Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer working only when it wants to


  • This topic is locked This topic is locked
9 replies to this topic

#1 somebadname

somebadname

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 27 February 2016 - 10:42 PM

Hello there;

I am pretty new to these forums, so excuse me if I am doing something wrong (I've read the other posts, though).

Came here to ask for help with some computer problems I've been experiencing lately.

As it is, my computer is running really slow. I know there's a post around that says it could be another thing causing it, but I've tried almost all of those steps, I even cleaned my computer fan and such things, with no apparent improvement.

A week ago I ran Avast (It took a good while) and it detected nine viruses on the computer, which I proceeded to delete. But I am almost sure these programs / malware / whatever they are weren't cleaned completely. Ran CCleaner too, made sure all of the registry entries were valid and no errors were left.

At times, Avast takes nearly 30% of my CPU. I took it out on msconfig, along with Skype and some other things; but then the computer is still slow. Explorer.exe crashes while I am playing certain games, or even at random times. Taskmgr.exe is unable to finish some of the processes running (for example, it cannot finish Chrome (that also freezes), or any other program) then proceeds to freeze too. There are times where my computer can't get past the startup phase and I am forced to shut it down.

Any help would be appreciated.

Thanks in advance.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:47 PM

Posted 28 February 2016 - 09:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
process; 
startupall; 
installedprogs;
firefoxlook; 
chromelook;  
srinfo; 
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#3 somebadname

somebadname
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 28 February 2016 - 12:20 PM

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Michi on 28/02/2016 at 13:35:43,62.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Michi\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
28/02/2016 13:40:05 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Mythos Games deleted successfully
C:\PROGRA~2\Pando Networks deleted successfully
C:\PROGRA~2\Samsung deleted successfully
C:\PROGRA~3\PCDr deleted successfully
C:\Users\Michi\AppData\Roaming\GlarySoft deleted successfully
C:\Users\Michi\AppData\Local\Dell Edoc Viewer deleted successfully
C:\Users\Michi\AppData\Local\Femap deleted successfully
C:\Users\Michi\AppData\Local\Samsung deleted successfully
C:\Users\Michi\AppData\Local\Skype deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-111729985-1987407980-3026307879-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9F6E906-03E2-464D-B762-F811DC4688A9} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Installed Programs ======================
 
64 Bit HP CIO Components Installer  
7-Zip 9.22 (x64 edition)  
Adobe Flash Player 20 ActiveX  
Adobe Reader 9.1.2 - Espa¤ol  
Advanced Audio FX Engine  
Avast Free Antivirus  
Bookworm Adventures en Espa¤ol  
BufferChm  
CCleaner  
Commandos Behind Enemy Lines  
Copy  
Curse  
D3DX10  
DAEMON Tools Lite  
DB Browser for SQLite  
Dell DataSafe Local Backup - Support Software  
Dell DataSafe Local Backup  
Dell Dock  
Dell Edoc Viewer  
Dell Getting Started Guide  
Dell Support Center (Software de asistencia)  
Dell Webcam Central  
Destinations  
DeviceDiscovery  
Discord  
DJ_AIO_03_F2200_Software_Min  
DW WLAN Card  
EveryonePiano 1.7  
F2200  
Galer¡a de fotos  
Google Chrome  
Google Toolbar for Internet Explorer  
Google Update Helper  
GPBaseService2  
Hi-Rez Studios Authenticate and Update Service  
HP Customer Participation Program 13.0  
HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3  
HP Imaging Device Functions 13.0  
HP Photosmart Essential 3.5  
HP Smart Web Printing 4.51  
HP Solution Center 13.0  
HP Update  
HPPhotoGadget  
HPPhotoSmartDiscLabelContent1  
HPPhotosmartEssential  
HPProductAssistant  
HPSSupply  
Intel® Graphics Media Accelerator Driver  
Intel® Management Engine Components  
Java 8 Update 60  
Java Auto Updater  
K-Lite Codec Pack 10.9.5 Basic  
League of Legends  
Live Cam Avatar Creator  
Machinarium  
MarketResearch  
MATLAB R2010a  
Microsoft .NET Framework 4.5.2 (ESN)  
Microsoft .NET Framework 4.5.2 (espa¤ol)  
Microsoft .NET Framework 4.6.1  
Microsoft Application Error Reporting  
Microsoft Office 365 ProPlus - es-es  
Microsoft Office PowerPoint Viewer 2007 (Spanish)  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501  
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005  
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)  
Microsoft Works  
mIRC  
Monitor de la tecnolog¡a Intel© Turbo Boost  
Movie Maker  
MSVCRT  
MSVCRT110  
MSVCRT110_amd64  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
My Free Mahjong  
MyFreeCodec  
Office 15 Click-to-Run Extensibility Component  
Office 15 Click-to-Run Licensing Component  
Office 15 Click-to-Run Localization Component  
Paquete de compatibilidad para 2007 Office system  
Photo Common  
Photo Gallery  
Python 2.7 (64-bit)  
Quickset64  
Realtek High Definition Audio Driver  
Roadrash 95  
Scan  
Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)  
Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)  
Shop for HP Supplies  
SkypeT 7.18  
SmartWebPrinting  
Smite  
Solid Edge ST7  
SolutionCenter  
Status  
Steam  
Synaptics Pointing Device Driver  
TeamSpeak 3 Client  
The Wheat Snooper  
Toolbox  
TrayApp  
UnloadSupport  
WebReg  
WIDCOMM Bluetooth Software  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Wondershare Video Editor(Build 5.0.0)  
Worms Armageddon  
 
