Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-Up advertisment with redirections, out of nowhere to pages .ru


  • This topic is locked This topic is locked
21 replies to this topic

#1 XEND

XEND

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 01 November 2015 - 01:02 AM

Good day, Im Andrés from mexico.

 

I have a problem in which all whenever i have google Chrome open, if i use any other program with internet Access, like Steam or League of legends, Pop-Ups begin to appear, all of them with .ru pages.

Also the Pop-Ups only appear on Chrome not in internet explore, and i think is a spywere.
I even try to uninstall the google chrome with REVO uninstaller and I also removed all of the registers from my computer, but this still didn't solve the problema.
I used Malwerebytes free trial to block the malicious websites, but the Pop-ups, are still there, but without publicity.

I have used different tolos, but nothing seems to get rid of the problema please help, also i cant close de Pop-ups anymore.

 

I have used Junk Removal Tool:
This is the log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 Single Language x64
Ran by Andr‚s Sandoval on 30/10/2015 at 16:57:12.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E62C845A7E47898B6F95518095012835

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Chrome

[C:\Users\Andr‚s Sandoval\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Andr‚s Sandoval\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Andr‚s Sandoval\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Andr‚s Sandoval\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/10/2015 at 16:59:52.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdW Cleaner log.
 

# AdwCleaner v5.015 - Registro generado 30/10/2015 en 15:44:20
# Actualizado 26/10/2015 por Xplode
# Base de datos : 2015-10-29.1 [Servidor]
# Sistema operativo : Windows 8.1 Single Language  (x64)
# Nombre de usuario : Andrés Sandoval - HERMIT
# Ejecutado desde : C:\Users\Andrés Sandoval\Downloads\adwcleaner_5.015.exe
# Opción : Escanear
# Apoyo : http://toolslib.net/forum

***** [ Servicios ] *****

***** [ Carpetas ] *****

Carpeta Encontrar : C:\Program Files\FreeFixer
Carpeta Encontrar : C:\Users\Andrés Sandoval\AppData\Local\FreeFixer
Carpeta Encontrar : C:\Users\Andrés Sandoval\AppData\Roaming\FreeFixer

***** [ Archivos ] *****

Archivo Encontrar : C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_avg-anti-spyware.softonic.com_0.localstorage
Archivo Encontrar : C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_avg-anti-spyware.softonic.com_0.localstorage-journal
Archivo Encontrar : C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_spyware-terminator.softonic.com_0.localstorage
Archivo Encontrar : C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_spyware-terminator.softonic.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ Accesos directos ] *****

***** [ Tareas programadas ] *****

Tarea Encontrado : FreeFixer background scan

***** [ Registro ] *****

Llave Encontrado : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Navegadores Web ] *****

[C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrar : spyware-terminator.softonic.com

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1732 bytes] ##########

 

This the log of Malwerebytes
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Fecha del análisis: 31/10/2015
Hora del análisis: 11:44 p. m.
Archivo de registro: Malwerebytes.txt
Administrador: Sí

Versión: 2.2.0.1024
Base de datos de malwares: v2015.11.01.01
Base de datos de rootkits: v2015.10.28.01
Licencia: Prueba
Protección contra el malware: Activado
Protección contra sitios web maliciosos: Activado
Autoprotección: Desactivado

SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: Andrés Sandoval

Tipo de análisis: Análisis de amenazas
Resultado: Completado
Objetos analizados: 328549
Tiempo transcurrido: 15 min, 52 seg

Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Activado
PUM: Activado

Procesos: 0
(No hay elementos maliciosos detectados)

Módulos: 0
(No hay elementos maliciosos detectados)

Claves del registro: 0
(No hay elementos maliciosos detectados)

Valores del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Carpetas: 0
(No hay elementos maliciosos detectados)

Archivos: 0
(No hay elementos maliciosos detectados)

Sectores físicos: 0
(No hay elementos maliciosos detectados)

(end)


Thank you very much in advance. :D


 

 

 

 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:44 PM

Posted 02 November 2015 - 11:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please post both logs for my review.

Wait for further instructions.

#3 XEND

XEND
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 02 November 2015 - 11:17 AM

