Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox very laggy after running ComboFix


  • This topic is locked This topic is locked
5 replies to this topic

#1 Onmur

Onmur

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 03 February 2016 - 10:32 AM

Hello, BleepingComputer.

 

I wrongly ran ComboFix without paying attention to the warnings, because I read somebody saying it'd help a problem I had, that I couldn't access many websites. The problem was fixed by my Internet provider afterwards.

 

Not I've been having a lot of lag, with pages that used to load in seconds, sometimes taking half a minute, or going many minutes without being able to connect at times. Usually, when I first boot the PC, I'll have to wait a minute or two before any site will load now, but generally, everything works well; the lag is kind of random.

 

This includes sites that many times load in less than a second, like Youtube and Google.

 

I found this post: http://www.bleepingcomputer.com/forums/t/431896/accidentally-used-combofix-having-problems/#entry2505286, and thought I should try posting a log here.

 

I hope somebody can give me advice on this, thanks for taking the time to read.

 

Attached File  Addition.txt   32.07KB   2 downloads

Attached File  FRST.txt   57.21KB   4 downloads


Edited by Onmur, 03 February 2016 - 10:32 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 PM

Posted 04 February 2016 - 09:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF user.js: detected! => C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\rm5e51lz.default-1363702413358\user.js [2015-03-04]
FF SearchPlugin: C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\rm5e51lz.default-1363702413358\searchplugins\duckduckgo.xml [2014-06-24]
FF HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
CHR Extension: (No Name) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci [2014-05-13]
CHR Extension: (No Name) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg [2014-05-13]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
U3 a515pw19; C:\Windows\System32\Drivers\a515pw19.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\rm5e51lz.default-1363702413358\searchplugins\duckduckgo.xml 
C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
C:\Windows\System32\Drivers\a515pw19.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

If that fails to restore Firefox remove it completely and reinstall the browser.

Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Before proceeding save your Bookmarks.
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Install the latest version of the application.

You can then import them to the new version of Firefox.

Firefox Password manager -
Remember, delete and change saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

#3 Onmur

Onmur
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 04 February 2016 - 09:59 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please post the Fixlog.txt and let me know what problem persists.

Thank you for your answer nasdaq.

I've run the 'fix', and uninstalled, deleted, and reinstalled Firefox.

I'm still having problems. Some sites seem to mostly load well, though not completely; others, like google are not working at all sometimes.

Something I've noticed before this, there's a special amount of lag if I try to load Twitch.tv -other pages will suddenly take minutes to load, up until after Twitch finishes loading completely. I'm not sure that's the case right now, everything's randomly laggy, failing, or working well at the moment.

Here's the Fixlog:
 
Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Pato (2016-02-04 23:00:10) Run:1
Running from C:\Users\Pato\Desktop\FRST
Loaded Profiles: Pato (Available Profiles: Pato)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF user.js: detected! => C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\rm5e51lz.default-1363702413358\user.js [2015-03-04]
FF SearchPlugin: C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\rm5e51lz.default-1363702413358\searchplugins\duckduckgo.xml [2014-06-24]
FF HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
CHR Extension: (No Name) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci [2014-05-13]
CHR Extension: (No Name) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg [2014-05-13]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
U3 a515pw19; C:\Windows\System32\Drivers\a515pw19.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\rm5e51lz.default-1363702413358\searchplugins\duckduckgo.xml 
C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
C:\Windows\System32\Drivers\a515pw19.sys

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\rm5e51lz.default-1363702413358\user.js => moved successfully
C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\rm5e51lz.default-1363702413358\searchplugins\duckduckgo.xml => moved successfully
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value removed successfully
C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci => moved successfully
C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => key removed successfully
a515pw19 => service not found.
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
"C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\rm5e51lz.default-1363702413358\searchplugins\duckduckgo.xml" => not found.
"C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci" => not found.
"C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg" => not found.
"C:\Windows\System32\Drivers\a515pw19.sys" => not found.
EmptyTemp: => 597.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:01:22 ====
Thanks again for the help.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 PM

Posted 06 February 2016 - 08:28 AM

Can you post the contents of the Combofix log for my review.

#5 Onmur

Onmur
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 07 February 2016 - 01:13 PM

Can you post the contents of the Combofix log for my review.

 

Sure.

Attached File  ComboFix.txt   44.75KB   1 downloads

Sorry for the delay.

ComboFix 16-01-07.01 - Pato 13/01/2016 13:00:25.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.3082.18.8144.6155 [GMT -3:00]
Running from: c:\users\Pato\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\background.html
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\manifest.json
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\background.html
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\manifest.json
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\background.html
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js
c:\users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\manifest.json
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\background.html
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\manifest.json
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\background.html
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\manifest.json
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\background.html
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js
c:\users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\manifest.json
c:\users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
c:\users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
c:\users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\background.html
c:\users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js
c:\users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js
c:\users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\manifest.json
c:\users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\background.html
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\manifest.json
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\background.html
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\manifest.json
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\background.html
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js
c:\users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\manifest.json
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\background.html
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\manifest.json
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\background.html
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\manifest.json
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\background.html
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js
c:\users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\manifest.json
c:\users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
c:\users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
c:\users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\background.html
c:\users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js
c:\users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js
c:\users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\manifest.json
c:\users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\background.html
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\manifest.json
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\background.html
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\manifest.json
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\background.html
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\manifest.json
c:\users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js
c:\users\Pato\AppData\Local\datos.txt
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\background.html
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\manifest.json
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\background.html
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\manifest.json
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\background.html
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\manifest.json
c:\users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js
c:\users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga
c:\users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\background.html
c:\users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js
c:\users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js
c:\users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\manifest.json
c:\users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js
c:\users\Pato\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Pato\AppData\Local\lateral1.bmp
c:\users\Pato\AppData\Local\lateral2.bmp
c:\users\Pato\AppData\Local\lateral3.bmp
c:\users\Pato\AppData\Local\save_en.bmp
c:\users\Pato\AppData\Local\save_es.bmp
c:\users\Pato\AppData\Roaming\Microsoft\Windows\Recent\VBALink.info.url
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-12-13 to 2016-01-13 )))))))))))))))))))))))))))))))
.
.
2016-01-13 16:04 . 2016-01-13 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-13 15:24 . 2015-12-16 13:15 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51F8A57D-6D8B-4EA3-897A-1FA3604185D9}\mpengine.dll
2016-01-13 15:14 . 2016-01-06 03:35 57288 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2016-01-13 11:30 . 2016-01-13 11:30 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2016-01-12 11:12 . 2015-12-16 13:15 11154520 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-01-03 11:48 . 2010-02-04 13:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2016-01-03 11:47 . 2005-12-05 21:09 3815120 ----a-w- c:\windows\system32\d3dx9_28.dll
2016-01-03 11:47 . 2005-07-22 22:59 3807440 ----a-w- c:\windows\system32\d3dx9_27.dll
2016-01-03 11:47 . 2005-05-26 18:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2016-01-03 11:47 . 2005-05-26 18:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2016-01-03 11:47 . 2005-03-18 20:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2016-01-03 11:47 . 2005-02-05 22:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2016-01-03 11:36 . 2016-01-03 11:53 -------- d-----w- c:\program files (x86)\Pro Evolution Soccer 2016
2016-01-03 03:35 . 2016-01-06 13:16 -------- d-----w- C:\Downloads
2016-01-03 03:33 . 2016-01-03 03:33 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2016-01-03 03:33 . 2016-01-13 15:15 -------- d-----w- c:\users\Pato\AppData\Roaming\Free Download Manager
2016-01-03 03:33 . 2016-01-03 03:33 -------- d-----w- c:\users\Pato\AppData\Roaming\FreeDownloadManager.ORG
2016-01-03 03:32 . 2016-01-03 03:32 -------- d-----w- c:\program files (x86)\Free Download Manager
2015-12-22 21:34 . 2015-11-10 18:55 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-12-22 21:34 . 2015-11-10 18:55 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-12-22 21:34 . 2015-11-10 18:39 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-12-22 21:34 . 2015-07-30 18:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-12-22 21:34 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-12-22 21:34 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-12-22 21:34 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-12-22 14:33 . 2015-12-22 14:33 -------- d-----w- c:\windows\SysWow64\Wat
2015-12-22 14:33 . 2015-12-22 14:33 -------- d-----w- c:\windows\system32\Wat
2015-12-22 12:27 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-12-22 12:27 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-12-22 11:14 . 2013-10-14 21:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2015-12-22 11:05 . 2015-12-22 11:05 878080 ----a-w- c:\windows\system32\advapi32.dll
2015-12-22 11:05 . 2015-12-22 11:05 859648 ----a-w- c:\windows\system32\tdh.dll
2015-12-22 11:05 . 2015-12-22 11:05 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-12-22 11:05 . 2015-12-22 11:05 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2015-12-22 11:04 . 2015-12-22 11:04 327168 ----a-w- c:\windows\system32\mswsock.dll
2015-12-22 11:04 . 2015-12-22 11:04 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2015-12-22 10:59 . 2015-12-22 10:59 1887232 ----a-w- c:\windows\system32\d3d11.dll
2015-12-22 10:59 . 2015-12-22 10:59 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2015-12-22 09:39 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-12-22 09:39 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-12-22 09:39 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-12-22 09:39 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-12-22 09:39 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-12-22 09:39 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-12-22 09:38 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-12-22 09:38 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-12-21 16:37 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-12-21 16:37 . 2015-06-01 23:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-12-21 16:37 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-12-21 16:37 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-12-21 16:37 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-12-21 16:37 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-12-21 16:35 . 2015-11-03 19:04 802304 ----a-w- c:\windows\system32\usp10.dll
2015-12-21 16:34 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-12-21 16:33 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2015-12-21 16:32 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-12-21 16:31 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-12-21 16:31 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-12-21 16:31 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2015-12-21 16:31 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2015-12-21 16:31 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-12-21 16:31 . 2015-01-17 02:48 1067520 ----a-w- c:\windows\system32\msctf.dll
2015-12-21 16:31 . 2015-01-17 02:30 828928 ----a-w- c:\windows\SysWow64\msctf.dll
2015-12-21 16:31 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2015-12-21 16:31 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2015-12-21 16:31 . 2015-06-11 17:56 1112576 ----a-w- c:\windows\system32\rdpcorets.dll
2015-12-21 16:31 . 2015-06-11 17:16 162816 ----a-w- c:\windows\system32\rdpudd.dll
2015-12-21 16:31 . 2015-06-11 17:15 20992 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-12-21 16:29 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2015-12-21 16:29 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2015-12-21 16:29 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-12-21 16:29 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2015-12-21 16:29 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2015-12-21 16:29 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
2015-12-21 16:29 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll
2015-12-21 16:29 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll
2015-12-21 16:29 . 2014-07-17 02:07 1118720 ----a-w- c:\windows\system32\mstsc.exe
2015-12-21 16:29 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll
2015-12-21 16:29 . 2014-07-17 01:39 1051136 ----a-w- c:\windows\SysWow64\mstsc.exe
2015-12-21 16:29 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2015-12-21 16:29 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2015-12-21 16:28 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-12-21 16:28 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-12-21 16:28 . 2015-11-03 19:04 241664 ----a-w- c:\windows\system32\els.dll
2015-12-21 16:28 . 2015-11-03 18:55 179712 ----a-w- c:\windows\SysWow64\els.dll
2015-12-21 16:28 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2015-12-21 16:28 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2015-12-21 16:28 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2015-12-21 16:28 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2015-12-21 16:26 . 2015-09-02 03:04 41984 ----a-w- c:\windows\system32\lpk.dll
2015-12-21 11:38 . 2015-12-21 11:38 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-12-21 04:28 . 2015-12-21 04:30 -------- d-----w- c:\windows\system32\MRT
2015-12-21 04:18 . 2015-12-21 04:18 -------- d-----w- c:\windows\system32\SPReview
2015-12-21 04:18 . 2015-12-21 04:18 -------- d-----w- c:\windows\system32\EventProviders
2015-12-21 04:16 . 2015-12-21 04:16 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-12-20 18:26 . 2015-06-24 17:00 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9219BD32-AACF-4F60-A036-1F0692142FE7}\gapaengine.dll
2015-12-20 18:21 . 2015-12-20 18:21 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2015-12-20 18:21 . 2015-12-20 18:22 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-13 15:35 . 2013-03-06 14:00 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-13 15:35 . 2013-03-05 02:39 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-21 11:37 . 2014-10-17 17:51 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-12-21 04:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-12-21 04:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-12-09 03:39 . 2013-02-16 22:06 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-30 20:26 . 2015-12-09 21:37 449992 ----a-w- c:\windows\system32\drivers\aswB22F.tmp
2015-11-30 20:26 . 2015-12-09 21:37 1059656 ----a-w- c:\windows\system32\drivers\aswB0D3.tmp
2015-11-23 22:10 . 2013-03-16 14:54 140158008 ----a-w- c:\windows\system32\MRT.exe
2015-11-19 05:22 . 2015-11-30 16:34 116304 ----a-w- c:\windows\system32\RTNUninst64.dll
2015-11-19 05:22 . 2015-11-30 16:34 82544 ----a-w- c:\windows\system32\RtNicProp64.dll
2015-11-19 05:22 . 2015-11-30 16:34 1026304 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2015-10-20 00:45 . 2015-12-21 16:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-18 23:01 . 2015-12-09 21:37 90968 ----a-w- c:\windows\system32\drivers\aswB1A1.tmp
2015-10-18 23:01 . 2015-12-09 21:37 65224 ----a-w- c:\windows\system32\drivers\aswB1E0.tmp
2015-10-18 23:01 . 2015-12-09 21:37 274808 ----a-w- c:\windows\system32\drivers\aswB28E.tmp
2015-10-18 23:01 . 2015-12-09 21:37 153744 ----a-w- c:\windows\system32\drivers\aswB2BE.tmp
2015-10-18 23:01 . 2015-12-09 21:37 28656 ----a-w- c:\windows\system32\drivers\aswB171.tmp
2015-10-18 23:01 . 2015-12-09 21:37 93528 ----a-w- c:\windows\system32\drivers\aswB151.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-02-19 7416088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-09 5015040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2015-09-04 433160]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2015-06-26 1861640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-11-09 596528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\users\Pato\Documents\aida64extreme550\kerneld.v64;c:\users\Pato\Documents\aida64extreme550\kerneld.v64 [x]
R3 h647906;DragonRise H647906 AMD64 Driver;c:\windows\system32\drivers\h647906.sys;c:\windows\SYSNATIVE\drivers\h647906.sys [x]
R3 h648101;DragonRise H648101 AMD64 Driver;c:\windows\system32\drivers\h648101.sys;c:\windows\SYSNATIVE\drivers\h648101.sys [x]
R3 h648103;DragonRise H648103 AMD64 Driver;c:\windows\system32\drivers\h648103.sys;c:\windows\SYSNATIVE\drivers\h648103.sys [x]
R3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys;c:\windows\SYSNATIVE\drivers\hid7906.sys [x]
R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys;c:\windows\SYSNATIVE\drivers\hid8101.sys [x]
R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys;c:\windows\SYSNATIVE\drivers\hid8103.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 tpg64win7;Gigabit PCI Express Network Adapter Driver;c:\windows\system32\DRIVERS\tpg64win7.sys;c:\windows\SYSNATIVE\DRIVERS\tpg64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 vjoy;vJoy Device;c:\windows\system32\DRIVERS\vjoy.sys;c:\windows\SYSNATIVE\DRIVERS\vjoy.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2016-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-06 15:35]
.
2016-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16 11:01]
.
2016-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16 11:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-11-04 17:01 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-11-04 17:01 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-11-04 17:01 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Descargar con Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Descargar la selección con Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Descargar todo con Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Descargar video con Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.49.130.41 200.42.4.207
FF - ProfilePath - c:\users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\rm5e51lz.default-1363702413358\
user_pref(extensions.autoDisableScopes,14);
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\c:\users\Pato\Documents\aida64extreme550\kerneld.v64"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-01-13 13:06:26
ComboFix-quarantined-files.txt 2016-01-13 16:06
.
Pre-Run: 64.213.401.600 bytes libres
Post-Run: 64.005.840.896 bytes libres
.
- - End Of File - - D4772E1C212CFEF6C6BDE25377B9A173
A36C5E4F47E84449FF07ED3517B43A31

Edited by nasdaq, 07 February 2016 - 01:41 PM.
ComboFix log posted


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 PM

Posted 07 February 2016 - 01:51 PM



I think that at one point Comodo was installed on this computer.

It was possibly removed using the Add/Remove Programs.

This still left some remnant items in the registry that ComboFix found and removed.

Please clean anything else left by this program.

Download and run the Comodo complete uninstaller.

https://forums.comodo.com/install-setup-configuration-faq-cis-b141.0/-t71897.0.html

===

Let me know if the problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users