WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Change proxy http = 127.0.0.1: 8080; https = 127.0.0.1: 8080 that can

Started by nayrb_alejandro , Mar 16 2016 10:12 PM

change proxy

This topic is locked

9 replies to this topic

#1 nayrb_alejandro

New Member

New Member
4 posts

Posted 16 March 2016 - 10:12 PM

Hi, I need some help, apparently I have an infection in my system because my computer uses a proxy server that does not authorize, which is http = 127.0.0.1: 8080; https = 127.0.0.1: 8080, I have many problems in my browser, jumping me ads and advertising windows, I analyzed my computer many times and does not show anything unusual, which is why I need a little help before a improper change in my computer. Some additional data is to use Windows 10, my antivirus is Kaspersky. I appreciate all the information they can provide me.

Advertisements

Register to Remove

#2 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 17 March 2016 - 02:21 AM

Hello nayrb_alejandro and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

run AdwCleaner
when it has finished, select Clean
if it asks to reboot, allow the reboot
on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
press Scan button
it will produce a log called Frst.txt in the same directory the tool is run from
please copy and paste log back here.
the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 nayrb_alejandro

New Member

New Member
4 posts

Posted 17 March 2016 - 12:49 PM

Hi Satchfan, thanks for the help, then attached logs:

AdwCleaner log

# AdwCleaner v5.102 - Registro generado 17/03/2016 en 13:16:57

# Actualizado 13/03/2016 por Xplode

# Base de datos : 2016-03-16.1 [Servidor]

# Sistema operativo : Windows 10 Pro (x64)

# Nombre de usuario : nayrBAlejandro - NAYRB_ALEJANDRO

# Ejecutado desde : C:\Users\nayrBAlejandro\Desktop\adwcleaner_5.102.exe

# Opción : Limpiar

# Apoyo : http://toolslib.net/forum

***** [ Servicios ] *****

***** [ Carpetas ] *****

***** [ Archivos ] *****

[-] Archivo Eliminar : C:\Users\ji_98\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage

[-] Archivo Eliminar : C:\Users\ji_98\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal

[-] Archivo Eliminar : C:\Users\ji_98\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage

[-] Archivo Eliminar : C:\Users\ji_98\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal

[#] Archivo Eliminar : C:\Users\ji_98\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage

[#] Archivo Eliminar : C:\Users\ji_98\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal

[#] Archivo Eliminar : C:\Users\ji_98\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage

[#] Archivo Eliminar : C:\Users\ji_98\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal

[-] Archivo Eliminar : C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage

[-] Archivo Eliminar : C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal

[-] Archivo Eliminar : C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage

[-] Archivo Eliminar : C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal

[#] Archivo Eliminar : C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage

[#] Archivo Eliminar : C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal

[#] Archivo Eliminar : C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage

[#] Archivo Eliminar : C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal

***** [ DLLs ] *****

***** [ Accesos directos ] *****

***** [ Tareas programadas ] *****

[-] Tarea Eliminar : amiupdaterExd

[-] Tarea Eliminar : amiupdaterExi

***** [ Registro ] *****

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7}

[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{790F2D3B-18EE-40E2-A45E-1FAC13B6AFB8}

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Classes\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7}

[-] Llave Eliminar : [x64] HKLM\SOFTWARE\Classes\Interface\{790F2D3B-18EE-40E2-A45E-1FAC13B6AFB8}

[-] Llave Eliminar : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\affiliate.portalsepeti.com

[-] Valor Eliminar : HKU\S-1-5-21-2405107676-2796426648-614312743-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [HCDNClient]

***** [ Navegadores Web ] *****

*************************

:: Llaves "Tracing" removidas

:: Winsock Configuración borrada

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [6483 bytes] - [17/03/2016 13:16:57]

C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [6500 bytes] - [17/03/2016 13:14:03]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [6669 bytes] ##########

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.4 (03.14.2016)

Operating System: Windows 10 Pro x64

Ran by nayrBAlejandro (Administrator) on 17/03/2016 at 13:29:24,64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 5

Failed to delete: C:\ProgramData\system32\SafeGuard32.dll (File)

Failed to delete: C:\ProgramData\system32\SafeGuard64.dll (File)

Successfully deleted: C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod (Folder)

Successfully deleted: C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bigefpfhnfcobdlfbedofhhaibnlghod_0.localstorage (File)

Successfully deleted: C:\Users\Public\qiyi (Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17/03/2016 at 13:31:41,39

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01

Ran by nayrBAlejandro (administrator) on NAYRB_ALEJANDRO (17-03-2016 13:33:36)

Running from C:\Users\nayrBAlejandro\Desktop

Loaded Profiles: nayrBAlejandro (Available Profiles: nayrBAlejandro & ji_98 & Invitado)

Platform: Windows 10 Pro Version 1511 (X64) Language: Español (España, internacional)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe

(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [735544 2015-08-07] (Alps Electric Co., Ltd.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8459480 2015-02-25] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-02-25] (Realtek Semiconductor)

HKLM-x32\...\Run: [YouCam Service6] => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [500696 2013-11-25] (CyberLink Corp.)

HKLM-x32\...\Run: [PDFPrint] => E:\Program Files (x86)\PDF24\pdf24.exe [212000 2016-01-18] (Geek Software GmbH)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-16] (Valve Corporation)

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\...\Run: [Spotify Web Helper] => C:\Users\nayrBAlejandro\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-03-07] (Spotify Ltd)

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\...\Run: [Spotify] => C:\Users\nayrBAlejandro\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-03-07] (Spotify Ltd)

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)

ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => No File

ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2405107676-2796426648-614312743-1001] => Proxy is enabled.

ProxyServer: [S-1-5-21-2405107676-2796426648-614312743-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080

Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll No File

Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [3587000 2015-12-30] ()

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 200.107.10.105 192.168.1.1

Tcpip\..\Interfaces\{0844a99a-3831-41bb-b695-10c1b596553f}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Tcpip\..\Interfaces\{133036b4-4e91-48e0-9494-55bd8e41475a}: [DhcpNameServer] 200.107.10.105 192.168.1.1

Tcpip\..\Interfaces\{C27118A9-3027-44A2-B515-D57353D0CB88}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.allinchrome.com/?bd=hp&oem=ntsvc&uid=HGSTXHTS541075A9E680_JD12021A0GAM8K0GAM8KX&version=2.3.0.10992&pid=414031160&tid=712

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotstation.com?uid={262415663d92468e8d206ee1d1a9c720}&r=eg

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotstation.com?uid={262415663d92468e8d206ee1d1a9c720}&r=eg

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg

SearchScopes: HKLM-x32 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg

SearchScopes: HKLM-x32 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg

SearchScopes: HKU\S-1-5-21-2405107676-2796426648-614312743-1001 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg

SearchScopes: HKU\S-1-5-21-2405107676-2796426648-614312743-1001 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)

BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-03-01] (AO Kaspersky Lab)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)

BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-03] (Oracle Corporation)

BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-03-01] (AO Kaspersky Lab)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-03] (Oracle Corporation)

BHO-x32: Aplicación auxiliar de la Grabadora de prueba web de Microsoft 10.0 -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)

Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-03-01] (AO Kaspersky Lab)

Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)

Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-03-01] (AO Kaspersky Lab)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

Edge:

======

Edge Session Restore: HKU\S-1-5-21-2405107676-2796426648-614312743-1001 -> is enabled.

FireFox:

========

FF ProfilePath: C:\Users\nayrBAlejandro\AppData\Roaming\Mozilla\Firefox\Profiles\4lf3el4l.default

FF Session Restore: -> is enabled.

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-11] ()

FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]

FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-11] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-03] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-03] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.3.0.5416280\npmathplugin.dll [2015-10-09] (Wolfram Research, Inc.)

FF Extension: Adblock Plus - C:\Users\nayrBAlejandro\AppData\Roaming\Mozilla\Firefox\Profiles\4lf3el4l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-12]

FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-04-23] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox

FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-03-02]

Chrome:

=======

CHR HomePage: Default -> hxxp://nav.brotstation.com?uid={262415663d92468e8d206ee1d1a9c720}&r=eg

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Diapositivas de Google) - C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-18]

CHR Extension: (Google Docs) - C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-18]

CHR Extension: (Google Drive) - C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-17]

CHR Extension: (YouTube) - C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-17]

CHR Extension: (Búsqueda de Google) - C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-17]

CHR Extension: (Kaspersky Protection) - C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-03-01]

CHR Extension: (Hojas de cálculo de Google) - C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-18]

CHR Extension: (Documentos de Google sin conexión) - C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-17]

CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]

CHR Extension: (Gmail) - C:\Users\nayrBAlejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [104824 2015-08-07] (Alps Electric Co., Ltd.)

R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2016-03-01] (Kaspersky Lab ZAO)

R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-11-14] (Hewlett-Packard Company)

R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)

R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2014-12-23] (Realtek Semiconductor)

S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)

S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [7244752 2016-03-17] (Microsoft Corporation)

S4 XBox; C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\XBox\XBLive.exe [5359032 2016-02-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)

R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)

R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)

R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)

R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-03-02] (AO Kaspersky Lab)

S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)

R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2016-03-02] (AO Kaspersky Lab)

R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2016-03-01] (AO Kaspersky Lab)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [927640 2016-03-02] (AO Kaspersky Lab)

R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-03-02] (AO Kaspersky Lab)

R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2016-03-02] (Kaspersky Lab ZAO)

R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2016-03-14] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)

R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)

R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)

S3 VSPerfDrv100; D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]

S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-17 13:33 - 2016-03-17 13:34 - 00021203 _____ C:\Users\nayrBAlejandro\Desktop\FRST.txt

2016-03-17 13:33 - 2016-03-17 13:33 - 00000000 ____D C:\FRST

2016-03-17 13:31 - 2016-03-17 13:31 - 00001070 _____ C:\Users\nayrBAlejandro\Desktop\JRT.txt

2016-03-17 13:27 - 2016-03-17 13:27 - 01610352 _____ (Malwarebytes) C:\Users\nayrBAlejandro\Desktop\JRT.exe

2016-03-17 13:25 - 2016-03-17 13:25 - 02374144 _____ (Farbar) C:\Users\nayrBAlejandro\Desktop\FRST64.exe

2016-03-17 13:20 - 2016-03-17 13:20 - 00006779 _____ C:\Users\nayrBAlejandro\Desktop\AdwCleaner[C1].txt

2016-03-17 13:13 - 2016-03-17 13:16 - 00000000 ____D C:\Program Files (x86)\AdwCleaner

2016-03-17 13:11 - 2016-03-17 13:11 - 01527296 _____ C:\Users\nayrBAlejandro\Desktop\adwcleaner_5.102.exe

2016-03-16 22:18 - 2016-03-16 22:29 - 00189162 _____ C:\WINDOWS\ntbtlog.txt

2016-03-16 22:18 - 2016-03-16 22:18 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2016-03-16 00:58 - 2016-03-16 01:43 - 00000000 ____D C:\ProgramData\HitmanPro

2016-03-16 00:55 - 2016-03-16 00:56 - 11441744 _____ (SurfRight B.V.) C:\Users\nayrBAlejandro\Downloads\hitmanpro_x64.exe

2016-03-14 19:58 - 2016-03-14 20:07 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-03-14 19:58 - 2016-03-14 19:58 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-03-14 19:58 - 2016-03-14 19:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-03-14 19:58 - 2016-03-14 19:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-03-14 19:58 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2016-03-14 19:58 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2016-03-14 19:58 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2016-03-14 19:55 - 2016-03-14 19:57 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\nayrBAlejandro\Downloads\mbam-setup-2.1.8.1057.exe

2016-03-08 15:54 - 2016-02-24 04:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-03-08 15:54 - 2016-02-24 04:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2016-03-08 15:54 - 2016-02-24 04:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2016-03-08 15:54 - 2016-02-24 04:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2016-03-08 15:54 - 2016-02-24 03:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2016-03-08 15:54 - 2016-02-24 03:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2016-03-08 15:54 - 2016-02-24 03:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2016-03-08 15:54 - 2016-02-24 01:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-03-08 15:54 - 2016-02-24 01:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-03-08 15:54 - 2016-02-24 00:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-03-08 15:54 - 2016-02-24 00:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-03-08 15:54 - 2016-02-24 00:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-03-08 15:54 - 2016-02-24 00:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-03-08 15:54 - 2016-02-24 00:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2016-03-08 15:54 - 2016-02-23 06:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2016-03-08 15:54 - 2016-02-23 05:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2016-03-08 15:54 - 2016-02-23 05:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2016-03-08 15:54 - 2016-02-23 05:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2016-03-08 15:54 - 2016-02-23 05:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2016-03-08 15:54 - 2016-02-23 05:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2016-03-08 15:54 - 2016-02-23 05:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2016-03-08 15:54 - 2016-02-23 04:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2016-03-08 15:54 - 2016-02-23 04:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2016-03-08 15:54 - 2016-02-23 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll

2016-03-08 15:54 - 2016-02-23 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2016-03-08 15:54 - 2016-02-23 03:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2016-03-08 15:54 - 2016-02-23 03:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2016-03-08 15:54 - 2016-02-23 03:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll

2016-03-08 15:54 - 2016-02-23 03:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2016-03-08 15:54 - 2016-02-23 03:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll

2016-03-08 15:54 - 2016-02-23 02:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll

2016-03-08 15:54 - 2016-02-23 02:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2016-03-08 15:54 - 2016-02-23 02:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-03-08 15:54 - 2016-02-23 02:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-03-08 15:54 - 2016-02-23 02:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll

2016-03-08 15:54 - 2016-02-23 02:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll

2016-03-08 15:54 - 2016-02-23 01:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-03-08 15:54 - 2016-02-23 01:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-03-08 15:54 - 2016-02-23 01:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-03-08 15:54 - 2016-02-23 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-03-08 15:54 - 2016-02-23 01:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-03-08 15:54 - 2016-02-23 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-03-08 15:54 - 2016-02-23 01:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-03-08 15:54 - 2016-02-08 22:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2016-03-08 15:54 - 2016-02-08 22:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2016-03-08 15:54 - 2016-02-08 22:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2016-03-08 15:53 - 2016-03-01 00:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2016-03-08 15:53 - 2016-03-01 00:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2016-03-08 15:53 - 2016-02-24 04:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2016-03-08 15:53 - 2016-02-24 04:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2016-03-08 15:53 - 2016-02-24 04:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll

2016-03-08 15:53 - 2016-02-24 04:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2016-03-08 15:53 - 2016-02-24 03:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

2016-03-08 15:53 - 2016-02-24 03:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

2016-03-08 15:53 - 2016-02-24 03:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2016-03-08 15:53 - 2016-02-24 03:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2016-03-08 15:53 - 2016-02-24 03:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll

2016-03-08 15:53 - 2016-02-24 03:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2016-03-08 15:53 - 2016-02-24 03:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe

2016-03-08 15:53 - 2016-02-24 03:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

2016-03-08 15:53 - 2016-02-24 03:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll

2016-03-08 15:53 - 2016-02-24 03:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2016-03-08 15:53 - 2016-02-24 03:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2016-03-08 15:53 - 2016-02-24 03:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2016-03-08 15:53 - 2016-02-24 03:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2016-03-08 15:53 - 2016-02-24 03:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll

2016-03-08 15:53 - 2016-02-24 03:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2016-03-08 15:53 - 2016-02-24 03:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2016-03-08 15:53 - 2016-02-24 03:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2016-03-08 15:53 - 2016-02-24 03:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2016-03-08 15:53 - 2016-02-24 02:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2016-03-08 15:53 - 2016-02-24 02:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll

2016-03-08 15:53 - 2016-02-24 02:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll

2016-03-08 15:53 - 2016-02-24 02:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll

2016-03-08 15:53 - 2016-02-24 02:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll

2016-03-08 15:53 - 2016-02-24 02:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll

2016-03-08 15:53 - 2016-02-24 02:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll

2016-03-08 15:53 - 2016-02-24 02:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2016-03-08 15:53 - 2016-02-24 02:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2016-03-08 15:53 - 2016-02-24 02:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll

2016-03-08 15:53 - 2016-02-24 02:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2016-03-08 15:53 - 2016-02-24 02:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2016-03-08 15:53 - 2016-02-24 02:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2016-03-08 15:53 - 2016-02-24 02:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

2016-03-08 15:53 - 2016-02-24 02:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll

2016-03-08 15:53 - 2016-02-24 02:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll

2016-03-08 15:53 - 2016-02-24 02:23 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys

2016-03-08 15:53 - 2016-02-24 02:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll

2016-03-08 15:53 - 2016-02-24 02:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll

2016-03-08 15:53 - 2016-02-24 02:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll

2016-03-08 15:53 - 2016-02-24 02:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll

2016-03-08 15:53 - 2016-02-24 02:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll

2016-03-08 15:53 - 2016-02-24 02:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll

2016-03-08 15:53 - 2016-02-24 02:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll

2016-03-08 15:53 - 2016-02-24 02:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll

2016-03-08 15:53 - 2016-02-24 02:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2016-03-08 15:53 - 2016-02-24 02:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll

2016-03-08 15:53 - 2016-02-24 02:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll

2016-03-08 15:53 - 2016-02-24 02:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll

2016-03-08 15:53 - 2016-02-24 02:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll

2016-03-08 15:53 - 2016-02-24 02:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll

2016-03-08 15:53 - 2016-02-24 02:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll

2016-03-08 15:53 - 2016-02-24 02:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll

2016-03-08 15:53 - 2016-02-24 02:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll

2016-03-08 15:53 - 2016-02-24 02:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2016-03-08 15:53 - 2016-02-24 02:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2016-03-08 15:53 - 2016-02-24 02:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll

2016-03-08 15:53 - 2016-02-24 02:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2016-03-08 15:53 - 2016-02-24 02:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll

2016-03-08 15:53 - 2016-02-24 02:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll

2016-03-08 15:53 - 2016-02-24 02:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll

2016-03-08 15:53 - 2016-02-24 01:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll

2016-03-08 15:53 - 2016-02-24 01:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll

2016-03-08 15:53 - 2016-02-24 01:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll

2016-03-08 15:53 - 2016-02-24 01:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll

2016-03-08 15:53 - 2016-02-24 01:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll

2016-03-08 15:53 - 2016-02-24 01:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll

2016-03-08 15:53 - 2016-02-24 01:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll

2016-03-08 15:53 - 2016-02-24 01:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll

2016-03-08 15:53 - 2016-02-24 01:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll

2016-03-08 15:53 - 2016-02-24 01:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe

2016-03-08 15:53 - 2016-02-24 01:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll

2016-03-08 15:53 - 2016-02-24 01:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll

2016-03-08 15:53 - 2016-02-24 01:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll

2016-03-08 15:53 - 2016-02-24 01:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll

2016-03-08 15:53 - 2016-02-24 01:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll

2016-03-08 15:53 - 2016-02-24 01:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2016-03-08 15:53 - 2016-02-24 01:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll

2016-03-08 15:53 - 2016-02-24 01:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll

2016-03-08 15:53 - 2016-02-24 01:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll

2016-03-08 15:53 - 2016-02-24 01:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll

2016-03-08 15:53 - 2016-02-24 01:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll

2016-03-08 15:53 - 2016-02-24 01:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll

2016-03-08 15:53 - 2016-02-24 01:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll

2016-03-08 15:53 - 2016-02-24 01:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll

2016-03-08 15:53 - 2016-02-24 01:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll

2016-03-08 15:53 - 2016-02-24 01:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys

2016-03-08 15:53 - 2016-02-24 01:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS

2016-03-08 15:53 - 2016-02-24 01:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll

2016-03-08 15:53 - 2016-02-24 01:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2016-03-08 15:53 - 2016-02-24 01:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll

2016-03-08 15:53 - 2016-02-24 01:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll

2016-03-08 15:53 - 2016-02-24 01:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll

2016-03-08 15:53 - 2016-02-24 01:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-03-08 15:53 - 2016-02-24 01:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll

2016-03-08 15:53 - 2016-02-24 01:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll

2016-03-08 15:53 - 2016-02-24 01:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe

2016-03-08 15:53 - 2016-02-24 01:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll

2016-03-08 15:53 - 2016-02-24 01:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2016-03-08 15:53 - 2016-02-24 01:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll

2016-03-08 15:53 - 2016-02-24 01:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll

2016-03-08 15:53 - 2016-02-24 01:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll

2016-03-08 15:53 - 2016-02-24 01:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll

2016-03-08 15:53 - 2016-02-24 01:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2016-03-08 15:53 - 2016-02-24 01:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll

2016-03-08 15:53 - 2016-02-24 01:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll

2016-03-08 15:53 - 2016-02-24 01:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll

2016-03-08 15:53 - 2016-02-24 01:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll

2016-03-08 15:53 - 2016-02-24 01:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll

2016-03-08 15:53 - 2016-02-24 01:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll

2016-03-08 15:53 - 2016-02-24 01:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll

2016-03-08 15:53 - 2016-02-24 01:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll

2016-03-08 15:53 - 2016-02-24 01:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll

2016-03-08 15:53 - 2016-02-24 01:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll

2016-03-08 15:53 - 2016-02-24 01:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll

2016-03-08 15:53 - 2016-02-24 01:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll

2016-03-08 15:53 - 2016-02-24 01:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll

2016-03-08 15:53 - 2016-02-24 01:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll

2016-03-08 15:53 - 2016-02-24 01:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll

2016-03-08 15:53 - 2016-02-24 01:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll

2016-03-08 15:53 - 2016-02-24 01:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll

2016-03-08 15:53 - 2016-02-24 01:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll

2016-03-08 15:53 - 2016-02-24 01:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll

2016-03-08 15:53 - 2016-02-24 01:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2016-03-08 15:53 - 2016-02-24 01:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe

2016-03-08 15:53 - 2016-02-24 01:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll

2016-03-08 15:53 - 2016-02-24 01:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2016-03-08 15:53 - 2016-02-24 01:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll

2016-03-08 15:53 - 2016-02-24 00:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-03-08 15:53 - 2016-02-24 00:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll

2016-03-08 15:53 - 2016-02-24 00:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll

2016-03-08 15:53 - 2016-02-24 00:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

2016-03-08 15:53 - 2016-02-24 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll

2016-03-08 15:53 - 2016-02-24 00:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2016-03-08 15:53 - 2016-02-24 00:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2016-03-08 15:53 - 2016-02-24 00:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2016-03-08 15:53 - 2016-02-23 23:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-03-08 15:53 - 2016-02-23 23:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-03-08 15:53 - 2016-02-23 06:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2016-03-08 15:53 - 2016-02-23 06:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2016-03-08 15:53 - 2016-02-23 06:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2016-03-08 15:53 - 2016-02-23 06:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2016-03-08 15:53 - 2016-02-23 06:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2016-03-08 15:53 - 2016-02-23 06:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2016-03-08 15:53 - 2016-02-23 06:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys

2016-03-08 15:53 - 2016-02-23 06:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll

2016-03-08 15:53 - 2016-02-23 06:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2016-03-08 15:53 - 2016-02-23 05:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2016-03-08 15:53 - 2016-02-23 05:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2016-03-08 15:53 - 2016-02-23 05:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll

2016-03-08 15:53 - 2016-02-23 05:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2016-03-08 15:53 - 2016-02-23 05:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll

2016-03-08 15:53 - 2016-02-23 05:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2016-03-08 15:53 - 2016-02-23 05:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2016-03-08 15:53 - 2016-02-23 05:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll

2016-03-08 15:53 - 2016-02-23 05:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2016-03-08 15:53 - 2016-02-23 05:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

2016-03-08 15:53 - 2016-02-23 05:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2016-03-08 15:53 - 2016-02-23 05:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll

2016-03-08 15:53 - 2016-02-23 05:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys

2016-03-08 15:53 - 2016-02-23 04:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2016-03-08 15:53 - 2016-02-23 04:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2016-03-08 15:53 - 2016-02-23 04:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2016-03-08 15:53 - 2016-02-23 04:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2016-03-08 15:53 - 2016-02-23 04:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll

2016-03-08 15:53 - 2016-02-23 04:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll

2016-03-08 15:53 - 2016-02-23 04:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2016-03-08 15:53 - 2016-02-23 04:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

2016-03-08 15:53 - 2016-02-23 04:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll

2016-03-08 15:53 - 2016-02-23 04:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2016-03-08 15:53 - 2016-02-23 04:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2016-03-08 15:53 - 2016-02-23 04:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-03-08 15:53 - 2016-02-23 04:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll

2016-03-08 15:53 - 2016-02-23 04:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2016-03-08 15:53 - 2016-02-23 04:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll

2016-03-08 15:53 - 2016-02-23 04:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys

2016-03-08 15:53 - 2016-02-23 04:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys

2016-03-08 15:53 - 2016-02-23 04:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll

2016-03-08 15:53 - 2016-02-23 04:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll

2016-03-08 15:53 - 2016-02-23 04:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll

2016-03-08 15:53 - 2016-02-23 04:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe

2016-03-08 15:53 - 2016-02-23 04:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll

2016-03-08 15:53 - 2016-02-23 04:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll

2016-03-08 15:53 - 2016-02-23 04:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys

2016-03-08 15:53 - 2016-02-23 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll

2016-03-08 15:53 - 2016-02-23 04:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll

2016-03-08 15:53 - 2016-02-23 03:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll

2016-03-08 15:53 - 2016-02-23 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2016-03-08 15:53 - 2016-02-23 03:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2016-03-08 15:53 - 2016-02-23 03:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys

2016-03-08 15:53 - 2016-02-23 03:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll

2016-03-08 15:53 - 2016-02-23 03:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll

2016-03-08 15:53 - 2016-02-23 03:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe

2016-03-08 15:53 - 2016-02-23 03:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys

2016-03-08 15:53 - 2016-02-23 03:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2016-03-08 15:53 - 2016-02-23 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

2016-03-08 15:53 - 2016-02-23 03:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll

2016-03-08 15:53 - 2016-02-23 03:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll

2016-03-08 15:53 - 2016-02-23 03:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll

2016-03-08 15:53 - 2016-02-23 03:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll

2016-03-08 15:53 - 2016-02-23 03:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll

2016-03-08 15:53 - 2016-02-23 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2016-03-08 15:53 - 2016-02-23 03:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll

2016-03-08 15:53 - 2016-02-23 03:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2016-03-08 15:53 - 2016-02-23 03:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll

2016-03-08 15:53 - 2016-02-23 03:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll

2016-03-08 15:53 - 2016-02-23 03:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll

2016-03-08 15:53 - 2016-02-23 03:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll

2016-03-08 15:53 - 2016-02-23 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

2016-03-08 15:53 - 2016-02-23 03:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

2016-03-08 15:53 - 2016-02-23 03:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll

2016-03-08 15:53 - 2016-02-23 03:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll

2016-03-08 15:53 - 2016-02-23 03:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe

2016-03-08 15:53 - 2016-02-23 03:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll

2016-03-08 15:53 - 2016-02-23 03:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll

2016-03-08 15:53 - 2016-02-23 03:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll

2016-03-08 15:53 - 2016-02-23 03:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2016-03-08 15:53 - 2016-02-23 03:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll

2016-03-08 15:53 - 2016-02-23 03:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2016-03-08 15:53 - 2016-02-23 03:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll

2016-03-08 15:53 - 2016-02-23 03:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2016-03-08 15:53 - 2016-02-23 03:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2016-03-08 15:53 - 2016-02-23 03:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll

2016-03-08 15:53 - 2016-02-23 03:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe

2016-03-08 15:53 - 2016-02-23 03:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2016-03-08 15:53 - 2016-02-23 03:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2016-03-08 15:53 - 2016-02-23 03:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2016-03-08 15:53 - 2016-02-23 03:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2016-03-08 15:53 - 2016-02-23 03:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2016-03-08 15:53 - 2016-02-23 03:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2016-03-08 15:53 - 2016-02-23 03:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2016-03-08 15:53 - 2016-02-23 03:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2016-03-08 15:53 - 2016-02-23 03:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll

2016-03-08 15:53 - 2016-02-23 03:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2016-03-08 15:53 - 2016-02-23 03:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2016-03-08 15:53 - 2016-02-23 03:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2016-03-08 15:53 - 2016-02-23 03:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe

2016-03-08 15:53 - 2016-02-23 03:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys

2016-03-08 15:53 - 2016-02-23 02:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

2016-03-08 15:53 - 2016-02-23 02:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll

2016-03-08 15:53 - 2016-02-23 02:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

2016-03-08 15:53 - 2016-02-23 02:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll

2016-03-08 15:53 - 2016-02-23 02:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll

2016-03-08 15:53 - 2016-02-23 02:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll

2016-03-08 15:53 - 2016-02-23 02:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll

2016-03-08 15:53 - 2016-02-23 02:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll

2016-03-08 15:53 - 2016-02-23 02:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll

2016-03-08 15:53 - 2016-02-23 02:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2016-03-08 15:53 - 2016-02-23 02:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll

2016-03-08 15:53 - 2016-02-23 02:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll

2016-03-08 15:53 - 2016-02-23 02:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll

2016-03-08 15:53 - 2016-02-23 02:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2016-03-08 15:53 - 2016-02-23 02:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2016-03-08 15:53 - 2016-02-23 02:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll

2016-03-08 15:53 - 2016-02-23 02:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2016-03-08 15:53 - 2016-02-23 02:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2016-03-08 15:53 - 2016-02-23 02:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll

2016-03-08 15:53 - 2016-02-23 02:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll

2016-03-08 15:53 - 2016-02-23 02:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll

2016-03-08 15:53 - 2016-02-23 02:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll

2016-03-08 15:53 - 2016-02-23 02:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2016-03-08 15:53 - 2016-02-23 02:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

2016-03-08 15:53 - 2016-02-23 02:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll

2016-03-08 15:53 - 2016-02-23 02:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2016-03-08 15:53 - 2016-02-23 02:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll

2016-03-08 15:53 - 2016-02-23 02:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2016-03-08 15:53 - 2016-02-23 02:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll

2016-03-08 15:53 - 2016-02-23 02:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2016-03-08 15:53 - 2016-02-23 01:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll

2016-03-08 15:53 - 2016-02-23 01:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll

2016-03-08 15:53 - 2016-02-23 01:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2016-03-08 15:53 - 2016-02-23 01:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll

2016-03-08 15:53 - 2016-02-23 01:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2016-03-08 15:53 - 2016-02-23 01:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll

2016-03-08 15:53 - 2016-02-23 01:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2016-03-08 15:53 - 2016-02-23 01:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-03-08 15:53 - 2016-02-23 01:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2016-03-08 15:53 - 2016-02-23 01:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll

2016-03-08 15:53 - 2016-02-23 01:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2016-03-08 15:53 - 2016-02-23 01:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2016-03-08 15:53 - 2016-02-23 01:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2016-03-08 15:53 - 2016-02-08 23:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2016-03-08 15:53 - 2016-02-08 23:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2016-03-08 15:53 - 2016-02-08 22:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll

2016-03-08 15:53 - 2016-02-08 22:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll

2016-03-08 15:53 - 2016-02-08 22:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe

2016-03-07 15:08 - 2016-03-07 15:08 - 00000896 _____ C:\Users\nayrBAlejandro\Desktop\Frozen Throne.lnk

2016-03-07 15:03 - 2016-03-07 15:08 - 00139264 _____ (Blizzard Entertainment) C:\WINDOWS\War3Unin.exe

2016-03-07 15:03 - 2016-03-07 15:08 - 00056805 _____ C:\WINDOWS\War3Unin.dat

2016-03-07 15:03 - 2016-03-07 15:08 - 00002829 _____ C:\WINDOWS\War3Unin.pif

2016-03-07 15:03 - 2016-03-07 15:08 - 00000000 ____D C:\Users\nayrBAlejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III

2016-03-07 15:03 - 2016-03-07 15:03 - 00000891 _____ C:\Users\nayrBAlejandro\Desktop\Warcraft III.lnk

2016-03-03 18:56 - 2016-03-03 18:56 - 00002467 _____ C:\Users\ji_98\Desktop\Safe Money.lnk

2016-03-01 18:43 - 2016-03-01 18:49 - 00002467 _____ C:\Users\nayrBAlejandro\Desktop\Safe Money.lnk

2016-03-01 18:42 - 2016-03-01 18:42 - 00002205 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk

2016-03-01 18:42 - 2016-03-01 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security

2016-03-01 18:41 - 2016-03-17 13:19 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2016-03-01 18:41 - 2016-03-02 03:16 - 00927640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys

2016-03-01 18:41 - 2016-03-02 03:16 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys

2016-03-01 18:41 - 2016-03-01 22:03 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys

2016-03-01 18:41 - 2016-03-01 18:41 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab

2016-03-01 18:41 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll

2016-03-01 17:42 - 2016-03-01 17:42 - 00000000 ____D C:\Users\nayrBAlejandro\AppData\Local\ElevatedDiagnostics

2016-02-29 07:51 - 2016-03-17 13:05 - 00000000 ____D C:\WINDOWS\19

2016-02-28 15:08 - 2016-02-28 15:08 - 00026624 ___SH C:\Users\ji_98\Downloads\Thumbs.db

2016-02-27 03:37 - 2016-03-09 17:56 - 00361904 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-02-27 03:34 - 2016-03-01 14:54 - 00000000 ____D C:\AdwCleaner

2016-02-27 03:33 - 2016-02-27 03:34 - 01511936 _____ C:\Users\nayrBAlejandro\Downloads\adwcleaner_5.036.exe

2016-02-26 10:38 - 2016-02-26 10:38 - 00233574 _____ C:\Users\nayrBAlejandro\Downloads\Notas_2357.pdf

2016-02-25 20:26 - 2016-02-25 20:26 - 00000000 ____D C:\Users\nayrBAlejandro\AppData\Local\Bluestacks

2016-02-25 10:41 - 2016-02-25 10:41 - 00006144 ___SH C:\Users\ji_98\Desktop\Thumbs.db

2016-02-25 06:33 - 2016-02-25 06:33 - 02578582 _____ C:\Users\nayrBAlejandro\Documents\img011.pdf

2016-02-25 06:27 - 2016-02-25 06:27 - 03080960 _____ C:\Users\nayrBAlejandro\Documents\img010.pdf

2016-02-24 22:44 - 2016-02-24 22:44 - 00000000 ____D C:\Users\ji_98\AppData\Local\PeerDistRepub

2016-02-24 22:43 - 2016-03-17 13:05 - 00000000 ____D C:\ProgramData\Windows Security

2016-02-24 20:25 - 2016-02-24 20:25 - 00773566 _____ C:\Users\nayrBAlejandro\Documents\img009.pdf

2016-02-22 06:01 - 2016-02-22 06:01 - 04272753 _____ C:\Users\nayrBAlejandro\Downloads\Practica.pdf

2016-02-21 23:49 - 2016-02-21 23:49 - 00000000 ____D C:\Users\nayrBAlejandro\AppData\Roaming\EPSON

2016-02-21 20:42 - 2016-02-21 20:43 - 00007912 _____ C:\Users\nayrBAlejandro\Downloads\Demostracion de series.nb

2016-02-18 04:01 - 2016-02-18 04:01 - 01171736 _____ C:\Users\nayrBAlejandro\Downloads\Exposicion-Molecular (1).pptx

2016-02-18 04:00 - 2016-02-18 04:01 - 01202763 _____ C:\Users\nayrBAlejandro\Downloads\RESULTADOSmolecuarpaper.pptx

2016-02-18 03:36 - 2016-02-18 04:17 - 01451789 _____ C:\Users\nayrBAlejandro\Downloads\Exposicion-Molecular.pptx

2016-02-17 20:46 - 2016-02-17 20:46 - 00013564 _____ C:\Users\nayrBAlejandro\Downloads\Planificacin_Unidad_III_Bioqumica (2).xlsx

2016-02-16 07:27 - 2016-02-16 07:28 - 11916407 _____ C:\Users\nayrBAlejandro\Downloads\Biosíntesis-de-Aminoácidos (3).pptx

2016-02-16 07:25 - 2016-02-16 07:26 - 11916186 _____ C:\Users\nayrBAlejandro\Downloads\Biosíntesis-de-Aminoácidos (2).pptx

2016-02-16 03:41 - 2016-02-16 03:42 - 07396624 _____ C:\Users\nayrBAlejandro\Downloads\Biosíntesis-de-Aminoácidos (1).pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-17 13:20 - 2016-01-17 19:56 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-03-17 13:20 - 2015-03-18 20:06 - 00000000 __SHD C:\Users\nayrBAlejandro\IntelGraphicsProfiles

2016-03-17 13:19 - 2015-03-18 20:18 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2016-03-17 13:18 - 2016-01-25 01:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-03-17 13:18 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI

2016-03-17 13:09 - 2016-01-17 19:56 - 00001076 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-03-17 13:06 - 2015-03-16 09:14 - 00004236 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{121300FD-3735-4F73-ABD6-BEAFD4D5B316}

2016-03-17 00:55 - 2015-03-19 17:35 - 00000000 ____D C:\Program Files (x86)\Steam

2016-03-16 21:57 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-03-16 21:56 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-03-16 21:53 - 2015-12-21 09:20 - 00000000 ____D C:\ProgramData\System32

2016-03-16 21:47 - 2016-02-06 09:41 - 00000000 ___RD C:\Users\ji_98\OneDrive

2016-03-16 17:23 - 2016-02-06 09:37 - 00000000 __SHD C:\Users\ji_98\IntelGraphicsProfiles

2016-03-14 20:12 - 2016-01-17 19:59 - 00002412 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-03-14 20:12 - 2016-01-17 19:59 - 00002400 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-03-14 01:49 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF

2016-03-14 01:48 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-03-14 01:26 - 2015-05-04 19:10 - 00000000 ____D C:\Users\nayrBAlejandro\Documents\Visual Studio 2010

2016-03-14 01:22 - 2015-04-23 22:30 - 00000000 ____D C:\Program Files (x86)\EPSON Software

2016-03-13 20:22 - 2016-02-06 09:37 - 00000000 ____D C:\Users\ji_98

2016-03-12 14:03 - 2015-08-31 16:09 - 00000918 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job

2016-03-11 16:02 - 2015-03-18 13:04 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-03-11 15:25 - 2016-01-25 00:43 - 00000000 ____D C:\Users\nayrBAlejandro

2016-03-09 18:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF

2016-03-09 18:03 - 2016-01-25 01:06 - 02033046 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-03-09 18:03 - 2015-10-30 13:59 - 00887094 _____ C:\WINDOWS\system32\perfh00A.dat

2016-03-09 18:03 - 2015-10-30 13:59 - 00185776 _____ C:\WINDOWS\system32\perfc00A.dat

2016-03-09 17:54 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism

2016-03-09 17:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2016-03-09 17:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2016-03-09 17:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-03-09 17:53 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism

2016-03-09 17:51 - 2015-10-30 14:02 - 00000000 ____D C:\Program Files\Windows Journal

2016-03-09 17:51 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Media

2016-03-09 17:51 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog

2016-03-09 17:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr

2016-03-09 17:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Portable Devices

2016-03-09 17:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform

2016-03-09 17:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices

2016-03-09 17:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform

2016-03-09 16:41 - 2015-03-25 22:23 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-03-09 16:29 - 2015-03-25 22:23 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-03-08 21:20 - 2015-04-30 01:06 - 00000000 ____D C:\Users\nayrBAlejandro\AppData\Local\Spotify

2016-03-08 21:20 - 2015-04-30 00:46 - 00000000 ____D C:\Users\nayrBAlejandro\AppData\Roaming\Spotify

2016-03-08 17:36 - 2016-01-25 06:03 - 00002467 _____ C:\Users\nayrBAlejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-03-08 02:12 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2016-03-08 02:12 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2016-03-07 21:28 - 2015-04-17 18:20 - 01064448 ___SH C:\Users\nayrBAlejandro\Downloads\Thumbs.db

2016-03-07 17:47 - 2016-02-06 09:41 - 00002440 _____ C:\Users\ji_98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-03-07 15:09 - 2015-03-16 09:06 - 00000000 ____D C:\Users\nayrBAlejandro\AppData\Local\VirtualStore

2016-03-03 23:14 - 2015-07-12 22:28 - 00000000 ____D C:\Users\nayrBAlejandro\AppData\Roaming\Skype

2016-03-03 21:32 - 2015-09-20 20:49 - 00000099 _____ C:\Users\nayrBAlejandro\Desktop\DOTA.txt

2016-03-03 14:48 - 2016-01-12 11:13 - 00000000 ____D C:\ProgramData\Oracle

2016-03-03 14:46 - 2016-01-12 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-03-03 14:44 - 2016-01-12 11:14 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2016-03-03 14:44 - 2016-01-12 11:14 - 00000000 ____D C:\Users\nayrBAlejandro\.oracle_jre_usage

2016-03-03 14:44 - 2016-01-12 11:13 - 00000000 ____D C:\Program Files (x86)\Java

2016-03-02 03:17 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys

2016-03-02 03:17 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys

2016-03-02 03:16 - 2015-06-06 08:51 - 00077728 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys

2016-03-01 18:42 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2016-03-01 18:41 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP

2016-03-01 18:32 - 2015-04-02 11:46 - 00000000 __SHD C:\Users\nayrBAlejandro\AppData\Local\EmieUserList

2016-03-01 18:32 - 2015-04-02 11:46 - 00000000 __SHD C:\Users\nayrBAlejandro\AppData\Local\EmieSiteList

2016-03-01 18:32 - 2015-03-16 09:06 - 00000000 ____D C:\Users\nayrBAlejandro\AppData\Local\Packages

2016-03-01 17:19 - 2015-03-18 19:29 - 00000000 ____D C:\Users\Usuario

2016-03-01 17:19 - 2013-08-22 08:36 - 00000000 ____D C:\Users\Default.migrated

2016-03-01 16:24 - 2016-01-11 22:02 - 00000000 ____D C:\WINDOWS\4941BFEB62C047A2801E998FC469CC2C.TMP

2016-02-29 18:32 - 2015-08-25 11:09 - 00000000 ____D C:\Users\nayrBAlejandro\AppData\Roaming\vlc

2016-02-27 16:16 - 2015-03-26 14:49 - 00000008 __RSH C:\ProgramData\ntuser.pol

2016-02-27 02:26 - 2015-08-21 00:42 - 00041472 ___SH C:\Users\nayrBAlejandro\Desktop\Thumbs.db

2016-02-25 20:25 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Libraries

2016-02-24 22:37 - 2016-01-18 22:39 - 00000000 ____D C:\ProgramData\BlueStacksSetup

2016-02-24 22:37 - 2015-12-20 21:20 - 00000000 ____D C:\WINDOWS\7

2016-02-21 14:03 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2015-07-05 21:40 - 2015-07-05 21:40 - 0004608 _____ () C:\Users\nayrBAlejandro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2016-01-26 10:25 - 2016-01-26 10:25 - 0000001 _____ () C:\Users\nayrBAlejandro\AppData\Local\llftool.4.25.agreement

2015-08-11 01:47 - 2015-08-11 09:05 - 0000173 _____ () C:\Users\nayrBAlejandro\AppData\Local\msmathematics.qat.nayrBAlejandro

Some files in TEMP:

====================

C:\Users\nayrBAlejandro\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-14 01:41

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by nayrBAlejandro (2016-03-17 13:34:45)

Running from C:\Users\nayrBAlejandro\Desktop

Windows 10 Pro Version 1511 (X64) (2016-01-25 06:39:03)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrador (S-1-5-21-2405107676-2796426648-614312743-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2405107676-2796426648-614312743-503 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2405107676-2796426648-614312743-1011 - Limited - Enabled)

Invitado (S-1-5-21-2405107676-2796426648-614312743-501 - Limited - Disabled) => C:\Users\Invitado

ji_98 (S-1-5-21-2405107676-2796426648-614312743-1012 - Limited - Enabled) => C:\Users\ji_98

nayrBAlejandro (S-1-5-21-2405107676-2796426648-614312743-1001 - Administrator - Enabled) => C:\Users\nayrBAlejandro

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)

Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)

ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1202.1711.103 - Alps Electric)

CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)

Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)

Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden

CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2326.0 - CyberLink Corp.)

Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)

Dotfuscator Software Services - Community Edition - ESN (HKLM-x32\...\{8C2F1F30-8F72-4A0E-A1D0-E9AED20BBAC2}) (Version: 5.0.2300.0 - PreEmptive Solutions)

Dotfuscator Software Services - Community Edition (HKLM-x32\...\{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}) (Version: 5.0.2300.0 - PreEmptive Solutions)

Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Epson E-Web Print (HKLM-x32\...\{E904F572-D7DB-43C1-929F-043F267FC77D}) (Version: 1.22.0000 - SEIKO EPSON CORPORATION)

EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version: - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

GDR 5538 para SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)

HP Support Solutions Framework (HKLM-x32\...\{C6C8D3F5-FE93-4378-AA4E-DB8333C105DA}) (Version: 11.51.0047 - Hewlett-Packard Company)

IBM SPSS Statistics 23 (HKLM\...\{C3BA73A4-2A45-4036-8541-4F5F8146078B}) (Version: 23.0.0.0 - IBM Corp)

Infinite Crisis™ (HKLM-x32\...\Steam App 345520) (Version: - Turbine, Inc.)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)

Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)

Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)

Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

Malwarebytes Anti-Malware versión 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Marco trabajo apl. capa datos de Microsoft SQL Server 2008 R2 (HKLM-x32\...\{B65527FD-47DD-4A07-9E07-64DA91B0A34A}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft ASP.NET MVC 2 - ESN (HKLM-x32\...\{B0DF0057-EF87-471D-A80A-DC1F0463BA19}) (Version: 2.0.50331.0 - Microsoft Corporation)

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - ESN (HKLM-x32\...\{4F19E81D-168E-4E0B-A4B7-AA246FBE3FBB}) (Version: 2.0.50414.0 - Microsoft Corporation)

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)

Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)

Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Mathematics (64 bits) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft Silverlight 3 SDK - Español (HKLM-x32\...\{8D8C5BD0-7FC7-4680-B527-218F63920E03}) (Version: 3.0.40818.0 - Microsoft Corporation)

Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)

Microsoft SQL Server 2008 Browser (HKLM-x32\...\{10E05081-646C-4130-A166-83283A3A0A45}) (Version: 10.3.5500.0 - Microsoft Corporation)

Microsoft SQL Server 2008 Native Client (HKLM\...\{0ECCC2CC-F361-4325-A0FE-FAF1AD784BBD}) (Version: 10.3.5500.0 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{F188B6ED-4537-4CAC-A4DE-3BD30E6114C6}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{6C239446-F196-44DC-9148-8D912895D097}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ESN (HKLM-x32\...\{2A78694E-ACFE-4D5A-9B0F-C0EBEFA3F280}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 ESN (HKLM\...\{24965A31-311D-462D-BAA8-B482ABA115D8}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (HKLM-x32\...\{46878B08-238C-4F28-9194-9D8604A7F52E}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (x64) (HKLM\...\{CD9B2BA6-F699-4700-81B9-CD28C0BC693C}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{DE63A8FE-80A6-4CA3-ACEA-F954B6370596}) (Version: 10.3.5500.0 - Microsoft Corporation)

Microsoft Sync Framework Runtime v1.0 SP1 (x64) es (HKLM\...\{2D6232BE-CDB4-4EE7-AFCB-1541E12041E9}) (Version: 1.0.3010.0 - Microsoft Corporation)

Microsoft Sync Framework SDK v1.0 SP1 es (HKLM-x32\...\{EF948EA2-FA97-4312-BA36-88D76048CCE8}) (Version: 1.0.3010.0 - Microsoft Corporation)

Microsoft Sync Framework Services v1.0 SP1 (x64) es (HKLM\...\{C69733F2-4140-440F-938E-2D47C6CB1C70}) (Version: 1.0.3010.0 - Microsoft Corporation)

Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) es (HKLM\...\{1C3998E1-8501-455C-B829-5031520EBC94}) (Version: 2.0.3010.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{61B42D05-EBFA-3896-A267-B71CD3025BC5}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{817C2DCF-4DD7-3C32-8A8E-7CEFF137E543}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{0FD01537-C14D-30DE-9B6F-9FCA85E9EA9C}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio 2010 Ultimate - ESN (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ESN) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual Studio Macro Tools - ESN Language Pack (HKLM-x32\...\Microsoft Visual Studio Macro Tools - ESN Language Pack) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)

Modelo de objetos de Microsoft Team Foundation Server 2010 - ESN (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ESN) (Version: 10.0.30319 - Microsoft Corporation)

Objetos de administración de Microsoft SQL Server 2008 R2 (HKLM-x32\...\{6438BDAD-CE12-4D38-B1C4-42F94F08408F}) (Version: 10.50.1447.4 - Microsoft Corporation)

Objetos de administración de Microsoft SQL Server 2008 R2 (x64) (HKLM\...\{2040D407-91F5-48F3-9A81-B084573D0577}) (Version: 10.50.1447.4 - Microsoft Corporation)

Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Paquete de idioma de Microsoft Visual F# 2.0 Runtime - ESN (HKLM-x32\...\{7CCA8BD3-005C-3195-806B-501E6D3D242B}) (Version: 10.0.30319 - Microsoft Corporation)

Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)

Paquete de idioma del Visor de Ayuda de Microsoft 3.0 - ESN (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - ESN) (Version: 1.0.30319 - Microsoft Corporation)

PDF24 Creator 7.5.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)

Prince of Persia T2T (HKLM-x32\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version: 1.00.999 - Ubisoft)

Prince of Persia The Two Thrones (x32 Version: 1.00.999 - Ubisoft) Hidden

R for Windows 3.2.0 (HKLM\...\R for Windows 3.2.0_is1) (Version: 3.2.0 - R Core Team)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7459 - Realtek Semiconductor Corp.)

Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1103 - RStudio)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden

Service Pack 3 para SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)

Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)

Spotify (HKU\S-1-5-21-2405107676-2796426648-614312743-1001\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)

Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{28C1EB1A-45AC-4B12-887F-98EE0AA0D6DD}) (Version: - Microsoft)

Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)

Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)

Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Visual Studio 2010 Prerequisites - English (HKLM\...\{95480F46-25D7-31D1-ACD2-D8722B133A0C}) (Version: 10.0.30319 - Microsoft Corporation)

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ESN (HKLM-x32\...\{CF72A524-84BD-4AB7-B3C6-2C358672CD15}) (Version: 4.0.8080.0 - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )

Warcraft III: All Products (HKU\S-1-5-21-2405107676-2796426648-614312743-1001\...\Warcraft III) (Version: - )

Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)

WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

Wolfram Mathematica 10.3 (M-WIN-L 10.3.0 5416318) (HKLM\...\M-WIN-L 10.3.0 5416318_is1) (Version: 10.3.0 - Wolfram Research, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2405107676-2796426648-614312743-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\nayrBAlejandro\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039B6831-C22D-458E-AAAA-68C7FDC8DFEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.)

Task: {25DB0FEA-D12E-4D4A-8CF7-24E560E5C728} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)

Task: {2FF18F09-37BF-49A0-89A4-1771ABB2FF85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.)

Task: {5CA40FED-7C3B-4929-A471-3B475D1CF7B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {7E55E758-F58B-4648-B7F5-B66DFFD8A08F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)

Task: {9AB39463-6CE1-4AD4-B207-15ACAFC78C16} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {D55CBA0F-3AE9-4A2B-9CE3-3AB73C715F5B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe

Task: {DB79095D-3ABD-4234-A14A-D839142CA023} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {E85ECB41-F35D-4BF9-AC7D-10A6F65D941D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nav.brotstation.com?uid={262415663d92468e8d206ee1d1a9c720}&r=eg

ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nav.brotstation.com?uid={262415663d92468e8d206ee1d1a9c720}&r=eg

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2015-12-30 15:08 - 2015-12-30 15:08 - 03587000 _____ () C:\ProgramData\System32\SafeGuard64.dll

2016-03-08 15:53 - 2016-02-23 06:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-03-08 15:53 - 2016-02-23 06:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2016-01-25 08:49 - 2016-01-25 08:50 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe

2016-01-25 07:42 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2016-03-08 15:53 - 2016-02-23 03:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2016-01-25 07:43 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-01-25 07:42 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-01-29 00:35 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-01-29 00:35 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2015-12-30 15:08 - 2015-12-30 15:08 - 02771896 _____ () C:\ProgramData\System32\SafeGuard32.dll

2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll

2016-01-25 08:49 - 2016-01-25 08:50 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll

2016-01-25 08:49 - 2016-01-25 08:50 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68 [175]

AlternateDataStreams: C:\ProgramData\Temp:A3E1F4EF [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-03-01 18:48 - 00001886 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 tonec.com

127.0.0.1 www.tonec.com127.0.0.1 internetdownloadmanager.com127.0.0.1 star.tonec.com

127.0.0.1 rev.dyxnet.com

127.0.0.1 activation-v2.kaspersky.com

127.0.0.1 activation-v2.geo.kaspersky.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\nayrBAlejandro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 200.107.10.105 - 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Apoint"

HKLM\...\StartupApproved\Run: => "cpuminer"

HKLM\...\StartupApproved\Run: => "RtHDVBg"

HKLM\...\StartupApproved\Run: => "RTHDVCPL"

HKLM\...\StartupApproved\Run32: => "YouCam Service6"

HKLM\...\StartupApproved\Run32: => "DivXMediaServer"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"

HKLM\...\StartupApproved\Run32: => "PDFPrint"

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\...\StartupApproved\StartupFolder: => "爱奇艺PPS影音.lnk"

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\...\StartupApproved\Run: => "Spotify"

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\...\StartupApproved\Run: => "Spotify Web Helper"

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

HKU\S-1-5-21-2405107676-2796426648-614312743-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D6F64EF4-008D-4B46-8699-0893D9DBDDCD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{43A194E3-58EA-44BD-976E-465422B8163B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{EEC60679-9DF0-4FB0-8A18-DBF6CEFBBCA5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{FF6AE6E3-E828-4788-BB18-F48A5CB54DB9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{DF016035-AAD2-4F12-9142-0D03CCAFE926}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

FirewallRules: [{37D63C7B-49D8-4503-9F00-B1D4F2415309}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

FirewallRules: [{E8C6A331-44A1-430E-80B1-D0C947BB4117}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe

FirewallRules: [{9928A839-2975-45ED-887B-9BC99B1CD1DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe

FirewallRules: [{81A8930B-B5FB-4880-BB25-564B1C120362}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{6B79B081-C62C-495F-95A3-A072EE4C2FE9}] => (Allow) C:\Users\nayrBAlejandro\Downloads\hitmanpro_x64.exe

FirewallRules: [{47433CAB-2889-4F68-AFA4-D3EB5EF4B09E}] => (Allow) C:\Users\nayrBAlejandro\Downloads\hitmanpro_x64.exe

FirewallRules: [{3FA339BD-F9BA-4001-983F-4A981C736388}] => (Allow) C:\Users\nayrBAlejandro\Downloads\hitmanpro_x64.exe

FirewallRules: [{2B52AEA7-F9EB-42A8-BAA7-D1BF9D990AF6}] => (Allow) C:\Users\nayrBAlejandro\Downloads\hitmanpro_x64.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (03/17/2016 01:27:22 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nombre de la aplicación con errores: svchost.exe_DiagTrack, versión: 10.0.10586.0, marca de tiempo: 0x5632d7ba

Nombre del módulo con errores: SafeGuard64.dll_unloaded, versión: 2.2.0.40, marca de tiempo: 0x5683828f

Código de excepción: 0xc0000005

Desplazamiento de errores: 0x000000000005827b

Identificador del proceso con errores: 0x20f4

Hora de inicio de la aplicación con errores: 0xsvchost.exe_DiagTrack0

Ruta de acceso de la aplicación con errores: svchost.exe_DiagTrack1

Ruta de acceso del módulo con errores: svchost.exe_DiagTrack2

Identificador del informe: svchost.exe_DiagTrack3

Nombre completo del paquete con errores: svchost.exe_DiagTrack4

Identificador de aplicación relativa del paquete con errores: svchost.exe_DiagTrack5

Error: (03/17/2016 01:23:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nombre de la aplicación con errores: svchost.exe_DiagTrack, versión: 10.0.10586.0, marca de tiempo: 0x5632d7ba

Nombre del módulo con errores: SafeGuard64.dll_unloaded, versión: 2.2.0.40, marca de tiempo: 0x5683828f

Código de excepción: 0xc0000005

Desplazamiento de errores: 0x000000000005827b

Identificador del proceso con errores: 0x1c2c

Hora de inicio de la aplicación con errores: 0xsvchost.exe_DiagTrack0

Ruta de acceso de la aplicación con errores: svchost.exe_DiagTrack1

Ruta de acceso del módulo con errores: svchost.exe_DiagTrack2

Identificador del informe: svchost.exe_DiagTrack3

Nombre completo del paquete con errores: svchost.exe_DiagTrack4

Identificador de aplicación relativa del paquete con errores: svchost.exe_DiagTrack5

Error: (03/17/2016 01:20:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nombre de la aplicación con errores: igfxHK.exe, versión: 6.15.10.4331, marca de tiempo: 0x564cc83e

Nombre del módulo con errores: igfxHK.exe, versión: 6.15.10.4331, marca de tiempo: 0x564cc83e

Código de excepción: 0xc0000409

Desplazamiento de errores: 0x0000000000015953

Identificador del proceso con errores: 0x10e8

Hora de inicio de la aplicación con errores: 0xigfxHK.exe0

Ruta de acceso de la aplicación con errores: igfxHK.exe1

Ruta de acceso del módulo con errores: igfxHK.exe2

Identificador del informe: igfxHK.exe3

Nombre completo del paquete con errores: igfxHK.exe4

Identificador de aplicación relativa del paquete con errores: igfxHK.exe5

Error: (03/17/2016 01:20:24 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nombre de la aplicación con errores: svchost.exe_DiagTrack, versión: 10.0.10586.0, marca de tiempo: 0x5632d7ba

Nombre del módulo con errores: SafeGuard64.dll_unloaded, versión: 2.2.0.40, marca de tiempo: 0x5683828f

Código de excepción: 0xc0000005

Desplazamiento de errores: 0x000000000005827b

Identificador del proceso con errores: 0x690

Hora de inicio de la aplicación con errores: 0xsvchost.exe_DiagTrack0

Ruta de acceso de la aplicación con errores: svchost.exe_DiagTrack1

Ruta de acceso del módulo con errores: svchost.exe_DiagTrack2

Identificador del informe: svchost.exe_DiagTrack3

Nombre completo del paquete con errores: svchost.exe_DiagTrack4

Identificador de aplicación relativa del paquete con errores: svchost.exe_DiagTrack5

Error: (03/17/2016 01:03:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nombre de la aplicación con errores: igfxHK.exe, versión: 6.15.10.4331, marca de tiempo: 0x564cc83e

Nombre del módulo con errores: igfxHK.exe, versión: 6.15.10.4331, marca de tiempo: 0x564cc83e

Código de excepción: 0xc0000409

Desplazamiento de errores: 0x0000000000015953

Identificador del proceso con errores: 0x798

Hora de inicio de la aplicación con errores: 0xigfxHK.exe0

Ruta de acceso de la aplicación con errores: igfxHK.exe1

Ruta de acceso del módulo con errores: igfxHK.exe2

Identificador del informe: igfxHK.exe3

Nombre completo del paquete con errores: igfxHK.exe4

Identificador de aplicación relativa del paquete con errores: igfxHK.exe5

Error: (03/16/2016 10:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nombre de la aplicación con errores: svchost.exe_DiagTrack, versión: 10.0.10586.0, marca de tiempo: 0x5632d7ba

Nombre del módulo con errores: SafeGuard64.dll_unloaded, versión: 2.2.0.40, marca de tiempo: 0x5683828f

Código de excepción: 0xc0000005

Desplazamiento de errores: 0x000000000005827b

Identificador del proceso con errores: 0x1ef0

Hora de inicio de la aplicación con errores: 0xsvchost.exe_DiagTrack0

Ruta de acceso de la aplicación con errores: svchost.exe_DiagTrack1

Ruta de acceso del módulo con errores: svchost.exe_DiagTrack2

Identificador del informe: svchost.exe_DiagTrack3

Nombre completo del paquete con errores: svchost.exe_DiagTrack4

Identificador de aplicación relativa del paquete con errores: svchost.exe_DiagTrack5

Error: (03/16/2016 10:44:55 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nombre de la aplicación con errores: svchost.exe_DiagTrack, versión: 10.0.10586.0, marca de tiempo: 0x5632d7ba

Nombre del módulo con errores: SafeGuard64.dll_unloaded, versión: 2.2.0.40, marca de tiempo: 0x5683828f

Código de excepción: 0xc0000005

Desplazamiento de errores: 0x000000000005827b

Identificador del proceso con errores: 0x404

Hora de inicio de la aplicación con errores: 0xsvchost.exe_DiagTrack0

Ruta de acceso de la aplicación con errores: svchost.exe_DiagTrack1

Ruta de acceso del módulo con errores: svchost.exe_DiagTrack2

Identificador del informe: svchost.exe_DiagTrack3

Nombre completo del paquete con errores: svchost.exe_DiagTrack4

Identificador de aplicación relativa del paquete con errores: svchost.exe_DiagTrack5

Error: (03/16/2016 10:38:55 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nombre de la aplicación con errores: igfxHK.exe, versión: 6.15.10.4331, marca de tiempo: 0x564cc83e

Nombre del módulo con errores: igfxHK.exe, versión: 6.15.10.4331, marca de tiempo: 0x564cc83e

Código de excepción: 0xc0000409

Desplazamiento de errores: 0x0000000000015953

Identificador del proceso con errores: 0x1cac

Hora de inicio de la aplicación con errores: 0xigfxHK.exe0

Ruta de acceso de la aplicación con errores: igfxHK.exe1

Ruta de acceso del módulo con errores: igfxHK.exe2

Identificador del informe: igfxHK.exe3

Nombre completo del paquete con errores: igfxHK.exe4

Identificador de aplicación relativa del paquete con errores: igfxHK.exe5

Error: (03/16/2016 10:38:01 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nombre de la aplicación con errores: svchost.exe_DiagTrack, versión: 10.0.10586.0, marca de tiempo: 0x5632d7ba

Nombre del módulo con errores: SafeGuard64.dll_unloaded, versión: 2.2.0.40, marca de tiempo: 0x5683828f

Código de excepción: 0xc0000005

Desplazamiento de errores: 0x000000000005827b

Identificador del proceso con errores: 0x80c

Hora de inicio de la aplicación con errores: 0xsvchost.exe_DiagTrack0

Ruta de acceso de la aplicación con errores: svchost.exe_DiagTrack1

Ruta de acceso del módulo con errores: svchost.exe_DiagTrack2

Identificador del informe: svchost.exe_DiagTrack3

Nombre completo del paquete con errores: svchost.exe_DiagTrack4

Identificador de aplicación relativa del paquete con errores: svchost.exe_DiagTrack5

Error: (03/16/2016 10:30:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NAYRB_ALEJANDRO)

Description: No se pudo activar la aplicación Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppXre20k58eaa822f0smszc2fbv5y0azn7k.mca debido al error: -2144927149. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

System errors:

=============

Error: (03/17/2016 01:27:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: El servicio Telemetría y experiencias del usuario conectado se terminó de manera inesperada. Esto ha sucedido 3 veces.

Error: (03/17/2016 01:23:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Telemetría y experiencias del usuario conectado terminó inesperadamente. Esto se ha repetido 2 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (03/17/2016 01:21:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Telemetría y experiencias del usuario conectado terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (03/17/2016 01:19:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio Windows Presentation Foundation Font Cache 3.0.0.0 no pudo iniciarse debido al siguiente error:

%%1053

Error: (03/17/2016 01:19:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio FontCache3.0.0.0.

Error: (03/17/2016 01:19:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio HPSupportSolutionsFrameworkService no pudo iniciarse debido al siguiente error:

%%1053

Error: (03/17/2016 01:19:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio HPSupportSolutionsFrameworkService.

Error: (03/17/2016 01:17:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media depende del servicio Windows Search, el cual no pudo iniciarse debido al siguiente error:

%%1069

Error: (03/17/2016 01:17:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio Windows Search no pudo iniciarse debido al siguiente error:

%%1069

Error: (03/17/2016 01:17:26 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: El servicio WSearch no se pudo iniciarse como NT AUTHORITY\SYSTEM con la contraseña configurada actualmente debido al siguiente error:

%%50

Para asegurarse de que el servicio esté correctamente configurado, use el complemento Servicios en Microsoft Management Console (MMC).

CodeIntegrity:

===================================

Date: 2016-03-17 13:33:58.156

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\System32\SafeGuard64.dll that did not meet the security requirements for Shared Sections.

Date: 2016-03-17 13:33:58.156

Date: 2016-03-17 13:29:40.439

Date: 2016-03-16 01:01:58.885

Date: 2016-03-16 00:58:53.502

Date: 2016-03-16 00:56:30.210

==================== Memory info ===========================

Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz

Percentage of memory in use: 18%

Total physical RAM: 10176.29 MB

Available physical RAM: 8259.18 MB

Total Virtual: 11776.29 MB

Available Virtual: 9821.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.09 GB) (Free:22.49 GB) NTFS

Drive d: () (Fixed) (Total:244.14 GB) (Free:205.26 GB) NTFS

Drive e: () (Fixed) (Total:337.31 GB) (Free:271.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7BBA4417)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=117.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=337.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

I hope new indications

#4 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 18 March 2016 - 03:47 AM

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CreateRestorePoint:
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} =>  No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
ProxyEnable: [S-1-5-21-2405107676-2796426648-614312743-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-2405107676-2796426648-614312743-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll No File
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [3587000 2015-12-30] ()
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.allinchrome.com/?bd=hp&oem=ntsvc&uid=HGSTXHTS541075A9E680_JD12021A0GAM8K0GAM8KX&version=2.3.0.10992&pid=414031160&tid=712
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotstation.com?uid={262415663d92468e8d206ee1d1a9c720}&r=eg
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2405107676-2796426648-614312743-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg
HKU\S-1-5-21-2405107676-2796426648-614312743-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotstation.com?uid={262415663d92468e8d206ee1d1a9c720}&r=eg
HKU\S-1-5-21-2405107676-2796426648-614312743-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg
SearchScopes: HKLM-x32 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg
SearchScopes: HKLM-x32 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg
SearchScopes: HKU\S-1-5-21-2405107676-2796426648-614312743-1001 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg
SearchScopes: HKU\S-1-5-21-2405107676-2796426648-614312743-1001 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={262415663d92468e8d206ee1d1a9c720}&r=eg
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
CHR HomePage: Default -> hxxp://nav.brotstation.com?uid={262415663d92468e8d206ee1d1a9c720}&r=eg
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
2016-03-01 16:24 - 2016-01-11 22:02 - 00000000 ____D C:\WINDOWS\4941BFEB62C047A2801E998FC469CC2C.TMP
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nav.brotstation.com?uid={262415663d92468e8d206ee1d1a9c720}&r=eg
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nav.brotstation.com?uid={262415663d92468e8d206ee1d1a9c720}&r=eg
AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68 [175]
AlternateDataStreams: C:\ProgramData\Temp:A3E1F4EF [125]
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
RemoveProxy:
Hosts:
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
run FRST64 then click Fix just once and wait
it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here..

on Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
give it a few seconds to appear
copy/paste the entire script inside the codebox below into the input field of Zoek:
```
autoclean;
emptyalltemp;
emptyclsid;
FFdefaults;
iedefaults;
chrdefaults;
```
close any open programs.
click the Run script button, and wait. It takes a few minutes to run.
when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
if a reboot is needed, the log will be opened after the reboot.

================================================

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

double-click CKScanner.exe then click Search For Files
when the cursor hourglass disappears, click Save List To File
a message box will verify the file saved
double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Logs to include with next post:

Fixlog.txt
zoek-results.log
CKFiles.txt

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 nayrb_alejandro

New Member

New Member
4 posts

Posted 19 March 2016 - 12:11 PM

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by nayrBAlejandro (2016-03-18 22:27:41) Run:1

Running from C:\Users\nayrBAlejandro\Desktop

Loaded Profiles: nayrBAlejandro (Available Profiles: nayrBAlejandro & ji_98 & Invitado)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint: