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Juanjo\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Juanjo\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Juanjo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeyrs_m.dll
C:\Users\Juanjo\AppData\Local\Temp\EyesLauncher.exe
C:\Users\Juanjo\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\Juanjo\AppData\Local\Temp\i4jdel0.exe
C:\Users\Juanjo\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Juanjo\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Juanjo\AppData\Local\Temp\npp.6.7.5.Installer.exe
C:\Users\Juanjo\AppData\Local\Temp\pushbullet_watchdog.exe
C:\Users\Juanjo\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Juanjo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Juanjo\AppData\Local\Temp\Sublime Text Update Installer.exe
C:\Users\Juanjo\AppData\Local\Temp\uninstall.2950.exe
C:\Users\Juanjo\AppData\Local\Temp\xmlUpdater.exe
C:\Windows\Temp\svchost.exe
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Juanjo\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Juanjo\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Juanjo\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Juanjo\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Juanjo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Juanjo\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Juanjo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Juanjo\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Juanjo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Juanjo\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Juanjo\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {E788F80A-557D-4899-917D-2936A19883E7} - System32\Tasks\Origin => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Origin\update.vbe [2014-09-09] () <==== ATTENTION
EmptyTemp:
 
*****************
 
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3611156902-4057863661-1296392449-1001\User => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => key removed successfully
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found. 
ALSysIO => Unable to stop service.
ALSysIO => service removed successfully
C:\Program Files (x86)\_43_S => moved successfully.
C:\Users\Juanjo\AppData\Roaming\alsoft.ini => moved successfully.
C:\Users\Juanjo\AppData\Roaming\RZR_0010d9d84bb2b52b8d8d20d9cca4.db => moved successfully.
C:\Users\Juanjo\AppData\Roaming\Scorch_Install.log => moved successfully.
C:\Users\Juanjo\AppData\Local\69ff07055291669bb2b218.72821112 => moved successfully.
C:\Users\Juanjo\AppData\Local\file__0.localstorage => moved successfully.
C:\Users\Juanjo\AppData\Local\llftool.4.40.agreement => moved successfully.
C:\Users\Juanjo\AppData\Local\PUTTY.RND => moved successfully.
C:\Users\Juanjo\AppData\Local\Resmon.ResmonCfg => moved successfully.
"C:\Users\Juanjo\AppData\Roaming\Origin\update.vbe" => File/Folder not found.
C:\Users\Juanjo\AppData\Local\Temp\dllnt_dump.dll => moved successfully.
C:\Users\Juanjo\AppData\Local\Temp\drm_dyndata_7370014.dll => moved successfully.
C:\Users\Juanjo\AppData\Local\Temp\drm_dyndata_7380014.dll => moved successfully.
"C:\Users\Juanjo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeyrs_m.dll" => File/Folder not found.
C:\Users\Juanjo\AppData\Local\Temp\EyesLauncher.exe => moved successfully.
C:\Users\Juanjo\AppData\Local\Temp\Foxit PhantomPDF Updater.exe => moved successfully.
C:\Users\Juanjo\AppData\Local\Temp\i4jdel0.exe => moved successfully.
C:\Users\Juanjo\AppData\Local\Temp\jre-8u45-windows-au.exe => moved successfully.
C:\Users\Juanjo\AppData\Local\Temp\jre-8u51-windows-au.exe => moved successfully.
C:\Users\Juanjo\AppData\Local\Temp\npp.6.7.5.Installer.exe => moved successfully.
C:\Users\Juanjo\AppData\Local\Temp\pushbullet_watchdog.exe => moved successfully.
C:\Users\Juanjo\AppData\Local\Temp\sfamcc00001.dll => moved successfully.
C:\Users\Juanjo\AppData\Local\Temp\SkypeSetup.exe => moved successfully.
C:\Users\Juanjo\AppData\Local\Temp\Sublime Text Update Installer.exe => moved successfully.
"C:\Users\Juanjo\AppData\Local\Temp\uninstall.2950.exe" => File/Folder not found.
C:\Users\Juanjo\AppData\Local\Temp\xmlUpdater.exe => moved successfully.
C:\Windows\Temp\svchost.exe => moved successfully.
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKU\S-1-5-21-3611156902-4057863661-1296392449-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E788F80A-557D-4899-917D-2936A19883E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E788F80A-557D-4899-917D-2936A19883E7}" => key removed successfully
C:\Windows\System32\Tasks\Origin => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => key removed successfully
EmptyTemp: => 7.3 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 15:47:47 ====

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 8.1 Pro x64
Ran by Juanjo on 30/07/2015 at 16:49:23,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_338C4EC1E1B8B50A4095DCE730AC163C
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\SysWOW64\REN1111.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\RENDB7F.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\conduit
Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\ProgramData\conduit
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\Juanjo\Appdata\Local\conduit
Successfully deleted: [Folder] C:\Users\Juanjo\Appdata\Local\mobogenie
Successfully deleted: [Folder] C:\Users\Juanjo\Appdata\LocalLow\conduit
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin
 