Here its the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Andrés Sandoval (administrator) on HERMIT (02-11-2015 10:14:04)
Running from C:\Users\Andrés Sandoval\Desktop
Loaded Profiles: Andrés Sandoval (Available Profiles: Andrés Sandoval)
Platform: Windows 8.1 Single Language (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8444632 2015-01-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-04] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Audio Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19494352 2015-01-26] (Entertainment Experience)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-29] (AVAST Software)
HKU\S-1-5-21-2455992799-3018750680-31529415-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-2455992799-3018750680-31529415-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-2455992799-3018750680-31529415-1001\...\Run: [GoogleChromeAutoLaunch_E62C845A7E47898B6F95518095012835] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2015-05-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-29] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 93.158.216.194 8.8.8.8
Tcpip\..\Interfaces\{2C4A973F-B95C-4874-A48B-107669A97228}: [DhcpNameServer] 93.158.216.194 8.8.8.8
Tcpip\..\Interfaces\{D8DD5249-E1B7-4B77-89A1-7D6F4B556343}: [DhcpNameServer] 93.158.216.194 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2455992799-3018750680-31529415-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-13] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-13] (AVAST Software)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Andrés Sandoval\AppData\Roaming\Mozilla\Firefox\Profiles\meynskz6.default
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Andrés Sandoval\AppData\Roaming\Mozilla\Firefox\Profiles\meynskz6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-29] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP68149A76-6F35-453F-9A9A-2CCD3BB5F2D8
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP68149A76-6F35-453F-9A9A-2CCD3BB5F2D8","hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP68149A76-6F35-453F-9A9A-2CCD3BB5F2D8","hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=TOSHIBAXMK1059GSMP_Z1L1P31KTXXZ1L1P31KT&ts=1393425671","hxxp://www.searchult.com/?bd=hp&oem=testsinstcr&uid=TOSHIBAXMK1059GSMP_Z1L1P31KTXXZ1L1P31KT&version=2.2.0.7859&pid=414031160&tid=310","hxxp://www.istartsurf.com/?type=hp&ts=1439508073&z=68a9f072c4487062e867db8g5z0c7tdwae9m6t6bbw&from=cor&uid=TOSHIBAXMQ01ABD100_15SUTQ2HTXX15SUTQ2HT","hxxp://mx.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_vit_15_33&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dmx%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAyE0EyC0DyByC0DyDtAtC0F0EtCtC0AtN0D0Tzu0StCtAtBtDtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StA0FtAyDyB0CyDtBtGtDtCtBtDtG0A0DtCyBtGtD0BtDzztGyB0D0CtAtBtBtC0FyEtB0DtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtCyCyE0CzytCtGtDtCyC0EtGyEyBtDzztG0Bzy0AyCtGzy0EtB0Dzy0DyD0Czz0EtD0E2QtN0A0LzuyE%26cr%3D77847200%26a%3Dwncy_vit_15_33%26os%3DWindows%2B8.1%2BSingle%2BLanguage"
CHR DefaultSearchKeyword: Default -> google.com.mx
CHR Profile: C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-10-31]
CHR Extension: (Google Drive) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Sad Panda) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2015-10-31]
CHR Extension: (Adblock Plus) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-31]
CHR Extension: (Búsqueda de Google) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Myinstants) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggacdedkdoacbemcilniodecinpfkgi [2015-10-31]
CHR Extension: (Panic Button Plus) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifhdbcbihllaneapjoabnoaoejhieok [2015-10-31]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-30]
CHR Extension: (AdBlock) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-30]
CHR Extension: (Avast Online Security) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Marvel Comics) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2015-10-31]
CHR Extension: (Motorola Connect) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2015-10-31]
CHR Extension: (Flashcontrol) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-10-31]
CHR Extension: (Plants vs Zombies) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-10-31]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-29]
CHR Extension: (Gmail) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31]
CHR HKU\S-1-5-21-2455992799-3018750680-31529415-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ANDRSS~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-30]
CHR HKU\S-1-5-21-2455992799-3018750680-31529415-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-29] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-09-29] (Avast Software)
S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [114888 2015-10-20] (Dell)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-12-14] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-11-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2014-12-23] (Realtek Semiconductor)
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
S2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [94160 2015-01-07] ()
S2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-13] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-29] (AVAST Software)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2015-10-30] ()
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [230128 2014-12-03] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2014-12-08] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-09-29] (AVAST Software)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-09-29] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U3 McMPFSvc; no ImagePath
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-02 10:14 - 2015-11-02 10:14 - 00021740 _____ C:\Users\Andrés Sandoval\Desktop\FRST.txt
2015-11-02 10:13 - 2015-11-02 10:14 - 00000000 ____D C:\FRST
2015-11-02 10:11 - 2015-11-02 10:11 - 02198016 _____ (Farbar) C:\Users\Andrés Sandoval\Desktop\FRST64.exe
2015-11-01 12:45 - 2015-11-01 12:45 - 00000000 ____D C:\Users\Andrés Sandoval\Desktop\Libros
2015-11-01 09:47 - 2015-11-01 09:54 - 00000000 ____D C:\Users\Andrés Sandoval\AppData\Local\Mozilla
2015-11-01 09:47 - 2015-11-01 09:48 - 00000000 ____D C:\Users\Andrés Sandoval\AppData\Roaming\Mozilla
2015-11-01 09:47 - 2015-11-01 09:47 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-01 09:47 - 2015-11-01 09:47 - 00001161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-01 09:47 - 2015-11-01 09:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-01 09:47 - 2015-11-01 09:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-01 09:45 - 2015-11-01 09:45 - 00243816 _____ C:\Users\Andrés Sandoval\Downloads\Firefox Setup Stub 41.0.2.exe
2015-11-01 00:01 - 2015-11-01 00:01 - 00001301 _____ C:\Users\Andrés Sandoval\Desktop\Malwerebytes.txt
2015-10-30 17:05 - 2015-10-30 17:05 - 00000000 ____D C:\ProgramData\Sophos
2015-10-30 17:04 - 2015-10-30 17:04 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-10-30 17:04 - 2015-10-30 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-10-30 17:04 - 2015-10-30 17:04 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-10-30 17:01 - 2015-10-30 17:04 - 137015888 _____ (Sophos Limited) C:\Users\Andrés Sandoval\Desktop\Sophos Virus Removal Tool.exe
2015-10-30 16:59 - 2015-10-30 16:59 - 00001446 _____ C:\Users\Andrés Sandoval\Desktop\JRT.txt
2015-10-30 16:57 - 2015-10-30 16:57 - 01801288 _____ (Malwarebytes) C:\Users\Andrés Sandoval\Downloads\JRT.exe
2015-10-30 16:55 - 2015-10-30 16:55 - 00448512 _____ (OldTimer Tools) C:\Users\Andrés Sandoval\Downloads\TFC.exe
2015-10-30 16:50 - 2015-10-30 16:50 - 00852720 _____ C:\Users\Andrés Sandoval\Downloads\SecurityCheck.exe
2015-10-30 16:31 - 2015-10-30 16:31 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-10-30 16:30 - 2015-10-30 16:30 - 00001374 _____ C:\Windows\system32\.crusader
2015-10-30 16:21 - 2015-10-30 16:30 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-30 16:19 - 2015-10-30 16:21 - 11336600 _____ (SurfRight B.V.) C:\Users\Andrés Sandoval\Downloads\HitmanPro_x64.exe
2015-10-30 15:54 - 2015-11-02 09:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-30 15:53 - 2015-10-30 15:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-30 15:53 - 2015-10-30 15:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-30 15:53 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-30 15:53 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-30 15:53 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-30 15:52 - 2015-10-30 15:52 - 22908888 _____ (Malwarebytes ) C:\Users\Andrés Sandoval\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-30 15:44 - 2015-11-01 00:03 - 00000293 _____ C:\Users\Andrés Sandoval\Desktop\Virus.txt
2015-10-30 15:43 - 2015-10-30 15:43 - 01694208 _____ C:\Users\Andrés Sandoval\Downloads\adwcleaner_5.015.exe
2015-10-30 09:21 - 2015-10-30 09:21 - 02687418 _____ (Kephyr) C:\Users\Andrés Sandoval\Downloads\freefixersetup.exe
2015-10-30 09:20 - 2015-10-30 09:21 - 00000000 ____D C:\Users\Andrés Sandoval\AppData\Local\Avg2013
2015-10-29 21:07 - 2015-10-30 09:21 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-29 17:23 - 2015-10-30 09:21 - 00000000 ____D C:\ProgramData\MFAData
2015-10-29 17:23 - 2015-10-29 17:23 - 04445640 _____ (AVG Technologies) C:\Users\Andrés Sandoval\Downloads\avg_avct_stb_all_2013_3272_freets11.exe
2015-10-29 17:23 - 2015-10-29 17:23 - 00000000 ____D C:\Users\Andrés Sandoval\AppData\Local\MFAData
2015-10-29 14:40 - 2015-10-29 14:40 - 00000000 _____ C:\autoexec.bat
2015-10-29 14:37 - 2015-10-29 14:37 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Andrés Sandoval\Downloads\SpyHunter-Installer.exe
2015-10-27 13:04 - 2015-10-27 13:11 - 00000000 ____D C:\Users\Andrés Sandoval\Documents\Documentos importantes
2015-10-27 12:41 - 2015-10-27 12:45 - 00000000 ____D C:\Users\Andrés Sandoval\Desktop\Cosas de mi amor
2015-10-27 12:35 - 2015-10-27 12:35 - 00089462 _____ C:\Users\Andrés Sandoval\Desktop\Solucionar error de instalación HP - Red.hta
2015-10-27 12:27 - 2015-10-27 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-10-27 12:27 - 2015-10-27 12:27 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-10-27 12:27 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC211.dll
2015-10-27 12:25 - 2015-10-27 12:34 - 00000000 ____D C:\Program Files (x86)\HP
2015-10-27 12:25 - 2015-10-27 12:25 - 00000000 ____D C:\Program Files\HP
2015-10-27 12:24 - 2015-10-27 12:24 - 00000057 _____ C:\ProgramData\Ament.ini
2015-10-27 12:23 - 2015-10-27 12:27 - 00000000 ____D C:\Users\Andrés Sandoval\AppData\Local\HP
2015-10-26 19:08 - 2015-10-26 19:12 - 00000000 ____D C:\Users\Andrés Sandoval\Documents\DolbyAxon
2015-10-26 19:08 - 2015-10-26 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon
2015-10-26 19:08 - 2015-10-26 19:08 - 00000000 ____D C:\Program Files (x86)\DolbyAxon
2015-10-26 19:08 - 2013-08-02 13:05 - 02262960 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.CommandBars.v13.0.0.ocx
2015-10-26 19:08 - 2013-08-02 13:05 - 00571312 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.SkinFramework.Unicode.v13.0.0.ocx
2015-10-26 19:07 - 2015-10-26 19:07 - 10836296 _____ (Dolby Laboratories ) C:\Users\Andrés Sandoval\Downloads\DolbyAxonSetup_v1.5.1.1.exe
2015-10-24 14:54 - 2015-10-24 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-24 13:04 - 2015-10-24 13:04 - 00929872 _____ (Google Inc.) C:\Users\Andrés Sandoval\Downloads\ChromeSetup.exe
2015-10-19 09:12 - 2015-10-19 09:22 - 00000000 ____D C:\Users\Andrés Sandoval\Downloads\Philomena (2013)
