Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Messed computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Messed computer

Unread postby orestico » December 5th, 2015, 4:11 pm

Problems:
Usb's lost ability to charge phone
Internet drops and cant access only if I restart, sometimes i have to restart in Safe Mode and runn various antyvirus sofrware to be able to start my internet just to repeat the same thing a few hours later.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by orestes (administrator) on HAL (05-12-2015 14:35:31)
Running from C:\Users\orestes\Downloads
Loaded Profiles: orestes (Available Profiles: orestes)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exePCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{581A7174-D3A9-4DF8-926F-0F528A78297A}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7F903358-7D6F-4D01-82A5-9E242A0D78C2}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {181FB41A-5792-430E-ACBE-E1B147B713F7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {181FB41A-5792-430E-ACBE-E1B147B713F7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000 -> {181FB41A-5792-430E-ACBE-E1B147B713F7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-02-10] ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-30] (Symantec Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2015-02-10] ()
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2015-02-10] ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2015-02-10] ()
Toolbar: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\orestes\AppData\Roaming\Mozilla\Firefox\Profiles\qgtge6w6.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-02] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-01-27] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-01-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\npMotive.dll [2015-01-22] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.1 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2014-08-27] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4129720509-3286334582-3643172723-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF user.js: detected! => C:\Users\orestes\AppData\Roaming\Mozilla\Firefox\Profiles\qgtge6w6.default\user.js [2015-05-25]
FF Extension: Panda Security Toolbar - C:\Users\orestes\AppData\Roaming\Mozilla\Firefox\Profiles\qgtge6w6.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2015-05-26] [not signed]
FF Extension: Español (España) Language Pack - C:\Users\orestes\AppData\Roaming\Mozilla\Firefox\Profiles\qgtge6w6.default\Extensions\langpack-es-ES@firefox.mozilla.org.xpi [2015-11-09]
FF Extension: Español (México) Language Pack - C:\Users\orestes\AppData\Roaming\Mozilla\Firefox\Profiles\qgtge6w6.default\Extensions\langpack-es-MX@firefox.mozilla.org.xpi [2015-11-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-05-28] [not signed]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn [2015-01-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_10_1
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_10_1 [2015-12-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-04] [not signed]
FF HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=683654&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=683654&fr=yo-yhp-ch","hxxps://www.google.com/?trackid=sp-006"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr- ... =683654&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?outp ... n&command={searchTerms}
CHR Profile: C:\Users\orestes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\orestes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03]
CHR Extension: (Google Drive) - C:\Users\orestes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\orestes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\orestes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\orestes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-06-08]
CHR Extension: (Chrome Remote Desktop) - C:\Users\orestes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-12]
CHR Extension: (Google Docs Offline) - C:\Users\orestes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Avast Online Security) - C:\Users\orestes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-06]
CHR Extension: (Wave Accounting) - C:\Users\orestes\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2015-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\orestes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\orestes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-07]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [kofilaoejfjbjfopdnckahcidedndnln] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-05-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S4 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\MAHostService.exe [321024 2015-01-22] (Alcatel-Lucent) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
R2 HFGService; C:\Windows\System32\HFGService.dll [535552 2009-12-21] (CSR, plc) [File not signed]
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S4 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [296760 2014-09-19] (Panda Security)
S4 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2014-09-10] (Alcatel-Lucent) [File not signed]
S4 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2014-09-10] (Alcatel-Lucent) [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 e60fba94; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.46\OptProMon.dll",ENT <==== ATTENTION

