Jump to content


Photo

Chrome Launches to Kb-Kirabi.org or Zodiac-game.info after PC Restart


  • This topic is locked This topic is locked
42 replies to this topic

#1 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 24 July 2016 - 08:53 PM

Hello everyone,

 

I have Same problem as http://www.spywarein...ter-pc-restart/

 

After restarting PC, browser will automatically launched to a website (Kb-Kirabi.org or Zodiac-game.info). Kb-Kirabi.org is identified in a registry entry. If the said registry entry is quarantined or deleted, if PC is again rebooted, same problem happens again after a few minutes, and the registry entry is detected once more.  I must add to this that sometimes in a, literally, blink of an eye l see a DOS (just a black window I don’t know if it has something written on it, because it’s really fast) window. This happens especially every time I have somehow managed to "remove" this problem. After I see this DOS (black window) this problems occurs again.

I have also tried spybot search and destroy, sadly I didn’t keep the log file for that. Now I will post the logs that you have told me to.  

 

Browser used is chrome

 
 
 
I really hope you guys can help me... and thanks in advance.

Edited by andresmcfan, 24 July 2016 - 08:59 PM.


#2 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 24 July 2016 - 08:55 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Fecha del análisis: 24/07/2016
Hora del análisis: 20:55
Archivo de registro: report.txt
Administrador: Sí
 
Versión: 2.2.1.1043
Base de datos de malwares: v2016.07.25.01
Base de datos de rootkits: v2016.05.27.01
Licencia: Gratis
Protección contra el malware: Desactivado
Protección contra sitios web maliciosos: Desactivado
Autoprotección: Desactivado
 
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: Mauro
 
Tipo de análisis: Análisis de amenazas
Resultado: Completado
Objetos analizados: 337711
Tiempo transcurrido: 17 min, 58 seg
 
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Activado
PUM: Activado
 
Procesos: 0
(No hay elementos maliciosos detectados)
 
Módulos: 0
(No hay elementos maliciosos detectados)
 
Claves del registro: 0
(No hay elementos maliciosos detectados)
 
Valores del registro: 1
PUP.Optional.StartPage, HKU\S-1-5-21-1744239375-757839748-2706966845-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Mauro, explorer.exe http://kb-ribaki.org, , [3203df4913873cfaceb8646579896c94]
 
Datos del registro: 0
(No hay elementos maliciosos detectados)
 
Carpetas: 0
(No hay elementos maliciosos detectados)
 
Archivos: 2
RiskWare.FilePatcher, C:\Users\Mauro\Downloads\file25111.rar, , [2e078b9d5149bf77473860f040c1d030], 
RiskWare.FilePatcher, C:\Users\Mauro\Desktop\32 Bit\Activation\hitmanpro.3.7.x-patch.exe, , [56df49df128868ce027d64eccb363ec2], 
 
Sectores físicos: 0
(No hay elementos maliciosos detectados)
 
 
(end)