2015-10-16 23:31 - 2015-10-16 23:31 - 00289584 _____ C:\Windows\Minidump\101715-78734-01.dmp
2015-10-14 17:58 - 2015-09-18 07:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-14 17:58 - 2015-09-18 07:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-14 17:58 - 2015-09-18 07:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-14 17:58 - 2015-09-18 07:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-14 17:57 - 2015-09-18 21:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-14 17:57 - 2015-09-18 07:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 17:57 - 2015-09-18 07:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-13 11:52 - 2015-09-29 06:31 - 07457624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 11:52 - 2015-09-29 06:31 - 01658536 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 11:52 - 2015-09-29 06:31 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-13 11:52 - 2015-09-29 06:31 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 11:52 - 2015-09-29 06:31 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-10-13 11:52 - 2015-09-24 10:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2015-10-13 11:52 - 2015-09-24 10:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-10-13 11:52 - 2015-08-26 20:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 11:52 - 2015-08-26 20:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 11:52 - 2015-08-07 15:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 11:52 - 2015-08-07 15:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 11:52 - 2015-08-07 15:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 11:52 - 2015-08-07 15:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-13 11:52 - 2015-08-07 15:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-13 11:52 - 2015-08-07 08:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 11:52 - 2015-08-06 11:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-10-13 11:52 - 2015-08-06 10:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-10-13 11:52 - 2015-08-06 10:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-10-13 11:52 - 2015-08-06 10:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-10-13 11:51 - 2015-09-10 12:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 11:51 - 2015-09-10 11:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 11:51 - 2015-09-10 11:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 11:51 - 2015-09-10 11:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 11:51 - 2015-09-10 11:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 11:51 - 2015-09-10 11:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 11:51 - 2015-09-10 11:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 11:51 - 2015-09-10 11:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 11:51 - 2015-09-10 10:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 11:51 - 2015-09-10 10:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 11:51 - 2015-09-10 10:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 11:51 - 2015-09-10 10:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 11:51 - 2015-09-10 10:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 11:51 - 2015-09-10 10:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 11:51 - 2015-09-10 10:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-10-13 11:51 - 2015-09-10 10:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 11:51 - 2015-09-10 10:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 11:51 - 2015-09-10 10:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 11:51 - 2015-09-10 10:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 11:51 - 2015-09-10 10:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 11:51 - 2015-09-10 10:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 11:51 - 2015-09-10 10:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 11:51 - 2015-09-10 10:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 11:51 - 2015-09-10 10:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 11:51 - 2015-09-10 10:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 11:51 - 2015-09-10 10:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 11:51 - 2015-09-10 10:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 11:51 - 2015-09-10 10:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-10-13 11:51 - 2015-09-10 10:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 11:51 - 2015-09-10 09:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 11:51 - 2015-09-10 09:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 11:51 - 2015-09-10 09:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 11:51 - 2015-09-10 09:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 11:51 - 2015-09-10 09:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 11:51 - 2015-09-10 09:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 11:51 - 2015-09-10 09:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 11:51 - 2015-09-10 09:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 11:51 - 2015-09-10 09:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 11:51 - 2015-09-10 09:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-13 11:50 - 2015-09-29 06:29 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 11:50 - 2015-09-28 12:45 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 11:50 - 2015-09-28 12:26 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-10-13 11:50 - 2015-09-28 12:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 11:50 - 2015-09-28 12:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 11:50 - 2015-09-28 12:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 11:50 - 2015-09-28 12:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-13 11:50 - 2015-09-28 12:22 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-13 11:50 - 2015-09-28 12:22 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-13 11:50 - 2015-09-28 12:15 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 11:50 - 2015-09-28 12:13 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 11:50 - 2015-09-28 12:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 11:50 - 2015-08-22 07:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 11:50 - 2015-07-16 12:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-10-12 19:07 - 2015-10-12 19:07 - 00112996 ____H C:\Windows\SysWOW64\mlfcache.dat
2015-10-12 16:08 - 2015-10-16 23:30 - 1108831030 _____ C:\Windows\MEMORY.DMP
2015-10-12 16:08 - 2015-10-12 16:09 - 00289584 _____ C:\Windows\Minidump\101215-16687-01.dmp
2015-10-12 16:08 - 2015-10-12 16:08 - 00000000 ____D C:\Windows\Minidump
2015-10-12 15:19 - 2015-10-17 11:20 - 00000000 ____D C:\Users\Andrés Sandoval\Documents\My Games
2015-10-12 15:15 - 2015-10-12 15:15 - 00000000 ____D C:\Users\Andrés Sandoval\AppData\Local\NBGI
2015-10-12 15:04 - 2015-10-30 15:45 - 00000000 ____D C:\AdwCleaner
2015-10-07 07:00 - 2015-10-07 07:00 - 00000000 ____D C:\Users\Andrés Sandoval\Documents\NBGI
2015-10-06 21:40 - 2015-10-06 21:40 - 00000000 ____D C:\Users\Andrés Sandoval\AppData\LocalLow\Hyper Hippo Productions Ltd_
2015-10-06 16:54 - 2015-10-06 16:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-06 16:54 - 2015-10-06 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-04 08:54 - 2015-10-04 08:54 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-10-04 08:54 - 2015-10-04 08:54 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-02 10:05 - 2015-08-12 18:17 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2455992799-3018750680-31529415-1001
2015-11-02 10:02 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-02 09:59 - 2015-05-14 17:50 - 01197172 _____ C:\Windows\WindowsUpdate.log
2015-11-02 09:54 - 2015-08-12 18:39 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-02 08:11 - 2015-08-12 18:28 - 00004010 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A8A79424-D232-4B1E-98F9-8081A3CD4950}
2015-11-02 07:54 - 2015-08-12 18:39 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-01 15:28 - 2015-05-14 17:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-11-01 15:28 - 2015-05-14 17:59 - 00000000 ____D C:\Program Files\Dell
2015-10-31 23:03 - 2015-08-13 19:03 - 00000000 ___DO C:\Users\Andrés Sandoval\OneDrive
2015-10-31 08:58 - 2013-08-22 08:46 - 00041624 _____ C:\Windows\setupact.log
2015-10-30 16:58 - 2015-05-14 18:02 - 00000000 ____D C:\Temp
2015-10-30 16:39 - 2015-05-14 18:01 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-10-30 16:33 - 2015-05-14 17:55 - 00053764 _____ C:\Windows\SysWOW64\Gms.log
2015-10-30 16:32 - 2015-08-26 20:22 - 00000000 ___RD C:\Users\Andrés Sandoval\Google Drive
2015-10-30 16:32 - 2015-08-25 18:54 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-30 16:31 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-30 16:30 - 2014-11-21 09:56 - 00044612 _____ C:\Windows\PFRO.log
2015-10-30 16:22 - 2014-11-21 19:06 - 01829802 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-30 16:22 - 2014-11-21 18:26 - 00811154 _____ C:\Windows\system32\perfh00A.dat
2015-10-30 16:22 - 2014-11-21 18:26 - 00166914 _____ C:\Windows\system32\perfc00A.dat
2015-10-30 16:15 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\IME
2015-10-30 15:49 - 2015-08-13 09:34 - 00000000 ____D C:\Users\Andrés Sandoval\Desktop\Accesos Directos
2015-10-30 15:45 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-30 09:38 - 2015-08-12 18:11 - 00000000 ____D C:\Users\Andrés Sandoval
2015-10-30 09:20 - 2013-08-22 09:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-10-29 21:12 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-10-28 17:58 - 2015-08-14 09:33 - 00000000 ____D C:\Users\Andrés Sandoval\AppData\Roaming\Skype
2015-10-27 12:25 - 2015-08-22 14:11 - 00000000 ____D C:\ProgramData\HP
2015-10-24 14:54 - 2015-08-12 18:39 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-24 14:54 - 2015-08-12 18:38 - 00000000 ____D C:\Users\Andrés Sandoval\AppData\Local\Google
2015-10-23 09:42 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2015-10-20 22:55 - 2015-08-26 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-20 15:47 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2015-10-19 10:42 - 2015-08-14 08:11 - 00000000 ____D C:\Users\Andrés Sandoval\AppData\Roaming\uTorrent
2015-10-18 18:04 - 2015-08-13 18:31 - 00079765 _____ C:\Windows\DirectX.log
2015-10-18 17:17 - 2015-09-06 15:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-16 23:38 - 2015-08-13 20:37 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-16 23:34 - 2015-08-12 18:11 - 00000000 ____D C:\Users\Andrés Sandoval\AppData\Local\VirtualStore
2015-10-16 17:50 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2015-10-16 15:49 - 2015-08-17 14:09 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-16 15:49 - 2014-11-21 23:42 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-16 15:49 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData
2015-10-15 22:51 - 2014-11-21 23:46 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-15 22:51 - 2014-11-21 23:46 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 00:58 - 2015-09-06 15:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-14 18:30 - 2015-08-12 18:11 - 00000000 ____D C:\Users\Andrés Sandoval\AppData\Local\Packages
2015-10-13 12:54 - 2015-08-16 20:37 - 00000000 ____D C:\Windows\system32\MRT