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [945200 2010-08-08] (Symantec Corporation)
S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [52224 2009-12-21] (CSR, plc) [File not signed]
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc) [File not signed]
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [78848 2009-12-21] (CSR, plc) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2011-03-04] (Symantec Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [463408 2010-06-26] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110304.002\ENG64.SYS [117880 2011-03-04] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110304.002\EX64.SYS [1791096 2011-03-04] (Symantec Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
S3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163600 2015-04-21] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2015-01-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 14:35 - 2015-12-05 14:36 - 00027247 _____ C:\Users\orestes\Downloads\FRST.txt
2015-12-05 14:35 - 2015-12-05 14:35 - 00000000 ____D C:\FRST
2015-12-05 14:34 - 2015-12-05 14:34 - 01719808 _____ (Farbar) C:\Users\orestes\Downloads\FRST.exe
2015-12-05 14:33 - 2015-12-05 14:34 - 02369024 _____ (Farbar) C:\Users\orestes\Downloads\FRST64.exe
2015-12-04 18:08 - 2015-12-04 18:08 - 00000000 ____D C:\Users\orestes\AppData\Local\ElevatedDiagnostics
2015-12-04 16:08 - 2015-07-20 09:12 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-03 17:51 - 2015-12-03 17:51 - 00050083 _____ C:\Users\orestes\Downloads\PO_172_from_LAMINATE__SUPPLIES.INC._12132.pdf
2015-12-03 16:23 - 2015-12-03 16:23 - 00015872 _____ C:\Users\orestes\Documents\Quiroz 5163.zdl
2015-12-03 11:07 - 2015-12-04 15:49 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 08:05 - 2015-01-29 12:21 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-12-02 18:35 - 2015-12-02 18:35 - 00141478 _____ C:\Users\orestes\Desktop\gentas order 2-12-15.pdf
2015-11-30 21:38 - 2015-11-30 21:40 - 00000000 ____D C:\Users\orestes\Desktop\2015-11-30
2015-11-22 08:39 - 2015-11-22 08:39 - 00045056 ___SH C:\Users\orestes\Thumbs.db
2015-11-15 21:18 - 2015-11-15 21:18 - 00000000 ____D C:\Users\orestes\AppData\Local\GWX
2015-11-15 02:41 - 2015-11-15 02:41 - 00001852 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-11-15 02:41 - 2015-11-15 02:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-11-14 01:37 - 2015-12-04 15:49 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-14 01:37 - 2015-11-14 01:37 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-11-13 09:56 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-11-13 09:56 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-11-13 09:56 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-11-13 09:56 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-11-13 09:56 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-11-13 09:56 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-11-13 09:55 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-13 09:55 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-13 09:55 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-13 09:55 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-13 09:55 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-13 09:55 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-13 09:55 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-13 09:55 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-13 09:55 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-13 09:55 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-13 09:55 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-13 09:55 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-13 09:55 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-13 09:55 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-13 09:55 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-13 09:55 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-13 09:55 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-11-13 09:55 - 2015-04-29 13:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-11-13 09:55 - 2015-04-29 13:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-11-13 09:55 - 2015-04-29 13:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-11-13 09:55 - 2015-04-29 13:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-11-13 09:55 - 2015-04-29 13:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-11-13 09:55 - 2015-04-29 13:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-11-13 09:55 - 2015-04-29 13:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-11-13 09:55 - 2015-04-29 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-11-13 09:55 - 2015-04-29 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-11-13 09:55 - 2015-04-29 13:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-11-13 09:55 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-11-13 09:54 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-11-13 09:54 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-11-13 09:54 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-11-13 09:54 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-11-13 09:54 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-11-13 09:54 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-11-13 09:54 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-11-13 09:54 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-11-13 09:54 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-11-13 09:54 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-11-13 09:53 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-11-13 09:53 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-11-13 09:53 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-11-13 09:53 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-11-13 09:52 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-11-13 09:52 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-11-13 09:50 - 2015-11-03 17:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-13 09:50 - 2015-11-03 16:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-13 09:50 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-13 09:50 - 2015-10-30 18:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-13 09:50 - 2015-10-30 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-13 09:50 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-13 09:50 - 2015-10-30 18:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-13 09:50 - 2015-10-30 18:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-13 09:50 - 2015-10-30 18:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-13 09:50 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-13 09:50 - 2015-10-30 18:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-13 09:50 - 2015-10-30 18:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-13 09:50 - 2015-10-30 18:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-13 09:50 - 2015-10-30 18:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-13 09:50 - 2015-10-30 18:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-13 09:50 - 2015-10-30 18:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-13 09:50 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-13 09:50 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-13 09:50 - 2015-10-30 18:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-13 09:50 - 2015-10-30 18:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-13 09:50 - 2015-10-30 18:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-13 09:50 - 2015-10-30 17:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-13 09:50 - 2015-10-30 17:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-13 09:50 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-13 09:50 - 2015-10-30 17:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-13 09:50 - 2015-10-30 17:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-13 09:50 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-13 09:50 - 2015-10-30 17:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-13 09:50 - 2015-10-30 17:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-13 09:50 - 2015-10-30 17:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-13 09:50 - 2015-10-30 17:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-13 09:50 - 2015-10-30 17:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-13 09:50 - 2015-10-30 17:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-13 09:50 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-13 09:50 - 2015-10-30 17:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-13 09:50 - 2015-10-30 17:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-13 09:50 - 2015-10-30 17:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-13 09:50 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-13 09:50 - 2015-10-30 17:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-13 09:50 - 2015-10-30 17:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-13 09:50 - 2015-10-30 17:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-13 09:50 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-13 09:50 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-13 09:50 - 2015-10-30 17:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-13 09:50 - 2015-10-30 17:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-13 09:50 - 2015-10-30 17:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-13 09:50 - 2015-10-30 17:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-13 09:50 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-13 09:50 - 2015-10-30 17:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-13 09:50 - 2015-10-30 17:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-13 09:50 - 2015-10-30 17:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-13 09:50 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-13 09:50 - 2015-10-30 17:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-13 