 
 
~~~ Chrome
 
 
[C:\Users\Juanjo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Juanjo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Juanjo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Juanjo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/07/2015 at 16:52:35,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

AdwCleaner[S0].txt

 

# AdwCleaner v4.208 - Registro generado 30/07/2015 en 16:57:16
# Actualizado 09/07/2015 por Xplode
# Base de datos : 2015-07-26.2 [Servidor]
# Sistema operativo : Windows 8.1 Pro  (x64)
# Nombre de usuario : Juanjo - JUANJO-DESKTOP
# Ejecutado desde : C:\Users\Juanjo\Desktop\adwcleaner_4.208.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
 
***** [ Archivos / Carpetas ] *****
 
Carpeta Eliminar : C:\Users\Juanjo\Documents\Mobogenie
Archivo Eliminar : C:\END
Archivo Eliminar : C:\Users\Juanjo\daemonprocess.txt
 
***** [ Tareas programadas... ] *****
 
 
***** [ Accesos directos ] *****
 
 
***** [ Registro ] *****
 
Llave Eliminar : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Llave Eliminar : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Llave Eliminar : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Llave Eliminar : HKLM\SOFTWARE\Conduit
Llave Eliminar : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Llave Eliminar : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Llave Eliminar : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\app.mam.conduit.com
 
***** [ Navegadores Web ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v37.0.2 (x86 es-ES)
 
 
-\\ Google Chrome v44.0.2403.125
 
 
*************************
 
AdwCleaner[R0].txt - [2156 bytes] - [30/07/2015 16:56:22]
AdwCleaner[S0].txt - [1942 bytes] - [30/07/2015 16:57:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2001  bytes] ##########
 

 

Malwarebytes Logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Fecha del análisis: 30/07/2015
Hora del análisis: 17:02
Archivo de registro: Malwarebytes1.txt
Administrador: Sí
 
Versión: 2.1.8.1057
Base de datos de malwares: v2015.07.30.04
Base de datos de rootkits: v2015.07.29.02
Licencia: Gratis
Protección contra el malware: Desactivado
Protección contra sitios web maliciosos: Desactivado
Autoprotección: Desactivado
 
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: Juanjo
 
Tipo de análisis: Análisis de amenazas
Resultado: Completado
Objetos analizados: 416833
Tiempo transcurrido: 11 min, 55 seg
 
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Activado
PUM: Activado
 
Procesos: 0
(No hay elementos maliciosos detectados)
 
Módulos: 0
(No hay elementos maliciosos detectados)
 
Claves del registro: 0
(No hay elementos maliciosos detectados)
 
Valores del registro: 0
(No hay elementos maliciosos detectados)
 
Datos del registro: 0
(No hay elementos maliciosos detectados)
 
Carpetas: 0
(No hay elementos maliciosos detectados)
 
Archivos: 0
(No hay elementos maliciosos detectados)
 
Sectores físicos: 0
(No hay elementos maliciosos detectados)
 
 
(end)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Error, 30/07/2015 15:34, SYSTEM, JUANJO-DESKTOP, Protection, IsLicensed, 13, 
Protection, 30/07/2015 15:34, SYSTEM, JUANJO-DESKTOP, Protection, Malware Protection, Stopping, 
Protection, 30/07/2015 15:34, SYSTEM, JUANJO-DESKTOP, Protection, Malware Protection, Stopped, 
Error, 30/07/2015 15:48, SYSTEM, JUANJO-DESKTOP, Protection, IsLicensed, 13, 
Protection, 30/07/2015 15:48, SYSTEM, JUANJO-DESKTOP, Protection, Malware Protection, Stopping, 
Protection, 30/07/2015 15:48, SYSTEM, JUANJO-DESKTOP, Protection, Malware Protection, Stopped, 
Error, 30/07/2015 16:59, SYSTEM, JUANJO-DESKTOP, Protection, IsLicensed, 13, 
Protection, 30/07/2015 16:59, SYSTEM, JUANJO-DESKTOP, Protection, Malware Protection, Stopping, 
Protection, 30/07/2015 16:59, SYSTEM, JUANJO-DESKTOP, Protection, Malware Protection, Stopped, 
Update, 30/07/2015 17:02, SYSTEM, JUANJO-DESKTOP, Manual, AKA IP Database, 2015.7.15.1, 2015.7.29.1, 
Update, 30/07/2015 17:02, SYSTEM, JUANJO-DESKTOP, Manual, AKA Domain Database, 2015.7.28.2, 2015.7.29.3, 
Update, 30/07/2015 17:02, SYSTEM, JUANJO-DESKTOP, Manual, Malware Database, 2015.7.29.4, 2015.7.30.4, 
Scan, 30/07/2015 17:14, SYSTEM, JUANJO-DESKTOP, Manual, Inicio:30/07/2015 17:02, Duración:11 min, 55 seg, Análisis de amenazas, Completado, Detecciones de malware de 0, Detecciones de códigos no de malware de 0, 
 
(end)
 

 

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:50 PM

Posted 30 July 2015 - 02:57 PM

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 jjxerox

jjxerox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 30 July 2015 - 03:17 PM

Much better. If It continues like this, we can say it is resolved! Did you find anything interesting in the logs? Thanks a lot for your help!!!



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:50 PM

Posted 30 July 2015 - 06:46 PM

We removed all known files for this infection.

 

We need to remove the tools we've used during cleaning your machine
 

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    DelFix.png
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 jjxerox

jjxerox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 31 July 2015 - 01:02 AM

Hello JSntgRvr, here is the log. I'll write here if I find something else. Many Thanks!

 

# DelFix v10.8 - Logfile created 31/07/2015 at 07:59:49
# Updated 29/07/2014 by Xplode
# Username : Juanjo - JUANJO-DESKTOP
# Operating System : Windows 8.1 Pro  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Juanjo\Desktop\adwcleaner_4.208.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #145 [Punto de control programado | 07/30/2015 14:11:08]
Deleted : RP #146 [JRT Pre-Junkware Removal | 07/30/2015 14:49:23]
 
New restore point created !
 
########## - EOF - ##########
 

Attached Files



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:50 PM

Posted 31 July 2015 - 03:47 PM

You are welcome.

 

I will keep the thread opened for five days.

 

Best wishes! :hello:
 


Edited by JSntgRvr, 31 July 2015 - 03:47 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users