#3 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 24 July 2016 - 08:56 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2016
Ran by Mauro (administrator) on MAURO-PC (24-07-2016 21:26:21)
Running from C:\Users\Mauro\Desktop
Loaded Profiles: Mauro &  (Available Profiles: Mauro & Maribel & Yerko)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Spotify Ltd) C:\Users\Mauro\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IObit) C:\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-03-19] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [814608 2016-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14934272 2016-07-01] (Realtek Semiconductor)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\Run: [Spotify Web Helper] => C:\Users\Mauro\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-21] (Spotify Ltd)
HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\MountPoints2: {4e20e3c8-13c8-11e6-af23-b8aeedf84c0b} - E:\setup.exe
HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify Web Helper] => C:\Users\Yerko\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-07-16] (Spotify Ltd)
HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Spotify] => C:\Users\Yerko\AppData\Roaming\Spotify\Spotify.exe [6913648 2016-07-16] (Spotify Ltd)
HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [uTorrent] => C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe [2530304 2016-06-03] (BitTorrent Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FD8805D8-9D4A-4FFC-B5C0-98602D03D817}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1744239375-757839748-2706966845-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Mauro\AppData\Roaming\Mozilla\Firefox\Profiles\3nyjb7tc.default
FF NewTab: about:newtab
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_vit_16_28&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dcl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0A0E0E0D0FzzyE0CtD0BtAtDzzzytN0D0Tzu0StCyCyDtAtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2SyEtBtA0D0Fzyzz0AtGyEtDtAyBtG0Czy0E0CtGyDyB0ByCtGyDtBtAzytC0A0CyDzztAtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Ezy0AyE0A0DyCtG0AyC0DtBtGyEzytDyBtG0B0Azz0FtGyBtByDyB0DyE0DyDyBtDtBtB2QtN0A0LzuyE%26cr%3D674398251%26a%3Dwncy_vit_16_28%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll [2016-05-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Mauro\AppData\Roaming\Mozilla\Firefox\Profiles\3nyjb7tc.default\Extensions\abs@avira.com [2016-06-15]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-03-14]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.cl/
CHR StartupUrls: Default -> "hxxp://www.google.cl/"
CHR Profile: C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Diapositivas de Google) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-05]
CHR Extension: (Google Docs) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-05]
CHR Extension: (Google Drive) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-05]
CHR Extension: (Rapport) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-05-08]
CHR Extension: (YouTube) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-05]
CHR Extension: (Adblock Plus) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-05]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-05]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-07-12]
CHR Extension: (Aero Trans Brushed Metal Theme) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkjdfchjlhkgnfjblhclgaliiccalckf [2016-05-14]
CHR Extension: (Kibin) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpgkkanhhhdaebfkeeilmblegdihlbcn [2016-05-05]
CHR Extension: (corrector_ia) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkfcbnffeokfbocefkakdoimdlikihj [2016-05-05]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-05]
CHR Extension: (Gmail) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1744239375-757839748-2706966845-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [970656 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [467016 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [467016 2016-06-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1435704 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279160 2016-05-12] (Intel Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1125568 2016-04-04] (Disc Soft Ltd)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [291448 2016-05-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-07-11] (IBM Corp.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-04-28] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [109016 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137240 2016-06-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60088 2016-06-02] (Avira Operations GmbH & Co. KG)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-05-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-05-06] (Disc Soft Ltd)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [505192 2013-08-07] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25448 2013-08-07] (Intel Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [65640 2010-07-13] (ITE Tech. Inc. )
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-08-15] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [362480 2013-08-15] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [798704 2013-08-15] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [85464 2013-09-16] (Intel Corporation)
R1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1609042.sys [752616 2016-07-20] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [307016 2016-07-11] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [82056 2016-07-11] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [237544 2016-07-11] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [386152 2016-07-11] (IBM Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2016-02-22] (Avira Operations GmbH & Co. KG)
R4 ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-24 21:26 - 2016-07-24 21:26 - 00020225 _____ C:\Users\Mauro\Desktop\FRST.txt
2016-07-24 21:26 - 2016-07-24 21:26 - 00000000 ____D C:\FRST
2016-07-24 21:15 - 2016-07-24 21:15 - 00001643 _____ C:\Users\Mauro\Desktop\report.txt
2016-07-24 20:50 - 2016-07-24 20:50 - 01744384 _____ (Farbar) C:\Users\Mauro\Desktop\FRST.exe
2016-07-24 20:49 - 2016-07-24 20:49 - 00898560 _____ C:\Users\Mauro\Downloads\RGSA.exe
2016-07-24 20:38 - 2016-07-24 20:41 - 06020448 _____ C:\Users\Mauro\Downloads\ewido-antispyware-4.0.0.172c.exe
2016-07-24 20:36 - 2016-07-24 20:36 - 00000000 ____D C:\SecurityCheck
2016-07-24 20:34 - 2016-07-24 20:40 - 00000000 ____D C:\ProgramData\SecTaskMan
2016-07-24 20:34 - 2016-07-24 20:34 - 02844712 _____ C:\Users\Mauro\Downloads\SecurityTaskManager_Setup.exe
2016-07-24 20:34 - 2016-07-24 20:34 - 00494961 _____ (glax24 (safezone.cc)) C:\Users\Mauro\Downloads\SecurityCheck.exe
2016-07-24 20:34 - 2016-07-24 20:34 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2016-07-24 20:34 - 2016-07-24 20:34 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2016-07-24 20:34 - 2016-07-24 20:34 - 00001093 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2016-07-24 20:34 - 2016-07-24 20:34 - 00000000 ____D C:\Program Files\Security Task Manager
2016-07-23 19:43 - 2016-07-24 12:50 - 00000000 ____D C:\Users\Yerko\AppData\LocalLow\uTorrent
2016-07-23 15:51 - 2016-07-23 15:51 - 00002016 _____ C:\Windows\system32\.crusader
2016-07-23 15:37 - 2014-03-29 11:43 - 00000000 ____D C:\Users\Mauro\Desktop\32 Bit
2016-07-23 15:21 - 2016-07-23 15:51 - 00000000 ____D C:\ProgramData\HitmanPro
2016-07-23 15:20 - 2016-07-23 15:20 - 10451640 _____ (SurfRight B.V.) C:\Users\Mauro\Downloads\hitmanpro.exe
2016-07-23 13:38 - 2016-07-23 13:38 - 00000000 ____D C:\Users\Mauro\Documents\ProcAlyzer Dumps
2016-07-23 13:14 - 2016-07-23 13:34 - 00000000 ____D C:\AdwCleaner
2016-07-23 13:14 - 2016-07-23 13:14 - 03712064 _____ C:\Users\Mauro\Downloads\adwcleaner_5.201.exe
2016-07-23 11:43 - 2016-07-23 11:43 - 00000000 ____D C:\Windows\pss
2016-07-22 18:44 - 2009-06-10 17:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160722-184413.backup
2016-07-22 18:37 - 2009-06-10 17:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160722-183704.backup
2016-07-22 18:09 - 2016-07-24 20:55 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-22 18:07 - 2016-07-22 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-22 18:07 - 2016-07-22 18:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-22 18:07 - 2016-07-22 18:07 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-22 18:07 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-22 18:07 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-22 18:07 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-22 18:01 - 2016-07-22 18:01 - 22851472 _____ (Malwarebytes ) C:\Users\Mauro\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-22 08:07 - 2016-07-22 08:07 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-22 08:07 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-07-22 08:03 - 2016-07-22 18:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-22 08:03 - 2016-07-22 08:07 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-07-22 08:03 - 2016-07-22 08:03 - 00002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-07-22 08:03 - 2016-07-22 08:03 - 00002119 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-07-22 08:03 - 2016-07-22 08:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-07-22 08:03 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2016-07-22 08:00 - 2016-07-22 08:00 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mauro\Downloads\spybot-2.4.exe
2016-07-22 07:43 - 2016-07-22 07:43 - 08136664 _____ (Piriform Ltd) C:\Users\Mauro\Downloads\ccsetup520.exe
2016-07-21 21:41 - 2016-07-21 21:41 - 00009542 _____ C:\Users\Mauro\Desktop\Libro1.xlsx
2016-07-16 00:10 - 2016-07-16 00:10 - 00002015 _____ C:\Users\Maribel\Desktop\Old Times RO.lnk
2016-07-16 00:10 - 2016-07-16 00:10 - 00001979 _____ C:\Users\Yerko\Desktop\Old Times RO.lnk
2016-07-16 00:10 - 2016-07-16 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OldTimesRO
2016-07-16 00:00 - 2016-07-23 23:44 - 00000000 ____D C:\Users\Yerko\Desktop\RO
2016-07-15 23:13 - 2016-07-15 23:47 - 2775850595 _____ C:\Users\Yerko\Downloads\Full_kRO_Renewal_20160124.exe
2016-07-15 23:12 - 2016-07-15 23:16 - 292304904 _____ () C:\Users\Yerko\Downloads\Cliente OldTimesRO.exe
2016-07-15 23:08 - 2016-07-24 12:50 - 00000000 __SHD C:\Users\Yerko\IntelGraphicsProfiles
2016-07-14 18:53 - 2016-07-14 18:55 - 157161891 _____ C:\Users\Mauro\Downloads\chanoe2hdptesp (1).rar
2016-07-14 18:34 - 2016-07-14 18:34 - 00000000 ____D C:\ProgramData\Steam
2016-07-14 18:33 - 2016-07-14 18:33 - 00001496 _____ C:\Users\Mauro\Desktop\AoK HD - Acceso directo.lnk
2016-07-14 18:30 - 2016-07-14 18:30 - 01838468 _____ C:\Users\Mauro\Downloads\Age.of.Empires.II.HD.Update.v4.5.1742.4476-RELOADED (1).rar
2016-07-14 18:28 - 2016-07-14 18:28 - 00000834 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires II HD.lnk
2016-07-14 18:27 - 2016-07-23 13:03 - 00000000 ____D C:\Program Files\Age of Empires II HD
2016-07-14 18:26 - 2016-07-14 18:26 - 01838468 _____ C:\Users\Mauro\Downloads\Sin confirmar 522660.crdownload
2016-07-14 18:04 - 2016-07-14 18:05 - 06468312 _____ C:\Users\Mauro\Downloads\3DP_Net_v1604.exe.6u7f7mv.partial
2016-07-14 17:45 - 2016-07-14 17:45 - 00012803 _____ C:\Users\Mauro\Downloads\age-of-empires-ii-hd-multi2reloadedwwwgamestorrentsco..torrent
2016-07-13 17:00 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-07-13 17:00 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-07-13 17:00 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-07-13 17:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-07-13 17:00 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-07-13 17:00 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-07-13 17:00 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-07-13 17:00 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-07-13 17:00 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-07-13 17:00 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-07-13 17:00 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-07-13 17:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-07-13 17:00 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-07-13 17:00 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-07-13 17:00 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-07-13 17:00 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-07-13 17:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-07-13 17:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-07-13 17:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-07-13 17:00 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-07-13 17:00 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-07-13 17:00 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-07-13 17:00 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-07-13 17:00 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-07-13 17:00 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-07-13 17:00 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-07-13 17:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-07-13 17:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-07-13 17:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-07-13 17:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-07-13 17:00 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-07-13 17:00 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-07-13 17:00 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-07-13 17:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-07-13 17:00 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-07-13 17:00 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-07-13 17:00 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-07-13 17:00 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-07-13 17:00 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-07-13 17:00 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-07-13 17:00 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-07-13 17:00 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-07-13 17:00 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-07-13 17:00 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-07-13 17:00 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-07-13 17:00 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-07-13 17:00 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-07-13 17:00 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-07-13 17:00 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-07-13 17:00 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-07-13 17:00 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-07-13 17:00 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-07-13 17:00 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-07-13 17:00 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-07-13 17:00 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-07-13 17:00 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-07-13 17:00 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-07-13 17:00 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-07-13 17:00 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-07-13 17:00 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-07-13 17:00 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-07-13 17:00 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-07-13 17:00 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-07-13 17:00 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-07-13 17:00 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-07-13 17:00 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-07-13 17:00 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-07-13 17:00 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-07-13 17:00 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-07-13 17:00 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-07-13 17:00 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-07-13 17:00 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-07-13 17:00 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-07-13 17:00 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-07-13 17:00 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-07-13 17:00 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-07-13 17:00 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-07-13 17:00 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-07-13 17:00 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-07-13 17:00 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-07-13 17:00 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-07-13 17:00 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-07-13 17:00 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-07-13 17:00 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-07-13 17:00 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-07-13 16:58 - 2016-07-13 16:59 - 01799732 _____ C:\Users\Mauro\Downloads\Age.of.Empires.II.HD.Gamefix.Read.Nfo-RELOADED.rar
2016-07-13 16:43 - 2016-07-22 07:45 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-12 19:35 - 2016-07-12 19:35 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-12 19:33 - 2016-07-12 19:33 - 00000000 ____D C:\Windows\system32\RTCOM
2016-07-12 19:33 - 2016-07-12 19:33 - 00000000 ____D C:\Windows\system32\DAX2
2016-07-12 19:32 - 2016-07-01 07:42 - 72520720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2016-07-12 19:32 - 2016-07-01 07:42 - 21709536 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRenderAVX.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 21533976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRender.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 16351392 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioCapture.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 13798184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 12016272 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO30.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 11924336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO40.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 07170872 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 07053696 _____ (Dolby Laboratories) C:\Windows\system32\DDPP32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 06379076 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-07-12 19:32 - 2016-07-01 07:42 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2016-07-12 19:32 - 2016-07-01 07:42 - 05560016 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 05148312 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 04982560 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 04237296 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 04023552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2016-07-12 19:32 - 2016-07-01 07:42 - 02900736 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02899216 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02830592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2016-07-12 19:32 - 2016-07-01 07:42 - 02731064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02433592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02402144 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO70.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02385592 _____ (DTS, Inc.) C:\Windows\system32\sltech32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02105648 _____ (DTS, Inc.) C:\Windows\system32\slcnt32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02019072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01948808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01832072 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01817480 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01791800 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01531680 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01519272 _____ (Conexant Systems Inc.) C:\Windows\system32\CX32APO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01512320 _____ (Dolby Laboratories) C:\Windows\system32\DDPD32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01400808 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01313120 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01278728 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01239808 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01201816 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO60.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01074056 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01029840 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00992616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00965680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00957184 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00957056 _____ (DTS, Inc.) C:\Windows\system32\sl3apo32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00954200 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00936616 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00905232 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00868456 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00860520 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00836152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO20.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00799016 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00777064 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00669592 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00645824 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00615872 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00589072 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00544280 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00532888 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00522704 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00522704 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00471296 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00458024 _____ (Intel Corporation) C:\Windows\system32\tbb_waves.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00439608 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00434024 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00415872 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00402072 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00401048 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00390864 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00387624 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00386056 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00371816 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00369792 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00367360 _____ (Harman) C:\Windows\system32\HMUI.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00366368 _____ (Conexant Systems, Inc.) C:\Windows\system32\Caf32APO2.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00364024 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00363416 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00357984 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00357160 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00341160 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00316432 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00315136 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00307240 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00307240 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00285624 _____ (Dolby Laboratories) C:\Windows\system32\DDPO32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00243864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00232752 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00232424 _____ (Dolby Laboratories) C:\Windows\system32\DDPA32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00229584 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00229584 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00229040 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00225048 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00221912 _____ (Harman) C:\Windows\system32\HMHVS.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00214672 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00214672 _____ (Harman) C:\Windows\system32\HMEQ.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00200736 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00197440 _____ C:\Windows\system32\AcpiServiceVnA.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00196016 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00183616 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00181232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00150560 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00144688 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00142328 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00130304 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00116656 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00105656 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00101624 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00101336 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00098016 _____ (Conexant Systems, Inc.) C:\Windows\system32\Caf32api.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00096608 _____ C:\Windows\system32\audioLibVc.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00088280 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00083640 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00078488 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00074384 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00071712 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00067760 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00022160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00005604 _____ C:\Windows\system32\cxapo.lncs
2016-07-12 19:32 - 2016-07-01 07:42 - 00000736 _____ C:\Windows\system32\cxapo.prop
2016-07-12 19:24 - 2016-07-12 19:24 - 00000000 ____D C:\Program Files\DIFX
2016-07-12 19:21 - 2016-03-31 23:08 - 00770304 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2016-07-12 19:20 - 2016-03-31 23:08 - 00085616 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2016-07-12 19:19 - 2016-07-12 19:19 - 00000000 ____D C:\3DP
2016-07-12 19:18 - 2016-07-12 19:18 - 00000000 ____D C:\Users\Mauro\Downloads\Intel Components
2016-07-12 19:18 - 2016-07-12 19:18 - 00000000 ____D C:\ProgramData\IntelDLM
2016-07-12 19:17 - 2016-07-12 19:17 - 00001128 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.6.lnk
2016-07-12 19:17 - 2016-07-12 19:17 - 00000000 ____D C:\Users\Mauro\AppData\Local\Intel
2016-07-12 19:17 - 2016-07-12 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-07-12 19:17 - 2016-07-12 19:17 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2016-07-12 19:08 - 2016-07-12 19:19 - 128294696 _____ C:\Users\Mauro\Desktop\3DP_Net_v1604.exe
2016-07-12 19:02 - 2016-07-24 21:19 - 00000000 __SHD C:\Users\Mauro\IntelGraphicsProfiles
2016-07-12 19:02 - 2016-07-14 18:19 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-07-12 19:00 - 2016-07-14 18:17 - 00000874 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-07-12 18:58 - 2016-05-12 22:11 - 00291448 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2016-07-12 18:58 - 2016-05-12 22:11 - 00260216 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2016-07-12 18:58 - 2016-05-12 22:11 - 00209528 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2016-07-12 18:58 - 2016-05-12 22:06 - 02000896 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2016-07-12 18:58 - 2016-05-12 22:06 - 00622592 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2016-07-12 18:58 - 2016-05-12 22:06 - 00253440 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2016-07-12 18:58 - 2016-05-12 22:06 - 00181248 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2016-07-12 18:58 - 2016-01-13 15:03 - 00275489 _____ C:\Windows\system32\DisplayAudiox86.cab
2016-07-12 18:58 - 2016-01-13 15:03 - 00190868 _____ C:\Windows\system32\resTHA.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00183476 _____ C:\Windows\system32\resELL.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00179252 _____ C:\Windows\system32\resRUS.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00164932 _____ C:\Windows\system32\resARA.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00164404 _____ C:\Windows\system32\resJPN.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00164356 _____ C:\Windows\system32\resHEB.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00159732 _____ C:\Windows\system32\resHUN.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00159716 _____ C:\Windows\system32\resFRA.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00159232 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4358.dll
2016-07-12 18:58 - 2016-01-13 15:03 - 00158004 _____ C:\Windows\system32\resKOR.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00157892 _____ C:\Windows\system32\resDEU.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00157860 _____ C:\Windows\system32\resITA.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00157668 _____ C:\Windows\system32\resROM.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00157572 _____ C:\Windows\system32\resESN.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00157140 _____ C:\Windows\system32\resPLK.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00157012 _____ C:\Windows\system32\resSKY.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00156836 _____ C:\Windows\system32\resNLD.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00156228 _____ C:\Windows\system32\resPTB.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00156132 _____ C:\Windows\system32\resCSY.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00156116 _____ C:\Windows\system32\resTRK.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00155940 _____ C:\Windows\system32\resPTG.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00155460 _____ C:\Windows\system32\resFIN.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00155060 _____ C:\Windows\system32\resHRV.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00154628 _____ C:\Windows\system32\resSVE.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00154484 _____ C:\Windows\system32\resSLV.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00153508 _____ C:\Windows\system32\resNOR.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00153028 _____ C:\Windows\system32\resDAN.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00151684 _____ C:\Windows\system32\resENU.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00149924 _____ C:\Windows\system32\resCHT.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00149060 _____ C:\Windows\system32\resCHS.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2016-07-12 18:58 - 2016-01-13 15:03 - 00000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2016-07-12 18:58 - 2016-01-13 15:03 - 00000895 _____ C:\Windows\system32\CustomModeAppv2_0.exe.config
2016-07-12 18:58 - 2016-01-13 15:03 - 00000889 _____ C:\Windows\system32\CustomModeApp.exe.config
2016-07-12 18:53 - 2016-07-12 18:53 - 00000965 _____ C:\Users\Mauro\Desktop\3DP Chip.lnk
2016-07-12 18:53 - 2016-07-12 18:53 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3DP Chip
2016-07-12 18:53 - 2016-07-12 18:53 - 00000000 ____D C:\Program Files\3DP Chip
2016-07-12 16:36 - 2016-07-12 16:36 - 00000000 ____D C:\Users\Mauro\AppData\Local\Intel_Corporation
2016-07-11 22:30 - 2016-07-11 22:30 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\MediaInfo
2016-07-11 21:53 - 2016-07-11 21:53 - 00000368 __RSH C:\ProgramData\ntuser.pol
2016-07-11 21:36 - 2016-07-11 21:36 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\Steam
2016-07-11 15:54 - 2016-07-11 15:54 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\SmartSteamEmu
2016-07-11 15:53 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-07-11 14:01 - 2016-07-11 14:01 - 00237544 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2016-07-11 14:01 - 2016-07-11 14:01 - 00082056 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades.sys
2016-07-05 17:14 - 2016-07-05 17:14 - 00029999 _____ C:\Users\Mauro\Desktop\voucher_8E847A478
2016-07-02 17:39 - 2016-07-02 20:13 - 00000000 ____D C:\Users\Mauro\Desktop\Situación final cursos
2016-07-02 11:02 - 2016-07-02 11:02 - 00000000 ____D C:\Users\Yerko\AppData\Roaming\vlc
2016-07-01 21:41 - 2016-07-01 21:41 - 00000000 ____D C:\Users\Yerko\Downloads\EV20YO2009720P (www.alt-torrent.com)
2016-07-01 18:56 - 2016-07-01 13:01 - 04141910 _____ C:\Users\Yerko\Desktop\ALIMENTO FORMULADO PPT 2.pptx
2016-06-26 22:33 - 2016-06-26 22:52 - 00000000 ____D C:\Users\Yerko\Downloads\Game.of.Thrones.S06E10.720p.HDTV.x264-AVS[rarbg]
2016-06-26 22:20 - 2016-06-26 22:20 - 00009171 _____ C:\Users\Yerko\Downloads\costos hojuelas.xlsx
2016-06-26 22:14 - 2016-06-26 22:55 - 03636018 _____ C:\Users\Yerko\Downloads\Hojuelas-de-frutas-bañadas-en-chocolate.pptx
2016-06-25 16:40 - 2016-06-25 16:40 - 00000000 ____D C:\Users\Mauro\Desktop\photoshop
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-24 21:19 - 2016-05-05 16:41 - 00001020 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-24 21:19 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-24 20:52 - 2016-05-05 16:41 - 00001024 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-24 20:41 - 2009-07-14 00:34 - 00029168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-24 20:41 - 2009-07-14 00:34 - 00029168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-24 17:16 - 2016-06-03 23:13 - 00000000 ____D C:\Users\Yerko\AppData\Roaming\uTorrent
2016-07-24 12:52 - 2016-05-24 20:34 - 00000000 ____D C:\Users\Yerko\AppData\Local\Spotify
2016-07-24 12:51 - 2016-05-24 20:33 - 00000000 ____D C:\Users\Yerko\AppData\Roaming\Spotify
2016-07-23 19:34 - 2009-07-14 00:53 - 00032524 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-23 17:12 - 2016-05-18 12:54 - 00000000 ____D C:\IObit Uninstaller
2016-07-23 15:51 - 2016-05-06 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-07-23 15:51 - 2016-05-06 16:52 - 00000000 ____D C:\Program Files\KMSpico
2016-07-23 15:13 - 2016-05-29 17:52 - 00000000 ____D C:\Program Files\IDM
2016-07-23 14:51 - 2011-04-11 21:30 - 00748030 _____ C:\Windows\system32\perfh00A.dat
2016-07-23 14:51 - 2011-04-11 21:30 - 00159000 _____ C:\Windows\system32\perfc00A.dat
2016-07-23 14:51 - 2010-11-20 17:01 - 01679348 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-23 14:51 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-07-23 12:52 - 2016-06-23 12:30 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\vlc
2016-07-23 11:45 - 2016-05-05 23:22 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\DAEMON Tools Lite
2016-07-23 11:45 - 2016-05-05 23:19 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\uTorrent
2016-07-22 07:36 - 2016-05-08 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-22 07:36 - 2016-05-08 14:38 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-22 01:04 - 2016-05-18 12:54 - 00000000 ____D C:\ProgramData\ProductData
2016-07-20 14:48 - 2016-05-08 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\

#4 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 24 July 2016 - 08:57 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-07-2016
Ran by Mauro (2016-07-24 21:27:15)
Running from C:\Users\Mauro\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2016-05-05 04:41:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1744239375-757839748-2706966845-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1744239375-757839748-2706966845-1002 - Limited - Enabled)
Invitado (S-1-5-21-1744239375-757839748-2706966845-501 - Limited - Disabled)
Maribel (S-1-5-21-1744239375-757839748-2706966845-1003 - Limited - Enabled) => C:\Users\Maribel
Mauro (S-1-5-21-1744239375-757839748-2706966845-1000 - Administrator - Enabled) => C:\Users\Mauro
Yerko (S-1-5-21-1744239375-757839748-2706966845-1004 - Limited - Enabled) => C:\Users\Yerko
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
3DP Chip v16.06 (HKLM\...\3DP Chip) (Version: v16.06 - 3DP)
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
American English File 2e Level 1 (HKLM\...\American English File 2e Level 1 1.0) (Version: 1.0 - Oxford University Press)
American English File 2e Starter Level (HKLM\...\American English File 2e Starter Level 1.0) (Version: 1.0 - Oxford University Press)
Apple Application Support (32 bits) (HKLM\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Launcher (HKLM\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Cambridge Advanced Learner's Dictionary - 4th Edition (HKLM\...\NSIS_cald4) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.3.0.138 - IObit)
ITE Infrared Transceiver (HKLM\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
iTunes (HKLM\...\{3079C5C8-325A-4354-A733-456BACA1E5FB}) (Version: 12.3.3.17 - Apple Inc.)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 es-CL) (HKLM\...\Mozilla Firefox 46.0.1 (x86 es-CL)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
OldTimesRO (HKLM\...\OldTimesRO) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de controladores de Windows - Realtek (RTL8167) Net  (01/07/2016 7.098.0107.2016) (HKLM\...\79DE5AB121098ED0D832C865190972CF9C6C5022) (Version: 01/07/2016 7.098.0107.2016 - Realtek)
Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)
Photoshop CS5 Extended 12.0 (HKLM\...\Photoshop CS5 Extended 12.0) (Version:  - )
Python 2.7.11 (Anaconda2 4.0.0 32-bit) (HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\Python 2.7.11 (Anaconda2 4.0.0 32-bit)) (Version: 4.0.0 - Continuum Analytics, Inc.)
Python 3.5.1 (Anaconda3 4.0.0 32-bit) (HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Python 3.5.1 (Anaconda3 4.0.0 32-bit)) (Version: 4.0.0 - Continuum Analytics, Inc.)
Rapport (Version: 3.5.1609.76 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.76.1028.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7865 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Security Task Manager 2.1g (HKLM\...\Security Task Manager) (Version: 2.1g - Neuber Software)
Software para dispositivos de chipset Intel® (Version: 10.1.1.18 - Intel® Corporation) Hidden
SoulseekQt (HKLM\...\SoulseekQt) (Version:  - )
Spotify (HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Spotify (HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
Trusteer Seguridad Terminal (HKLM\...\Rapport_msi) (Version: 3.5.1609.76 - Trusteer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1744239375-757839748-2706966845-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10245986-9106-4097-9B73-60AD64008963} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {1640BF3E-C4C3-438D-82B2-5642D56FDE7F} - System32\Tasks\Uninstaller_SkipUac_Mauro => C:\IObit Uninstaller\IObitUninstaler.exe [2016-03-25] (IObit)
Task: {3A6D8E8E-9B12-4DB7-A53A-81C8E8DBD242} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {590B0746-55D0-4D12-8849-BA684F36967B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {614BE91C-0449-451A-A30F-A6C55F553BDC} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {63640BF7-116A-40D8-81D9-632817DEAD12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-05] (Google Inc.)
Task: {638CEC03-F3E0-45B7-8395-F44249B5A87D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6C82F5CD-FBF4-45DF-8267-E7791D412605} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {7D4FCFD6-F031-4D6A-A9FD-7CDCB4C36D28} - System32\Tasks\Mauro => /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Mauro /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org"
Task: {875E6093-690F-4F5B-BC57-AC731D95307C} - System32\Tasks\{C2ABC17E-970C-48B1-AB33-E5BE07F4C04B} => pcalua.exe -a "C:\Descargas\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+forgotten empires kat.cr\Aoe2 patchs and cracks\ageofempire2 patchs\Age2upA.exe" -d "C:\Descargas\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+forgotten empires kat.cr\Aoe2 patchs and cracks\ageofempire2  (the data entry has 7 more characters).
Task: {AD38A2EC-AC64-48DF-BA6C-EFF391B7EAA6} - System32\Tasks\{13253E9C-5065-4DBE-8B5A-0D7E94EAE495} => pcalua.exe -a E:\aoesetup.exe -d E:\ -c /autorun
Task: {C017F294-C1DA-4E71-BFA6-CBF4AB712BB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-05] (Google Inc.)
Task: {D02887B4-B828-478E-938C-6411020D5A37} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {D66892F1-9C19-4929-A29F-BB99F22BF71C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {F813D377-7D40-413F-9AA0-210B925E756E} - System32\Tasks\{A7274162-1844-4309-9BFA-512E9AC202CB} => pcalua.exe -a "C:\Descargas\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+forgotten empires kat.cr\AoFE_Launcher.exe" -d "C:\Descargas\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+forgotten empires kat.cr"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Mauro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (32-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Mauro\Anaconda2\Scripts\activate.bat C:\Users\Mauro\Anaconda2
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-23 10:23 - 2012-08-31 15:01 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2016-05-23 10:23 - 2012-08-31 15:01 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2016-03-18 21:56 - 2016-03-18 21:56 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01040656 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-22 08:03 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-07-22 08:03 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-07-22 08:03 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-07-22 08:03 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-07-22 08:03 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 00117400 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
1979-12-31 23:00 - 2016-05-12 22:11 - 00403064 _____ () C:\Windows\system32\igfxTray.exe
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2009-08-04 17:23 - 2009-08-04 17:23 - 00063032 _____ () C:\Program Files\HP\HP UT LEDM\bin\HPTools.dll
2009-08-04 17:23 - 2009-08-04 17:23 - 00075320 _____ () C:\Program Files\HP\HP UT LEDM\bin\HPToolkit.dll
2016-05-18 12:54 - 2015-12-23 16:27 - 00355616 _____ () C:\IObit Uninstaller\madExcept_.bpl
2016-05-18 12:54 - 2015-12-23 16:27 - 00190240 _____ () C:\IObit Uninstaller\madBasic_.bpl
2016-05-18 12:54 - 2015-12-23 16:27 - 00057632 _____ () C:\IObit Uninstaller\madDisAsm_.bpl
2016-05-05 16:24 - 2013-09-16 15:19 - 01242584 _____ () C:\Program Files\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-06-18 12:54 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 12:54 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7911 more sites.
 
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\123simsen.com -> www.123simsen.com
 
There are 7911 more sites.
 
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123simsen.com -> www.123simsen.com
 
There are 7911 more sites.
 
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\123simsen.com -> www.123simsen.com
 
There are 7911 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2016-07-22 18:44 - 00453112 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15548 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1744239375-757839748-2706966845-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mauro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1744239375-757839748-2706966845-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Maribel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1744239375-757839748-2706966845-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Yerko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{11D1E17B-2A8D-41B2-944C-0718CDD89C77}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DFFC688D-E772-4EAB-89E8-8C923B14CFB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{98E4548C-E820-4D16-BE0C-676B561C13C1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{65022985-D758-4FFA-B057-F2B480B7F4C1}] => (Allow) C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8013FC89-E127-4D34-AB93-023AD6B73349}] => (Allow) C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{186B9110-7A29-4363-B419-F47BBD173808}] => (Allow) C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C9B30D34-75F6-4D3C-AA58-FAB3F93BC319}] => (Allow) C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B46E03CD-EBE0-418D-AF90-6A22C3BA4D18}] => (Allow) C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4307E68D-98EC-405C-8AEF-02F0F2DE2EA8}] => (Allow) C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6179326C-6AE7-45BF-95A2-24B5088518B9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{67FDF849-A75F-4D1D-AB13-315267099D22}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0A19FBD2-5E04-47D7-B115-7FD7792DCB46}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7FF32D33-D7DA-451F-B6BF-2DD293ADB3CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{DE2D7B8C-2BA8-4BED-BB45-DE930DF7D541}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{BF2F63FF-7C53-49CD-A99E-4DD40AFF75F4}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [{61DFBA5E-EE11-4851-B9CD-A38E72F5DBB4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08AB0485-AF67-4E8A-BB80-8576959FC8E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{728923C2-666B-4ED0-BD67-D09CEE2EA4BD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C40DF035-9D37-47D7-B78A-578C14653D74}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D4CF0DEE-C26E-482D-B3B3-23D4C5E24848}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{8D11C3FC-27B2-48EC-881C-BC38ECF63973}C:\users\mauro\desktop\soulseek\soulseekqt\soulseekqt.exe] => (Allow) C:\users\mauro\desktop\soulseek\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{54C755AF-8435-4930-8614-DBFFD8CE38D6}C:\users\mauro\desktop\soulseek\soulseekqt\soulseekqt.exe] => (Allow) C:\users\mauro\desktop\soulseek\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{94E4D93B-3E15-45D9-BB66-E855F9F2CB5B}C:\users\mauro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mauro\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{32C9B160-0D3B-4A14-9E11-1359A48035DA}C:\users\mauro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mauro\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0B3093A9-E4ED-47B7-9A80-9E9381CBA6FE}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst.exe
FirewallRules: [{4F3CA772-719A-4F89-9947-281BC27CFD5E}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst.exe
FirewallRules: [{E81B5C69-3484-49CE-9278-20AC2F5164EF}] => (Allow) LPort=9100
FirewallRules: [{EF1478B5-AEF4-43A5-8CD9-DA39D16FFD6A}] => (Allow) LPort=427
FirewallRules: [{B963E6FA-28CC-4278-975A-45DE10A2021C}] => (Allow) LPort=161
FirewallRules: [{820722C7-B4A8-49F7-88CE-80B4E9EFFFB7}] => (Allow) LPort=427
FirewallRules: [TCP Query User{90F2DFCD-5254-49CF-8FF5-AB6B209FC686}C:\users\yerko\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\yerko\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{52D06F0F-96FB-49D9-9C7E-20484F176FF9}C:\users\yerko\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\yerko\appdata\roaming\spotify\spotify.exe
FirewallRules: [{55572E67-2939-4022-9277-AD8CA1DA1D71}] => (Allow) C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FB07359A-FF9A-444C-8908-5227DC041169}] => (Allow) C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EBD3BAEA-98AB-40EA-8AF1-59715F5ABA59}] => (Allow) C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2B4F2559-4010-4D9E-9B75-C18EF0183AB3}] => (Allow) C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3F413CD9-64B3-4AD7-93C8-66622FBF0DA5}] => (Allow) C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F20268A6-221C-4886-9553-A78E53BC562C}] => (Allow) C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{55C54DFE-B94A-4543-B1AF-87CBC032FD88}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2544A59B-6B95-45A9-A975-7FEC828E2BEB}] => (Allow) LPort=1688
FirewallRules: [{EB38D04B-B24A-4FD1-8B98-E6025EE298B5}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{9DD38BA3-4FD7-4E55-BA7B-0CC2AC7990A1}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
20-07-2016 14:48:03 Installed Rapport
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/24/2016 09:19:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/24/2016 08:17:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/24/2016 03:47:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
 
Error: (07/24/2016 02:53:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
 
Error: (07/24/2016 02:15:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Old Times RO.exe, versión: 1.0.0.1, marca de tiempo: 0x53b90ca4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0c87c305
Id. del proceso con errores: 0xf44
Hora de inicio de la aplicación con errores: 0xOld Times RO.exe0
Ruta de acceso de la aplicación con errores: Old Times RO.exe1
Ruta de acceso del módulo con errores: Old Times RO.exe2
Id. del informe: Old Times RO.exe3
 
Error: (07/24/2016 12:49:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/23/2016 07:36:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/23/2016 07:34:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/23/2016 07:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8237
 
Error: (07/23/2016 07:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8237
 
 
System errors:
=============
Error: (07/24/2016 09:20:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)
 
Error: (07/24/2016 09:19:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom
 
Error: (07/24/2016 08:18:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)
 
Error: (07/24/2016 08:17:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom
 
Error: (07/24/2016 12:50:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)
 
Error: (07/24/2016 12:49:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom
 
Error: (07/23/2016 07:37:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)
 
Error: (07/23/2016 07:36:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom
 
Error: (07/23/2016 07:35:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)
 
Error: (07/23/2016 07:34:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 69%
Total physical RAM: 3458.36 MB
Available physical RAM: 1069.06 MB
Total Virtual: 6915 MB
Available Virtual: 3667.28 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:789.48 GB) NTFS
Drive d: (MAURO) (Fixed) (Total:931.51 GB) (Free:436.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 33139E1A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 04C3FA99)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#5 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 24 July 2016 - 08:58 PM

Result of Security Analysis by Rocket Grannie (x86) Updated: 25th July 2016
Running from:C:\Users\Mauro\Desktop (21:31:09 - 07/24/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Ultimate X86 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
***-----------------Anti-Virus - Firewall-------------------***
Avira Antivirus (Disabled - Up to Date)
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin (version 13.0.0.214) is *out of Date*
Java is not installed
CCleaner (version 5.20)
Google Chrome (version 51)
Mozilla Firefox -- An older version than (47) is installed.
Mozilla Firefox 46.0.1 (x86 es-CL) (version 46.0.1) is *out of Date*
 
***----------------Analysis Complete-------------------------***


#6 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 26 July 2016 - 05:33 AM

Guys. Can someone help me out?



#7 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 26 July 2016 - 09:42 AM

Hello andresmcfan.
Welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you. Please ask questions if anything is unclear.

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.
Please follow the directions in the order listed.


I see that you have a P2P (Peer-to-Peer) file sharing program installed (uTorrent). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.


Illegal software is one of the fastest ways to get infected. The two files that were detected by Malwarebytes includes illegal software patches. Cracks, key generators, patches and other means to illegally bypass registration is a sure way to get infected. Even browsing the sites that host such software can infect you just by viewing the site.


Malwarebytes Anti-Malware (MBAM) did not remove the items it found.
Please re-run MBAM and make sure you click Remove Selected and post the log in your next reply.


Please download AdwCleaner by Xplode and save it to your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool. Note: On Windows 7, 8, and 10 right click on the icon and chose Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

 

NOTICE: The following script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.

 

Start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

HKLM\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF NewTab: about:newtab
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_vit_16_28&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dcl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0A0E0E0D0FzzyE0CtD0BtAtDzzzytN0D0Tzu0StCyCyDtAtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2SyEtBtA0D0Fzyzz0AtGyEtDtAyBtG0Czy0E0CtGyDyB0ByCtGyDtBtAzytC0A0CyDzztAtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Ezy0AyE0A0DyCtG0AyC0DtBtGyEzytDyBtG0B0Azz0FtGyBtByDyB0DyE0DyDyBtDtBtB2QtN0A0LzuyE%26cr%3D674398251%26a%3Dwncy_vit_16_28%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-03-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-05]
R4 ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {7D4FCFD6-F031-4D6A-A9FD-7CDCB4C36D28} - System32\Tasks\Mauro => /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Mauro /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org"
Task: {D02887B4-B828-478E-938C-6411020D5A37} - \AutoPico Daily Restart -> No File <==== ATTENTION
FirewallRules: [{C40DF035-9D37-47D7-B78A-578C14653D74}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D4CF0DEE-C26E-482D-B3B3-23D4C5E24848}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{EB38D04B-B24A-4FD1-8B98-E6025EE298B5}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{9DD38BA3-4FD7-4E55-BA7B-0CC2AC7990A1}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe

End


Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.


To summarize please post:
MBAM log.
AdwCleaner log.
The Fixlog.txt contents from FRST.
ESET log (if it produced one).

How is the computer running now? Does your problem with the browser continue?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#8 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 26 July 2016 - 03:07 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Fecha del análisis: 26/07/2016
Hora del análisis: 16:44
Archivo de registro: analisisMBAM.txt
Administrador: Sí
 
Versión: 2.2.1.1043
Base de datos de malwares: v2016.07.26.09
Base de datos de rootkits: v2016.05.27.01
Licencia: Gratis
Protección contra el malware: Desactivado
Protección contra sitios web maliciosos: Desactivado
Autoprotección: Desactivado
 
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: Mauro
 
Tipo de análisis: Análisis de amenazas
Resultado: Completado
Objetos analizados: 337975
Tiempo transcurrido: 19 min, 57 seg
 
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Activado
PUM: Activado
 
Procesos: 0
(No hay elementos maliciosos detectados)
 
Módulos: 0
(No hay elementos maliciosos detectados)
 
Claves del registro: 0
(No hay elementos maliciosos detectados)
 
Valores del registro: 1
PUP.Optional.StartPage, HKU\S-1-5-21-1744239375-757839748-2706966845-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Mauro, explorer.exe http://kb-ribaki.org, En cuarentena, [4d54de4a217944f2176f4b7e7a88c33d]
 
Datos del registro: 0
(No hay elementos maliciosos detectados)
 
Carpetas: 0
(No hay elementos maliciosos detectados)
 
Archivos: 0
(No hay elementos maliciosos detectados)
 
Sectores físicos: 0
(No hay elementos maliciosos detectados)
 
 
(end)


#9 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 26 July 2016 - 03:28 PM

# AdwCleaner v5.201 - Registro generado 26/07/2016 en 17:27:50
# Actualizado 30/06/2016 por ToolsLib
# Base de datos : 2016-07-26.1 [Servidor]
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (X86)
# Nombre de usuario : Mauro - MAURO-PC
# Ejecutado desde : C:\Users\Mauro\Downloads\adwcleaner_5.201.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
 
***** [ Carpetas ] *****
 
[-] Carpeta eliminar : C:\ProgramData\SecTaskMan
[#] Carpeta eliminar : C:\ProgramData\Application Data\SecTaskMan
 
***** [ Archivos ] *****
 
[-] Archivo eliminar : C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] Archivo eliminar : C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Accesos directos ] *****
 
 
***** [ Tareas programadas ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores Web ] *****
 
 
*************************
 
:: Llaves "Tracing" removidas
:: Winsock Configuración borrada
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2097 bytes] - [23/07/2016 13:18:19]
C:\AdwCleaner\AdwCleaner[C2].txt - [1790 bytes] - [23/07/2016 13:26:42]
C:\AdwCleaner\AdwCleaner[C3].txt - [1939 bytes] - [23/07/2016 13:34:32]
C:\AdwCleaner\AdwCleaner[C4].txt - [1404 bytes] - [26/07/2016 17:27:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [1909 bytes] - [23/07/2016 13:14:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [1605 bytes] - [23/07/2016 13:25:01]
C:\AdwCleaner\AdwCleaner[S3].txt - [1754 bytes] - [23/07/2016 13:31:05]
C:\AdwCleaner\AdwCleaner[S4].txt - [1666 bytes] - [26/07/2016 17:24:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1769 bytes] ##########


#10 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 26 July 2016 - 04:04 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 25-07-2016
Ran by Mauro (2016-07-26 17:34:49) Run:1
Running from C:\Users\Mauro\Desktop
Loaded Profiles: Mauro (Available Profiles: Mauro & Maribel & Yerko)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
 
HKLM\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF NewTab: about:newtab
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_vit_16_28&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dcl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Bzz0A0E0E0D0FzzyE0CtD0BtAtDzzzytN0D0Tzu0StCyCyDtAtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2SyEtBtA0D0Fzyzz0AtGyEtDtAyBtG0Czy0E0CtGyDyB0ByCtGyDtBtAzytC0A0CyDzztAtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Ezy0AyE0A0DyCtG0AyC0DtBtGyEzytDyBtG0B0Azz0FtGyBtByDyB0DyE0DyDyBtDtBtB2QtN0A0LzuyE%26cr%3D674398251%26a%3Dwncy_vit_16_28%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-03-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-05]
R4 ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {7D4FCFD6-F031-4D6A-A9FD-7CDCB4C36D28} - System32\Tasks\Mauro => /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Mauro /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org"
Task: {D02887B4-B828-478E-938C-6411020D5A37} - \AutoPico Daily Restart -> No File <==== ATTENTION
FirewallRules: [{C40DF035-9D37-47D7-B78A-578C14653D74}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D4CF0DEE-C26E-482D-B3B3-23D4C5E24848}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{EB38D04B-B24A-4FD1-8B98-E6025EE298B5}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{9DD38BA3-4FD7-4E55-BA7B-0CC2AC7990A1}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
Firefox "newtab" removed successfully.
Firefox "homepage" removed successfully.
C:\Program Files\mozilla firefox\defaults\pref\itms.js => moved successfully
C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
ewido anti-spyware 4.0 driver => service not found.
VGPU => service removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7D4FCFD6-F031-4D6A-A9FD-7CDCB4C36D28}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D4FCFD6-F031-4D6A-A9FD-7CDCB4C36D28}" => key removed successfully.
C:\Windows\System32\Tasks\Mauro => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mauro" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D02887B4-B828-478E-938C-6411020D5A37}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D02887B4-B828-478E-938C-6411020D5A37}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C40DF035-9D37-47D7-B78A-578C14653D74} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4CF0DEE-C26E-482D-B3B3-23D4C5E24848} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB38D04B-B24A-4FD1-8B98-E6025EE298B5} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DD38BA3-4FD7-4E55-BA7B-0CC2AC7990A1} => value removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15250329 B
Java, Flash, Steam htmlcache => 602 B
Windows/system/drivers => 2171 B
Edge => 0 B
Chrome => 416511738 B
Firefox => 12030210 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
LocalService => 0 B
NetworkService => 0 B
Mauro => 33341581 B
Maribel => 8389366 B
Yerko => 126493545 B
 
RecycleBin => 182522935 B
EmptyTemp: => 765.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:35:44 ====


#11 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 26 July 2016 - 04:06 PM

It happened again. When I was about to do the FRST fix. The black window that comes and goes in the blink of an eye. Then I did the FRST fixing anyways, but after rebooting,  the broswer launched after the restart with the same page. I did the MBAM again and this is the log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Fecha del análisis: 26/07/2016
Hora del análisis: 17:38
Archivo de registro: analisisMBAM2.txt
Administrador: Sí
 
Versión: 2.2.1.1043
Base de datos de malwares: v2016.07.26.09
Base de datos de rootkits: v2016.05.27.01
Licencia: Gratis
Protección contra el malware: Desactivado
Protección contra sitios web maliciosos: Desactivado
Autoprotección: Desactivado
 
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: Mauro
 
Tipo de análisis: Análisis de amenazas
Resultado: Completado
Objetos analizados: 337006
Tiempo transcurrido: 17 min, 14 seg
 
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Activado
PUM: Activado
 
Procesos: 0
(No hay elementos maliciosos detectados)
 
Módulos: 0
(No hay elementos maliciosos detectados)
 
Claves del registro: 0
(No hay elementos maliciosos detectados)
 
Valores del registro: 1
PUP.Optional.StartPage, HKU\S-1-5-21-1744239375-757839748-2706966845-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Mauro, explorer.exe http://kb-ribaki.org, En cuarentena, [faa7f137aded1e18d9ad2a9f14eedd23]
 
Datos del registro: 0
(No hay elementos maliciosos detectados)
 
Carpetas: 0
(No hay elementos maliciosos detectados)
 
Archivos: 0
(No hay elementos maliciosos detectados)
 
Sectores físicos: 0
(No hay elementos maliciosos detectados)
 
 
(end)


#12 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 26 July 2016 - 04:39 PM

I haven't been able to run the ESET online Scanner because I get this message: ( even though I have dislabled Avira Real-time and firewall)

 

2n8rns2.jpg

 

It still tells me that there is a conflict between my antivirus and ESET 

 

29da14m.jpg

 

 

Thanks!!!!



#13 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 27 July 2016 - 04:41 AM

Hello andresmcfan.

 

It still tells me that there is a conflict between my antivirus and ESET

This is normal because although the antivirus is disabled, ESET will continue detecting it. When that happens click the Scan button to continue.

 

 

MBAM has quarantined the threat it found. To permanently delete it:

  • Open MBAM.
  • Click History.
  • Make sure all the quarantined items are selected with a checkmark.
  • Click Delete All. Note: If a message box pops up when you delete the quarantined items, click Yes.
  • Close MBAM.

 

 

Go to the right top corner of Google Chrome screen and click on the bar icon menu.
Select and click on Settings.
Click on Show advanced settings link.
In the Network section click on the Change proxy settings button.
On the Internet Properties dialog window select the Connections tab.
Click on the LAN Settings button.
On Automatic configuration section checkmark Automatically detect settings and click the OK button.
Click Apply and then click on the OK button.
Close Google Chrome.
 

Now make sure to disable your Avira Antivirus and try to re-run ESET Online Scanner.

Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
Then click Advanced settings and check mark the following options:

  • Enable detection of potentially unsafe applications
  • Clean threats automatically

Click the Scan button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats.
Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

Please note that if no threats were found it will not produce a log.

After the scan has finished, don't forget to re-enable your Avira Antivirus.


Now I need to see fresh logs from the Farbar tool.

Please re-run FRST, checkmark the Addition.txt box and click the Scan button. Post the two logs (FRST.txt and Addition.txt) for my review.

To summarize please post:
ESET log (if it has produced one).
The two FRST logs (FRST.txt and Addition.txt).

 

 

How is the computer running? Did the browser launched with the same site after rebooting the computer?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#14 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 27 July 2016 - 11:07 AM

I couldn't perform the Eset  https://www.eset.com...online-scanner/ because it still tells me  "Make sure your computer is connected to the internet..." Even though I clicked Scan as you indicated me. Instead I did it with the https://www.eset.com...online-scanner/ I assumed  that this was the Latin American version so I took a chance.  These are the  results 
 
C:\Descargas\Age Of Empires II HD [MULTI2][RELOADED][WwW.GamesTorrents.CoM]\rld-aoe2hd\rld-aoe2hd.iso una variante de Win32/HackTool.Crack.BQ aplicación potencialmente peligrosa eliminado
C:\Program Files\Age of Empires II HD\steam_api.dll una variante de Win32/HackTool.Crack.BQ aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/HackTool.Patcher.AD aplicación potencialmente peligrosa eliminado
C:\Users\Mauro\Desktop\Musica\Musica\Nueva carpeta\MsgPlusLive-423.exe una variante de Win32/MessengerPlus aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado
C:\Users\Mauro\Downloads\ccsetup520.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa eliminado
D:\es_office_professional_plus_2013_with_sp1_x86_and_x64_dvd_3928789\KMSpico.v10.0.4.FINAL-heldigard\KMSpico Installer\KMSpico_setup.exe una variante de MSIL/HackTool.IdleKMS.C aplicación potencialmente peligrosa eliminado
D:\es_office_professional_plus_2013_with_sp1_x86_and_x64_dvd_3928789\KMSpico.v10.0.4.FINAL-heldigard\KMSpico Portable\AutoPico.exe una variante de MSIL/HackTool.IdleKMS.C aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
D:\es_office_professional_plus_2013_with_sp1_x86_and_x64_dvd_3928789\Microsoft Toolkit 2.5.2 Official\MTKV252.zip una variante de MSIL/HackKMS.G aplicación potencialmente peligrosa eliminado
D:\hirens\Hirens.BootCD.v15.2.Incl.Keyboard.Patch\Hiren's.BootCD.15.2.iso múltiples amenazas eliminado
D:\Respaldo\Usuario Mauro\ACTIVADOR OFFICE.zip una variante de MSIL/HackKMS.G aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Desktop\RealHideIP\RealHideIP-4.0.9.8.Setup.exe una variante de Win32/Bundled.Toolbar.Ask aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\ActivatorWindows77600_RTM_v10_03.03.2010.rar Win32/HackTool.WinActivator.A aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\aTubeCatcher.exe una variante de Win32/Bundled.Toolbar.Ask.C aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\aTube_Catcher.exe una variante de Win32/Bundled.Toolbar.Ask.C aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\B1FreeArchiver_Inet.exe una variante de Win32/4Shared.T aplicación potencialmente indeseable eliminado
D:\Respaldo\Usuario Mauro\Downloads\ccsetup310.exe Win32/Bundled.Toolbar.Google.E aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\ccsetup312.exe Win32/Bundled.Toolbar.Google.E aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\ccsetup319.exe Win32/Bundled.Toolbar.Google.E aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\ccsetup321.exe Win32/Bundled.Toolbar.Google.E aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\ccsetup324.exe Win32/Bundled.Toolbar.Google.E aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\ccsetup327.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\ccsetup400.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\FreeVideoFlipAndRotate.exe Win32/OpenCandy aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\Downloads\MediaPlayerClassic6491 (1).exe una variante de Win32/Toolbar.Conduit.B aplicación potencialmente indeseable eliminado
D:\Respaldo\Usuario Mauro\Downloads\MediaPlayerClassic6491.exe una variante de Win32/Toolbar.Conduit.B aplicación potencialmente indeseable eliminado
D:\Respaldo\Usuario Mauro\Downloads\MsgPlusLive-485.exe una variante de Win32/Adware.CiDHelp aplicación no se ha podido desinfectar - archivo eliminado
D:\Respaldo\Usuario Mauro\Downloads\SoftonicDownloader_para_lyrics-plugin-for-windows-media-player.exe Win32/SoftonicDownloader.A aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado
D:\Respaldo\Usuario Mauro\Downloads\uTorrent (1).exe una variante de Win32/Bunndle aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
D:\Respaldo\Usuario Mauro\Downloads\uTorrent (2).exe una variante de Win32/Bunndle aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
D:\Respaldo\Usuario Mauro\resaldo usb  CV Cae etc\Office 2010 toolkit activator\o2010tez233.rar una variante de MSIL/HackKMS.G aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Mauro\resaldo usb  CV Cae etc\Office 2010 toolkit activator\Office 2010 Toolkit.exe una variante de MSIL/HackKMS.G aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
D:\Respaldo\Usuario Mauro\resaldo usb  CV Cae etc\windows loader\w7lxe.exe Win32/HackTool.WinActivator.J aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
D:\Respaldo\Usuario Trabajo\Downloads\u.zip Win32/UltraReach aplicación potencialmente peligrosa eliminado
D:\Respaldo\Usuario Trabajo\Downloads\utorrent.exe una variante de Win32/AdkDLLWrapper.A aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado
D:\Respaldo 17 Noviembre 2014\respaldo disco WD\nueva musica\Nueva carpeta\MsgPlusLive-423.exe una variante de Win32/MessengerPlus aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado
D:\Respaldo 3-5-2016\downloads\Adobe Acrobat XI PRO Multilang WiN ALL WORKING Incl. Patch - MPT\AcrobatPro11.iso una variante de Win32/HackTool.Patcher.A aplicación potencialmente peligrosa eliminado
D:\Respaldo 3-5-2016\Mauro\AppData\Local\Microsoft Help\thumbcache.db Win32/Allthumbs.A Troyano no se ha podido desinfectar - archivo eliminado
D:\Respaldo 3-5-2016\Mauro\AppData\Roaming\uTorrent\updates\3.4.2_36802.exe una variante de Win32/OpenCandy.A aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
D:\Respaldo 3-5-2016\Mauro\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe una variante de Win32/OpenCandy.A aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
D:\Respaldo 3-5-2016\Mauro\Downloads\aTubeCatcher.exe una variante de Win32/Bundled.Toolbar.Ask.G aplicación potencialmente peligrosa eliminado
D:\Respaldo 3-5-2016\Mauro\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa eliminado
D:\Respaldo 3-5-2016\Mauro\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa eliminado
D:\Respaldo 3-5-2016\Mauro\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa eliminado
D:\Respaldo 3-5-2016\Mauro\Downloads\ccsetup516.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa eliminado
D:\Respaldo 3-5-2016\Mauro\Downloads\Hirens.BootCD.15.2.zip múltiples amenazas eliminado
D:\Respaldo 3-5-2016\Mauro\Downloads\SoftonicDownloader_para_drivermax.exe Win32/SoftonicDownloader.G aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado
D:\Respaldo 3-5-2016\Mauro\Downloads\uTorrent (1).exe una variante de Win32/OpenCandy.A aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
D:\Respaldo 3-5-2016\Mauro\Downloads\utorrent.exe una variante de Win32/AdkDLLWrapper.A aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado
D:\Respaldo 3-5-2016\Mauro\Downloads\Piriform.CCleaner.Professional.Plus.v4.12.4657.Multilingual.Incl.Keymaker-CORE\Piriform.CCleaner.Professional.Plus.v4.12.4657.Multilingual.Incl.Keymaker-CORE\ccsetup412.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa eliminado
D:\Respaldo 3-5-2016\Mauro\Downloads\Piriform.CCleaner.Professional.Plus.v4.12.4657.Multilingual.Incl.Keymaker-CORE\Piriform.CCleaner.Professional.Plus.v4.12.4657.Multilingual.Incl.Keymaker-CORE\disable_activation.cmd BAT/HostsChanger.A aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
D:\Respaldo 3-5-2016\Mauro\Downloads\Piriform.CCleaner.Professional.Plus.v4.12.4657.Multilingual.Incl.Keymaker-CORE\Piriform.CCleaner.Professional.Plus.v4.12.4657.Multilingual.Incl.Keymaker-CORE\rcsetup151.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa eliminado
D:\Respaldo 3-5-2016\Mauro\HIRENS\Hiren's.BootCD.15.2.iso múltiples amenazas eliminado
D:\Respaldo 3-5-2016\Mauro\motochopper\motochopper\pwn Android/Exploit.Lotoor.EP Troyano no se ha podido desinfectar - archivo eliminado
D:\Rupaul's Drag Race\Rupaul's Drag Race Season 7\Adobe Acrobat XI Pro 11.0.12\Keygen.exe una variante de Win32/Keygen.HA aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado


#15 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 27 July 2016 - 11:13 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2016
Ran by Mauro (administrator) on MAURO-PC (27-07-2016 13:13:53)
Running from C:\Users\Mauro\Desktop
Loaded Profiles: Mauro (Available Profiles: Mauro & Maribel & Yerko)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Spotify Ltd) C:\Users\Mauro\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(IObit) C:\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-03-19] (Apple Inc.)
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14934272 2016-07-01] (Realtek Semiconductor)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [814608 2016-06-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\Run: [Spotify Web Helper] => C:\Users\Mauro\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-21] (Spotify Ltd)
HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\MountPoints2: {4e20e3c8-13c8-11e6-af23-b8aeedf84c0b} - E:\setup.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FD8805D8-9D4A-4FFC-B5C0-98602D03D817}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1744239375-757839748-2706966845-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Mauro\AppData\Roaming\Mozilla\Firefox\Profiles\3nyjb7tc.default
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll [2016-05-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Mauro\AppData\Roaming\Mozilla\Firefox\Profiles\3nyjb7tc.default\Extensions\abs@avira.com [2016-06-15]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.cl/
CHR StartupUrls: Default -> "hxxp://www.google.cl/"
CHR Profile: C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Diapositivas de Google) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-05]
CHR Extension: (Google Docs) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-05]
CHR Extension: (Google Drive) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-05]
CHR Extension: (Rapport) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-05-08]
CHR Extension: (YouTube) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-05]
CHR Extension: (Adblock Plus) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-05]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-05]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-07-12]
CHR Extension: (Aero Trans Brushed Metal Theme) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkjdfchjlhkgnfjblhclgaliiccalckf [2016-05-14]
CHR Extension: (Kibin) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpgkkanhhhdaebfkeeilmblegdihlbcn [2016-05-05]
CHR Extension: (corrector_ia) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkfcbnffeokfbocefkakdoimdlikihj [2016-05-05]
CHR Extension: (Gmail) - C:\Users\Mauro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1744239375-757839748-2706966845-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [970656 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [467016 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [467016 2016-06-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1435704 2016-06-02] (Avira Operations GmbH & Co. KG)
S4 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279160 2016-05-12] (Intel Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1125568 2016-04-04] (Disc Soft Ltd)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [291448 2016-05-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-07-11] (IBM Corp.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-04-28] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [109016 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137240 2016-06-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [60088 2016-06-02] (Avira Operations GmbH & Co. KG)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-05-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-05-06] (Disc Soft Ltd)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [505192 2013-08-07] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25448 2013-08-07] (Intel Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [65640 2010-07-13] (ITE Tech. Inc. )
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-08-15] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [362480 2013-08-15] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [798704 2013-08-15] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [85464 2013-09-16] (Intel Corporation)
R1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1609042.sys [752616 2016-07-20] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [307016 2016-07-11] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [82056 2016-07-11] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [237544 2016-07-11] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [386152 2016-07-11] (IBM Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2016-02-22] (Avira Operations GmbH & Co. KG)
S4 eapihdrv; \??\C:\Users\Mauro\AppData\Local\Temp\ehdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-27 13:13 - 2016-07-27 13:14 - 00017124 _____ C:\Users\Mauro\Desktop\FRST.txt
2016-07-27 07:00 - 2016-07-27 12:54 - 00000000 ____D C:\Program Files\ESET
2016-07-27 06:57 - 2016-07-27 06:57 - 02870984 _____ (ESET) C:\Users\Mauro\Desktop\esetsmartinstaller_esn.exe
2016-07-26 17:34 - 2016-07-27 13:13 - 00000000 ____D C:\Users\Mauro\Desktop\FRST-OlderVersion
2016-07-26 17:13 - 2016-07-26 17:13 - 03712064 _____ C:\Users\Mauro\Downloads\adwcleaner_5.201.exe
2016-07-25 16:44 - 2016-07-25 16:44 - 00000000 ____D C:\Users\Mauro\AppData\Local\ESET
2016-07-24 21:26 - 2016-07-27 13:13 - 00000000 ____D C:\FRST
2016-07-24 20:50 - 2016-07-27 13:13 - 01744384 _____ (Farbar) C:\Users\Mauro\Desktop\FRST.exe
2016-07-24 20:49 - 2016-07-24 20:49 - 00898560 _____ C:\Users\Mauro\Desktop\RGSA.exe
2016-07-24 20:38 - 2016-07-24 20:41 - 06020448 _____ C:\Users\Mauro\Downloads\ewido-antispyware-4.0.0.172c.exe
2016-07-24 20:36 - 2016-07-24 20:36 - 00000000 ____D C:\SecurityCheck
2016-07-24 20:34 - 2016-07-24 20:34 - 02844712 _____ C:\Users\Mauro\Downloads\SecurityTaskManager_Setup.exe
2016-07-24 20:34 - 2016-07-24 20:34 - 00494961 _____ (glax24 (safezone.cc)) C:\Users\Mauro\Downloads\SecurityCheck.exe
2016-07-24 20:34 - 2016-07-24 20:34 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2016-07-24 20:34 - 2016-07-24 20:34 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2016-07-24 20:34 - 2016-07-24 20:34 - 00001093 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2016-07-24 20:34 - 2016-07-24 20:34 - 00000000 ____D C:\Program Files\Security Task Manager
2016-07-23 19:43 - 2016-07-24 12:50 - 00000000 ____D C:\Users\Yerko\AppData\LocalLow\uTorrent
2016-07-23 15:51 - 2016-07-23 15:51 - 00002016 _____ C:\Windows\system32\.crusader
2016-07-23 15:37 - 2014-03-29 11:43 - 00000000 ____D C:\Users\Mauro\Desktop\32 Bit
2016-07-23 15:21 - 2016-07-23 15:51 - 00000000 ____D C:\ProgramData\HitmanPro
2016-07-23 15:20 - 2016-07-23 15:20 - 10451640 _____ (SurfRight B.V.) C:\Users\Mauro\Downloads\hitmanpro.exe
2016-07-23 13:38 - 2016-07-23 13:38 - 00000000 ____D C:\Users\Mauro\Documents\ProcAlyzer Dumps
2016-07-23 13:14 - 2016-07-26 18:00 - 00000000 ____D C:\AdwCleaner
2016-07-23 11:43 - 2016-07-23 11:43 - 00000000 ____D C:\Windows\pss
2016-07-22 18:44 - 2009-06-10 17:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160722-184413.backup
2016-07-22 18:37 - 2009-06-10 17:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160722-183704.backup
2016-07-22 18:09 - 2016-07-27 07:03 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-22 18:07 - 2016-07-22 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-22 18:07 - 2016-07-22 18:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-22 18:07 - 2016-07-22 18:07 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-22 18:07 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-22 18:07 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-22 18:07 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-22 18:01 - 2016-07-22 18:01 - 22851472 _____ (Malwarebytes ) C:\Users\Mauro\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-22 08:07 - 2016-07-22 08:07 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-22 08:07 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-07-22 08:03 - 2016-07-22 18:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-22 08:03 - 2016-07-22 08:07 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-07-22 08:03 - 2016-07-22 08:03 - 00002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-07-22 08:03 - 2016-07-22 08:03 - 00002119 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-07-22 08:03 - 2016-07-22 08:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-07-22 08:03 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2016-07-22 08:00 - 2016-07-22 08:00 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mauro\Downloads\spybot-2.4.exe
2016-07-21 21:41 - 2016-07-27 00:27 - 00009660 _____ C:\Users\Mauro\Desktop\Libro1.xlsx
2016-07-16 00:10 - 2016-07-16 00:10 - 00002015 _____ C:\Users\Maribel\Desktop\Old Times RO.lnk
2016-07-16 00:10 - 2016-07-16 00:10 - 00001979 _____ C:\Users\Yerko\Desktop\Old Times RO.lnk
2016-07-16 00:10 - 2016-07-16 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OldTimesRO
2016-07-16 00:00 - 2016-07-23 23:44 - 00000000 ____D C:\Users\Yerko\Desktop\RO
2016-07-15 23:13 - 2016-07-15 23:47 - 2775850595 _____ C:\Users\Yerko\Downloads\Full_kRO_Renewal_20160124.exe
2016-07-15 23:12 - 2016-07-15 23:16 - 292304904 _____ () C:\Users\Yerko\Downloads\Cliente OldTimesRO.exe
2016-07-15 23:08 - 2016-07-24 12:50 - 00000000 __SHD C:\Users\Yerko\IntelGraphicsProfiles
2016-07-14 18:53 - 2016-07-14 18:55 - 157161891 _____ C:\Users\Mauro\Downloads\chanoe2hdptesp (1).rar
2016-07-14 18:34 - 2016-07-14 18:34 - 00000000 ____D C:\ProgramData\Steam
2016-07-14 18:33 - 2016-07-14 18:33 - 00001496 _____ C:\Users\Mauro\Desktop\AoK HD - Acceso directo.lnk
2016-07-14 18:30 - 2016-07-14 18:30 - 01838468 _____ C:\Users\Mauro\Downloads\Age.of.Empires.II.HD.Update.v4.5.1742.4476-RELOADED (1).rar
2016-07-14 18:28 - 2016-07-14 18:28 - 00000834 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires II HD.lnk
2016-07-14 18:27 - 2016-07-27 12:58 - 00000000 ____D C:\Program Files\Age of Empires II HD
2016-07-14 18:26 - 2016-07-14 18:26 - 01838468 _____ C:\Users\Mauro\Downloads\Sin confirmar 522660.crdownload
2016-07-14 18:04 - 2016-07-14 18:05 - 06468312 _____ C:\Users\Mauro\Downloads\3DP_Net_v1604.exe.6u7f7mv.partial
2016-07-14 17:45 - 2016-07-14 17:45 - 00012803 _____ C:\Users\Mauro\Downloads\age-of-empires-ii-hd-multi2reloadedwwwgamestorrentsco..torrent
2016-07-13 17:00 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-07-13 17:00 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-07-13 17:00 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-07-13 17:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-07-13 17:00 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-07-13 17:00 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-07-13 17:00 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-07-13 17:00 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-07-13 17:00 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-07-13 17:00 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-07-13 17:00 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-07-13 17:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-07-13 17:00 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-07-13 17:00 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-07-13 17:00 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-07-13 17:00 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-07-13 17:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-07-13 17:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-07-13 17:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-07-13 17:00 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-07-13 17:00 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-07-13 17:00 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-07-13 17:00 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-07-13 17:00 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-07-13 17:00 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-07-13 17:00 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-07-13 17:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-07-13 17:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-07-13 17:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-07-13 17:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-07-13 17:00 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-07-13 17:00 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-07-13 17:00 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-07-13 17:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-07-13 17:00 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-07-13 17:00 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-07-13 17:00 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-07-13 17:00 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-07-13 17:00 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-07-13 17:00 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-07-13 17:00 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-07-13 17:00 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-07-13 17:00 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-07-13 17:00 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-07-13 17:00 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-07-13 17:00 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-07-13 17:00 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-07-13 17:00 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-07-13 17:00 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-07-13 17:00 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-07-13 17:00 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-07-13 17:00 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-07-13 17:00 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-07-13 17:00 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-07-13 17:00 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-07-13 17:00 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-07-13 17:00 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-07-13 17:00 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-07-13 17:00 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-07-13 17:00 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-07-13 17:00 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-07-13 17:00 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-07-13 17:00 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-07-13 17:00 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-07-13 17:00 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-07-13 17:00 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-07-13 17:00 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-07-13 17:00 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-07-13 17:00 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-07-13 17:00 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-07-13 17:00 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-07-13 17:00 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-07-13 17:00 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-07-13 17:00 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-07-13 17:00 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-07-13 17:00 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-07-13 17:00 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-07-13 17:00 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-07-13 17:00 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-07-13 17:00 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-07-13 17:00 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-07-13 17:00 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-07-13 17:00 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-07-13 17:00 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-07-13 17:00 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-07-13 16:58 - 2016-07-13 16:59 - 01799732 _____ C:\Users\Mauro\Downloads\Age.of.Empires.II.HD.Gamefix.Read.Nfo-RELOADED.rar
2016-07-13 16:43 - 2016-07-22 07:45 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-12 19:35 - 2016-07-12 19:35 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-12 19:33 - 2016-07-12 19:33 - 00000000 ____D C:\Windows\system32\RTCOM
2016-07-12 19:33 - 2016-07-12 19:33 - 00000000 ____D C:\Windows\system32\DAX2
2016-07-12 19:32 - 2016-07-01 07:42 - 72520720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2016-07-12 19:32 - 2016-07-01 07:42 - 21709536 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRenderAVX.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 21533976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRender.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 16351392 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioCapture.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 13798184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 12016272 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO30.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 11924336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO40.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 07170872 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 07053696 _____ (Dolby Laboratories) C:\Windows\system32\DDPP32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 06379076 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-07-12 19:32 - 2016-07-01 07:42 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2016-07-12 19:32 - 2016-07-01 07:42 - 05560016 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 05148312 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 04982560 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 04237296 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 04023552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2016-07-12 19:32 - 2016-07-01 07:42 - 02900736 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02899216 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02830592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2016-07-12 19:32 - 2016-07-01 07:42 - 02731064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02433592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02402144 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO70.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02385592 _____ (DTS, Inc.) C:\Windows\system32\sltech32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02105648 _____ (DTS, Inc.) C:\Windows\system32\slcnt32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 02019072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01948808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01832072 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01817480 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01791800 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01531680 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01519272 _____ (Conexant Systems Inc.) C:\Windows\system32\CX32APO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01512320 _____ (Dolby Laboratories) C:\Windows\system32\DDPD32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01400808 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01313120 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01278728 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01239808 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01201816 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO60.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01074056 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 01029840 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00992616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00965680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00957184 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00957056 _____ (DTS, Inc.) C:\Windows\system32\sl3apo32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00954200 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00936616 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00905232 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00868456 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00860520 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00836152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO20.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00799016 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00777064 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00669592 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00645824 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00615872 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00589072 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00544280 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00532888 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00522704 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00522704 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00471296 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00458024 _____ (Intel Corporation) C:\Windows\system32\tbb_waves.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00439608 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00434024 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00415872 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00402072 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00401048 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00390864 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00387624 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00386056 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00371816 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00369792 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00367360 _____ (Harman) C:\Windows\system32\HMUI.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00366368 _____ (Conexant Systems, Inc.) C:\Windows\system32\Caf32APO2.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00364024 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00363416 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00357984 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00357160 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00341160 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00316432 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00315136 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00307240 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00307240 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00285624 _____ (Dolby Laboratories) C:\Windows\system32\DDPO32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00243864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00232752 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00232424 _____ (Dolby Laboratories) C:\Windows\system32\DDPA32.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00229584 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00229584 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00229040 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00225048 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00221912 _____ (Harman) C:\Windows\system32\HMHVS.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00214672 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00214672 _____ (Harman) C:\Windows\system32\HMEQ.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00200736 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00197440 _____ C:\Windows\system32\AcpiServiceVnA.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00196016 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00183616 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00181232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00150560 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00144688 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00142328 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00130304 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00116656 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00105656 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00101624 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00101336 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00098016 _____ (Conexant Systems, Inc.) C:\Windows\system32\Caf32api.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00096608 _____ C:\Windows\system32\audioLibVc.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00088280 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00083640 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00078488 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00074384 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00071712 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00067760 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00022160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2016-07-12 19:32 - 2016-07-01 07:42 - 00005604 _____ C:\Windows\system32\cxapo.lncs
2016-07-12 19:32 - 2016-07-01 07:42 - 00000736 _____ C:\Windows\system32\cxapo.prop
2016-07-12 19:24 - 2016-07-12 19:24 - 00000000 ____D C:\Program Files\DIFX
2016-07-12 19:21 - 2016-03-31 23:08 - 00770304 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2016-07-12 19:20 - 2016-03-31 23:08 - 00085616 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2016-07-12 19:19 - 2016-07-12 19:19 - 00000000 ____D C:\3DP
2016-07-12 19:18 - 2016-07-12 19:18 - 00000000 ____D C:\Users\Mauro\Downloads\Intel Components
2016-07-12 19:18 - 2016-07-12 19:18 - 00000000 ____D C:\ProgramData\IntelDLM
2016-07-12 19:17 - 2016-07-12 19:17 - 00001128 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.6.lnk
2016-07-12 19:17 - 2016-07-12 19:17 - 00000000 ____D C:\Users\Mauro\AppData\Local\Intel
2016-07-12 19:17 - 2016-07-12 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-07-12 19:17 - 2016-07-12 19:17 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2016-07-12 19:08 - 2016-07-12 19:19 - 128294696 _____ C:\Users\Mauro\Desktop\3DP_Net_v1604.exe
2016-07-12 19:02 - 2016-07-27 06:48 - 00000000 __SHD C:\Users\Mauro\IntelGraphicsProfiles
2016-07-12 19:02 - 2016-07-14 18:19 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-07-12 19:00 - 2016-07-14 18:17 - 00000874 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-07-12 18:58 - 2016-05-12 22:11 - 00291448 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2016-07-12 18:58 - 2016-05-12 22:11 - 00260216 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2016-07-12 18:58 - 2016-05-12 22:11 - 00209528 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2016-07-12 18:58 - 2016-05-12 22:06 - 02000896 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2016-07-12 18:58 - 2016-05-12 22:06 - 00622592 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2016-07-12 18:58 - 2016-05-12 22:06 - 00253440 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2016-07-12 18:58 - 2016-05-12 22:06 - 00181248 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2016-07-12 18:58 - 2016-01-13 15:03 - 00275489 _____ C:\Windows\system32\DisplayAudiox86.cab
2016-07-12 18:58 - 2016-01-13 15:03 - 00190868 _____ C:\Windows\system32\resTHA.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00183476 _____ C:\Windows\system32\resELL.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00179252 _____ C:\Windows\system32\resRUS.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00164932 _____ C:\Windows\system32\resARA.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00164404 _____ C:\Windows\system32\resJPN.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00164356 _____ C:\Windows\system32\resHEB.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00159732 _____ C:\Windows\system32\resHUN.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00159716 _____ C:\Windows\system32\resFRA.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00159232 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4358.dll
2016-07-12 18:58 - 2016-01-13 15:03 - 00158004 _____ C:\Windows\system32\resKOR.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00157892 _____ C:\Windows\system32\resDEU.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00157860 _____ C:\Windows\system32\resITA.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00157668 _____ C:\Windows\system32\resROM.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00157572 _____ C:\Windows\system32\resESN.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00157140 _____ C:\Windows\system32\resPLK.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00157012 _____ C:\Windows\system32\resSKY.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00156836 _____ C:\Windows\system32\resNLD.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00156228 _____ C:\Windows\system32\resPTB.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00156132 _____ C:\Windows\system32\resCSY.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00156116 _____ C:\Windows\system32\resTRK.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00155940 _____ C:\Windows\system32\resPTG.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00155460 _____ C:\Windows\system32\resFIN.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00155060 _____ C:\Windows\system32\resHRV.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00154628 _____ C:\Windows\system32\resSVE.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00154484 _____ C:\Windows\system32\resSLV.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00153508 _____ C:\Windows\system32\resNOR.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00153028 _____ C:\Windows\system32\resDAN.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00151684 _____ C:\Windows\system32\resENU.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00149924 _____ C:\Windows\system32\resCHT.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00149060 _____ C:\Windows\system32\resCHS.cui
2016-07-12 18:58 - 2016-01-13 15:03 - 00000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2016-07-12 18:58 - 2016-01-13 15:03 - 00000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2016-07-12 18:58 - 2016-01-13 15:03 - 00000895 _____ C:\Windows\system32\CustomModeAppv2_0.exe.config
2016-07-12 18:58 - 2016-01-13 15:03 - 00000889 _____ C:\Windows\system32\CustomModeApp.exe.config
2016-07-12 18:53 - 2016-07-12 18:53 - 00000965 _____ C:\Users\Mauro\Desktop\3DP Chip.lnk
2016-07-12 18:53 - 2016-07-12 18:53 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3DP Chip
2016-07-12 18:53 - 2016-07-12 18:53 - 00000000 ____D C:\Program Files\3DP Chip
2016-07-12 16:36 - 2016-07-12 16:36 - 00000000 ____D C:\Users\Mauro\AppData\Local\Intel_Corporation
2016-07-11 22:30 - 2016-07-11 22:30 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\MediaInfo
2016-07-11 21:53 - 2016-07-11 21:53 - 00000368 __RSH C:\ProgramData\ntuser.pol
2016-07-11 21:36 - 2016-07-11 21:36 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\Steam
2016-07-11 15:54 - 2016-07-11 15:54 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\SmartSteamEmu
2016-07-11 15:53 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-07-11 14:01 - 2016-07-11 14:01 - 00237544 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2016-07-11 14:01 - 2016-07-11 14:01 - 00082056 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades.sys
2016-07-05 17:14 - 2016-07-05 17:14 - 00029999 _____ C:\Users\Mauro\Desktop\voucher_8E847A478
2016-07-02 17:39 - 2016-07-02 20:13 - 00000000 ____D C:\Users\Mauro\Desktop\Situación final cursos
2016-07-02 11:02 - 2016-07-02 11:02 - 00000000 ____D C:\Users\Yerko\AppData\Roaming\vlc
2016-07-01 21:41 - 2016-07-01 21:41 - 00000000 ____D C:\Users\Yerko\Downloads\EV20YO2009720P (www.alt-torrent.com)
2016-07-01 18:56 - 2016-07-01 13:01 - 04141910 _____ C:\Users\Yerko\Desktop\ALIMENTO FORMULADO PPT 2.pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-27 12:56 - 2009-07-14 00:34 - 00029168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-27 12:56 - 2009-07-14 00:34 - 00029168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-27 12:52 - 2016-05-05 16:41 - 00001024 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-27 06:48 - 2016-05-05 16:41 - 00001020 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-27 06:47 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-26 23:11 - 2011-04-11 21:30 - 00748030 _____ C:\Windows\system32\perfh00A.dat
2016-07-26 23:11 - 2011-04-11 21:30 - 00159000 _____ C:\Windows\system32\perfc00A.dat
2016-07-26 23:11 - 2010-11-20 17:01 - 01679348 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-26 23:11 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-07-24 17:16 - 2016-06-03 23:13 - 00000000 ____D C:\Users\Yerko\AppData\Roaming\uTorrent
2016-07-24 12:52 - 2016-05-24 20:34 - 00000000 ____D C:\Users\Yerko\AppData\Local\Spotify
2016-07-24 12:51 - 2016-05-24 20:33 - 00000000 ____D C:\Users\Yerko\AppData\Roaming\Spotify
2016-07-23 19:34 - 2009-07-14 00:53 - 00032524 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-23 17:12 - 2016-05-18 12:54 - 00000000 ____D C:\IObit Uninstaller
2016-07-23 15:51 - 2016-05-06 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-07-23 15:51 - 2016-05-06 16:52 - 00000000 ____D C:\Program Files\KMSpico
2016-07-23 15:13 - 2016-05-29 17:52 - 00000000 ____D C:\Program Files\IDM
2016-07-23 12:52 - 2016-06-23 12:30 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\vlc
2016-07-23 11:45 - 2016-05-05 23:22 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\DAEMON Tools Lite
2016-07-23 11:45 - 2016-05-05 23:19 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\uTorrent
2016-07-22 07:36 - 2016-05-08 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-22 07:36 - 2016-05-08 14:38 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-22 01:04 - 2016-05-18 12:54 - 00000000 ____D C:\ProgramData\ProductData
2016-07-20 14:48 - 2016-05-08 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Seguridad Terminal
2016-07-16 00:08 - 2016-05-21 14:16 - 00000000 ____D C:\Users\Yerko
2016-07-15 23:09 - 2016-05-21 14:17 - 00112312 _____ C:\Users\Yerko\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-14 18:07 - 2016-05-05 16:38 - 00017810 _____ C:\Windows\system32\results.xml
2016-07-14 17:45 - 2016-05-05 23:24 - 00000000 ____D C:\Descargas
2016-07-14 16:52 - 2016-05-15 22:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-13 16:45 - 2016-05-25 00:07 - 00000000 ____D C:\Windows\Minidump
2016-07-13 16:24 - 2016-05-21 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-07-12 19:34 - 2016-05-05 16:28 - 00000000 ___HD C:\Program Files\Temp
2016-07-12 19:32 - 2016-05-05 16:28 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-07-12 19:31 - 2016-05-05 16:22 - 00000000 ____D C:\Intel
2016-07-12 19:17 - 2016-05-05 16:24 - 00000000 ____D C:\ProgramData\Intel
2016-07-12 19:17 - 2016-05-05 16:22 - 00000000 ____D C:\Program Files\Intel
2016-07-12 19:02 - 2016-05-05 00:41 - 00000000 ____D C:\Users\Mauro
2016-07-12 18:18 - 2016-05-05 16:24 - 00112312 _____ C:\Users\Mauro\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-12 18:17 - 2009-07-14 00:33 - 00435456 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-12 18:14 - 2016-05-21 21:16 - 00000000 ____D C:\Users\Mauro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-07-12 17:59 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\Microsoft Games
2016-07-11 21:53 - 2009-07-13 22:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-07-11 15:58 - 2016-05-18 12:54 - 00000000 ____D C:\ProgramData\IObit
 
==================== Files in the root of some directories =======
 
2016-05-05 16:28 - 2016-05-05 16:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Mauro\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-27 09:47
 
==================== End of FRST.txt ============================


#16 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 27 July 2016 - 11:14 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
Ran by Mauro (2016-07-27 13:14:29)
Running from C:\Users\Mauro\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2016-05-05 04:41:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1744239375-757839748-2706966845-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1744239375-757839748-2706966845-1002 - Limited - Enabled)
Invitado (S-1-5-21-1744239375-757839748-2706966845-501 - Limited - Disabled)
Maribel (S-1-5-21-1744239375-757839748-2706966845-1003 - Limited - Enabled) => C:\Users\Maribel
Mauro (S-1-5-21-1744239375-757839748-2706966845-1000 - Administrator - Enabled) => C:\Users\Mauro
Yerko (S-1-5-21-1744239375-757839748-2706966845-1004 - Limited - Enabled) => C:\Users\Yerko
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
3DP Chip v16.06 (HKLM\...\3DP Chip) (Version: v16.06 - 3DP)
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
American English File 2e Level 1 (HKLM\...\American English File 2e Level 1 1.0) (Version: 1.0 - Oxford University Press)
American English File 2e Starter Level (HKLM\...\American English File 2e Starter Level 1.0) (Version: 1.0 - Oxford University Press)
Apple Application Support (32 bits) (HKLM\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Launcher (HKLM\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Cambridge Advanced Learner's Dictionary - 4th Edition (HKLM\...\NSIS_cald4) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 5.3.0.138 - IObit)
ITE Infrared Transceiver (HKLM\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
iTunes (HKLM\...\{3079C5C8-325A-4354-A733-456BACA1E5FB}) (Version: 12.3.3.17 - Apple Inc.)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 es-CL) (HKLM\...\Mozilla Firefox 46.0.1 (x86 es-CL)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
OldTimesRO (HKLM\...\OldTimesRO) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de controladores de Windows - Realtek (RTL8167) Net  (01/07/2016 7.098.0107.2016) (HKLM\...\79DE5AB121098ED0D832C865190972CF9C6C5022) (Version: 01/07/2016 7.098.0107.2016 - Realtek)
Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)
Photoshop CS5 Extended 12.0 (HKLM\...\Photoshop CS5 Extended 12.0) (Version:  - )
Python 2.7.11 (Anaconda2 4.0.0 32-bit) (HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\Python 2.7.11 (Anaconda2 4.0.0 32-bit)) (Version: 4.0.0 - Continuum Analytics, Inc.)
Rapport (Version: 3.5.1609.76 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.76.1028.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7865 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Security Task Manager 2.1g (HKLM\...\Security Task Manager) (Version: 2.1g - Neuber Software)
Software para dispositivos de chipset Intel® (Version: 10.1.1.18 - Intel® Corporation) Hidden
SoulseekQt (HKLM\...\SoulseekQt) (Version:  - )
Spotify (HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Trusteer Seguridad Terminal (HKLM\...\Rapport_msi) (Version: 3.5.1609.76 - Trusteer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1744239375-757839748-2706966845-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10245986-9106-4097-9B73-60AD64008963} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {3A6D8E8E-9B12-4DB7-A53A-81C8E8DBD242} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {565D57C7-BD08-4442-876E-1B81594ADE08} - System32\Tasks\Uninstaller_SkipUac_Mauro => C:\IObit Uninstaller\IObitUninstaler.exe [2016-03-25] (IObit)
Task: {590B0746-55D0-4D12-8849-BA684F36967B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {614BE91C-0449-451A-A30F-A6C55F553BDC} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {63640BF7-116A-40D8-81D9-632817DEAD12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-05] (Google Inc.)
Task: {638CEC03-F3E0-45B7-8395-F44249B5A87D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6C82F5CD-FBF4-45DF-8267-E7791D412605} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {875E6093-690F-4F5B-BC57-AC731D95307C} - System32\Tasks\{C2ABC17E-970C-48B1-AB33-E5BE07F4C04B} => pcalua.exe -a "C:\Descargas\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+forgotten empires kat.cr\Aoe2 patchs and cracks\ageofempire2 patchs\Age2upA.exe" -d "C:\Descargas\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+forgotten empires kat.cr\Aoe2 patchs and cracks\ageofempire2  (the data entry has 7 more characters).
Task: {AD38A2EC-AC64-48DF-BA6C-EFF391B7EAA6} - System32\Tasks\{13253E9C-5065-4DBE-8B5A-0D7E94EAE495} => pcalua.exe -a E:\aoesetup.exe -d E:\ -c /autorun
Task: {C017F294-C1DA-4E71-BFA6-CBF4AB712BB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-05] (Google Inc.)
Task: {D66892F1-9C19-4929-A29F-BB99F22BF71C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {F813D377-7D40-413F-9AA0-210B925E756E} - System32\Tasks\{A7274162-1844-4309-9BFA-512E9AC202CB} => pcalua.exe -a "C:\Descargas\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+forgotten empires kat.cr\AoFE_Launcher.exe" -d "C:\Descargas\Age Of Empires II+Age of Empires 2 - The Conquerors Expansion+forgotten empires kat.cr"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Mauro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (32-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Mauro\Anaconda2\Scripts\activate.bat C:\Users\Mauro\Anaconda2
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-23 10:23 - 2012-08-31 15:01 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2016-05-23 10:23 - 2012-08-31 15:01 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2016-03-18 21:56 - 2016-03-18 21:56 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01040656 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-22 08:03 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-07-22 08:03 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-07-22 08:03 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-07-22 08:03 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-07-22 08:03 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 00117400 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
1979-12-31 23:00 - 2016-05-12 22:11 - 00403064 _____ () C:\Windows\system32\igfxTray.exe
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2016-05-18 12:54 - 2015-12-23 16:27 - 00355616 _____ () C:\IObit Uninstaller\madExcept_.bpl
2016-05-18 12:54 - 2015-12-23 16:27 - 00190240 _____ () C:\IObit Uninstaller\madBasic_.bpl
2016-05-18 12:54 - 2015-12-23 16:27 - 00057632 _____ () C:\IObit Uninstaller\madDisAsm_.bpl
2016-05-05 16:24 - 2013-09-16 15:19 - 01242584 _____ () C:\Program Files\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-06-18 12:54 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 12:54 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7911 more sites.
 
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1744239375-757839748-2706966845-1000\...\123simsen.com -> www.123simsen.com
 
There are 7911 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2016-07-22 18:44 - 00453112 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15548 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1744239375-757839748-2706966845-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mauro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Avira.ServiceHost => 2
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: Avira SystrayStartTrigger => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{11D1E17B-2A8D-41B2-944C-0718CDD89C77}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DFFC688D-E772-4EAB-89E8-8C923B14CFB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{98E4548C-E820-4D16-BE0C-676B561C13C1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{65022985-D758-4FFA-B057-F2B480B7F4C1}] => (Allow) C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8013FC89-E127-4D34-AB93-023AD6B73349}] => (Allow) C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{186B9110-7A29-4363-B419-F47BBD173808}] => (Allow) C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C9B30D34-75F6-4D3C-AA58-FAB3F93BC319}] => (Allow) C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B46E03CD-EBE0-418D-AF90-6A22C3BA4D18}] => (Allow) C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4307E68D-98EC-405C-8AEF-02F0F2DE2EA8}] => (Allow) C:\Users\Mauro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6179326C-6AE7-45BF-95A2-24B5088518B9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{67FDF849-A75F-4D1D-AB13-315267099D22}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0A19FBD2-5E04-47D7-B115-7FD7792DCB46}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7FF32D33-D7DA-451F-B6BF-2DD293ADB3CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{DE2D7B8C-2BA8-4BED-BB45-DE930DF7D541}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{BF2F63FF-7C53-49CD-A99E-4DD40AFF75F4}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [{61DFBA5E-EE11-4851-B9CD-A38E72F5DBB4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{08AB0485-AF67-4E8A-BB80-8576959FC8E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{728923C2-666B-4ED0-BD67-D09CEE2EA4BD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{8D11C3FC-27B2-48EC-881C-BC38ECF63973}C:\users\mauro\desktop\soulseek\soulseekqt\soulseekqt.exe] => (Allow) C:\users\mauro\desktop\soulseek\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{54C755AF-8435-4930-8614-DBFFD8CE38D6}C:\users\mauro\desktop\soulseek\soulseekqt\soulseekqt.exe] => (Allow) C:\users\mauro\desktop\soulseek\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{94E4D93B-3E15-45D9-BB66-E855F9F2CB5B}C:\users\mauro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mauro\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{32C9B160-0D3B-4A14-9E11-1359A48035DA}C:\users\mauro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mauro\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0B3093A9-E4ED-47B7-9A80-9E9381CBA6FE}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst.exe
FirewallRules: [{4F3CA772-719A-4F89-9947-281BC27CFD5E}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst.exe
FirewallRules: [{E81B5C69-3484-49CE-9278-20AC2F5164EF}] => (Allow) LPort=9100
FirewallRules: [{EF1478B5-AEF4-43A5-8CD9-DA39D16FFD6A}] => (Allow) LPort=427
FirewallRules: [{B963E6FA-28CC-4278-975A-45DE10A2021C}] => (Allow) LPort=161
FirewallRules: [{820722C7-B4A8-49F7-88CE-80B4E9EFFFB7}] => (Allow) LPort=427
FirewallRules: [TCP Query User{90F2DFCD-5254-49CF-8FF5-AB6B209FC686}C:\users\yerko\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\yerko\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{52D06F0F-96FB-49D9-9C7E-20484F176FF9}C:\users\yerko\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\yerko\appdata\roaming\spotify\spotify.exe
FirewallRules: [{55572E67-2939-4022-9277-AD8CA1DA1D71}] => (Allow) C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FB07359A-FF9A-444C-8908-5227DC041169}] => (Allow) C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EBD3BAEA-98AB-40EA-8AF1-59715F5ABA59}] => (Allow) C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2B4F2559-4010-4D9E-9B75-C18EF0183AB3}] => (Allow) C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3F413CD9-64B3-4AD7-93C8-66622FBF0DA5}] => (Allow) C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F20268A6-221C-4886-9553-A78E53BC562C}] => (Allow) C:\Users\Yerko\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{55C54DFE-B94A-4543-B1AF-87CBC032FD88}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2544A59B-6B95-45A9-A975-7FEC828E2BEB}] => (Allow) LPort=1688
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/27/2016 09:47:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
 
Error: (07/27/2016 06:47:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/26/2016 11:04:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/26/2016 09:04:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
 
Error: (07/26/2016 08:10:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/26/2016 06:48:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/26/2016 06:30:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/26/2016 05:58:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/26/2016 05:36:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/26/2016 05:34:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
 
 
Operación:
   Recopilando datos del escritor
 
Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {d48d921d-9bc5-43b3-bd69-50532e5a4607}
 
 
System errors:
=============
Error: (07/27/2016 12:23:01 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Se anularon las instantáneas del volumen C: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.
 
Error: (07/27/2016 06:48:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)
 
Error: (07/27/2016 06:47:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom
 
Error: (07/26/2016 11:05:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)
 
Error: (07/26/2016 11:04:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom
 
Error: (07/26/2016 08:11:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)
 
Error: (07/26/2016 08:10:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom
 
Error: (07/26/2016 06:48:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom
 
Error: (07/26/2016 06:31:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalIniciar{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (con LRPC)
 
Error: (07/26/2016 06:30:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 53%
Total physical RAM: 3458.36 MB
Available physical RAM: 1603.1 MB
Total Virtual: 6915 MB
Available Virtual: 4179.31 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:798.27 GB) NTFS
Drive d: (MAURO) (Fixed) (Total:931.51 GB) (Free:439.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 33139E1A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 04C3FA99)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#17 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 27 July 2016 - 11:22 AM

How is the computer running? Did the browser launched with the same site after rebooting the computer?

 

Actually the computer is running with no problems now. The only thing that concerns me is that at the beginning when the Logon Screen appears the music sounds really slow, and I don't know if  this could be a problem or not, specially because before this "Kb-Kirabi.org or Zodiac-game.info" thing everything was really smooth. I don't know if you understand what I'm trying to say.

 

 

THANKS!!!!!!


Edited by andresmcfan, 27 July 2016 - 11:23 AM.


#18 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 27 July 2016 - 05:06 PM

I couldn't perform the Eset  https://www.eset.com...online-scanner/because it still tells me  "Make sure your computer is connected to the internet..." Even though I clicked Scan as you indicated me. Instead I did it with the https://www.eset.com...online-scanner/ I assumed  that this was the Latin American version so I took a chance.

This was a good option. ESET removed a lot of threats from your computer.

 

Please re-enable your Avira Antivirus (if you have not already done it yet).


Go to Start => Control Panel => Programs and Features and uninstall KMSPico (if present).


NOTICE: The following script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start

CreateRestorePoint:
CloseProcesses:

S4 eapihdrv; \??\C:\Users\Mauro\AppData\Local\Temp\ehdrv.sys [X]
2016-07-23 15:51 - 2016-05-06 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-07-23 15:51 - 2016-05-06 16:52 - 00000000 ____D C:\Program Files\KMSpico
C:\Users\Mauro\AppData\Local\Temp\avgnt.exe

End


Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

 

 

Actually the computer is running with no problems now. The only thing that concerns me is that at the beginning when the Logon Screen appears the music sounds really slow, and I don't know if  this could be a problem or not, specially because before this "Kb-Kirabi.org or Zodiac-game.info" thing everything was really smooth. I don't know if you understand what I'm trying to say.


For the sound problem please try the instructions below:

  • Right click on the speaker icon in your desktop taskbar.
  • Select "Sounds" to open up the Sound dialogue box.
  • The dialogue box has four tabs running along the top – select the "Playback" tab.
  • Next, right click on the icon that shows your speakers (the one with the green tick) and you’ll see a pop out menu.
  • Make sure that you have “Show disabled devices” ticked, and then click "Disable".
  • Then right click again on the speakers icon and click "Enable".
  • Click OK to close the Sound dialogue box.
     

Reboot the computer and check the sound.