2015-10-13 12:49 - 2015-08-16 20:37 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-07 00:00 - 2015-08-17 14:09 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-07 00:00 - 2015-08-17 14:09 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-06 16:54 - 2015-08-14 09:33 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2010-06-02 04:21 - 2010-06-02 04:21 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1078962 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1397830 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0179133 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0133103 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0046010 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0695865 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1606039 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0195766 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0151225 _____ () C:\Program Files (x86)\APR2007_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0096817 _____ () C:\Program Files (x86)\APR2007_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0053302 _____ () C:\Program Files (x86)\APR2007_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1350542 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1077644 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0182903 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0137235 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0087142 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0046058 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0852286 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0796867 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1800160 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1708152 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0198096 _____ () C:\Program Files (x86)\AUG2007_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0153012 _____ () C:\Program Files (x86)\AUG2007_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0867612 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0849167 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1794084 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1464672 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0121772 _____ () C:\Program Files (x86)\Aug2008_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0092996 _____ () C:\Program Files (x86)\Aug2008_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0271412 _____ () C:\Program Files (x86)\Aug2008_XAudio_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0271038 _____ () C:\Program Files (x86)\Aug2008_XAudio_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0919044 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0900598 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 3112111 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 3319740 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0232635 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0192131 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0136301 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0105044 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0930116 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0728456 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122408 _____ () C:\Program Files (x86)\Aug2009_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093106 _____ () C:\Program Files (x86)\Aug2009_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273264 _____ () C:\Program Files (x86)\Aug2009_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0272642 _____ () C:\Program Files (x86)\Aug2009_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1357976 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1079456 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0212807 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0191720 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1571154 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1574376 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0192475 _____ () C:\Program Files (x86)\DEC2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0145599 _____ () C:\Program Files (x86)\DEC2006_XACT_x86.cab
2011-03-30 10:40 - 2011-03-30 10:40 - 0095576 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll
2011-03-30 10:40 - 2011-03-30 10:40 - 1566040 _____ () C:\Program Files (x86)\dsetup32.dll
2011-03-30 10:40 - 2011-03-30 10:40 - 0044624 _____ () C:\Program Files (x86)\dxdllreg_x86.cab
2011-03-30 10:40 - 2011-03-30 10:40 - 0517976 _____ () C:\Program Files (x86)\DXSETUP.exe
2011-03-30 10:40 - 2011-03-30 10:40 - 0097152 _____ () C:\Program Files (x86)\dxupdate.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1247499 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1013225 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1362796 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1084720 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0178359 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0132409 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0194675 _____ () C:\Program Files (x86)\FEB2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0147983 _____ () C:\Program Files (x86)\FEB2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054678 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0020713 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122446 _____ () C:\Program Files (x86)\Feb2010_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093180 _____ () C:\Program Files (x86)\Feb2010_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0276960 _____ () C:\Program Files (x86)\Feb2010_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0277191 _____ () C:\Program Files (x86)\Feb2010_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1336002 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1064925 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0180785 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0133671 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0699044 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0698472 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1607774 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1607286 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0197122 _____ () C:\Program Files (x86)\JUN2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0152909 _____ () C:\Program Files (x86)\JUN2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0867828 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0849919 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1792608 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1463878 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0055154 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021905 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121054 _____ () C:\Program Files (x86)\JUN2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093128 _____ () C:\Program Files (x86)\JUN2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0269628 _____ () C:\Program Files (x86)\JUN2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0269024 _____ () C:\Program Files (x86)\JUN2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0944460 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0931471 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0752783 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0762188 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0235955 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0197283 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0138205 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0109445 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0937246 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0768036 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0124596 _____ () C:\Program Files (x86)\Jun2010_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093686 _____ () C:\Program Files (x86)\Jun2010_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0277338 _____ () C:\Program Files (x86)\Jun2010_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0278060 _____ () C:\Program Files (x86)\Jun2010_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0844884 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0818260 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1769862 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1443282 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0055058 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021867 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122336 _____ () C:\Program Files (x86)\Mar2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093734 _____ () C:\Program Files (x86)\Mar2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0251194 _____ () C:\Program Files (x86)\Mar2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0226250 _____ () C:\Program Files (x86)\Mar2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1067160 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1040745 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1973702 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1612446 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054600 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021298 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121506 _____ () C:\Program Files (x86)\Mar2009_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0092740 _____ () C:\Program Files (x86)\Mar2009_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0275044 _____ () C:\Program Files (x86)\Mar2009_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273018 _____ () C:\Program Files (x86)\Mar2009_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0864600 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0803884 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1802058 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1709360 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0046144 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0018496 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0196762 _____ () C:\Program Files (x86)\NOV2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0148264 _____ () C:\Program Files (x86)\NOV2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0994154 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0965421 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1906878 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1550796 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054522 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021851 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121794 _____ () C:\Program Files (x86)\Nov2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0092684 _____ () C:\Program Files (x86)\Nov2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273960 _____ () C:\Program Files (x86)\Nov2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0272611 _____ () C:\Program Files (x86)\Nov2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0086037 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0045359 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1412902 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1127217 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0182361 _____ () C:\Program Files (x86)\OCT2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0138017 _____ () C:\Program Files (x86)\OCT2006_XACT_x86.cab
2015-08-13 18:22 - 2015-08-13 18:22 - 0000045 _____ () C:\Users\Andrés Sandoval\AppData\Roaming\WB.CFG
2015-10-27 12:24 - 2015-10-27 12:24 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-05-14 17:32 - 2015-05-14 17:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-14 17:49 - 2015-05-14 17:50 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-05-14 17:45 - 2015-05-14 17:46 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-05-14 17:46 - 2015-05-14 17:47 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2015-05-14 17:48 - 2015-05-14 17:49 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-05-14 17:45 - 2015-05-14 17:45 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-31 23:03

