Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with zodiac-game.info start page in Chrome


  • This topic is locked This topic is locked
18 replies to this topic

#1 codo

codo

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 06 February 2017 - 05:59 PM

Hello!

My Google Chrome has been infected with the zodiac-game.info start page. I'm not new to computers, but this one is being tough. I've tried with different methods which included Adwcleaner or Antimalware bytes, but it always shows up again. I'll be so thankful if somebody could help me.

Attached Files

  • Attached File  FRST.txt   253.87KB   3 downloads


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 06 February 2017 - 10:06 PM

Greetings codo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like to get the FRST reports in English so that it is easier for me to review. Please right click on the FRST icon, select Rename, and rename it to FRST64english. Copy and paste both documents in your reply. If necessary, post the FRST.txt and Addition.txt reports in separate posts.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 codo

codo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 06 February 2017 - 10:30 PM

Greetings, Gary. File renamed, logs created and attached. Waiting for further instructions :thumbsup:

Thanks, What you guys do it's beautiful.
Attached File  FRST.txt   251.75KB   3 downloads
Attached File  Addition.txt   31.92KB   4 downloads

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by codo (administrator) on CHEMAPC (07-02-2017 04:18:03)
Running from C:\Users\codo\Downloads\Borrando zodiac-game.info
Loaded Profiles: codo (Available Profiles: codo)
Platform: Windows 10 Pro Version 1607 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Ditto\Ditto.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ArcaneSanctum.Net) C:\Portables\Negative Screen\NegativeScreen.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
() C:\Program Files\Ditto\Ditto.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tixati Software Inc.) C:\Program Files\tixati\tixati.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\codo\Downloads\Borrando zodiac-game.info\FRST64english.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776704 2016-12-09] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [474648 2015-08-28] (Acronis)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-01-17] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [690784 2015-08-20] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7092552 2015-08-28] ()
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1975808 2015-01-10] ()
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\Run: [codo] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\MountPoints2: {dd5089f2-e674-11e6-9443-bc5ff4a7e5a8} - "X:\setup.exe"
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\codo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\codo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\codo\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-07-23] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-07-23] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-07-23] (Acronis)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
Startup: C:\Users\codo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NegativeScreen.exe - Acceso directo.lnk [2017-01-20]
ShortcutTarget: NegativeScreen.exe - Acceso directo.lnk -> C:\Portables\Negative Screen\NegativeScreen.exe (ArcaneSanctum.Net)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 activation.acronis.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{54c88afb-0990-40e2-aafe-831335251d25}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{abc909a8-1c96-4d49-bd16-7d28503ff351}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d5ee92c4-216c-4f26-9c6a-f36baed0b3db}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{df056b45-fcbc-4704-9593-88deff67c0fb}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-11] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.es/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=6044000CF11EDCEC&affID=122471&tsp=4951","hxxps://www.google.es/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default [2017-02-07]
CHR Extension: (Traductor de Google) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-11]
CHR Extension: (Presentaciones de Google) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-11]
CHR Extension: (TransOver) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aggiiclaiamajehmlfpkjmlbadmkledi [2017-01-19]
CHR Extension: (Google Docs) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-11]
CHR Extension: (Google Drive) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-11]
CHR Extension: (Turn Off the Lights) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-01-29]
CHR Extension: (YouTube) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-11]
CHR Extension: (Adblock Plus) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-11]
CHR Extension: (Reluminate) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejfgkpndiembgmnikjbdkbiiobdmcgji [2017-01-11]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-11]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-11]
CHR Extension: (Disconnect) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2017-01-11]
CHR Extension: (The Great Suspender) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-01-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-01-15]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-01-28]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-11]
CHR Extension: (Chrome Media Router) - C:\Users\codo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-11]
CHR HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfbackd; C:\Program Files (x86)\Disk Drill\cfbackd.w32.exe [211520 2016-09-29] (CleverFiles)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-01-17] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asstahci64; C:\WINDOWS\System32\drivers\asstahci64.sys [89960 2016-05-17] (Asmedia Technology)
S3 athrusb; C:\WINDOWS\System32\drivers\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [323040 2017-01-15] (Acronis International GmbH)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-11] (REALiX™)
S4 IObitUnlocker; C:\Program Files (x86)\Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-06] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2017-01-11] (Realtek )
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [163644 2017-01-29] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1057728 2017-01-15] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [206800 2017-01-15] (Acronis International GmbH)
R0 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [567888 2017-01-15] (Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-07 04:15 - 2017-02-07 04:15 - 00259959 _____ C:\Users\codo\Downloads\FRST.txt
2017-02-07 04:06 - 2017-02-07 04:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renegade Ops Collection
2017-02-07 04:03 - 2017-02-07 04:03 - 00000000 ____D C:\Users\codo\Downloads\HD Dani
2017-02-07 04:02 - 2017-02-07 04:07 - 00000000 ____D C:\Program Files (x86)\Renegade Ops Collection
2017-02-07 03:15 - 2017-02-07 03:15 - 00000000 ____D C:\Users\codo\Downloads\Emulador Mando XBOX
2017-02-07 03:15 - 2017-02-07 03:15 - 00000000 ____D C:\Users\codo\Downloads\Archivos madre esenciales
2017-02-07 03:08 - 2017-02-07 04:18 - 00000000 ____D C:\Users\codo\Downloads\Borrando zodiac-game.info
2017-02-07 02:40 - 2017-02-07 04:06 - 00000000 ____D C:\Users\codo\Downloads\MEGA Descargas
2017-02-07 02:39 - 2017-02-07 02:39 - 00000000 ____D C:\Users\codo\AppData\Local\MegaDownloader
2017-02-07 02:39 - 2017-02-07 02:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader
2017-02-07 02:39 - 2017-02-07 02:39 - 00000000 ____D C:\Program Files\MegaDownloader
2017-02-07 02:11 - 2017-02-07 02:11 - 00003638 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-06 23:30 - 2017-02-07 04:18 - 00000000 ____D C:\FRST
2017-02-06 17:30 - 2017-02-06 17:30 - 00000000 ____D C:\ProgramData\X360CE
2017-02-06 16:03 - 2017-02-06 16:03 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-02-05 01:28 - 2017-02-05 01:42 - 00000000 ____D C:\Users\codo\Documents\Streets of Fury Save and Config
2017-02-05 01:28 - 2017-02-05 01:28 - 00000000 ____D C:\ProgramData\SkidRow
2017-02-05 01:27 - 2017-02-05 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guard Crush Games
2017-02-05 01:27 - 2017-02-05 01:27 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-02-05 00:59 - 2017-02-05 00:59 - 00000000 ____D C:\Users\codo\Documents\Disney Interactive Studios
2017-02-05 00:55 - 2017-02-05 00:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-05 00:55 - 2017-02-05 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios
2017-02-04 22:29 - 2017-02-04 22:29 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2017-02-04 22:29 - 2017-02-04 22:29 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2017-02-04 22:29 - 2017-02-04 22:29 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2017-02-04 22:29 - 2017-02-04 22:29 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2017-02-04 22:29 - 2017-02-04 22:29 - 00000000 ____D C:\Users\codo\AppData\LocalLow\NoBrakesGames
2017-02-04 22:29 - 2017-02-04 22:29 - 00000000 ____D C:\Program Files (x86)\OpenAL
2017-02-04 22:28 - 2017-02-04 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Human Fall Flat
2017-02-04 22:17 - 2017-02-04 22:21 - 00000000 ____D C:\Users\codo\AppData\Local\RivalsofAether
2017-02-04 21:52 - 2017-02-04 21:54 - 00000000 ____D C:\Users\codo\AppData\Local\Ms. Splosion Man
2017-02-04 17:20 - 2017-02-04 17:20 - 00000000 ____D C:\ProgramData\InterAction studios
2017-02-03 05:37 - 2017-02-06 15:56 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-03 05:36 - 2017-02-06 16:00 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-03 05:28 - 2017-02-06 16:06 - 00000000 ____D C:\AdwCleaner
2017-02-03 02:57 - 2017-02-03 02:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedRunners
2017-02-03 01:55 - 2017-02-03 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spelunky [GOG.com]
2017-02-03 01:43 - 2017-02-03 01:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spelunky Classic [GOG.com]
2017-02-03 01:16 - 2017-02-04 01:37 - 00004772 _____ C:\Users\codo\AppData\Roaming\SpeedRunnersLog.txt
2017-02-03 01:16 - 2017-02-03 01:16 - 00000000 ____D C:\Users\codo\AppData\Roaming\Steam
2017-02-02 23:54 - 2017-02-02 23:54 - 00000000 ____D C:\Users\codo\AppData\Roaming\BrawlhallaAir
2017-02-02 18:27 - 2017-02-02 18:27 - 00000000 ____D C:\Program Files\Unity
2017-02-01 04:45 - 2017-02-01 04:54 - 00000000 ____D C:\Users\codo\AppData\Local\Insanely Twisted Shadow Planet
2017-02-01 04:45 - 2017-02-01 04:45 - 00000000 ____D C:\Users\codo\AppData\Roaming\Saints Row IV
2017-02-01 04:45 - 2017-02-01 04:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saints Row IV
2017-02-01 04:43 - 2017-02-01 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Game Studios