==== Running Processes ======================
 
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Michi\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Mythos Games not found
C:\PROGRA~2\Pando Networks not found
C:\PROGRA~2\Samsung not found
C:\Users\Michi\AppData\Local\Samsung not found
C:\Users\Michi\AppData\Roaming\discord deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{EED094CD-0571-1367-0491-9E21398F03AB} deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\found.000 deleted
C:\PROGRA~3\Microsoft\Windows\Start Menu\GoforFiles deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Michi\AppData\Local\Wondershare deleted
C:\Users\Michi\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\Public\Documents\GOOBZO deleted
C:\Users\Public\Documents\YTAHelper deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
 
==== Orphaned Tasks deleted from Registry ======================
 
avast Emergency Update deleted
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-111729985-1987407980-3026307879-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe"
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe /mode2"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AvastUI.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AvastUI.exe"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe\" /nogui"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wondershare Helper Compact.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Wondershare Helper Compact.exe"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IHProtect Service]
 
 
==== Startup Folders ======================
 
2010-06-23 20:13:18 1928 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2010-06-23 20:13:18 1928 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
2010-06-23 20:06:43 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/09/2015 19:19]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/09/2015 19:19]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\klcp_update" ["C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe"]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [24/11/2014 17:19]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [24/11/2014 17:19]
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[04/05/2015 12:34]
 
Google Slides - Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Avast Online Security - Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Web Store Payments - Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Fix ======================
 
C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.prntscr.com_0.localstorage deleted successfully
C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.prntscr.com_0.localstorage-journal deleted successfully
C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully
C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully
C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{FEF62F99-67BA-4CEB-A160-A982777678C7} - http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{0EBA1813-80E5-41B0-8297-43B9C6A60D74} - http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
HKLM\Wow6432Node\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?trackid=sp-006&q={searchTerms}
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache is not empty, a reboot is needed
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
======== System Restore Points ========
 
RP230: 15/10/2015 02:02:36 - Windows Update
RP231: 20/10/2015 22:39:17 - Windows Update
RP232: 22/10/2015 16:23:14 - Installed Python 2.7 (64-bit)
RP233: 27/10/2015 20:39:06 - Windows Update
RP234: 03/11/2015 20:36:32 - Windows Update
RP235: 07/11/2015 00:16:33 - Windows Update
RP236: 09/11/2015 02:48:42 - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
RP237: 09/11/2015 21:19:24 - Removed Nero BurningROM 2016.
RP238: 10/11/2015 01:03:45 - Instalado League of Legends
RP239: 10/11/2015 01:08:57 - Se ha instalado DirectX
RP240: 10/11/2015 20:53:26 - Windows Update
RP241: 11/11/2015 02:16:18 - Windows Update
RP242: 11/11/2015 18:23:58 - Windows Update
RP243: 12/11/2015 01:41:47 - Windows Update
RP244: 13/11/2015 02:35:16 - Windows Update
RP245: 13/11/2015 20:40:49 - Windows Update
RP246: 17/11/2015 19:53:15 - Windows Update
RP247: 24/11/2015 22:17:15 - Windows Update
RP248: 28/11/2015 22:10:46 - Windows Update
RP249: 02/12/2015 00:12:24 - Windows Update
RP250: 08/12/2015 14:22:00 - Windows Update
RP251: 10/12/2015 01:07:17 - Windows Update
RP252: 16/12/2015 00:39:11 - Windows Update
RP253: 18/12/2015 02:48:19 - Windows Update
RP254: 23/12/2015 00:54:13 - Windows Update
RP255: 30/12/2015 00:24:08 - Windows Update
RP256: 05/01/2016 16:54:55 - Windows Update
RP257: 08/01/2016 19:49:17 - Windows Update
RP258: 12/01/2016 21:18:50 - Windows Update
RP259: 13/01/2016 03:00:16 - Windows Update
RP260: 14/01/2016 02:58:37 - Windows Update
RP261: 19/01/2016 19:57:31 - Windows Update
RP262: 26/01/2016 23:10:55 - Windows Update
RP263: 30/01/2016 03:03:22 - Windows Update
RP264: 02/02/2016 12:41:09 - Windows Update
RP265: 05/02/2016 16:13:02 - Windows Update
RP266: 07/02/2016 00:02:58 - Installed Hi-Rez Studios Games
RP267: 09/02/2016 18:00:37 - Windows Update
RP268: 10/02/2016 17:17:08 - Windows Update
RP269: 10/02/2016 17:51:56 - Windows Update
RP270: 11/02/2016 02:07:10 - Windows Update
RP272: 14/02/2016 20:18:52 - Removed Skype™ 7.13
RP273: 16/02/2016 20:14:10 - Windows Update
RP274: 23/02/2016 16:51:34 - Windows Update
RP275: 26/02/2016 16:55:40 - Windows Update
RP276: 27/02/2016 02:46:08 - Windows Update
RP277: 28/02/2016 13:39:39 - zoek.exe restore point
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=1262 folders=141 277997258 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Michi\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Michi\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Michi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XMBTHUV5\skype.com"  not found
 