09:50 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-13 09:50 - 2015-10-30 17:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-13 09:50 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-13 09:50 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-13 09:50 - 2015-10-30 17:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-13 09:50 - 2015-10-30 17:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-13 09:50 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-13 09:50 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-13 09:50 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-13 09:50 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-13 09:50 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-13 09:50 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-11-13 09:50 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-11-13 09:50 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-11-13 09:50 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-11-13 09:50 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-11-13 09:50 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-11-13 09:50 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-11-13 09:50 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-11-13 09:50 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-11-13 09:50 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-11-13 09:50 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-11-13 09:50 - 2015-06-17 12:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-13 09:50 - 2015-06-17 12:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-13 09:50 - 2015-06-03 15:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-11-13 09:50 - 2015-06-03 15:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-11-13 09:50 - 2015-04-24 13:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-11-13 09:50 - 2015-04-24 12:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-11-13 09:50 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-11-13 09:50 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-11-13 09:50 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-11-13 09:50 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-11-13 09:49 - 2015-07-04 13:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-11-13 09:49 - 2015-07-04 12:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-11-13 09:49 - 2015-04-27 14:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-11-13 09:49 - 2015-04-27 14:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-11-13 09:49 - 2015-04-27 14:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-11-13 09:49 - 2015-04-27 14:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-11-13 09:49 - 2015-04-27 14:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-11-13 09:49 - 2015-04-27 14:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-11-13 09:49 - 2015-04-27 14:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-11-13 09:49 - 2015-04-27 14:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-11-13 09:48 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-13 09:48 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-13 09:48 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-11-13 09:48 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-11-13 09:48 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-11-13 09:48 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-11-13 09:48 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-11-13 09:48 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-11-13 09:48 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-11-13 09:48 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-11-13 09:48 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-11-13 09:48 - 2015-06-03 15:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-11-13 09:48 - 2015-06-03 15:16 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-13 09:48 - 2015-06-03 15:16 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-13 09:47 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-13 09:47 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-13 09:47 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-13 09:47 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-13 09:47 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-13 09:47 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-13 09:47 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-13 09:47 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-13 09:47 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-13 09:47 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-11-13 09:47 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-11-13 09:47 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-11-13 09:47 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-11-13 09:47 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-11-13 09:47 - 2015-06-15 16:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-11-13 09:47 - 2015-06-15 16:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-11-13 09:47 - 2015-06-15 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-11-13 09:47 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-11-13 09:47 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-11-13 09:47 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-11-13 09:47 - 2015-06-15 16:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-11-13 09:47 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-11-13 09:46 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-11-13 09:46 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-11-13 09:46 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-11-13 09:45 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-13 09:45 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-11-13 09:45 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-11-13 09:45 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-11-13 09:45 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-11-13 09:45 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-11-13 09:45 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-11-13 09:45 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-11-13 09:45 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-11-13 09:45 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-11-13 09:45 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-11-13 09:45 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-11-13 09:45 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-11-13 09:45 - 2015-04-10 22:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-11-13 09:45 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-11-13 09:45 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-11-13 09:45 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-11-13 09:45 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-11-13 09:45 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-11-13 09:45 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-11-13 09:45 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-11-13 09:44 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-13 09:44 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-13 09:44 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-13 09:44 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-11-13 09:44 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-11-13 09:44 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-11-13 09:44 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-11-13 09:44 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-11-13 09:44 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-11-13 09:44 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-11-13 09:30 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-11-13 09:30 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-11-13 09:30 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-11-13 09:30 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-11-13 09:30 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-11-13 09:30 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-11-13 09:30 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-11-13 09:30 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-11-13 09:30 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-11-13 09:30 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-11-13 09:30 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-11-13 09:30 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-11-13 01:42 - 2015-11-13 01:44 - 00000000 ____D C:\Users\orestes\AppData\Local\Viber
2015-11-13 01:10 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-13 01:10 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-11-13 01:10 - 2015-01-08 18:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-11-13 01:10 - 2015-01-08 18:43 - 00419936 _____ C:\Windows\system32\locale.nls
2015-11-12 16:44 - 2015-11-12 16:44 - 00001113 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-12 16:39 - 2015-11-12 16:39 - 00243656 _____ C:\Users\orestes\Downloads\Firefox Setup Stub 42.0 (1).exe
2015-11-12 16:38 - 2015-11-12 16:38 - 00243656 _____ C:\Users\orestes\Downloads\Firefox Setup Stub 42.0.exe
2015-11-12 08:46 - 2015-11-12 08:45 - 00686700 _____ C:\Windows\system32\PHOOKSmf2.TXT
2015-11-12 07:57 - 2015-11-12 15:15 - 00056998 _____ C:\Windows\system32\PHOOKSmf.txt
2015-11-12 07:53 - 2015-11-12 13:58 - 00000000 ____D C:\Windows\system32\DBBK
2015-11-12 07:52 - 2015-11-16 00:06 - 00001248 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-11-12 06:34 - 2015-11-12 06:34 - 00066944 _____ C:\Users\orestes\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-12 06:31 - 2015-11-14 01:41 - 00338888 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 23:13 - 2015-12-04 20:05 - 01268178 _____ C:\Windows\ntbtlog.txt
2015-11-10 22:27 - 2015-11-10 22:44 - 00000000 ____D C:\Users\orestes\Desktop\Chase 2015 statements