2017-02-01 04:39 - 2017-02-01 04:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2017-02-01 04:38 - 2017-02-01 04:38 - 00000000 ____D C:\Program Files (x86)\DAMN NFO Viewer
2017-02-01 03:06 - 2017-02-04 01:38 - 00000000 ____D C:\Users\codo\Documents\My Games
2017-02-01 02:50 - 2017-02-01 02:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-01 02:50 - 2017-02-01 02:50 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-01 02:49 - 2017-02-01 02:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocket League
2017-01-30 15:31 - 2017-01-30 15:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-01-29 03:00 - 2017-02-04 23:07 - 00000000 ____D C:\Users\codo\AppData\Local\SKIDROW
2017-01-29 02:26 - 2017-01-29 02:27 - 00000000 ____D C:\Users\codo\Documents\SART
2017-01-29 02:26 - 2017-01-29 02:26 - 00000000 ____D C:\ProgramData\Steam
2017-01-29 02:08 - 2017-01-29 02:09 - 00163644 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2017-01-29 02:08 - 2017-01-29 02:08 - 00003354 _____ C:\WINDOWS\System32\Tasks\{E5279DEA-98BF-456B-8B2D-EB66EF80DCAC}
2017-01-29 01:25 - 2017-01-29 01:25 - 00000000 ____D C:\Users\codo\AppData\Roaming\com.starmaid.Cibele
2017-01-29 00:41 - 2017-01-29 00:41 - 00000000 ____D C:\Users\codo\Documents\VVVVVV
2017-01-28 12:38 - 2017-01-28 12:38 - 00000609 _____ C:\Users\codo\Documents\Plan SuperBackup.txt
2017-01-26 21:08 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-26 21:08 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 15:25 - 2017-01-25 15:25 - 00000000 ____D C:\Users\codo\AppData\Local\gtk-2.0
2017-01-25 15:24 - 2017-01-25 15:24 - 00000000 ____D C:\Users\codo\AppData\Local\gegl-0.2
2017-01-25 15:24 - 2017-01-25 15:24 - 00000000 ____D C:\Users\codo\AppData\Local\fontconfig
2017-01-25 15:14 - 2017-01-25 15:19 - 00000000 ____D C:\parse
2017-01-25 03:23 - 2017-01-25 03:23 - 00000000 ____D C:\Users\codo\AppData\Roaming\bizarre creations
2017-01-25 03:20 - 2017-01-25 03:20 - 00000000 ____D C:\Users\codo\AppData\Roaming\Blur
2017-01-25 03:20 - 2017-01-25 03:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blur
2017-01-25 03:20 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2017-01-25 03:20 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2017-01-25 03:20 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2017-01-25 03:20 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2017-01-25 03:18 - 2017-01-25 03:18 - 00000000 ____D C:\Users\codo\AppData\LocalLow\DefaultCompany
2017-01-25 03:16 - 2017-01-25 03:16 - 00000000 ____D C:\Users\codo\AppData\Roaming\RidNacs
2017-01-25 03:16 - 2017-01-25 03:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RidNacs
2017-01-25 03:16 - 2017-01-25 03:16 - 00000000 ____D C:\Program Files (x86)\RidNacs
2017-01-25 02:43 - 2017-01-25 02:43 - 00000000 ____D C:\Users\codo\AppData\Local\Slimjet
2017-01-25 01:10 - 2017-01-25 01:10 - 00000000 __SHD C:\found.000
2017-01-24 05:12 - 2017-01-24 05:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2017-01-24 05:12 - 2017-01-24 05:12 - 00000000 ____D C:\Program Files (x86)\Unlocker
2017-01-23 16:05 - 2017-01-23 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2017-01-23 16:05 - 2017-01-23 16:05 - 00000000 ____D C:\Program Files (x86)\WinCDEmu
2017-01-23 00:59 - 2017-01-23 00:59 - 00000000 ____D C:\Users\codo\AppData\Roaming\Yacht Club Games
2017-01-23 00:18 - 2017-01-23 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VVVVVV [GOG.com]
2017-01-22 21:13 - 2017-01-22 21:15 - 00000000 ____D C:\Program Files (x86)\R-Studio
2017-01-22 21:13 - 2017-01-22 21:13 - 00000000 ____D C:\Users\codo\Documents\R-TT
2017-01-22 21:13 - 2017-01-22 21:13 - 00000000 ____D C:\Users\codo\AppData\Roaming\R-TT
2017-01-22 21:13 - 2017-01-22 21:13 - 00000000 ____D C:\Users\codo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio HD Data Recovery
2017-01-22 02:39 - 2017-01-22 02:39 - 00000000 ____D C:\Users\codo\AppData\LocalLow\SUPERHOT_Team
2017-01-22 02:39 - 2017-01-22 02:39 - 00000000 ____D C:\Users\codo\AppData\Local\SUPERHOT_Sp_z_o.o
2017-01-22 02:38 - 2017-01-22 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERHOT [GOG.com]
2017-01-22 02:36 - 2017-01-22 02:36 - 00000000 ____D C:\Users\codo\AppData\LocalLow\SUPERHOT Team
2017-01-21 21:17 - 2017-01-23 00:14 - 00000000 ____D C:\Dani3
2017-01-21 02:24 - 2017-01-25 03:48 - 00000000 ____D C:\Dani
2017-01-21 02:24 - 2017-01-21 21:21 - 00000048 _____ C:\WINDOWS\ddconfig.ini
2017-01-20 23:34 - 2017-01-20 23:34 - 00000000 ____D C:\Users\codo\Documents\CPY_SAVES
2017-01-20 23:34 - 2017-01-20 23:34 - 00000000 ____D C:\Users\codo\AppData\LocalLow\Playdead
2017-01-20 23:33 - 2017-02-01 05:50 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-01-20 23:31 - 2017-02-03 01:55 - 00000000 ____D C:\Juegos
2017-01-20 23:31 - 2017-01-20 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INSIDE
2017-01-20 23:04 - 2017-01-21 18:55 - 00000000 ____D C:\Users\codo\AppData\Local\DiskDrill
2017-01-20 23:04 - 2017-01-20 23:04 - 00000000 ____D C:\Users\codo\AppData\Local\CrashRpt
2017-01-20 23:04 - 2017-01-20 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Drill
2017-01-20 23:03 - 2017-01-20 23:04 - 00000000 ____D C:\Program Files (x86)\Disk Drill
2017-01-20 22:38 - 2017-01-20 22:38 - 00001052 _____ C:\Users\codo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NegativeScreen.lnk
2017-01-20 22:37 - 2017-01-20 22:37 - 00001056 _____ C:\Users\codo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileTypesMan.lnk
2017-01-20 22:01 - 2017-01-20 22:01 - 00000000 ____D C:\Users\codo\AppData\LocalLow\Adobe
2017-01-17 18:22 - 2017-01-17 18:22 - 00000000 ___RD C:\Users\codo\OneDrive
2017-01-17 18:21 - 2017-01-17 18:21 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-01-17 18:20 - 2017-01-17 18:20 - 00000000 ____D C:\ProgramData\USOShared
2017-01-17 18:19 - 2017-01-17 18:47 - 00000000 ____D C:\Users\codo\AppData\Local\ConnectedDevicesPlatform
2017-01-17 18:19 - 2017-01-17 18:19 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-01-17 18:19 - 2017-01-17 18:19 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-01-17 18:19 - 2017-01-17 18:19 - 00000020 ___SH C:\Users\codo\ntuser.ini
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\Reciente
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\Plantillas
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\Mis documentos
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\Menú Inicio
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\Impresoras
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\Entorno de red
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\Documents\Mis vídeos
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\Documents\Mis imágenes
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\Documents\Mi música
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\Datos de programa
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\Configuración local
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\AppData\Local\Historial
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\AppData\Local\Datos de programa
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default\AppData\Local\Archivos temporales de Internet
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default User\Documents\Mis vídeos
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default User\Documents\Mis imágenes
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default User\Documents\Mi música
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Historial
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Datos de programa
2017-01-17 18:19 - 2017-01-17 18:19 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Archivos temporales de Internet
2017-01-17 18:18 - 2017-02-06 16:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-17 18:18 - 2017-01-17 18:18 - 00023076 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-01-17 18:18 - 2017-01-17 18:18 - 00003546 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-17 18:18 - 2017-01-17 18:18 - 00003322 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-17 18:18 - 2017-01-17 18:18 - 00002276 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (codo)
2017-01-17 18:18 - 2017-01-17 18:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-01-17 18:16 - 2017-01-17 18:16 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-17 18:16 - 2017-01-17 18:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2017-01-17 18:16 - 2017-01-17 18:16 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2017-01-17 18:16 - 2017-01-17 18:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2017-01-17 18:16 - 2017-01-17 18:16 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2017-01-17 18:15 - 2017-02-06 19:19 - 00000000 ____D C:\Users\codo
2017-01-17 18:15 - 2017-01-17 18:17 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\Reciente
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\Plantillas
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\Mis documentos
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\Menú Inicio
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\Impresoras
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\Entorno de red
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\Documents\Mis vídeos
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\Documents\Mis imágenes
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\Documents\Mi música
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\Datos de programa
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\Configuración local
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\AppData\Local\Historial
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\AppData\Local\Datos de programa
2017-01-17 18:15 - 2017-01-17 18:15 - 00000000 _SHDL C:\Users\codo\AppData\Local\Archivos temporales de Internet
2017-01-17 18:15 - 2016-07-16 12:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-01-17 18:14 - 2017-02-03 02:59 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-17 18:14 - 2017-01-17 18:15 - 00000000 ____D C:\Program Files\AMD
2017-01-17 18:14 - 2017-01-17 18:14 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-01-17 18:14 - 2017-01-17 18:14 - 00000000 ____D C:\WINDOWS\system32\DAX3
2017-01-17 18:14 - 2017-01-17 18:14 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-01-17 18:14 - 2017-01-17 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2017-01-17 18:14 - 2017-01-17 18:14 - 00000000 ____D C:\ProgramData\Audyssey Labs
2017-01-17 18:14 - 2017-01-17 18:14 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-01-17 18:14 - 2017-01-17 18:14 - 00000000 ____D C:\Program Files\ATI Technologies
2017-01-17 18:14 - 2017-01-17 18:14 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2017-01-17 18:14 - 2017-01-17 18:14 - 00000000 ____D C:\AMD