==== EOF on 28/02/2016 at 14:15:18,90 ======================
 
Computer is behaving better, but I have not turned on Avast and the startup programs again. I'll reboot then re-edit the comment.
Edit: Avast is not the one freezing my computer; it seems to be Skype. Besides that, everything is working fine. I guess I'll stick to Skype on a cellphone. Now the computer doesn't freeze at all during startups, but I don't know about the explorer.exe crashes. I'll take a look at that during the day. Thanks!

Edited by somebadname, 28 February 2016 - 12:31 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:47 PM

Posted 28 February 2016 - 03:01 PM

Now that we have made some progress please run this tool.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

#5 somebadname

somebadname
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 29 February 2016 - 02:46 PM

Hey there:

Sorry for the delay. I was checking if Explorer.exe would crash during the day and the answer is positive.

 

Here is the FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Michi (administrator) on MICHI-PC (29-02-2016 16:19:40)
Running from C:\Users\Michi\Desktop
Loaded Profiles: Michi (Available Profiles: Michi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\Setup\instup.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.11\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.51\deploy\LoLPatcher.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.51\deploy\LoLPatcherUx.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.51\deploy\LoLPatcherUx.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3178064 2010-01-05] (Dell Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-111729985-1987407980-3026307879-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-111729985-1987407980-3026307879-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-111729985-1987407980-3026307879-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6480664 2014-09-25] (Piriform Ltd)
HKU\S-1-5-21-111729985-1987407980-3026307879-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-05-04] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-06-23]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-06-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-06-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 190.54.120.23 190.54.110.23
Tcpip\..\Interfaces\{053A8158-D39A-4802-96AF-784F179106DC}: [DhcpNameServer] 190.54.120.23 190.54.110.23
Tcpip\..\Interfaces\{05A3DEC8-A870-48BC-8EBB-1212832F0ED4}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{29D81155-B79B-4A04-8D0A-370E90C495F7}: [NameServer] 172.18.150.35 172.18.236.99
Tcpip\..\Interfaces\{2B163C8E-9C13-4840-88EF-98E4612CBFE3}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{498D3123-4DE6-4C8D-9D9C-8DCC876E3FEC}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{62121125-9195-4601-86ED-5AF24AB1802B}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{7052C1FD-7E76-4832-A3EB-6E1330B31286}: [NameServer] 172.18.150.35 172.18.236.99
Tcpip\..\Interfaces\{7D8DC48A-8BC4-411F-BD98-2BF0C2AA404B}: [NameServer] 172.18.150.35 172.18.236.99
Tcpip\..\Interfaces\{97C7F193-8FE6-45DC-916D-78271B683DB7}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{9BCCDFFA-69E3-4EC4-A85B-107B93A98959}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{9BFF5A74-2338-414F-BD7C-0DA5072C9C0C}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{9FC4EF16-4FAD-406B-A70A-BAE2D8BE00BA}: [NameServer] 172.18.150.35 172.18.236.99
Tcpip\..\Interfaces\{A3A00714-E282-4BD9-BC67-538BAED12164}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{A9F34EDB-623A-4C90-B57A-F8154380B4DC}: [NameServer] 172.18.150.35 172.18.236.99
Tcpip\..\Interfaces\{AC283A45-6989-4F88-9F21-C5CCB2FBEDA7}: [NameServer] 172.18.150.35 172.18.236.99
Tcpip\..\Interfaces\{BAD83EAD-BECB-4A0E-8829-1AE498D2FDFB}: [NameServer] 172.18.150.35 172.18.236.99
Tcpip\..\Interfaces\{C16A50C0-C090-4C00-9B64-AE824D09D223}: [NameServer] 172.18.236.99 172.18.150.35
Tcpip\..\Interfaces\{C3650FE0-C1A1-426E-8FC7-277E5D867C9D}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{CD73A2C0-1402-4C60-953E-E6DF5766ADD1}: [NameServer] 172.18.150.35 172.18.236.99
Tcpip\..\Interfaces\{D2C72D3A-DD75-4942-8FB0-AC1496089DC2}: [DhcpNameServer] 190.54.120.23 190.54.110.23
Tcpip\..\Interfaces\{E2A4BB32-27CC-401B-AAC8-64153D9962FE}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{E4F4FED0-C69F-4BA0-B4C1-3D98F407D69D}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{EF89177F-F329-480B-A1C5-ABD903B4ACCB}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{F086D1AC-E8FC-4F9D-A759-90E4BDDD3F50}: [NameServer] 172.18.150.35 172.18.236.99
Tcpip\..\Interfaces\{F4286667-F205-4135-82EE-6FBC7E317728}: [NameServer] 172.18.236.99 200.63.56.5
Tcpip\..\Interfaces\{FEC9F61E-CEA6-472E-B8EB-5C4596B3C4C8}: [NameServer] 172.18.236.99 200.63.56.5