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 14:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-05 14:29 - 2015-04-12 12:08 - 00000396 _____ C:\Windows\Tasks\WpsNotifyTask_orestes.job
2015-12-05 14:13 - 2015-04-12 12:08 - 00000396 _____ C:\Windows\Tasks\WpsUpdateTask_orestes.job
2015-12-05 13:45 - 2015-01-25 21:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-05 13:43 - 2015-01-25 17:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 12:58 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-05 12:58 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-05 12:43 - 2015-01-25 17:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-05 07:23 - 2015-08-20 06:29 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-12-05 07:23 - 2015-01-25 18:19 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-05 07:15 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-05 07:15 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-04 23:41 - 2015-06-22 15:39 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-04 20:15 - 2015-02-23 22:51 - 00000000 ____D C:\Users\orestes\AppData\Local\CrashDumps
2015-12-04 16:26 - 2015-06-08 18:19 - 00001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-12-04 16:26 - 2015-01-28 09:55 - 00000000 ____D C:\Users\orestes\Documents\My Labels
2015-12-04 16:06 - 2015-01-25 21:18 - 00000000 ____D C:\Users\orestes\AppData\Roaming\ViberPC
2015-12-04 15:50 - 2015-01-25 17:06 - 00000000 ____D C:\Users\orestes
2015-12-04 15:49 - 2015-01-25 17:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-04 15:49 - 2011-05-27 03:07 - 00000000 ____D C:\ProgramData\Norton
2015-12-04 15:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-12-03 11:07 - 2015-07-30 19:59 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-03 09:42 - 2015-05-18 21:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-12-02 12:38 - 2015-07-15 17:20 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 12:38 - 2015-07-15 17:20 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 12:10 - 2009-07-14 00:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-02 12:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-02 10:25 - 2015-07-13 16:59 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleFororestes
2015-12-02 10:25 - 2015-07-13 16:59 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleFororestes.job
2015-12-01 14:06 - 2015-01-25 21:18 - 00000000 ____D C:\Users\orestes\Documents\ViberDownloads
2015-11-27 15:33 - 2015-10-26 22:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-27 00:00 - 2015-09-11 15:12 - 00000000 ____D C:\Users\orestes\Desktop\Luis Ulate
2015-11-16 20:02 - 2015-02-09 09:09 - 00000000 ____D C:\Users\orestes\AppData\Roaming\Skype
2015-11-15 02:42 - 2015-09-29 23:01 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-11-15 02:42 - 2015-09-29 22:52 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-15 02:41 - 2015-09-29 23:01 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-11-14 12:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-11-14 04:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2015-11-14 01:37 - 2015-01-27 06:08 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-11-14 01:37 - 2015-01-27 06:08 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-14 01:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2015-11-14 01:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-11-14 01:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-13 01:15 - 2015-02-24 08:30 - 00000000 ____D C:\Windows\system32\MRT
2015-11-13 01:10 - 2015-02-24 08:30 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-13 01:03 - 2011-02-11 12:15 - 00775546 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-12 23:14 - 2011-05-27 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2015-11-12 16:44 - 2015-05-25 06:58 - 00001125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-12 16:44 - 2015-05-15 10:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-12 07:07 - 2015-01-25 18:19 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-11-12 07:07 - 2015-01-25 18:19 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-11-12 06:25 - 2015-02-26 06:03 - 00007905 _____ C:\Windows\wininit.ini
2015-11-11 23:18 - 2015-02-26 00:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-11 22:54 - 2015-06-22 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-11 22:54 - 2015-06-22 15:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-11 22:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

==================== Files in the root of some directories =======

2015-04-11 16:43 - 2015-04-11 16:43 - 0000000 _____ () C:\Users\orestes\AppData\Roaming\560C.tmp
2015-09-07 07:07 - 2015-09-07 07:07 - 0007639 _____ () C:\Users\orestes\AppData\Local\Resmon.ResmonCfg
2015-07-30 19:22 - 2015-07-30 19:22 - 0000000 _____ () C:\Users\orestes\AppData\Local\{120DCABA-98CD-446D-8D25-093F2C7E6853}
2015-07-26 06:41 - 2015-07-26 06:41 - 0000000 _____ () C:\Users\orestes\AppData\Local\{58BFB643-553C-4FE9-AA9C-05FBEC679A9E}

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-30 00:59

==================== End of FRST.txt ============================
orestico
Active Member
 
Posts: 3
Joined: December 5th, 2015, 3:47 pm
Advertisement
Register to Remove

Re: Messed computer

Unread postby capnkrunch » December 6th, 2015, 1:45 am

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Hello orestico and welcome to the Malware Removal Forums :)

My name is capnkrunch and I will be helping you with your malware problems. I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Failure to respond for 3 days, will result in your topic being closed.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


Incomplete FRST Logs
There should have been another log, Addition.txt produced when you ran FRST. It will be located in the same location that FRST was run from, C:\Users\orestes\Downloads. Please locate this file and copy and paste the contents in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Addition.txt
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Messed computer

Unread postby orestico » December 7th, 2015, 12:33 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by orestes (2015-12-05 14:36:32)
Running from C:\Users\orestes\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-01-25 22:06:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4129720509-3286334582-3643172723-500 - Administrator - Disabled)
Guest (S-1-5-21-4129720509-3286334582-3643172723-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4129720509-3286334582-3643172723-1002 - Limited - Enabled)
orestes (S-1-5-21-4129720509-3286334582-3643172723-1000 - Administrator - Enabled) => C:\Users\orestes

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AT&T Troubleshoot & Resolve (HKLM-x32\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.5.0.48 - AT&T)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon D530/D560 (HKLM\...\{50D00125-863A-47ee-BB02-9CB950BEDE16}) (Version: 4.1.0.1 - CANON INC.)
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.0.198.10000 - CANON INC.)
Canon Laser Printer/Scanner/Fax Extended Survey Program (Version: 1.0.198 - CANON INC.) Hidden
Canon MF Toolbox 4.9.1.1.mf14 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{CDF9E1C8-4B97-4F8B-A848-7DD0E8BEB89F}) (Version: 47.0.2526.18 - Google Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesignPro 5.0 Limited Edition (HKLM-x32\...\InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}) (Version: 5.2.1201 - Avery Dennison)
DesignPro 5.0 Limited Edition (x32 Version: 5.2.1201 - Avery Dennison) Hidden
DL PDF Editor 1.7 (HKLM\...\{42112AF2-A715-465e-B9B7-02626461E6E8}) (Version: 1.7 - GreenTree Applications SRL)
Elevated Installer (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
eM Client (HKLM-x32\...\{6D1C3187-2820-44F9-B64F-83FD3DEE0201}) (Version: 6.0.22344.0 - eM Client Inc.)
Garmin Express (HKLM-x32\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Lorex Auto Port Forwarding (HKLM-x32\...\Lorex Auto Port Forwarding1.0.5) (Version: 1.0.5 - Lorex Technology)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Mozilla Thunderbird 38.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.4.0 (x86 en-US)) (Version: 38.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.5 - Panda Security)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0004 - Panda Security)
Panda Free Antivirus (Version: 7.82.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.2.3.1 - Panda Security)
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Some PDF Images Extract 2.0 (HKLM-x32\...\Some PDF Images Extract_is1) (Version: - SomePDF.com)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TechUtilities (HKLM\...\TechUtilities_is1) (Version: 1.1.0.7 - Seven Servos Software Pvt Ltd.)
Viber (HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WPS Office (9.1.0.4759) (HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\WPS Office) (Version: 9.1.0.4759 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-11-2015 01:00:21 Windows Update
29-11-2015 01:00:56 Windows Update
30-11-2015 01:00:22 Windows Update
01-12-2015 01:00:27 Windows Update
02-12-2015 01:00:20 Windows Update
03-12-2015 01:00:21 Windows Update
04-12-2015 01:00:20 Windows Update
04-12-2015 15:43:38 Restore Operation
04-12-2015 16:04:02 avast! antivirus system restore point
04-12-2015 16:09:48 Windows Update
05-12-2015 01:00:21 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-08-16 08:05 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15463 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {087F174E-E2B1-420A-AEC9-692C2988FC23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {155654A2-14ED-4E30-88F3-921C35256EFF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {184E058A-015F-434E-BA91-F2FE161A8DFD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {1FD98533-4E09-4587-86A0-3F92DE42FFC5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {236E1D92-DD65-40E3-AB2F-0DD91E2625B7} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {2C0D00CC-4274-4069-A274-12D99D202EFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-05-05] (Microsoft)
Task: {4276D095-D958-4436-AA6F-9261C603AAAD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {47354374-274B-4CD9-AADE-EBB25F13B565} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-10-29] ()
Task: {4CC3DC42-367F-4D0C-B1B8-FFECEB900658} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {4D89B6D3-E99A-49AC-A0FA-8FE62D8F6BAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-02] (Adobe Systems Incorporated)
Task: {50C7D96F-CEE0-410B-8B66-A3EE43FD1926} - \WpsNotifyTask_orestes -> No File <==== ATTENTION
Task: {543D75C0-3104-42FB-9255-80121CB7E323} - System32\Tasks\HPCeeScheduleFororestes => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {56966DDC-84EA-485B-8CFA-C4E0215AA0B9} - System32\Tasks\avastBCLRestartS-1-5-21-4129720509-3286334582-3643172723-1000 => Firefox.exe
Task: {5A1D62EF-554A-4CD9-B794-F42379A81EBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {692950A3-1EBB-4F0A-8F6A-A698949EEDF5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
Task: {73BB1A55-B5F4-4B7A-8885-9A7507F53F7C} - \WpsUpdateTask_orestes -> No File <==== ATTENTION
Task: {8304A6D4-3DE7-4975-9EC7-2583C32A57F4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {8A481E4A-C4FC-4840-BFE7-79942420EC39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-05-05] (Microsoft)
Task: {8DD952F6-81FD-4A1F-8BE0-E6F4C725B315} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {937AD8B7-1845-42B1-9626-CDC52C57CDCB} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [2012-10-10] (CANON INC.)
Task: {9950723D-347E-4D15-B4DE-668F0F3F7B93} - \LaunchSignup -> No File <==== ATTENTION
Task: {A04939EE-6A45-453E-8E80-6D5410CB0FFD} - \Registration -> No File <==== ATTENTION
Task: {BE47746C-023C-400A-936B-BBB623FC4009} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)
Task: {C1AE5B34-345E-4B51-97F4-0682116C42FE} - \RMCreator -> No File <==== ATTENTION
Task: {C1E7D30B-2017-4D93-82D2-46DEE403C253} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CDD33AF9-18FF-4AC4-87C5-A6AB105E5519} - \{B79AC1A0-CEAD-4F60-A3D2-9D95EBDCCDC0} -> No File <==== ATTENTION
Task: {D921C91D-619F-4A54-8877-4C53E3112B2E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E24532A6-4096-417A-B39D-C8BBA270E2D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {EC27B5DA-12F9-4E25-8C75-0F0F97D7ECF9} - \Fiuivpuoha -> No File <==== ATTENTION
Task: {F3FDE7E6-D798-4429-B594-FAFC521774A4} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFororestes.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe-t1C:\Program Files\TechUtilities\TechUtilities.exe
Task: C:\Windows\Tasks\WpsNotifyTask_orestes.job => C:\Users\orestes\AppData\Local\Kingsoft\WPS Office\9.1.0.4759\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_orestes.job => C:\Users\orestes\AppData\Local\Kingsoft\WPS Office\9.1.0.4759\wtoolex\wpsupdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=e ... 113&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=e ... 113&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.snapfish.com/hp_desktop_desktopicon_2011_us <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-07-20 09:11 - 2015-07-20 09:11 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 09:11 - 2015-07-20 09:11 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-03 16:04 - 2015-12-03 16:04 - 02802176 _____ () C:\Program Files\AVAST Software\Avast\defs\15120301\algo.dll
2015-12-05 07:16 - 2015-12-05 07:16 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15120500\algo.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4129720509-3286334582-3643172723-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\orestes\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AT&T Troubleshoot & Resolve => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: chromoting => 2
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: PandaAgent => 2
MSCONFIG\Services: panda_url_filtering => 2
MSCONFIG\Services: pcCMService => 2
MSCONFIG\Services: pcCMService64 => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer6 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ATT_McciTrayApp => "C:\Program Files\ATT\8.5.0.48\ma\bin\pcTrayApp.exe"
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DLPDFEditorUpdateChecker => "C:\Program Files (x86)\GreenTree Applications\DL PDF Editor\DLPDFEditorUpdateChecker.exe"
MSCONFIG\startupreg: eM Client => "C:\Program Files (x86)\eM Client\MailClient.exe" /startup
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_BBD951AEBC92589C1DAB9B76FAB4C961 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: limepro => "C:\Program Files (x86)\LimePro\LimePro.exe" -h
MSCONFIG\startupreg: MalwareProtectionLive => C:\Users\orestes\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Panda Security URL Filtering => "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Viber => "C:\Users\orestes\AppData\Local\Viber\Viber.exe" StartMinimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A98BED0D-9DDB-404C-9095-F4BCE8FB48C7}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{B52F8CB6-03DA-40EA-8C16-519862578B9A}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{631E1433-9FE3-48E0-A13B-0932FDB3E9EC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{AD5C2AE3-7D96-4F55-A21B-FDA095F151FF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{2E827A22-FE80-44F5-A2E7-6C898753521D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{EAF01F3D-4BF4-4179-9C31-3A376EBDA902}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{D162354E-6F7B-4927-BEB7-ED822935798B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{2F3F4EE5-E1BA-4759-816E-6E6386FF3A8A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{4E31BEEB-871D-4FED-B12E-71119E73CE8A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D399DB3D-0BB9-4ECB-8AF6-8F1ECA07C9B4}] => (Allow) LPort=2869
FirewallRules: [{C7608A95-A569-4DFC-B5B8-5DB4AE6B871C}] => (Allow) LPort=1900
FirewallRules: [{FE455D57-8340-4D76-A31F-1AA7B04AC5B0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{40D982CC-5CB5-4FA3-9289-9B566F8A3F9E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{AFD267BE-096D-472D-8F67-EB7F1DE1D294}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{145B1946-02F0-42EF-AB56-715C652A3B89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE671FD6-B818-4FDC-8B3E-DC6E6AD2C848}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{35C521B2-B76A-4049-A986-A5DDA09E0BF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2966C20A-E02E-450F-BD05-317998261C21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C922067-94A4-4B62-90D2-8DC8474BF582}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42BBCF92-7653-4D5E-9721-9C209D7ABE3D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C5422E5B-287A-48F3-A63C-3551EF2BB760}] => (Allow) C:\Program Files (x86)\pandasecuritytb\dtUser.exe
FirewallRules: [{F64510BB-60DB-470B-BB6B-1C2C0E5FA09D}] => (Allow) C:\Program Files (x86)\pandasecuritytb\dtUser.exe
FirewallRules: [{46A4F603-7982-424E-B385-D4A5A17633F0}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{F184367B-CB3F-414E-BCEC-155CF8B805FB}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{5ABEDD1E-9E44-47E7-9686-942007C645F5}] => (Allow) C:\Program Files (x86)\pandasecuritytb\dtUser.exe
FirewallRules: [{029EAE36-8B60-48F0-9CDF-E44416F42A67}] => (Allow) C:\Program Files (x86)\pandasecuritytb\dtUser.exe
FirewallRules: [{419B222D-70AC-4ADA-A52A-02BDD1568001}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{4700BE0F-6110-4B2E-AAC6-3A791451EA29}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{15996412-5A6D-44DD-93AD-8A10DCA84621}] => (Allow) C:\Users\orestes\AppData\Local\Temp\nso230E.tmp\Installer-76126099.exe
FirewallRules: [{EE24548D-A627-41A4-A59A-D8102DE1A789}] => (Allow) C:\Users\orestes\AppData\Local\Temp\nso230E.tmp\Installer-76126099.exe
FirewallRules: [{620ED61F-D574-47ED-98DD-74E53ABEFE2B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{39B85758-8E29-43EE-B69F-E011DEBB7B8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A44EFDC4-E6F1-40B1-B961-4EC032C5AB3E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADC8E2C7-CBF2-4A37-9911-4165AD65972E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AF6877E8-7CBA-4E49-837A-2C4D83D4087A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C293F685-FFFC-4983-B7AA-9C83E2E05103}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
FirewallRules: [{01BF3F8E-03BD-4ACC-8448-8214DBD8B5A7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3651A516-1AE2-4E3A-BA6F-3F0632120052}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC79FEB7-F7FA-4315-A956-4DE9C7CE94A4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2015 07:17:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2015 08:15:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25
Exception code: 0xc0000005
Fault offset: 0x0000000000001098
Faulting process id: 0x794
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (12/04/2015 08:08:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2015 04:39:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2015 04:02:57 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000022.