2017-01-17 18:14 - 2017-01-17 18:14 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2017-01-17 18:13 - 2017-02-06 19:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-17 18:13 - 2017-01-17 18:47 - 00206624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-17 18:13 - 2017-01-17 18:13 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-01-17 18:13 - 2017-01-17 18:13 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-01-17 18:13 - 2017-01-17 18:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-01-17 18:13 - 2017-01-17 18:13 - 00000000 ____D C:\Program Files\Realtek
2017-01-17 18:12 - 2017-01-17 18:19 - 00000000 ___DC C:\WINDOWS\Panther
2017-01-17 17:54 - 2017-01-17 17:54 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-01-17 17:53 - 2017-01-20 23:04 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-01-17 17:53 - 2017-01-17 17:53 - 03753984 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2017-01-17 17:53 - 2017-01-17 17:53 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2017-01-17 17:53 - 2017-01-17 17:53 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-01-17 17:53 - 2017-01-17 17:53 - 00000000 ____D C:\Program Files\MSBuild
2017-01-17 17:53 - 2017-01-17 17:53 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-01-17 17:53 - 2017-01-17 17:53 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-01-17 17:53 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-01-17 17:53 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-01-17 17:53 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-01-17 17:53 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-01-17 17:53 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-01-17 17:53 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-01-16 01:21 - 2017-02-07 02:39 - 24076288 ___SH C:\tnd.dat
2017-01-16 00:12 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-01-16 00:12 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2017-01-15 20:12 - 2017-01-17 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ssOverlay
2017-01-15 20:12 - 2017-01-15 20:12 - 00000000 ____D C:\Users\codo\AppData\Local\ssOverlay
2017-01-15 20:12 - 2017-01-15 20:12 - 00000000 ____D C:\Program Files (x86)\ssOverlay
2017-01-15 02:57 - 2017-01-15 02:57 - 00000000 ____D C:\Users\codo\AppData\Roaming\Acronis
2017-01-15 02:56 - 2017-01-17 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2017-01-15 02:56 - 2017-01-15 03:26 - 00000000 ____D C:\ProgramData\Acronis
2017-01-15 02:56 - 2017-01-15 02:56 - 01057728 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib.sys
2017-01-15 02:56 - 2017-01-15 02:56 - 00567888 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tnd.sys
2017-01-15 02:56 - 2017-01-15 02:56 - 00343296 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\snapman.sys
2017-01-15 02:56 - 2017-01-15 02:56 - 00323040 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\file_tracker.sys
2017-01-15 02:56 - 2017-01-15 02:56 - 00206800 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib_mounter.sys
2017-01-15 02:56 - 2017-01-15 02:56 - 00160736 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv2195.sys
2017-01-15 02:56 - 2017-01-15 02:56 - 00160736 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys
2017-01-15 02:56 - 2017-01-15 02:56 - 00001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image 2016.lnk
2017-01-15 02:56 - 2017-01-15 02:56 - 00000000 ____D C:\Program Files (x86)\Acronis
2017-01-15 01:18 - 2017-01-17 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop
2017-01-15 01:17 - 2017-01-17 18:17 - 00000000 ____D C:\Users\codo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop
2017-01-15 00:43 - 2017-02-06 22:52 - 00000000 ___RD C:\Users\codo\Google Drive
2017-01-15 00:40 - 2017-01-17 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-01-14 23:52 - 2017-01-17 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-01-14 23:52 - 2017-01-15 01:59 - 00000000 ____D C:\Program Files\Revo Uninstaller
2017-01-14 23:28 - 2017-01-14 23:48 - 00018292 _____ C:\WINDOWS\ntbtlog.txt
2017-01-14 23:18 - 2017-01-14 23:18 - 00000000 ____D C:\ProgramData\redistpart
2017-01-14 23:18 - 2017-01-14 23:18 - 00000000 ____D C:\ProgramData\launcher
2017-01-14 23:18 - 2017-01-14 23:18 - 00000000 ____D C:\ProgramData\explauncher
2017-01-14 23:17 - 2017-01-14 23:17 - 00000000 ____D C:\Users\codo\AppData\Local\Downloaded Installations
2017-01-14 22:53 - 2017-01-14 23:06 - 00000000 _____ C:\WINDOWS\BcdLog.txt
2017-01-14 22:10 - 2017-02-07 04:17 - 00000000 ____D C:\Users\codo\AppData\Roaming\tixati
2017-01-14 22:10 - 2017-01-17 18:15 - 00000000 ____D C:\Users\codo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2017-01-14 22:10 - 2017-01-14 22:10 - 00000000 ____D C:\Program Files\tixati
2017-01-13 21:38 - 2017-01-17 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
2017-01-13 21:37 - 2017-01-14 23:48 - 00000000 ____D C:\Users\codo\AppData\Roaming\BSplayer
2017-01-13 21:37 - 2017-01-13 21:37 - 00000000 ____D C:\Users\codo\AppData\Roaming\BSplayer Pro
2017-01-13 21:37 - 2017-01-13 21:37 - 00000000 ____D C:\Program Files (x86)\Webteh
2017-01-13 21:31 - 2017-01-17 18:17 - 00000000 ____D C:\Users\codo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pelis Magnet
2017-01-13 21:31 - 2017-01-14 21:59 - 00000000 ____D C:\Users\codo\AppData\Local\Pelis Magnet
2017-01-13 21:28 - 2017-01-17 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2017-01-13 21:28 - 2017-01-13 21:28 - 00000000 ____D C:\Users\codo\AppData\Local\PopcornTime
2017-01-13 21:27 - 2017-01-13 21:28 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2017-01-13 21:23 - 2017-01-13 21:23 - 00000000 ____D C:\ProgramData\ATI
2017-01-13 20:40 - 2017-01-17 18:16 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-01-13 20:40 - 2017-01-17 18:15 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-01-13 20:08 - 2017-01-13 20:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-13 19:23 - 2016-07-01 04:40 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2017-01-13 19:21 - 2016-07-01 04:57 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpreference.exe
2017-01-13 00:28 - 2017-01-17 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-01-13 00:27 - 2017-01-13 00:28 - 00000000 ____D C:\Program Files\Speccy
2017-01-12 23:54 - 2017-01-12 23:54 - 00000000 ____D C:\Users\codo\AppData\Roaming\MPC-HC
2017-01-12 22:56 - 2008-04-15 13:00 - 01355776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvbvm50.dll
2017-01-12 22:56 - 1996-01-12 01:00 - 00935632 _____ (Microsoft Corporation) C:\WINDOWS\system\Vb40016.dll
2017-01-12 22:56 - 1993-05-11 18:00 - 00398416 _____ (Microsoft Corporation) C:\WINDOWS\system\Vbrun300.dll
2017-01-12 22:56 - 1992-10-20 23:00 - 00356992 _____ (Microsoft Corporation) C:\WINDOWS\system\vbrun200.dll
2017-01-12 22:56 - 1991-05-10 00:00 - 00271264 _____ C:\WINDOWS\system\vbrun100.dll
2017-01-12 22:55 - 2014-09-10 17:14 - 00163480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 01070232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomctl.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00660120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomct2.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00617896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00444328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MShflxgd.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00416408 _____ (Microsoft Corporation ) C:\WINDOWS\SysWOW64\comct332.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00279192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatgrd.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00259736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msflxgrd.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatlst.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00222360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tabctl32.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00219288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\richtx32.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00218776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dblist32.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00212112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mci32.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00179352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmask32.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00170920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comct232.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00131728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinet.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00130712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msstdfmt.dll
2017-01-12 22:55 - 2013-11-25 14:27 - 00127640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswinsck.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00119960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomm32.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00108696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTKPRP.DLL
2017-01-12 22:55 - 2013-11-25 14:27 - 00104088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\picclp32.ocx
2017-01-12 22:55 - 2013-11-25 14:27 - 00084624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysinfo.ocx
2017-01-12 22:55 - 2011-01-12 20:36 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71u.dll
2017-01-12 22:55 - 2011-01-12 20:25 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71DEU.DLL
2017-01-12 22:55 - 2011-01-12 20:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ITA.DLL
2017-01-12 22:55 - 2011-01-12 20:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71FRA.DLL
2017-01-12 22:55 - 2011-01-12 20:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ESP.DLL
2017-01-12 22:55 - 2011-01-12 20:25 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ENU.DLL
2017-01-12 22:55 - 2011-01-12 20:25 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71KOR.DLL
2017-01-12 22:55 - 2011-01-12 20:25 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71JPN.DLL
2017-01-12 22:55 - 2011-01-12 20:25 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHT.DLL
2017-01-12 22:55 - 2011-01-12 20:25 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHS.DLL
2017-01-12 22:55 - 2011-01-12 20:19 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71.dll
2017-01-12 22:55 - 2011-01-12 19:53 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll
2017-01-12 22:55 - 2007-02-01 17:13 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2017-01-12 22:55 - 2007-02-01 14:11 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-01-12 22:55 - 2007-01-30 17:04 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr70.dll
2017-01-12 22:55 - 2006-08-25 21:28 - 01017344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70u.dll
2017-01-12 22:55 - 2006-08-25 21:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70ita.dll
2017-01-12 22:55 - 2006-08-25 21:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70fra.dll
2017-01-12 22:55 - 2006-08-25 21:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70esp.dll
2017-01-12 22:55 - 2006-08-25 21:15 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70deu.dll
2017-01-12 22:55 - 2006-08-25 21:15 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70enu.dll