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-111729985-1987407980-3026307879-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-111729985-1987407980-3026307879-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-111729985-1987407980-3026307879-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> {FEF62F99-67BA-4CEB-A160-A982777678C7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0EBA1813-80E5-41B0-8297-43B9C6A60D74} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-111729985-1987407980-3026307879-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-111729985-1987407980-3026307879-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-22] (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-01-12] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2015-12-10]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-11-24] [not signed]
FF HKU\S-1-5-21-111729985-1987407980-3026307879-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.cl/
CHR StartupUrls: Default -> "hxxps://www.google.cl/"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR Profile: C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Diapositivas de Google) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-10]
CHR Extension: (Google Docs) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Búsqueda de Google) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-10]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Avast Online Security) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Extension: (Gmail) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-05-04]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-05-04] (Avast Software s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-02-02] (Hi-Rez Studios) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-01] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 ALSysIO; \??\C:\Users\Michi\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-29 16:19 - 2016-02-29 16:23 - 00021474 _____ C:\Users\Michi\Desktop\FRST.txt
2016-02-29 16:19 - 2016-02-29 16:19 - 00000000 ____D C:\FRST
2016-02-29 00:47 - 2016-02-29 00:48 - 02371072 _____ (Farbar) C:\Users\Michi\Desktop\FRST64.exe
2016-02-28 14:36 - 2016-02-28 14:36 - 00059110 _____ C:\Users\Michi\Downloads\[pizzasheet] 2016-02-27 00.46.14 [Online] @bfwPIZZAKUNTae, cfcdaiNa.WAgame
2016-02-28 14:13 - 2016-02-28 13:35 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-02-28 13:35 - 2016-02-28 14:09 - 00000000 ____D C:\zoek_backup
2016-02-28 13:34 - 2016-02-28 13:34 - 01309184 _____ C:\Users\Michi\Desktop\zoek.exe
2016-02-28 00:06 - 2016-02-28 00:06 - 00089418 _____ C:\Windows\ntbtlog.txt
2016-02-27 14:49 - 2016-02-27 17:48 - 00131205 ____N C:\Users\Michi\Desktop\Gmail - Giftcard LANPASS1.pdf
2016-02-27 14:49 - 2016-02-27 17:48 - 00130682 ____N C:\Users\Michi\Desktop\Gmail - Giftcard LANPASS2.pdf
2016-02-27 14:48 - 2016-02-27 14:48 - 00262177 _____ C:\Users\Michi\Desktop\imprimir.zip
2016-02-25 19:11 - 2016-02-29 16:20 - 00000191 _____ C:\Users\Michi\Desktop\quotes.txt
2016-02-24 19:09 - 2016-02-24 19:09 - 00097634 _____ C:\Users\Michi\Downloads\[dibz] 2016-02-24 20.04.52 [Online] @dibs`420, cfcdaiNa.WAgame
2016-02-24 19:07 - 2016-02-24 19:07 - 00053826 _____ C:\Users\Michi\Downloads\[dibz] 2016-02-24 20.21.30 [Online] @dibs`420, cfcdaiNa.WAgame
2016-02-21 23:52 - 2016-02-21 23:52 - 00108553 _____ C:\Users\Michi\Downloads\[NxC] 2016-02-19 16.29.06 [Online] @BdL`nXc`a2b, NBRthewalrus.WAgame
2016-02-21 16:57 - 2016-02-21 16:57 - 00141938 _____ C:\Users\Michi\Downloads\[dibz] 2016-02-15 13.43.56 [Online] @dibs`420, Sniper.WAgame
2016-02-21 16:46 - 2016-02-21 16:46 - 00309297 _____ C:\Users\Michi\Downloads\[HHC] 2016-02-21 18.12.10 [Online] NBRthewalrus, HuskyTdC, @che`hhc, `Komito, pavlepavle, Peja`che.WAgame
2016-02-18 23:17 - 2016-02-18 23:17 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos Bluetooth
2016-02-17 00:04 - 2016-02-17 00:08 - 00000000 ____D C:\Users\Michi\Downloads\SM Star Road Final (PPF)
2016-02-17 00:04 - 2016-02-17 00:06 - 00000000 ____D C:\Users\Michi\Downloads\Star Revenge Redone v2.0.1
2016-02-17 00:04 - 2016-02-17 00:06 - 00000000 ____D C:\Users\Michi\Downloads\SS2MM
2016-02-17 00:03 - 2016-02-17 00:03 - 12310096 _____ C:\Users\Michi\Downloads\SM Star Road Final (PPF).zip
2016-02-17 00:02 - 2016-02-17 00:02 - 06245188 _____ C:\Users\Michi\Downloads\Star Revenge Redone v2.0.1.zip
2016-02-17 00:01 - 2016-02-17 00:02 - 07252268 _____ C:\Users\Michi\Downloads\SS2MM.zip
2016-02-16 23:36 - 2016-02-16 23:36 - 00159429 _____ C:\Users\Michi\Downloads\[NxC] 2016-02-17 01.26.22 [Online] @BdL`nXc`a2b, DeadTdC, BdL`DaRiO`b3`ZaR.WAgame
2016-02-15 18:56 - 2016-02-15 18:56 - 00000000 ____D C:\Users\Michi\Downloads\UM64
2016-02-15 16:06 - 2016-02-15 16:06 - 00192749 _____ C:\Users\Michi\Downloads\[RichUK] 2016-02-12 15.04.11 [Online] Sniper, @`Pn`RichUK.WAgame
2016-02-15 16:05 - 2016-02-15 16:05 - 00158126 _____ C:\Users\Michi\Downloads\[RichUK] 2016-02-11 20.14.12 [Online] Sensei`hcp, @`Pn`RichUK.WAgame
2016-02-14 20:27 - 2016-02-14 20:27 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-14 20:27 - 2016-02-14 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-14 20:25 - 2016-02-14 20:26 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Michi\Downloads\SkypeSetup.exe