==================== End of FRST.txt ============================

 

And here Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Andrés Sandoval (2015-11-02 10:14:43)
Running from C:\Users\Andrés Sandoval\Desktop
Windows 8.1 Single Language (X64) (2015-08-13 00:11:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2455992799-3018750680-31529415-500 - Administrator - Disabled)
Andrés Sandoval (S-1-5-21-2455992799-3018750680-31529415-1001 - Administrator - Enabled) => C:\Users\Andrés Sandoval
Invitado (S-1-5-21-2455992799-3018750680-31529415-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2455992799-3018750680-31529415-1001\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Games)
Apple Application Support (32 bits) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CodeBlocks (HKU\S-1-5-21-2455992799-3018750680-31529415-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Services (HKLM\...\{90F9BFC9-A2A9-403F-9A40-1063FAD035BA}) (Version: 1.1.6.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{B1714996-891A-43D2-8B83-CCFB2EC53978}) (Version: 2.3.3800.0 - Dell Inc.)
Dell Power Manager Lite (HKLM-x32\...\InstallShield_{BF1F9D57-57A1-4E87-A8E8-41F2B2AD6F53}) (Version: 1.0.0.1 - Compal Inc.)
Dell Power Manager Lite (x32 Version: 1.0.0.1 - Compal Inc.) Hidden
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
DirectX Packages (HKU\S-1-5-21-2455992799-3018750680-31529415-1001\...\DirectX Packages) (Version:  - ) <==== ATTENTION
DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version:  - Ninja Theory)
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
FreeFixer (HKLM-x32\...\FreeFixer1.13) (Version: 1.13 - Kephyr)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5228 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Deskjet 2540 series Software básico del dispositivo (HKLM\...\{2FE8E982-BB5C-4660-81AF-B9DD389A5F58}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® WiDi (HKLM\...\{2F97FBC6-7992-4DF7-A7C7-B68455E307F7}) (Version: 5.1.20.0 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Malwarebytes Anti-Malware versión 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 1.6.5073.103 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 41.0.2 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 es-MX)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39060 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7433 - Realtek Semiconductor Corp.)
resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version:  - Capcom)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Software Intel® PROSet/Wireless (HKLM-x32\...\{fbf500b4-f515-42af-b355-6f006f6c2359}) (Version: 17.13.11 - Intel Corporation)
Software para dispositivos de chipset Intel® (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
True Color (HKLM-x32\...\{992885f0-c469-4089-9719-24e16f896fc1}) (Version: 6.0.0.10 - Entertainment Experience)
True Color (Version: 6.0.0.10 - Entertainment Experience LLC) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

16-10-2015 15:48:14 Windows Update
18-10-2015 18:03:00 Se ha instalado DirectX
27-10-2015 12:34:17 Installed HPDiagnosticCoreDll
29-10-2015 21:05:18 Installed AVG 2013
29-10-2015 21:05:49 Installed AVG 2013

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00832C47-B351-48FF-88E5-C1484C2044B4} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {09A04732-60A6-4E81-8E78-1D3AB283BC1C} - System32\Tasks\{D58300FC-046A-4DC1-AA8B-A2981B53E873} => pcalua.exe -a "C:\Users\Andrés Sandoval\AppData\Roaming\istartsurf\UninstallManager.exe" -c -ptid=cor
Task: {1CA4BFAF-69E6-4827-B275-33B8C28AD520} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {20008012-AE2D-4A14-AE7A-ADA836DB9614} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {569C5B50-3190-43B5-88BF-D60D465AAD07} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {76FFFED5-AD48-4EED-8F33-2EF383B24D9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-12] (Google Inc.)
Task: {995EA704-5664-4B44-A777-A568131FAB21} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {9E0AF2F1-54B9-4851-95B0-E81851E7CF18} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {A0D88951-098D-46DB-AE0E-052D05CB1CB7} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {CB2A526A-D6D0-4C86-9B5A-D5DD09D81BC2} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-04] (Realtek Semiconductor)
Task: {CE1FE127-7F58-46E0-8A0B-015A38860067} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {CEF01552-A379-4632-ACEA-D7575541A5BC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-29] (AVAST Software)
Task: {E769D8EE-7CBD-4831-8B98-0C82E44B7ACC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-12] (Google Inc.)
Task: {ED00C1E4-0655-4C11-89A8-097CD624C372} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {FA12D8BA-F7DE-4841-A7C9-DD2A71601BBF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-14 18:02 - 2014-06-04 14:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2015-05-14 18:02 - 2014-06-04 14:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2015-05-14 18:02 - 2014-06-04 14:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-29 14:33 - 2015-09-29 14:33 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-29 14:33 - 2015-09-29 14:33 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-30 15:46 - 2015-10-30 15:46 - 03014096 _____ () C:\Program Files\AVAST Software\Avast\defs\15103001\algo.dll
2015-10-31 10:03 - 2015-10-31 10:03 - 03014096 _____ () C:\Program Files\AVAST Software\Avast\defs\15103100\algo.dll
2015-11-02 08:05 - 2015-11-02 08:05 - 03014096 _____ () C:\Program Files\AVAST Software\Avast\defs\15110200\algo.dll
2015-09-29 14:33 - 2015-09-29 14:33 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-10 08:37 - 2014-10-10 08:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-04-07 08:31 - 2014-04-07 08:31 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-10-29 14:24 - 2015-10-20 08:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-29 14:24 - 2015-10-20 08:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2455992799-3018750680-31529415-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 93.158.216.194 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{26405443-8573-4D46-A232-D4519807CE37}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{02D8FB19-C40A-476C-B9B4-40E55657AB63}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{21D914CD-F834-4787-BB1B-3F2C468F1554}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{04A39ACD-F461-446A-A77D-021F1161F40E}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{A710FC6C-75E1-44E6-8396-9EC843C6009E}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{4438359A-0F68-4935-970C-B3AFC07B01DA}] => (Allow) C:\Users\Andrés Sandoval\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{0357E99A-06C4-4943-98BB-30157265DB8B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{268DF062-F1AA-4F74-B49C-D84999B68877}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{FBBA7552-67D9-4873-A473-D36978D375FA}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5E74EF68-21CF-43E5-91F3-3CF1FDB521FC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E358323A-F707-4F25-B359-392AB8E33E19}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{41DC1022-0C23-4DC7-9079-3BDB3AED2CAB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F9535727-576B-43B0-9BA6-04E05CBF214F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F067BD58-2798-4206-8B3D-AD7D1429F2C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B3186D52-DD45-4F2B-B517-2F83A4223341}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{50E39B4C-3668-404B-9F13-34E6FDD176F8}] => (Allow) C:\Users\Andrés Sandoval\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D7A0C516-84A1-4D87-B6B5-E2C43D8C745F}] => (Allow) C:\Users\Andrés Sandoval\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AD8A7E75-D9DF-41AA-A7AB-26BFA38E84B7}] => (Allow) C:\Users\Andrés Sandoval\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CC60F3C9-675C-43A4-B828-2F198B154BDF}] => (Allow) C:\Users\Andrés Sandoval\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{52AD5D30-AA55-4EA5-9CA6-FC683DFF4C34}] => (Allow) C:\Users\Andrés Sandoval\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D8B62548-9B40-489D-AFA5-8551D9AAFB20}] => (Allow) C:\Users\Andrés Sandoval\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{53046E70-86B9-4165-8678-FD5448B1E68F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{25A2CD74-9C7A-4FC0-B1DD-22C728699D25}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{80720673-F529-4DE9-837B-1276DBA28B12}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{611F6B03-06F0-4433-9E41-9C08EE3E3F1F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BB704673-7A51-4495-9A50-2294AC42EA07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{17056CCD-CD52-46F6-A1CF-E868165349EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2DC360CE-DF14-4D8E-BB42-CC6101820555}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{59BF104C-F936-43F4-86FF-10C53472B1FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C40DAD02-5E61-4CE7-8FE6-C055573FEC21}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{056F3BCC-D2D3-45EA-AF08-BBFECDCC673E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{C2FFBEBA-562F-4FD9-B2BC-415053F74B25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{D2C2A3BC-3ABC-4A03-948C-117712A53CE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{407C43A5-6427-49BE-946B-87E33D366CD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{25E532E1-1522-4498-ADEF-F84C9ADBBA1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{6E2F9D3E-B0B1-4A1C-B533-2A76D98FD2EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [TCP Query User{893133A2-87FE-4050-83C2-812D81CEC7FC}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{85B96F12-C4F3-42F5-85ED-285570ED42B4}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [TCP Query User{ADDD796C-F3AE-43BA-8713-45CA506460B0}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{86E04140-F471-4595-8111-F97B36E78325}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{03B9A4AF-5C5A-444D-9251-B3F50575D36D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{DE497CFC-A526-4D67-BAC9-DD865CF627CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{6CC7F877-8D2A-48B4-8572-7B60AAB3AE70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{FA14F175-AEE6-4CA9-8B25-130CE84C0479}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{05D19DDD-112A-4888-B7F3-DA173D1DCE1E}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{A3EC4D91-2038-46A1-8733-F95DFBB293B9}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{41CEF5B2-601E-4B1D-80A3-B5BEF49EDAD8}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{295E4E05-7BF8-44FD-B59C-3FA1B918CD22}] => (Allow) LPort=5357
FirewallRules: [{6C1ABD33-ED7B-4BB8-B20C-C734CC9D12D5}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{CA6FA084-1DBF-4D71-94EF-5FD78D5E687B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CB250FFB-59EE-4FF9-B917-2F2A75FC97ED}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{CD891033-F391-44AA-A169-0DA8428840A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{074F74A3-4CF7-4243-AD01-E84BB87EB36C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B09222C-51FE-451F-BB41-D4C3511F064B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2015 10:43:14 PM) (Source: MsiInstaller) (EventID: 1024) (User: HERMIT)
Description: Producto: Adobe Acrobat Reader DC - Español - la actualización "{AC76BA86-7AD7-0000-2550-AC0F094E6D00}" no se pudo instalar. Código de error 1625. Windows Installer no puede crear registros para ayudar a solucionar problemas de instalación de paquetes de software. Use el vínculo siguiente para obtener instrucciones sobre la activación de la compatibilidad de registro: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/30/2015 04:39:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbam.exe, versión: 2.3.125.0, marca de tiempo: 0x5612a56b
Nombre del módulo con errores: MSVCR100.dll, versión: 10.0.40219.325, marca de tiempo: 0x4df2be1e
Código de excepción: 0x40000015
Desplazamiento de errores: 0x0008d6fd
Identificador del proceso con errores: 0xa6c
Hora de inicio de la aplicación con errores: 0xmbam.exe0
Ruta de acceso de la aplicación con errores: mbam.exe1
Ruta de acceso del módulo con errores: mbam.exe2
Identificador del informe: mbam.exe3
Nombre completo del paquete con errores: mbam.exe4
Identificador de aplicación relativa del paquete con errores: mbam.exe5