2017-01-12 22:55 - 2006-08-25 21:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70kor.dll
2017-01-12 22:55 - 2006-08-25 21:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70jpn.dll
2017-01-12 22:55 - 2006-08-25 21:15 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70cht.dll
2017-01-12 22:55 - 2006-08-25 21:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70chs.dll
2017-01-12 22:55 - 2006-08-25 21:07 - 01024000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70.dll
2017-01-12 22:55 - 2006-08-25 20:17 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl70.dll
2017-01-12 22:55 - 2006-04-10 21:41 - 01066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL32.OCX
2017-01-12 22:55 - 2005-01-20 16:25 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvci70.dll
2017-01-12 22:55 - 2002-01-05 02:40 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP70.DLL
2017-01-12 22:55 - 1996-01-12 01:00 - 00722192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Vb40032.dll
2017-01-12 22:55 - 1994-11-17 22:00 - 00210944 _____ C:\WINDOWS\SysWOW64\msvcrt10.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 72520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-01-12 22:53 - 2016-12-09 03:35 - 23547544 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRenderAVX64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 23447352 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRender64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 17398616 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioCapture64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 15202032 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE3.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 14057248 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 13122576 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 12988336 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 10531584 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 07890895 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-01-12 22:53 - 2016-12-09 03:35 - 07172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 06198136 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV3apo.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2017-01-12 22:53 - 2016-12-09 03:35 - 05793520 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 05593608 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 05539328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-01-12 22:53 - 2016-12-09 03:35 - 03503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 03299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 03295064 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 03204096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 03201368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 03014144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-01-12 22:53 - 2016-12-09 03:35 - 02995000 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 02828432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 02706856 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 02291304 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 02201600 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 02190976 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 02110592 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 02050176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 01920919 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2017-01-12 22:53 - 2016-12-09 03:35 - 01780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 01435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 01422920 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 01382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 01360512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 01337632 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 01334376 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 01213656 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 01186832 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 01166152 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 01003856 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 01003328 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00999848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00962120 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00931616 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00923736 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00865912 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00859216 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00850408 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00721800 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00708304 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00689880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00678176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00677664 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00618176 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00601136 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00588032 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00571376 _____ (Intel Corporation) C:\WINDOWS\system32\tbb_waves.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00514520 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00500552 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00499152 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00428224 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00426560 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00366120 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00330552 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00203840 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00190928 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00158688 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00154360 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00088312 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-01-12 22:53 - 2016-12-09 03:35 - 00023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 07096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 06264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 05347000 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 02993720 _____ (Audyssey Labs) C:\WINDOWS\system32\AudysseyEfx.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 02444688 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 01965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 01959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 01615656 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 01591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 01529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 01516896 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 01508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 01363096 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 01133584 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00785608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00438688 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00362048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00310416 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00118592 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00118584 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00112488 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00105304 _____ C:\WINDOWS\system32\audioLibVc.dll
2017-01-12 22:53 - 2016-12-09 03:34 - 00005604 _____ C:\WINDOWS\system32\cxapo.lncs
2017-01-12 22:53 - 2016-12-09 03:34 - 00000736 _____ C:\WINDOWS\system32\cxapo.prop
2017-01-12 22:50 - 2017-01-12 22:50 - 00000000 ____D C:\Users\codo\AppData\Roaming\Macromedia
2017-01-12 22:46 - 2016-05-17 13:38 - 00089960 _____ (Asmedia Technology) C:\WINDOWS\system32\Drivers\asstahci64.sys
2017-01-12 22:46 - 2013-07-30 22:32 - 00047008 _____ C:\WINDOWS\system32\Drivers\ISCTD64.sys
2017-01-12 22:43 - 2017-01-17 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-01-12 22:43 - 2017-01-12 22:56 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2017-01-12 21:23 - 2017-01-12 21:23 - 00000000 ____D C:\Users\codo\AppData\Local\PeerDistRepub
2017-01-11 23:50 - 2017-01-11 23:50 - 00000000 ____D C:\Program Files (x86)\Intel
2017-01-11 23:50 - 2013-08-21 14:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2017-01-11 22:59 - 2017-01-11 22:59 - 00000000 ____D C:\Intel
2017-01-11 20:24 - 2017-01-11 20:24 - 00000000 ____D C:\Users\codo\AppData\Local\AMD
2017-01-11 20:23 - 2017-01-20 22:06 - 00000000 ____D C:\Portables
2017-01-11 19:22 - 2017-02-07 04:07 - 00000000 ____D C:\Users\codo\AppData\Roaming\Ditto
2017-01-11 19:22 - 2017-01-17 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2017-01-11 19:22 - 2017-01-11 19:22 - 00000000 ____D C:\Program Files\Ditto
2017-01-11 19:19 - 2017-01-17 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-01-11 19:19 - 2017-01-11 19:19 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-11 19:18 - 2017-01-11 19:18 - 00000000 __RHD C:\MSOCache
2017-01-11 19:18 - 2017-01-11 19:18 - 00000000 ____D C:\Users\codo\AppData\Local\Microsoft Help
2017-01-11 19:18 - 2017-01-11 19:18 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-11 19:18 - 2017-01-11 19:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-11 18:51 - 2017-01-11 18:51 - 00000000 ____D C:\Users\codo\AppData\Roaming\WinRAR
2017-01-11 18:50 - 2017-01-17 18:17 - 00000000 ____D C:\Users\codo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-11 18:50 - 2017-01-17 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-11 18:50 - 2017-01-11 18:51 - 00000000 ____D C:\Program Files\WinRAR
2017-01-11 03:40 - 2017-01-11 03:40 - 01077248 _____ C:\WINDOWS\system32\AmRdrIco.icl
2017-01-11 03:40 - 2017-01-11 03:40 - 00946696 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-01-11 03:40 - 2017-01-11 03:40 - 00090264 _____ (Alcor Micro, Corp.) C:\WINDOWS\system32\Drivers\AmUStor.sys
2017-01-11 03:40 - 2017-01-11 03:40 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2017-01-11 03:40 - 2017-01-11 03:40 - 00041952 _____ C:\WINDOWS\system32\AmUStor.ini
2017-01-11 03:40 - 2017-01-11 03:40 - 00020632 _____ (Alcor Micro, Corp.) C:\WINDOWS\system32\AmUStor2.dll
2017-01-11 03:40 - 2017-01-11 03:40 - 00000640 _____ C:\WINDOWS\system32\VendorCmd6435.bin
2017-01-11 03:40 - 2017-01-11 03:40 - 00000124 _____ C:\WINDOWS\system32\VendorCmd6485_SetSSC.bin
2017-01-11 03:40 - 2017-01-11 03:40 - 00000032 _____ C:\WINDOWS\system32\VendorCommand_MS1bit.bin
2017-01-11 03:40 - 2017-01-11 03:40 - 00000032 _____ C:\WINDOWS\system32\VendorCmd6485.bin
2017-01-11 03:40 - 2017-01-11 03:40 - 00000032 _____ C:\WINDOWS\system32\VendorCmd6465.bin
2017-01-11 03:40 - 2017-01-11 03:40 - 00000008 _____ C:\WINDOWS\system32\CardDetect6485.bin
2017-01-11 03:40 - 2017-01-11 03:40 - 00000008 _____ C:\WINDOWS\system32\CardDetect6420.bin
2017-01-11 03:40 - 2017-01-11 03:40 - 00000008 _____ C:\WINDOWS\system32\CardDetect6366.bin