2016-02-14 17:02 - 2016-02-14 17:02 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-02-14 00:31 - 2016-02-14 00:31 - 00089068 _____ C:\Users\Michi\Downloads\[vesuvio] 2016-02-14 01.20.08 [Online] @vesuvio, Sniper.WAgame
2016-02-13 23:47 - 2016-02-13 23:48 - 00154550 _____ C:\Users\Michi\Downloads\[spleen17] 2016-02-14 02.19.04 [Online] @NBRspleen17, bfwPIZZASHEETae.WAgame
2016-02-11 22:17 - 2016-02-11 22:18 - 00063376 _____ C:\Users\Michi\Downloads\UM64.zip
2016-02-11 02:10 - 2016-02-11 02:10 - 00000000 ____D C:\26de2099345c6c2183740685c32417
2016-02-11 02:07 - 2016-02-11 02:08 - 00000000 ____D C:\e4b46d766bbbbaca25f1691af5
2016-02-10 22:23 - 2016-02-10 22:23 - 00070477 _____ C:\Users\Michi\Downloads\2016-02-06 05.39.20 [Online] @`Pn``Street`P`B.WAgame
2016-02-10 17:32 - 2016-02-10 17:32 - 00000000 ____D C:\fee996a5223e697a03c6806b2dce1c
2016-02-09 18:13 - 2016-01-22 03:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 18:13 - 2016-01-22 03:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-09 18:13 - 2016-01-22 03:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 18:13 - 2016-01-22 03:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-09 18:13 - 2016-01-22 03:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-09 18:13 - 2016-01-22 02:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-09 18:13 - 2016-01-22 02:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-09 18:13 - 2016-01-22 02:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-09 18:10 - 2016-01-16 16:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 18:10 - 2016-01-16 16:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-09 18:10 - 2016-01-16 15:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 18:10 - 2016-01-16 15:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-09 18:10 - 2016-01-11 11:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 18:10 - 2016-01-11 11:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 18:10 - 2016-01-11 11:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 18:10 - 2016-01-11 11:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 18:10 - 2016-01-11 11:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 18:10 - 2016-01-07 14:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 18:10 - 2016-01-06 16:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-09 18:10 - 2016-01-06 16:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-09 18:10 - 2016-01-06 15:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-09 18:09 - 2016-01-11 16:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-09 18:09 - 2016-01-11 16:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-09 18:09 - 2016-01-11 16:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-09 18:09 - 2016-01-11 15:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-09 18:09 - 2016-01-11 15:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-09 18:09 - 2016-01-11 15:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-09 18:09 - 2016-01-11 15:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 18:09 - 2016-01-11 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-09 18:09 - 2016-01-11 15:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-09 18:09 - 2016-01-11 15:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-09 18:09 - 2016-01-11 15:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 18:09 - 2016-01-11 15:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-09 18:09 - 2016-01-11 15:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-09 18:09 - 2016-01-11 15:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-09 18:09 - 2016-01-11 15:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-09 18:09 - 2016-01-11 15:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-09 18:09 - 2016-01-07 14:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 18:09 - 2015-12-20 15:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-09 18:09 - 2015-12-20 15:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-09 18:09 - 2015-12-20 11:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-09 18:08 - 2016-02-09 18:08 - 00010184 _____ C:\Users\Michi\Downloads\SurrenderTest.WAgame
2016-02-09 18:08 - 2016-01-22 03:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 18:08 - 2016-01-22 03:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-09 18:08 - 2016-01-22 03:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-09 18:08 - 2016-01-22 03:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 18:08 - 2016-01-22 03:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 18:08 - 2016-01-22 03:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-09 18:08 - 2016-01-22 03:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-09 18:08 - 2016-01-22 03:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 18:08 - 2016-01-22 03:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 18:08 - 2016-01-22 03:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 18:08 - 2016-01-22 03:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 18:08 - 2016-01-22 03:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-09 18:08 - 2016-01-22 03:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 18:08 - 2016-01-22 03:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-09 18:08 - 2016-01-22 03:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 18:08 - 2016-01-22 03:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 18:08 - 2016-01-22 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 18:08 - 2016-01-22 03:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 18:08 - 2016-01-22 03:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 18:08 - 2016-01-22 03:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-09 18:08 - 2016-01-22 03:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 18:08 - 2016-01-22 03:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 18:08 - 2016-01-22 03:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 18:08 - 2016-01-22 03:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 18:08 - 2016-01-22 03:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-09 18:08 - 2016-01-22 03:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-09 18:08 - 2016-01-22 03:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 18:08 - 2016-01-22 03:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 18:08 - 2016-01-22 03:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 18:08 - 2016-01-22 03:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-09 18:08 - 2016-01-22 03:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-09 18:08 - 2016-01-22 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 18:08 - 2016-01-22 03:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 18:08 - 2016-01-22 03:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 03:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 18:08 - 2016-01-22 03:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-09 18:08 - 2016-01-22 03:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-09 18:08 - 2016-01-22 03:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 18:08 - 2016-01-22 03:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-09 18:08 - 2016-01-22 03:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-09 18:08 - 2016-01-22 03:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-09 18:08 - 2016-01-22 03:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-09 18:08 - 2016-01-22 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-09 18:08 - 2016-01-22 03:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-09 18:08 - 2016-01-22 03:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-09 18:08 - 2016-01-22 03:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-09 18:08 - 2016-01-22 03:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-09 18:08 - 2016-01-22 03:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-09 18:08 - 2016-01-22 03:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-09 18:08 - 2016-01-22 03:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-09 18:08 - 2016-01-22 03:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-09 18:08 - 2016-01-22 03:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-09 18:08 - 2016-01-22 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-09 18:08 - 2016-01-22 03:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 02:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-09 18:08 - 2016-01-22 02:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-09 18:08 - 2016-01-22 02:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-09 18:08 - 2016-01-22 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-09 18:08 - 2016-01-22 01:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-09 18:08 - 2016-01-22 01:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-09 18:08 - 2016-01-22 01:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-09 18:08 - 2016-01-22 01:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 18:08 - 2016-01-22 01:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 18:08 - 2016-01-22 01:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-09 18:08 - 2016-01-22 01:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-09 18:08 - 2016-01-22 01:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-09 18:08 - 2016-01-22 01:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-09 18:08 - 2016-01-22 01:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-09 18:08 - 2016-01-22 01:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 01:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 01:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 18:08 - 2016-01-22 01:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-07 21:59 - 2016-02-07 21:59 - 00072197 _____ C:\Users\Michi\Downloads\[Komito] 2016-02-07 21.13.59 [Online] @cfc`Komito`dS, RoH`lactose`b2b, Sensei`hcp.WAgame
2016-02-07 21:59 - 2016-02-07 21:59 - 00053186 _____ C:\Users\Michi\Downloads\[Komito] 2016-02-07 23.19.08 [Online] @cfc`Komito`dS, dibs`420.WAgame
2016-02-07 02:13 - 2016-02-07 02:13 - 00011108 _____ C:\Users\Michi\Downloads\2016-02-07 01.08.53 [Online] Sniper, @NBRwalrussian.WAgame
2016-02-07 02:13 - 2016-02-07 02:13 - 00011108 _____ C:\Users\Michi\Downloads\2016-02-07 01.08.53 [Online] Sniper, @NBRwalrussian (1).WAgame