Error: (10/30/2015 03:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbam.exe, versión: 2.3.125.0, marca de tiempo: 0x5612a56b
Nombre del módulo con errores: MSVCR100.dll, versión: 10.0.40219.325, marca de tiempo: 0x4df2be1e
Código de excepción: 0x40000015
Desplazamiento de errores: 0x0008d6fd
Identificador del proceso con errores: 0x1bd8
Hora de inicio de la aplicación con errores: 0xmbam.exe0
Ruta de acceso de la aplicación con errores: mbam.exe1
Ruta de acceso del módulo con errores: mbam.exe2
Identificador del informe: mbam.exe3
Nombre completo del paquete con errores: mbam.exe4
Identificador de aplicación relativa del paquete con errores: mbam.exe5

Error: (10/30/2015 09:38:43 AM) (Source: TrueColorALS) (EventID: 4) (User: )
Description: TrueColorALSCUISDKaccess(): Getting access to the pipe failed. Error:1073741825 (0x40000001) and Error: 2 (0x2)

Error: (10/30/2015 09:38:41 AM) (Source: TrueColorALS) (EventID: 4) (User: )
Description: TrueColorALSCUISDKaccess(): Getting access to the pipe failed. Error:1073741825 (0x40000001) and Error: 2 (0x2)

Error: (10/30/2015 09:38:38 AM) (Source: TrueColorALS) (EventID: 4) (User: )
Description: TrueColorALSCUISDKaccess(): Getting access to the pipe failed. Error:1073741825 (0x40000001) and Error: 2 (0x2)

Error: (10/30/2015 09:38:36 AM) (Source: TrueColorALS) (EventID: 4) (User: )
Description: TrueColorALSCUISDKaccess(): Getting access to the pipe failed. Error:1073741825 (0x40000001) and Error: 2 (0x2)

Error: (10/30/2015 02:17:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19672

Error: (10/30/2015 02:17:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19672

Error: (10/30/2015 02:17:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/02/2015 07:49:00 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\Windows\System32\IWMSSvc.dll

Error: (11/01/2015 11:59:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\Windows\System32\IWMSSvc.dll

Error: (11/01/2015 09:38:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\Windows\System32\IWMSSvc.dll

Error: (11/01/2015 03:58:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\Windows\System32\IWMSSvc.dll

Error: (11/01/2015 02:16:59 PM) (Source: bowser) (EventID: 8003) (User: )
Description: El explorador maestro recibió una notificación del equipo SANDOVAL1
que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{2C4A973F-B95C-4874-A48B-107669A97228}.
El explorador maestro está detenido o se está forzando una elección.

Error: (11/01/2015 08:28:50 AM) (Source: bowser) (EventID: 8003) (User: )
Description: El explorador maestro recibió una notificación del equipo SANDOVAL1
que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{2C4A973F-B95C-4874-A48B-107669A97228}.
El explorador maestro está detenido o se está forzando una elección.

Error: (10/31/2015 11:03:23 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a42\SystemRoot\System32\Config\RegBack\SYSTEM

Error: (10/31/2015 10:41:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\Windows\System32\IWMSSvc.dll

Error: (10/31/2015 10:19:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\Windows\System32\IWMSSvc.dll

Error: (10/31/2015 08:42:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.