2017-01-11 03:40 - 2017-01-11 03:40 - 00000008 _____ C:\WINDOWS\system32\CardDetect6362.bin
2017-01-11 03:40 - 2017-01-11 03:40 - 00000008 _____ C:\WINDOWS\system32\CardDetect6361.bin
2017-01-11 03:40 - 2017-01-11 03:40 - 00000008 _____ C:\WINDOWS\system32\CardDetect6339.bin
2017-01-11 03:39 - 2017-01-11 03:39 - 00195152 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2017-01-11 03:25 - 2017-01-17 16:51 - 00000000 ____D C:\ProgramData\ProductData
2017-01-11 03:25 - 2017-01-11 03:25 - 00000000 ____D C:\WINDOWS\IObit
2017-01-11 03:20 - 2017-01-11 03:20 - 00000000 ____D C:\Users\codo\AppData\Roaming\ATI
2017-01-11 03:20 - 2017-01-11 03:20 - 00000000 ____D C:\Users\codo\AppData\Local\ATI
2017-01-11 03:02 - 2017-01-24 05:12 - 00000000 ____D C:\ProgramData\IObit
2017-01-11 03:02 - 2017-01-11 03:37 - 00000000 ____D C:\Users\codo\AppData\LocalLow\IObit
2017-01-11 03:02 - 2017-01-11 03:02 - 00027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-01-11 03:01 - 2017-01-17 16:52 - 00000000 ____D C:\Users\codo\AppData\Roaming\IObit
2017-01-11 02:53 - 2017-02-07 03:07 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-11 02:52 - 2017-01-15 00:40 - 00000000 ____D C:\Users\codo\AppData\Local\Google
2017-01-11 02:52 - 2017-01-15 00:40 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-11 02:50 - 2008-07-29 02:47 - 01075712 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athrxusb.sys
2017-01-11 02:43 - 2017-01-11 02:55 - 00000000 ____D C:\Users\codo\AppData\Local\ElevatedDiagnostics
2017-01-11 02:40 - 2005-07-12 14:44 - 00015872 _____ () C:\WINDOWS\SysWOW64\InsDrvZD64.DLL
2017-01-11 02:40 - 2004-03-23 16:38 - 00028672 _____ () C:\WINDOWS\SysWOW64\InsDrvZD.dll
2017-01-11 02:40 - 2004-01-14 11:25 - 00081920 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\WINDOWS\SysWOW64\ZDPN50.DLL
2017-01-11 02:40 - 2003-03-14 12:24 - 00024576 _____ () C:\WINDOWS\SysWOW64\ZyDelReg.exe
2017-01-11 01:54 - 2017-01-11 01:54 - 00000000 ____D C:\Users\codo\AppData\Local\Comms
2017-01-11 01:49 - 2017-01-11 02:52 - 00000000 ____D C:\Users\codo\AppData\Local\MicrosoftEdge
2017-01-11 01:45 - 2017-01-11 01:45 - 00000000 ____D C:\Users\codo\AppData\Local\ActiveSync
2017-01-11 01:43 - 2017-01-25 17:23 - 00000000 ____D C:\Users\codo\AppData\Local\VirtualStore
2017-01-11 01:43 - 2017-01-22 21:20 - 00000000 ____D C:\Users\codo\AppData\Local\Packages
2017-01-11 01:43 - 2017-01-17 18:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 01:43 - 2017-01-11 01:43 - 00000000 ____D C:\Users\codo\AppData\Roaming\Adobe
2017-01-11 01:43 - 2017-01-11 01:43 - 00000000 ____D C:\Users\codo\AppData\Local\TileDataLayer
2017-01-11 01:43 - 2017-01-11 01:43 - 00000000 ____D C:\Users\codo\AppData\Local\Publishers
2017-01-11 01:42 - 2017-02-06 16:07 - 02189280 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-11 01:42 - 2016-10-28 02:22 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-11 01:41 - 2017-01-13 20:08 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 01:38 - 2017-01-11 01:38 - 00000000 ____D C:\WINDOWS\CSC
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Public\Documents\Mis vídeos
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Public\Documents\Mis imágenes
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Public\Documents\Mi música
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\Reciente
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\Plantillas
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\Mis documentos
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\Menú Inicio
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\Impresoras
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\Entorno de red
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Mis vídeos
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Mis imágenes
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Mi música
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\Datos de programa
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\Configuración local
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Local\Historial
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Local\Datos de programa
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Local\Archivos temporales de Internet
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\ProgramData\Plantillas
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\ProgramData\Menú Inicio
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\ProgramData\Escritorio
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\ProgramData\Documentos
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\ProgramData\Datos de programa
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Program Files\Archivos comunes
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Documents and Settings
2017-01-11 01:36 - 2017-01-11 01:36 - 00000000 _SHDL C:\Archivos de programa
2017-01-11 01:36 - 2014-01-12 06:50 - 00015360 _____ C:\WINDOWS\system32\SppExtComObjHook.dll
2017-01-11 01:36 - 2014-01-12 06:50 - 00004608 _____ C:\WINDOWS\system32\SppExtComObjPatcher.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-06 16:07 - 2016-07-16 23:40 - 00897494 _____ C:\WINDOWS\system32\perfh00A.dat
2017-02-06 16:07 - 2016-07-16 23:40 - 00202084 _____ C:\WINDOWS\system32\perfc00A.dat
2017-02-06 16:00 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-02-02 16:19 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-29 23:21 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-29 03:44 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-29 03:18 - 2016-07-16 12:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-01-29 03:18 - 2016-07-16 12:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-01-29 03:18 - 2016-07-16 12:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-01-29 03:18 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-01-29 03:18 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-01-29 03:18 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-26 21:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-25 14:14 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-20 23:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-20 23:04 - 2016-07-16 23:39 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-01-20 23:04 - 2016-07-16 23:39 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-01-20 23:04 - 2016-07-16 23:39 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-01-20 23:04 - 2016-07-16 23:39 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-01-20 23:04 - 2016-07-16 23:39 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-01-20 23:04 - 2016-07-16 23:39 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-01-20 23:04 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-01-20 23:04 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-01-20 23:04 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-20 23:04 - 2016-07-16 12:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-01-20 23:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-01-20 23:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-01-20 23:04 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-01-20 23:04 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-20 23:04 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-20 23:01 - 2016-07-16 23:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-01-20 23:01 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-01-20 23:01 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-01-20 23:01 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-20 23:01 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-01-20 23:01 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-01-20 23:00 - 2016-07-16 23:45 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-01-20 23:00 - 2016-07-16 23:39 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-01-20 23:00 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-01-20 23:00 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-01-20 23:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-01-20 23:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-20 23:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-20 23:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Com
2017-01-20 23:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-20 23:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\IME
2017-01-20 23:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2017-01-20 23:00 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-01-20 23:00 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-20 23:00 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-01-20 23:00 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2017-01-18 17:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\appcompat
2017-01-17 18:20 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\USOPrivate
2017-01-17 18:19 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Windows NT
2017-01-17 18:19 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-17 18:18 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-01-17 18:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-01-17 18:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Registration
2017-01-17 18:18 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-01-17 18:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-17 18:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\spool
2017-01-17 18:16 - 2015-10-30 07:28 - 00000000 ____D C:\Users\Default.migrated
2017-01-17 18:15 - 2016-07-16 23:40 - 00000000 ____D C:\WINDOWS\OCR
2017-01-17 18:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\System
2017-01-17 18:15 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-17 18:14 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-01-17 18:13 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-17 18:12 - 2016-07-16 12:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-01-17 18:09 - 2016-07-16 12:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-01-17 18:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-01-17 18:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-17 18:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-01-17 18:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2017-01-17 18:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2017-01-17 18:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2017-01-17 18:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2017-01-17 18:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-01-17 18:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-01-17 18:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-17 18:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-17 18:09 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-01-17 18:08 - 2015-10-30 08:18 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\explorerframe.winaero
2017-01-13 18:29 - 2015-10-30 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-01-13 18:29 - 2015-10-30 08:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll

==================== Files in the root of some directories =======

2017-02-03 01:16 - 2017-02-04 01:37 - 0004772 _____ () C:\Users\codo\AppData\Roaming\SpeedRunnersLog.txt
2017-01-17 18:14 - 2017-01-17 18:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-11 20:37 - 2017-01-17 18:45 - 0019535 _____ () C:\ProgramData\empty.ico

Some files in TEMP:
====================
2017-02-06 17:40 - 2017-02-06 17:40 - 0011264 _____ ( ) C:\Users\codo\AppData\Local\Temp\uebjhqlp.dll
2017-02-02 16:10 - 2017-02-02 11:24 - 0455600 _____ (Macrovision Corporation) C:\Users\codo\AppData\Local\Temp\_is1E37.exe
2017-02-03 15:47 - 2017-02-02 16:49 - 0455600 _____ (Macrovision Corporation) C:\Users\codo\AppData\Local\Temp\_is3CB0.exe
2017-02-03 05:33 - 2017-02-02 16:49 - 0455600 _____ (Macrovision Corporation) C:\Users\codo\AppData\Local\Temp\_is7B02.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-05 19:16

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by codo (07-02-2017 04:18:26)
Running from C:\Users\codo\Downloads\Borrando zodiac-game.info
Windows 10 Pro Version 1607 (X64) (2017-01-17 17:19:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2209159923-3636697214-1284996552-500 - Administrator - Disabled)
codo (S-1-5-21-2209159923-3636697214-1284996552-1001 - Administrator - Enabled) => C:\Users\codo
DefaultAccount (S-1-5-21-2209159923-3636697214-1284996552-503 - Limited - Disabled)
Invitado (S-1-5-21-2209159923-3636697214-1284996552-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image 2016 (HKLM-x32\...\{92AADF26-6972-4A78-B4ED-CE9CA73512F0}Visible) (Version: 19.0.5586 - Acronis)
Acronis True Image 2016 (x32 Version: 19.0.5586 - Acronis) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Blur (HKLM-x32\...\Blur_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
Disk Drill 2.0.0.268 (HKLM-x32\...\{7A2A09EC-2485-4D6B-99BE-46AAAB400435}) (Version: 2.0.268 - CleverFiles)
Ditto (HKLM\...\Ditto_is1) (Version: - Scott Brogden)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Human Fall Flat versión 1.0 (HKLM-x32\...\{F4989653-A330-4076-95A4-91F9C3C2699F}_is1) (Version: 1.0 - MasterEGA, Inc.)
INSIDE (HKLM-x32\...\INSIDE_is1) (Version: - )
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
K-Lite Codec Pack 12.7.5 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.7.5 - KLCP)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Ms. Splosion Man (HKLM-x32\...\Ms. Splosion Man_is1) (Version: 1.0.0.1 - Microsoft Studios)
NVIDIA Software del sistema PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Pelis Magnet (HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\Pelis Magnet) (Version: 0.7.0.0 - PopFilms)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.0.4 - Popcorn Time) <==== ATTENTION
Portal 2 Repack (HKLM-x32\...\Portal 2 Repack) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8010 - Realtek Semiconductor Corp.)
Renegade Ops Collection (HKLM-x32\...\Renegade Ops Collection_is1) (Version: - )
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
RidNacs 2.0.3 (HKLM-x32\...\RidNacs_is1) (Version: - Stephan Plath)
Rocket League MULTi7 - ElAmigos versión 1.25 (HKLM-x32\...\{ED8CB041-9356-4FAF-A488-8DABAA126103}_is1) (Version: 1.25 - Psyonix)
Rogue Legacy version 0.0.0.9 (HKLM-x32\...\Rogue Legacy_is1) (Version: 0.0.0.9 - WaLMaRT)
R-Studio 8.1 (HKLM-x32\...\R-Studio 8.1NSIS) (Version: 8.1.165145 - R-Tools Technology Inc.)
Saints Row IV (HKLM-x32\...\Saints Row IV_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
skidrow (HKLM-x32\...\Insanely Twisted Shadow Planet_is1) (Version: - )
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spelunky (HKLM-x32\...\1207659257_is1) (Version: 2.1.0.9 - GOG.com)
Spelunky Classic (HKLM-x32\...\GOGPACKSPELUNKYCLASSIC_is1) (Version: 2.0.0.5 - GOG.com)
Split/Second (HKLM-x32\...\{28526951-55EF-4901-A0CA-B9AC966D1DD1}) (Version: 1.00.0000 - Disney Interactive Studios)
ssOverlay versión 2.0 (HKLM-x32\...\{BA2F0FDF-7515-43C3-9234-0CB73294C590}_is1) (Version: 2.0 - Fx Software)
Streets of Fury EX (HKLM-x32\...\Streets of Fury EX_is1) (Version: - )
SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com)
Tixati (HKLM-x32\...\tixati) (Version: - )
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
VVVVVV (HKLM-x32\...\GOGPACKVVVVVV_is1) (Version: 2.2.0.3 - GOG.com)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {31889E08-8653-4623-9202-4F2DA98D04F8} - System32\Tasks\{E5279DEA-98BF-456B-8B2D-EB66EF80DCAC} => pcalua.exe -a "C:\Users\codo\Downloads\flatout_1\flatout 1\flatout.exe" -d "C:\Users\codo\Downloads\flatout_1\flatout 1"
Task: {65035A0E-91EF-476B-A08E-D7AA23FB4ED1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-11] (Google Inc.)
Task: {84235308-F076-4EE7-BDED-551D4710582B} - System32\Tasks\Driver Booster SkipUAC (codo) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: {88118940-CF64-42A5-A6E4-BA2E8926DF57} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {B4C0FB90-67CE-49C1-9041-CF86C6964948} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-11] (Google Inc.)
Task: {E8C92C95-08EC-4FF2-951C-B57C2CDFEFBC} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-01-17 18:07 - 2017-01-17 18:07 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-01-17 18:07 - 2017-01-17 18:07 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-11 19:22 - 2015-01-10 14:45 - 01975808 _____ () C:\Program Files\Ditto\Ditto.exe
2015-08-28 20:33 - 2015-08-28 20:33 - 07092552 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2017-01-11 02:53 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-11 02:53 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-17 18:07 - 2017-01-17 18:07 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-17 18:21 - 2017-01-17 18:21 - 00959168 _____ () C:\Users\codo\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2017-01-17 18:07 - 2017-01-17 18:07 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-17 18:08 - 2017-01-17 18:08 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-17 18:08 - 2017-01-17 18:08 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-17 18:08 - 2017-01-17 18:08 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-17 18:08 - 2017-01-17 18:08 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-17 18:08 - 2017-01-17 18:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-17 18:08 - 2017-01-17 18:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-28 19:58 - 2015-08-28 19:58 - 00035792 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-08-28 19:59 - 2015-08-28 19:59 - 00445904 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-08-28 19:58 - 2015-08-28 19:58 - 00115664 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2015-08-28 20:27 - 2015-08-28 20:27 - 19191984 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2015-08-28 20:00 - 2015-08-28 20:00 - 00057296 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2017-02-06 22:51 - 2017-02-06 22:51 - 00098816 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32api.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00110080 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\pywintypes27.dll
2017-02-06 22:51 - 2017-02-06 22:51 - 00364544 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\pythoncom27.dll
2017-02-06 22:51 - 2017-02-06 22:51 - 00320512 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32com.shell.shell.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00914432 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\_hashlib.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 01176576 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\wx._core_.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00806400 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\wx._gdi_.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00816128 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\wx._windows_.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 01067008 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\wx._controls_.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00733184 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\wx._misc_.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00682496 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\pysqlite2._sqlite.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00088064 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\_ctypes.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00686080 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\unicodedata.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00119808 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32file.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00108544 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32security.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00007168 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\hashobjs_ext.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00017920 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\thumbnails_ext.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00088064 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\usb_ext.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00012800 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\common.time34.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00018432 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32event.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00167936 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32gui.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00046080 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\_socket.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 01303552 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\_ssl.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00128512 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\_elementtree.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00127488 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\pyexpat.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00038912 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32inet.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00036864 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\_psutil_windows.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00524248 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\windows._lib_cacheinvalidation.pyd
2017-02-06 22:51 - 2017-02-06 22:52 - 00011264 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32crypt.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00123392 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\wx._wizard.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00077312 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\wx._html2.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00027648 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\_multiprocessing.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00020480 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\_yappi.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00035840 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32process.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00078848 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\wx._animate.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00024064 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32pipe.pyd
2017-02-06 22:51 - 2017-02-06 22:51 - 00010240 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\select.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00025600 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32pdh.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00017408 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32profile.pyd
2017-02-06 22:52 - 2017-02-06 22:52 - 00022528 ____R () C:\Users\codo\AppData\Local\Temp\_MEI29562\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2017-01-15 02:58 - 00000861 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 activation.acronis.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\Control Panel\Desktop\\Wallpaper -> D:\Reformateo\neuronas.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{F2235EAD-9060-4BEB-BD83-65521AE11F63}] => C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{A0FB2C8D-0E60-4171-9AD9-95EFA72778BC}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [UDP Query User{10024E21-790F-4B45-9AE2-C32E2EDE5E20}C:\program files\tixati\tixati.exe] => C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{0DBBA0E3-C354-444C-BAB0-00CFB169B65E}C:\program files\tixati\tixati.exe] => C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{5B639983-0F48-47A4-96D9-A69D53065B91}C:\users\codo\appdata\local\pelis magnet\pelismagnet.exe] => C:\users\codo\appdata\local\pelis magnet\pelismagnet.exe
FirewallRules: [TCP Query User{51AFC42A-B6F6-40B3-AD6E-6E23FC046370}C:\users\codo\appdata\local\pelis magnet\pelismagnet.exe] => C:\users\codo\appdata\local\pelis magnet\pelismagnet.exe
FirewallRules: [{BA152350-69B3-460A-8591-E67B1E616260}] => C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{838E2395-78E8-4278-92BA-AFB78748760A}] => C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{1CE3868C-6735-4831-BC36-A91FC911129F}] => C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{76C2A151-53D0-4AC1-924A-174B00B23CBD}] => C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{05DCEFE2-223E-4203-9E6C-6D0D281F65FA}] => C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{F6FC9E1F-14CC-48DD-8F53-BEBAA6DE08FA}] => C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [UDP Query User{591FFCCF-D436-4544-A135-8B7FF3805094}C:\program files\ditto\ditto.exe] => C:\program files\ditto\ditto.exe
FirewallRules: [TCP Query User{329E7C79-E723-4C39-83E7-7196688BFB2C}C:\program files\ditto\ditto.exe] => C:\program files\ditto\ditto.exe
FirewallRules: [TCP Query User{FCDDB9B9-7D69-44F9-AE5E-736A215351E7}C:\juegos\blur\blur.exe] => C:\juegos\blur\blur.exe
FirewallRules: [UDP Query User{67375029-A6B9-4C24-8FDC-52246C0C68B4}C:\juegos\blur\blur.exe] => C:\juegos\blur\blur.exe
FirewallRules: [TCP Query User{B7763B6F-E619-45C0-BE0E-7AA541A364DF}C:\juegos\trackmania 2\maniaplanet.exe] => C:\juegos\trackmania 2\maniaplanet.exe
FirewallRules: [UDP Query User{D5354B91-3A43-4413-97E4-71B4145555A8}C:\juegos\trackmania 2\maniaplanet.exe] => C:\juegos\trackmania 2\maniaplanet.exe
FirewallRules: [TCP Query User{E27C3DB1-6FA7-4FB6-80D5-5174B7AE2094}D:\juegos\saints row iv\saintsrowiv.exe] => D:\juegos\saints row iv\saintsrowiv.exe
FirewallRules: [UDP Query User{4BBCB87B-3696-4AF1-801C-D6B2141776B0}D:\juegos\saints row iv\saintsrowiv.exe] => D:\juegos\saints row iv\saintsrowiv.exe
FirewallRules: [TCP Query User{56F11E8D-CE35-49ED-950E-1E0446B5C9E3}F:\!old pc games\worms2\frontend.exe] => F:\!old pc games\worms2\frontend.exe
FirewallRules: [UDP Query User{820B159D-CDB3-44D8-8F1C-E14C37F8B42E}F:\!old pc games\worms2\frontend.exe] => F:\!old pc games\worms2\frontend.exe
FirewallRules: [TCP Query User{5D6D3A4A-B94B-42EB-BC1A-1D43B70CE7A8}D:\juegos\ms. splosion man\game\mssplosionman.exe] => D:\juegos\ms. splosion man\game\mssplosionman.exe
FirewallRules: [UDP Query User{2724B18D-8C61-403C-8A8B-C84959783F53}D:\juegos\ms. splosion man\game\mssplosionman.exe] => D:\juegos\ms. splosion man\game\mssplosionman.exe
FirewallRules: [{FF5B112E-7DAE-4FA0-A051-22F66DEE350E}] => D:\Juegos\Split Second\SplitSecond.exe
FirewallRules: [{5A6323BB-B0B3-4686-9DC7-A8264A0CA6D1}] => D:\Juegos\Split Second\SplitSecond.exe
FirewallRules: [{B31496DD-E6C3-444B-A6CB-C4433E794D29}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-02-2017 11:24:06 Installed USB Gamepad
02-02-2017 16:10:25 Revo Uninstaller's restore point - USB Gamepad
03-02-2017 01:19:36 Revo Uninstaller's restore point - SpeedRunners
03-02-2017 02:55:55 Revo Uninstaller's restore point - SpeedRunners
03-02-2017 05:32:52 Revo Uninstaller's restore point - Nidhogg
03-02-2017 05:33:31 Revo Uninstaller's restore point - GAMEware PS2 Controller Adapter
04-02-2017 17:26:20 Revo Uninstaller's restore point - Chicken Invaders 5 - Cluck of the Dark Side
05-02-2017 01:27:43 Installed Microsoft XNA Framework Redistributable 4.0 Refresh
06-02-2017 15:56:16 Revo Uninstaller's restore point - Malwarebytes versión 3.0.6.1469
06-02-2017 16:02:48 Removed Disk Drill 2.0.0.268
07-02-2017 03:11:07 Revo Uninstaller's restore point - MEGAsync

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2017 03:21:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "WmiApRpl" en el archivo DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (02/07/2017 03:21:04 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: No se puede abrir el objeto de rendimiento del servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado.

Error: (02/07/2017 03:21:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "MSDTC" en el archivo DLL "C:\WINDOWS\system32\msdtcuiu.DLL". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (02/07/2017 03:21:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "Lsa" en el archivo DLL "C:\Windows\System32\Secur32.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (02/07/2017 03:21:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "ESENT" en el archivo DLL "C:\WINDOWS\system32\esentprf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (02/07/2017 03:21:04 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (02/07/2017 03:11:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/07/2017 03:02:01 AM) (Source: Acronis Scheduler) (EventID: 1) (User: CHEMAPC)
Description: Scheduler failed to run task with GUID 'A2BB4F95-348C-4590-958E-DF518374D6D4' because of error 2 (Failed to find the file (folder) or the key (value) in the registry.).

Error: (02/07/2017 02:39:46 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "WmiApRpl" en el archivo DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.

Error: (02/07/2017 02:39:46 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: No se puede abrir el objeto de rendimiento del servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado.


System errors:
=============
Error: (02/07/2017 03:11:15 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Se detectó un daño en la estructura del sistema de archivos del volumen ??.

Se encontró un daño en una estructura de índice del sistema de archivos. El número de referencia del archivo es 0x5000000000005. El nombre del archivo es "\". El atributo de índice dañado es ":$I30:$INDEX_ALLOCATION".

Error: (02/07/2017 03:11:15 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Se detectó un daño en la estructura del sistema de archivos del volumen ??.

Se encontró un daño en una estructura de índice del sistema de archivos. El número de referencia del archivo es 0x5000000000005. El nombre del archivo es "\". El atributo de índice dañado es ":$I30:$INDEX_ALLOCATION".

Error: (02/06/2017 10:51:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
y APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (02/06/2017 07:19:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
y APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (02/06/2017 04:00:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
y APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (02/06/2017 04:00:40 PM) (Source: bowser) (EventID: 8016) (User: )
Description: El controlador de examinadores ha recibido demasiados datagramas ilegales del equipo LIVEBOX al nombre CHEMAPC en el transporte NetBT_Tcpip_{D5EE92C4-216C-4F26-9C6A-F36BAED0B3DB}. Los datos son el datagrama.
Ningún evento más se generará hasta que termine la frecuencia establecida.

Error: (02/06/2017 04:00:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio SecDrv no pudo iniciarse debido al siguiente error:
Se ha bloqueado la descarga de este controlador

Error: (02/06/2017 04:00:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\WINDOWS\SysWow64\drivers\SECDRV.SYS

Error: (02/06/2017 04:00:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
y APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (02/06/2017 03:59:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Acronis Sync Agent Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.