2016-02-07 00:45 - 2016-02-07 00:45 - 00019185 _____ C:\ComboFix.txt
2016-02-07 00:26 - 2016-02-07 00:27 - 05657667 ____R (Swearware) C:\Users\Michi\Downloads\ComboFix.exe
2016-02-07 00:04 - 2016-02-07 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-02-07 00:04 - 2016-02-07 00:04 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-02-07 00:03 - 2016-02-07 00:04 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-02-07 00:01 - 2016-02-07 00:01 - 50838208 _____ (Hi-Rez Studios) C:\Users\Michi\Downloads\InstallSmite.exe
2016-02-03 18:19 - 2016-02-03 18:19 - 00093677 _____ C:\Users\Michi\Downloads\wkWormNAT2.zip
2016-02-02 14:52 - 2016-02-02 14:52 - 00003145 _____ C:\Users\Michi\Downloads\Cálculos Fiorela.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-29 16:21 - 2009-07-14 01:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-29 16:21 - 2009-07-14 01:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-29 16:19 - 2014-07-22 00:19 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-29 16:17 - 2013-10-11 12:25 - 00000000 ____D C:\Users\Michi\AppData\Roaming\Skype
2016-02-29 16:16 - 2011-03-11 16:48 - 00000000 ____D C:\Users\Michi\AppData\Local\SoftThinks
2016-02-29 16:16 - 2010-06-23 17:27 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-02-29 16:16 - 2010-06-23 17:27 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-02-29 16:16 - 2010-06-23 17:17 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-02-29 16:14 - 2013-11-26 15:48 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-29 16:14 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-29 02:26 - 2015-08-27 17:26 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-29 01:42 - 2013-11-26 15:48 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-28 14:15 - 2014-01-30 18:08 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-02-28 14:08 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-02-28 14:08 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-02-27 14:46 - 2014-06-10 21:26 - 00000000 ____D C:\Users\Michi\AppData\Local\ElevatedDiagnostics
2016-02-27 14:45 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-02-27 02:47 - 2015-04-04 07:51 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-27 02:47 - 2015-04-04 07:51 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-22 21:09 - 2016-01-12 20:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-22 21:06 - 2016-01-12 20:50 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-19 17:45 - 2015-09-30 19:21 - 00002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-17 20:03 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2016-02-15 19:33 - 2009-07-14 06:31 - 00747646 _____ C:\Windows\system32\perfh00A.dat
2016-02-15 19:33 - 2009-07-14 06:31 - 00159086 _____ C:\Windows\system32\perfc00A.dat
2016-02-15 19:33 - 2009-07-14 02:13 - 01676890 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-14 20:27 - 2014-09-30 20:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-14 20:27 - 2013-10-11 12:25 - 00000000 ____D C:\ProgramData\Skype
2016-02-14 17:02 - 2012-11-01 01:31 - 00000000 ____D C:\Users\Michi\AppData\Roaming\DAEMON Tools Lite
2016-02-13 02:04 - 2015-01-28 19:34 - 00000000 ____D C:\Windows\pss
2016-02-11 02:09 - 2009-07-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-10 18:38 - 2009-07-14 01:45 - 00472552 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 18:36 - 2014-12-10 18:57 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-10 18:36 - 2014-06-05 18:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-10 18:36 - 2009-07-14 07:10 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 18:16 - 2013-11-13 12:36 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 18:16 - 2013-11-13 12:36 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 18:10 - 2009-07-14 02:08 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-10 18:00 - 2013-12-13 00:09 - 01651476 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-09 23:26 - 2015-08-27 17:26 - 00003776 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 23:26 - 2013-11-26 15:48 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 23:26 - 2013-11-26 15:48 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-09 22:37 - 2013-11-26 15:48 - 00004032 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-09 22:37 - 2013-11-26 15:48 - 00003780 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-07 18:07 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-07 02:14 - 2009-07-13 23:34 - 00000798 _____ C:\Windows\win.ini
2016-02-07 00:45 - 2014-07-21 22:53 - 00000000 ____D C:\Qoobox
2016-02-07 00:42 - 2009-07-13 23:34 - 00000215 _____ C:\Windows\system.ini
2016-02-07 00:15 - 2013-02-24 22:20 - 00000000 ____D C:\Users\Michi\Desktop\Juegos
2016-02-07 00:03 - 2010-06-23 17:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-06 21:28 - 2015-12-25 20:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-04 21:15 - 2014-10-26 15:20 - 00000000 ____D C:\Users\Michi\Desktop\Gaby
2016-02-02 13:35 - 2014-11-24 19:12 - 00000000 ____D C:\Users\Michi\Desktop\op
 