Ruta de acceso del módulo: C:\Windows\System32\IWMSSvc.dll


CodeIntegrity:
===================================
  Date: 2015-11-02 10:02:47.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-26 19:25:20.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-26 19:19:06.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-18 19:10:03.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-18 19:07:54.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-18 19:06:28.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-18 19:05:08.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-18 19:05:08.535
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-07 14:08:21.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-07 02:33:55.689
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8102.68 MB
Available physical RAM: 4985.22 MB
Total Virtual: 16294.68 MB
Available Virtual: 12454.71 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.23 GB) (Free:769.69 GB) NTFS
Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.9 GB) (Free:0.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8E096567)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Again, thank you very much for your help.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:44 PM

Posted 02 November 2015 - 03:12 PM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP68149A76-6F35-453F-9A9A-2CCD3BB5F2D8
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP68149A76-6F35-453F-9A9A-2CCD3BB5F2D8","hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP68149A76-6F35-453F-9A9A-2CCD3BB5F2D8","hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=TOSHIBAXMK1059GSMP_Z1L1P31KTXXZ1L1P31KT&ts=1393425671","hxxp://www.searchult.com/?bd=hp&oem=testsinstcr&uid=TOSHIBAXMK1059GSMP_Z1L1P31KTXXZ1L1P31KT&version=2.2.0.7859&pid=414031160&tid=310","hxxp://www.istartsurf.com/?type=hp&ts=1439508073&z=68a9f072c4487062e867db8g5z0c7tdwae9m6t6bbw&from=cor&uid=TOSHIBAXMQ01ABD100_15SUTQ2HTXX15SUTQ2HT","hxxp://mx.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_vit_15_33&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dmx%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAyE0EyC0DyByC0DyDtAtC0F0EtCtC0AtN0D0Tzu0StCtAtBtDtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StA0FtAyDyB0CyDtBtGtDtCtBtDtG0A0DtCyBtGtD0BtDzztGyB0D0CtAtBtBtC0FyEtB0DtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0BtCyCyE0CzytCtGtDtCyC0EtGyEyBtDzztG0Bzy0AyCtGzy0EtB0Dzy0DyD0Czz0EtD0E2QtN0A0LzuyE%26cr%3D77847200%26a%3Dwncy_vit_15_33%26os%3DWindows%2B8.1%2BSingle%2BLanguage"
CHR Extension: (Avast Online Security) - C:\Users\Andrés Sandoval\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-13]
U3 McMPFSvc; no ImagePath
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms 
Task: {09A04732-60A6-4E81-8E78-1D3AB283BC1C} - System32\Tasks\{D58300FC-046A-4DC1-AA8B-A2981B53E873} => pcalua.exe -a "C:\Users\Andrés Sandoval\AppData\Roaming\istartsurf\UninstallManager.exe" -c -ptid=cor
AlternateDataStreams: C:\Windows:nlsPreferences

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#5 XEND

XEND
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 03 November 2015 - 10:03 AM

I was still surfing in chrome everything was okey, but y open steam and the Pop-Up appeared in steam and redirecte to a russion video of youtube :/ im sorry



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:44 PM

Posted 04 November 2015 - 10:26 AM

Steam has been compromised.

Check with their forum.

You may have to remove it and re-install the application.

Edited by nasdaq, 04 November 2015 - 11:25 AM.


#7 XEND

XEND
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 04 November 2015 - 11:19 AM

The problem continous, im sorry, the pop-ups are appering over again, now on chrome and firefox. Regarding all of this, thank you for your help.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:44 PM

Posted 04 November 2015 - 11:26 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

#9 XEND

XEND
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 04 November 2015 - 12:14 PM

RogueKiller V10.11.4.0 [Nov  2 2015] (Free) by Adlice Software
 
Sistema Operativo : Windows 8.1 (6.3.9600) 64 bits version
Iniciado en : Modo Normal
Usuario : Andrés Sandoval [Administrador]
Started from : C:\Users\Andrés Sandoval\Desktop\Roguekiller\RogueKiller.exe
Modo : Escanear -- Fecha : 11/04/2015 11:00:42
 
¤¤¤ Procesos : 0 ¤¤¤
 
¤¤¤ Registro : 10 ¤¤¤
[PUP] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed  -> Encontrado
[PUP] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed  -> Encontrado
[PUP] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed  -> Encontrado
[PUP] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 93.158.216.194 8.8.8.8 ([(Unknown Country?) (XX)][-])  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 93.158.216.194 8.8.8.8 ([(Unknown Country?) (XX)][-])  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C4A973F-B95C-4874-A48B-107669A97228} | DhcpNameServer : 10.213.5.15 10.213.1.11 ([(Private Address) (XX)][(Private Address) (XX)])  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D8DD5249-E1B7-4B77-89A1-7D6F4B556343} | DhcpNameServer : 93.158.216.194 8.8.8.8 ([(Unknown Country?) (XX)][-])  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2C4A973F-B95C-4874-A48B-107669A97228} | DhcpNameServer : 10.213.5.15 10.213.1.11 ([(Private Address) (XX)][(Private Address) (XX)])  -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D8DD5249-E1B7-4B77-89A1-7D6F4B556343} | DhcpNameServer : 93.158.216.194 8.8.8.8 ([(Unknown Country?) (XX)][-])  -> Encontrado
 
¤¤¤ Tareas : 0 ¤¤¤
 
¤¤¤ Archivos : 0 ¤¤¤
 
¤¤¤ Archivo de hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: No cargado [0xc000036b]) ¤¤¤
 
¤¤¤ Navegadores Web : 0 ¤¤¤
 
¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 02cd9ea35f44cdefb43c5d15aff9708e
[BSP] 802582f5cafbdb9dbe39b900d851452c : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB
4 - Basic data partition | Offset (sectors): 2906112 | Size: 944362 MB
5 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1936959488 | Size: 8087 MB
User = LL1 ... OK
User = LL2 ... OK


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:44 PM

Posted 05 November 2015 - 09:29 AM


Not sure if this will help.
Looks that the article below and see if you can stop the popups using the instructions by GirlPower23

http://forums.steampowered.com/forums/showthread.php?t=3082637

Keep me posted.

#11 XEND

XEND
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 09 November 2015 - 02:01 PM

The problem continues,  now that i notice, erverytime i open steam or league of legends while   i have chrome or firefox open, the pop ups appear. Please help.



#12 XEND

XEND
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 09 November 2015 - 02:06 PM

Also theres another issues, seems that my gilfriend computer is infected too but its odd bucause both computer didnt connect each other nither use tha same external hard drive or anything. Another thing is that i have the issue now on my android. Whenever im surfing with my android some time the web page redirect itself to another page saying that my celphone is infected and that i have to download a virus and the stragen thing here is that the same page now appears on internet explorer in my computer, i know android is in another forum but please help, and thanks for all your efforts.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:44 PM

Posted 09 November 2015 - 02:30 PM

If both of you are connected to the router check this out.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

#14 XEND

XEND
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 11 November 2015 - 10:30 AM

Well my router is now safe, but the pop ups are still there and now i have nothing in my desktop xD Please help.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:44 PM

Posted 11 November 2015 - 02:27 PM


What do you see on the Desktop?
Is it all white or do you have a background?

now i have nothing in my desktop xD Please help.


This has nothing to do with re-setting your router.

Please Re-start the computer normally one more time and let me know if the problem persists?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users