CodeIntegrity:
===================================
Date: 2017-02-06 19:05:11.806
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-05 19:16:18.495
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-03 20:16:47.789
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-02 18:55:44.499
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-30 18:24:51.685
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-25 22:44:09.497
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 23%
Total physical RAM: 16324.03 MB
Available physical RAM: 12517.05 MB
Total Virtual: 32708.03 MB
Available Virtual: 28582.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:3.85 GB) NTFS
Drive d: (Material) (Fixed) (Total:296.64 GB) (Free:147.31 GB) NTFS
Drive f: (codo externo) (Fixed) (Total:465.73 GB) (Free:6.45 GB) NTFS
Drive g: (Renegade Ops) (CDROM) (Total:2.31 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 20E1CFB5)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=296.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 0004A183)
Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by Oh My!, 07 February 2017 - 09:27 AM.
Posted modified logs


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 06 February 2017 - 11:19 PM

Thank you,

I am ending for the evening but will review the reports first thing in the morning.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 07 February 2017 - 10:24 AM

Greetings and thank you for your continued patience.

Unfortunately there is evidence of illegal software on your computer. The presence of such software compromises our efforts to clean your computer. I am going to request you completely uninstall Acronis, Microsoft Office and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 codo

codo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 07 February 2017 - 12:33 PM

I'll undoubtfully do as you said and reply back as soon as possible.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 07 February 2017 - 12:35 PM

Very good, thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 codo

codo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 07 February 2017 - 09:19 PM

Hi Gary! Well, something happened. I uninstalled all the programs I didn't own, restarted the computer and one more time— saw how Chrome opened itself and showed the URL "sd-steam.nfo" for a second before going into the zodiac-game.info page, so I searched in the registry for "sd-steam.nfo" and found one key with my username that commanded windows to go to http://sd.steam.nfo, and inmediately removed it. After that, I rebooted, and no more zodiac-game.nfo startup page. Rebooted a couple more times to make sure, but everything looks clean. Do you still need those reports?



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 07 February 2017 - 09:39 PM

Thank you no need to run the scan.

We still have some work to do. I am assuming you deleted the registry entry I have identified in the below fixlist but let's include it anyway.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\Run: [codo] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\MountPoints2: {dd5089f2-e674-11e6-9443-bc5ff4a7e5a8} - "X:\setup.exe"
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
GroupPolicy: Restriction <======= ATTENTION
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
2017-02-07 03:08 - 2017-02-07 04:18 - 00000000 ____D C:\Users\codo\Downloads\Borrando zodiac-game.info
2017-01-29 01:25 - 2017-01-29 01:25 - 00000000 ____D C:\Users\codo\AppData\Roaming\com.starmaid.Cibele
2017-01-25 01:10 - 2017-01-25 01:10 - 00000000 __SHD C:\found.000
2017-02-06 17:40 - 2017-02-06 17:40 - 0011264 _____ ( ) C:\Users\codo\AppData\Local\Temp\uebjhqlp.dll
hosts:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Running Chkdsk /r From Command Prompt

--------------------
  • Close any open programs
  • Click Start, Programs, Accessories
  • Right click on Command Prompt and select Run as Administrator
  • Copy and paste the following after the command prompt and press Enter

CMD /C ECHO Y|CHKDSK /R C: /R | SHUTDOWN /R /T 10

  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed your system will automatically reboot
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlist
  • Did chkdsk run?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 codo

codo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 07 February 2017 - 11:28 PM

I did everything you said. A little accident happened. I noticed that in the fixlist.txt you sent me there was this line:

2017-02-07 03:08 - 2017-02-07 04:18 - 00000000 ____D C:\Users\codo\Downloads\Borrando zodiac-game.info

 

And it happens that I HAD MADE THAT folder (C:\Users\codo\Downloads\Borrando zodiac-game.info) specially to work with FRST. Well, I made the fixing with FRST, rebooted and the folder had dissapeared, along with FRST and all the reports (as a result of the fixings, clearly). Finally I have downloaded FRST again, renamed to FRST64English, rerun the fixings and got a new fixlog.txt which I copy and paste.

----

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by codo (08-02-2017 05:10:27) Run:2
Running from C:\Portables\FRST64
Loaded Profiles: codo (Available Profiles: codo)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\Run: [codo] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\...\MountPoints2: {dd5089f2-e674-11e6-9443-bc5ff4a7e5a8} - "X:\setup.exe"
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
GroupPolicy: Restriction <======= ATTENTION
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
2017-02-07 03:08 - 2017-02-07 04:18 - 00000000 ____D C:\Users\codo\Downloads\Borrando zodiac-game.info
2017-01-29 01:25 - 2017-01-29 01:25 - 00000000 ____D C:\Users\codo\AppData\Roaming\com.starmaid.Cibele
2017-01-25 01:10 - 2017-01-25 01:10 - 00000000 __SHD C:\found.000
2017-02-06 17:40 - 2017-02-06 17:40 - 0011264 _____ ( ) C:\Users\codo\AppData\Local\Temp\uebjhqlp.dll
hosts:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => key not found. 
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\Software\Microsoft\Windows\CurrentVersion\Run\\codo => value not found.
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd5089f2-e674-11e6-9443-bc5ff4a7e5a8} => key not found. 
HKCR\CLSID\{dd5089f2-e674-11e6-9443-bc5ff4a7e5a8} => key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe => key not found. 
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKU\S-1-5-21-2209159923-3636697214-1284996552-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
"C:\Users\codo\Downloads\Borrando zodiac-game.info" => not found.
C:\Users\codo\AppData\Roaming\com.starmaid.Cibele => moved successfully
C:\found.000 => moved successfully
"C:\Users\codo\AppData\Local\Temp\uebjhqlp.dll" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 05:10:38 ====

 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 08 February 2017 - 09:51 AM

Greetings,

Strange the fixlist says that Zodiac folder was not found. Please run the below and see if it reappears in the Downloads folder.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
RestoreQuarantine: C:\FRST\Quarantine\C:\Users\codo\Downloads\Borrando zodiac-game.info
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 codo

codo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 08 February 2017 - 01:15 PM

Greetings Gary. Please read the beginning of my post again. I explained why fixlog.txt says that the Zodiac folder is missing. In fact that was not the Zodiac folder, it was a folder I made myself to work with this BC post. :P

The computer is running smooth and nice. Please read it and tell me if you still want the ESET log and the Security Check log... Thank you again.


Edited by codo, 08 February 2017 - 01:20 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:51 AM

Posted 08 February 2017 - 02:35 PM

I did read that and assumed you wanted the contents back.

 

Yes, please run the 2 programs but you can skip the Fixlist step..


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 codo

codo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 08 February 2017 - 07:34 PM

No, I don't need the contents back. Sorry if I didn't make myself clear.


- Forgot to tell you that chkdsk did NOT run. It just rebooted the computer and then nothing. Tried a couple of times.
 

- Computer running smooth.

- Logs you asked for:

 

ESET.TXT

 

C:\$Recycle.Bin\S-1-5-21-2209159923-3636697214-1284996552-1001\$R9807ID.zip Win32/HackTool.Patcher.A potentially unsafe application deleted
C:\$Recycle.Bin\S-1-5-21-2209159923-3636697214-1284996552-1001\$RS9SROD.ZIP a variant of Win32/Keygen.AO potentially unsafe application deleted
C:\Users\codo\Downloads\MEGA Descargas\IGG-Straima.v1.5.rar a variant of Win32/HackTool.Crack.DW potentially unsafe application deleted
C:\Users\codo\Downloads\MEGA Descargas\Streets of Fury EX\50F3x ZonaLeRoS\50F3x ZonaLeRoS.iso a variant of Win32/HackTool.Crack.EE potentially unsafe application deleted
C:\Users\codo\Downloads\MEGA Descargas\Streets of Fury EX\50F3x ZonaLeRoS\Crack\steam_api.dll a variant of Win32/HackTool.Crack.EE potentially unsafe application cleaned by deleting
C:\Users\codo\Google Drive\Escritorio ChemaPC\wondershare.tunesgo.4.1.2-MPT.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting
C:\Windows\System32\SppExtComObjHook.dll a variant of Win64/HackKMS.I potentially unsafe application cleaned by deleting
C:\Windows\System32\SppExtComObjPatcher.exe a variant of Win64/HackKMS.C potentially unsafe application cleaned by deleting
D:\Reformateo\tixati.exe a variant of Win32/DownloadSponsor.C potentially unwanted application cleaned by deleting
D:\Torrents\Crysis RUSSIAN\crysis.iso multiple threats deleted
D:\Torrents\Renegade.Ops.Collection-PROPHET\ppt-ropc-WWW.INTERCAMBIOSVIRTUALES.ORG.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted
D:\Torrents\Streets.of.Fury.EX-TiNYiSO\t-sofex.iso a variant of Win32/HackTool.Crack.EE potentially unsafe application deleted
 
 
 
CHECKUP.TXT
 
 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (56.0.2924.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MSASCuiL.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#15 codo

codo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 08 February 2017 - 07:56 PM

Oh my... no, really, oh my! Just after answering you, a BSOD suddenly appeared, my first one since I restored the whole system. I have gone back to the status prior to the last fixes you asked, using Rollback Rx Home (System Restore alternative). The message in the Blue Screen was "IRQL NOT LESS OR EQUAL".






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users