==================== Files in the root of some directories =======
 
2013-02-26 02:00 - 2016-01-01 20:02 - 0009218 _____ () C:\Users\Michi\AppData\Roaming\wklnhst.dat
2014-07-21 15:32 - 2015-06-06 23:20 - 0007622 _____ () C:\Users\Michi\AppData\Local\Resmon.ResmonCfg
2014-11-24 17:14 - 2014-11-24 17:21 - 0000814 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-28 15:42
 
==================== End of FRST.txt ============================
 
The Addition.txt could be in Spanish (I speak spanish, and I think I read some parts on the .txt that were written on it aswell)

Attached Files


Edited by somebadname, 29 February 2016 - 02:48 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:47 PM

Posted 01 March 2016 - 08:52 AM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-111729985-1987407980-3026307879-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-111729985-1987407980-3026307879-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR Extension: (Avast Online Security) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-05-04]
S3 ALSysIO; \??\C:\Users\Michi\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

---

If the computer is still slow the culprit may well be this process.

C:\Program Files\Alwil Software\Avast5\Setup\instup.exe
https://forum.avast.com/index.php?topic=145171.0

First I would run the MSCONFIG.EXE from the Start run box and disable it.

If that helps then download and run their uninstall utility from this site:
https://avast-removal-tool.com/

When completed restart the computer normally.

Reinstall the application.
===

#7 somebadname

somebadname
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 02 March 2016 - 04:23 PM

Hey,

Sorry for the late response.

I've been trying to find the AVAST code I used to install it, with no success so I'll probably try to use another antivirus (Do you know any good one? :P)

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Michi (2016-03-01 17:06:00) Run:1
Running from C:\Users\Michi\Desktop
Loaded Profiles: Michi (Available Profiles: Michi)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-111729985-1987407980-3026307879-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-111729985-1987407980-3026307879-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR Extension: (Avast Online Security) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-05-04]
S3 ALSysIO; \??\C:\Users\Michi\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-111729985-1987407980-3026307879-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. 
"HKU\S-1-5-21-111729985-1987407980-3026307879-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
ALSysIO => service removed successfully
catchme => service removed successfully
ewusbnet => service removed successfully
ew_hwusbdev => service removed successfully
ew_usbenumfilter => service removed successfully
Huawei => service removed successfully
huawei_cdcacm => service removed successfully
huawei_enumerator => service removed successfully
huawei_ext_ctrl => service removed successfully
huawei_wwanecm => service removed successfully
hwdatacard => service removed successfully
hwusbdev => service removed successfully
EmptyTemp: => 607.6 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-01 17:12:04)
 
"C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 17:12:05 ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:47 PM

Posted 03 March 2016 - 08:37 AM

Recommendation of AV on this link.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

What are the remaining issues with this computer?

#9 somebadname

somebadname
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 03 March 2016 - 09:40 PM

None :) it works perfectly.

Thanks for the great help, dude. Greatly appreciated.

I'll try to follow the advices on that link. Seems like I only had bugs, and no viruses after all. 

Once again, thanks. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:47 PM

Posted 08 March 2016 - 07:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users