 

Please post the Fixlog.txt contents and let me know how is the computer running. Does the sound problem still persists?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#19 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 27 July 2016 - 11:26 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
Ran by Mauro (2016-07-28 01:24:40) Run:2
Running from C:\Users\Mauro\Desktop
Loaded Profiles: Mauro (Available Profiles: Mauro & Maribel & Yerko)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
 
S4 eapihdrv; \??\C:\Users\Mauro\AppData\Local\Temp\ehdrv.sys [X]
2016-07-23 15:51 - 2016-05-06 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-07-23 15:51 - 2016-05-06 16:52 - 00000000 ____D C:\Program Files\KMSpico
C:\Users\Mauro\AppData\Local\Temp\avgnt.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
eapihdrv => service not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico => moved successfully
C:\Program Files\KMSpico => moved successfully
C:\Users\Mauro\AppData\Local\Temp\avgnt.exe => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 01:25:01 ====


#20 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 27 July 2016 - 11:35 PM

 


For the sound problem please try the instructions below:

  • Right click on the speaker icon in your desktop taskbar.
  • Select "Sounds" to open up the Sound dialogue box.
  • The dialogue box has four tabs running along the top – select the "Playback" tab.
  • Next, right click on the icon that shows your speakers (the one with the green tick) and you’ll see a pop out menu.
  • Make sure that you have “Show disabled devices” ticked, and then click "Disable".
  • Then right click again on the speakers icon and click "Enable".
  • Click OK to close the Sound dialogue box.
     

Reboot the computer and check the sound.

 

Please post the Fixlog.txt contents and let me know how is the computer running. Does the sound problem still persists?

 

The sound is still weird. The logon music. It has some kind of interference. Maybe I have too much software launched at startup. Don't worry I don't want to bother you anymore. You have done more than enough for me and I really appreciate it.


Edited by andresmcfan, 27 July 2016 - 11:36 PM.


#21 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 28 July 2016 - 07:49 AM

Hello andresmcfan.

 

Don't worry I don't want to bother you anymore. You have done more than enough for me and I really appreciate it.

You are not boring me. I'm glad to help you. :)
 

Have you tried to play some music in Windows Media Player or in another player to see if the sound problem remains or the problem is just on the Windows startup sound?

 

Please download RogueKiller by Tigzy and save it to your Desktop.

  • Close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Note: For Windows XP, double-click on the icon to start. For Windows Vista, 7, 8 and 10 right-click on the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Accept button on the User Agreements (EULA) window to open RogueKiller.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time consuming.
  • Once finished click on Open Report. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.

 

Please copy and paste the contents of RKlog.txt to your next reply.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#22 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 29 July 2016 - 06:30 AM

RogueKiller V12.4.1.0 [Jul 28 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Mauro [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 07/29/2016 08:30:51
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 11 (Driver: Loaded) ¤¤¤
[ShwSSDT:Inl(Hook.Shadow)] NtGdiAlphaBlend[7] : Unknown @ 0xffffffff920679e8 (call 0xfffcaac2)
[ShwSSDT:Inl(Hook.Shadow)] NtGdiBitBlt[14] : Unknown @ 0xffffffff920679e8 (call 0xffffebe2)
[ShwSSDT:Inl(Hook.Shadow)] NtGdiGetPixel[200] : Unknown @ 0xffffffff920679e8 (call 0xfffd30a2)
[ShwSSDT:Inl(Hook.Shadow)] NtGdiMaskBlt[237] : Unknown @ 0xffffffff920679e8 (call 0xfffd151a)
[ShwSSDT:Inl(Hook.Shadow)] NtGdiPlgBlt[247] : Unknown @ 0xffffffff920679e8 (call 0xfffcf5b2)
[ShwSSDT:Inl(Hook.Shadow)] NtGdiStretchBlt[302] : Unknown @ 0xffffffff920679e8 (call 0xfffd553a)
[ShwSSDT:Inl(Hook.Shadow)] NtGdiTransparentBlt[308] : Unknown @ 0xffffffff920679e8 (call 0xfffcd2f2)
[ShwSSDT:Inl(Hook.Shadow)] NtUserFindWindowEx[396] : Unknown @ 0xffffffff920679e8 (call 0xfffc6fda)
[ShwSSDT:Inl(Hook.Shadow)] NtUserGetClipboardData[408] : Unknown @ 0xffffffff920679e8 (call 0xfffc34ca)
[ShwSSDT:Inl(Hook.Shadow)] NtUserPrintWindow[510] : Unknown @ 0xffffffff920679e8 (call 0xfffc8e12)
[ShwSSDT:Inl(Hook.Shadow)] NtUserQueryWindow[515] : Unknown @ 0xffffffff920679e8 (call 0xfffc1462)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA DT01ACA100 SCSI Disk Device +++++
--- User ---
[MBR] 9f4f4185d7ddfd7172d80c8acef82a80
[BSP] e86c2da012bf534a04211cd86efa31fc : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([18] El programa lanzó un comando pero la longitud del comando es incorrecta. )


#23 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 29 July 2016 - 06:36 AM

 

You are not boring me. I'm glad to help you.  :)

 

Have you tried to play some music in Windows Media Player or in another player to see if the sound problem remains or the problem is just on the Windows startup sound?

 

I can play music without any problems. The startup sound  on the other hand  is the one  giving me some  interference/slowness issues 



#24 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 29 July 2016 - 04:24 PM

Your RogueKiller log appears to be clean.

 

Some applications and services can sometimes cause interference when running in the background.

 

Please try the following to perform a Clean Startup:

 

Open the Start Menu, type msconfig in the search box, and press Enter.

If prompted by User Account Control (UAC), then click on Yes.

In the General tab, select (dot) Selective Startup, and uncheck the Load Startup Items box.

Click on the Services tab, check the Hide all Microsoft services box, click on the Disable all button, and click on OK.

When prompted, click on the Restart button.

 

How is the startup sound now?

 


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#25 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 30 July 2016 - 04:32 PM

I did it, but now Avira won't start and if I press CTRL+ALT+SUPR the general screen where I can have access to the task manager doesn't appear. 

 

oazm6p.jpg

Here, you can see that Avira is not loaded at startup

 

j77qdh.jpg

I opened the task manager with ctrl+shift+esc and it says that Avira is running

 

aynhpd.jpg

The services tab also shows Avira.

 

 

 

Is there another free antivirus that you would recommend? 



#26 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 30 July 2016 - 06:59 PM

Is there another free antivirus that you would recommend?

Avira is a good Antivirus. It's pretty light on the system and runs smooth without system slow-downs, it has a clean ad-free GUI, ad-free installer, no pop-ups or ads, high quality signatures, very fast updates, excellent detection on non-zero day threats and deep file scans with very less false positives.
Personally I use the Avast Free Antivirus. It's extremely light on the system with a modern and clean User Interface, is the only antivirus with a fully customizable installer, selection of user preference components, it has an excellent malicious URL blocking, network protection, outdated software checking, integrated password manager, and comes with a rescue disk. It also offers a deep screen technology that includes Sandbox and Safe machine components for protection.

 

It's you choice, but if you decide to change your antivirus program don't do it yet. Please wait until we finish the cleaning process.


With the instructions from my previous post you just disabled the startup programs that do not affect the functionality of the Operating System, in order to understand whether there is any that may be causing problems in the startup sound.

 

Don't worry, we will restore everything as it was but first I need you to tell me how is the startup sound. Does it still with interference/slowness issues?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#27 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 31 July 2016 - 10:53 AM

https://soundcloud.c...-de-voz-003-001

 

 

(I was trying to embed the sound, but I couldn't)

 

This is the sound I hear every startup


Edited by andresmcfan, 31 July 2016 - 11:00 AM.


#28 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 31 July 2016 - 05:06 PM

Hello andresmcfan.

 

The startup sound interference is not caused by malware or third-party applications. Is an issue in the Operating System and is known by Microsoft. It does not affect the functionality of Windows and also does not cause any computer malfunction. It just becomes annoying.

Now let's get Windows back to the Normal Startup Mode:
Open the Start Menu, type msconfig in the search box, and press Enter.
If prompted by UAC, then click on Yes.
In the General tab, select (dot) Normal Startup, and click on Apply and then OK.
When prompted, click on the Restart button.

To work around the startup sound issue on Windows 7, follow the instructions in Method 1 on the link below:
https://support.micr...en-us/kb/321735

Next, delete the old RGSA file from your Desktop.
Please download a new RGSA version from here and save it to your Desktop.

Run the RGSA, post its log in your next reply and wait for further instructions.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#29 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 31 July 2016 - 10:07 PM

Thanks for the help with the startup sound. It worked and I also understand more about it.

 

 

the RGSA won't open. I click OK the copyright disclaimer and nothing happens after that



#30 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 01 August 2016 - 05:14 AM

the RGSA won't open. I click OK the copyright disclaimer and nothing happens after that

That's probably due to your antivirus program. Please disable your antivirus program and then run the RGSA and post its log. It is a safe tool.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#31 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 01 August 2016 - 06:56 AM

Even though I've disabled it, it doesn't open, 

 

 

This is what I get.

4vllxd.jpg


Edited by andresmcfan, 01 August 2016 - 06:56 AM.


#32 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 01 August 2016 - 09:49 AM

The image in your prior post means that you probably clicked on the RGSA tray icon (in the lower-right corner of the screen) while the tool was running and the script paused.

 

After you run the tool you need to wait a bit until the log is created and don't click on the RGSA tray icon. This tool will not open anything except the Disclaimer. It will just create a log.

Please re-run the RGSA and wait a few seconds. The tool will create a text file (SALog.txt) in the same folder where it is located, which in your case should be on your Desktop.

 

Please open the SALog.txt file and post its entire content on your next reply.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#33 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 01 August 2016 - 11:35 AM

I'm sorry!! I completely forgot about it. I was waiting for something else to happen (my bad)

 

Here's the log

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 25th July 2016
Running from:C:\Users\Mauro\Desktop (13:35:14 - 08/01/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Ultimate X86 Service Pack 1
UAC is Enabled!
Internet Explorer 8
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
***-----------------Anti-Virus - Firewall-------------------***
Avira Antivirus (Enabled - Up to Date)
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin (version 13.0.0.214) is *out of Date*
Java is not installed
CCleaner (version 5.20)
Google Chrome (version 51)
Mozilla Firefox -- An older version than (47) is installed.
Mozilla Firefox 46.0.1 (x86 es-CL) (version 46.0.1) is *out of Date*
 
***----------------Analysis Complete-------------------------***

Edited by andresmcfan, 01 August 2016 - 11:39 AM.


#34 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 01 August 2016 - 12:40 PM

Outdated programs contribute to make your computer more vulnerable to malware infections.

 

Adobe Flash Player is out of date.

Please get the latest version here and save it to your Desktop.
Uninstall the old version through Start > Control Panel > Programs and Features.
Now install the new version that you previously saved in your Desktop.
Note: Be aware to uncheck McAfee Security Scan Plus and True Key utilities that will be offered as optional installations.

Please read the instructions on the link below and update your Mozilla Firefox browser:
https://support.mozi...-latest-version


Please let me know if the updates were successful.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#35 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 01 August 2016 - 06:59 PM

Done! Everything went well


Edited by andresmcfan, 01 August 2016 - 06:59 PM.


#36 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 02 August 2016 - 03:07 AM

Done! Everything went well

Excellent! :)

 

 

Since your computer appears to be clean you can now delete the following tools and any logs they created:

AdwCleaner (run the program and click the Uninstall button)
Farbar Recovery Scan Tool (and delete the folder C:\FRST)
RogueKiller (Open the Start menu -> Click on Settings -> Click System on the Settings menu -> Select Apps & features from the left pane -> Search for RogueKiller and select it -> Click the Uninstall button that appears -> Click the Uninstall pop-up button to confirm).


System Restore maintains a backup of your programs and may also backup infections, so please reset it to make a clean Restore Point.

To reset System Restore Points:

  • Go to Start > right click Computer > click  Properties > in the left pane click System Protection
  • Click the System Protection tab then click Create Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.  
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Select the drive that you want to use Disk Cleanup on, and click on OK.
  • Click on the Clean up system files button. If prompted by UAC, then click on Yes.
  • Select the drive that you want to use Disk Cleanup on, and click on OK.
  • Click the More Options Tab.
  • Click on the Clean up button under the bottom of System Restore and Shadow Copies section to remove all previous Restore Points except the newly created one.
  • Click on the Delete button to confirm the deletion.
  • Click on OK.
  • Close the Disk Cleanup window.
    More details and screenshots for Disk Cleanup in Windows 7 can be found here.

 

Are there any further problems with your computer?


Edited by Android 8888, 02 August 2016 - 03:09 AM.

Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#37 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 03 August 2016 - 11:47 AM

Thank you very much!!!!

 

 

I really appreciate what you have done for me. 

 

 

The only problem is that now some keyboard shortcuts are not responding. The  windows key  or the ctrl+alt+supr


Edited by andresmcfan, 03 August 2016 - 11:54 AM.


#38 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 03 August 2016 - 04:23 PM

Thank you very much!!!!

I really appreciate what you have done for me.

You're welcome! :)
 

 

The only problem is that now some keyboard shortcuts are not responding. The  windows key  or the ctrl+alt+supr

Do you have access to a keyboard of another computer? If you do, unplug the keyboard you're using and try connecting the other keyboard and see if the problem persists.

 

 


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#39 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 04 August 2016 - 11:05 AM

 

 

Do you have access to a keyboard of another computer? If you do, unplug the keyboard you're using and try connecting the other keyboard and see if the problem persists.

 

I did it and the problem goes away. I cannot keep using that keyboard though. 



#40 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 05 August 2016 - 06:45 AM

I did it and the problem goes away. I cannot keep using that keyboard though.

If that happens, I'm sorry to tell you but this is a problem in the keyboard (hardware). Sometimes with wear, some keys fail to respond. If you re-connect your keyboard and these keys still don't work and if you need to use them, you will have to buy a new keyboard. The keyboards are not very expensive.

 

If you're not near a store and without any order of preference, you can buy a keyboard online here or here or you can also do a search for more sites on the Internet that sell keyboards online.

 

Any further problems with the computer?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#41 andresmcfan

andresmcfan

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 05 August 2016 - 11:19 AM

Nope. No further problems. Thanks very much!!!



#42 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 05 August 2016 - 12:26 PM

Nope. No further problems. Thanks very much!!!

That's fine. You're welcome!

 
To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.
 
 
Keep Windows updated at Windows Update.
 
Keep your Avira AntiVirus up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here
Please Note: Only the paid for version has real time capabilities.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.
 
Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. This applies to Adobe Flash Player, Java, Microsoft Silverlight and all your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.
Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.


Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. :thumbup:

Android 8888.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#43 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 08 August 2016 - 08:27 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button