Error: (12/04/2015 03:51:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2015 03:41:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9ab
Exception code: 0xc0000005
Fault offset: 0x0000000000007306
Faulting process id: 0x64c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (12/04/2015 03:35:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2015 01:02:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2015 12:03:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/05/2015 08:41:24 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{581A7174-D3A9-4DF8-926F-0F528A78297A}.
The backup browser is stopping.

Error: (12/05/2015 07:26:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (12/05/2015 07:26:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (12/05/2015 07:23:33 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (12/05/2015 07:17:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (12/05/2015 07:17:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/05/2015 07:16:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (12/05/2015 01:52:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB3061518).

Error: (12/05/2015 01:43:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB3081320).

Error: (12/05/2015 01:38:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows 7 for x64-based Systems (KB3071756).


CodeIntegrity:
===================================
Date: 2015-11-24 22:47:17.277
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-24 22:47:17.213
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-24 22:47:06.396
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-24 22:47:06.333
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-24 14:32:40.130
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-24 14:32:40.068
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-06 16:33:18.835
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-06 16:33:18.764
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-30 20:53:10.578
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-30 20:53:10.515
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E6800 @ 3.33GHz
Percentage of memory in use: 48%
Total physical RAM: 4059.12 MB
Available physical RAM: 2105.56 MB
Total Virtual: 8116.42 MB
Available Virtual: 5786.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.35 GB) (Free:831.04 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.07 GB) (Free:1.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (SleepWeaver Intl DVD2 27-Languag) (CDROM) (Total:2.72 GB) (Free:0 GB) UDF
Drive g: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:239.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5E1F6703)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
orestico
Active Member
 
Posts: 3
Joined: December 5th, 2015, 3:47 pm

Re: Messed computer

Unread postby capnkrunch » December 8th, 2015, 7:49 am

Hello orestico :)

There are indications that this machine is used for business purposes. Is this the case? It is important to know (even if it is a small or personal business) so that I can give accurate instructions.
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Messed computer

Unread postby orestico » December 9th, 2015, 12:22 am

I do use this computer as a backup for business but its mainly my personal computer
orestico
Active Member
 
Posts: 3
Joined: December 5th, 2015, 3:47 pm

Re: Messed computer

Unread postby Cypher » December 9th, 2015, 11:38 am

orestico wrote:I do use this computer as a backup for business but its mainly my personal computer

Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.


This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 115 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware