Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

error 0xc0000005 Windows 8 Single Language x64 [Solved]

malware windows 8 exe files

  • This topic is locked This topic is locked

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

this the error you see?

 

https://support.micr...n-us/kb/2976660

 

How about a new FRST scan with Addition.txt checked?


  • 0

Advertisements


#32
poceta

poceta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
yes. It looks like KB explain. First time? I'm not sure. No restart since Windows reinstallation.
 
Before reboot, I share FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Rafay Ingenieros (administrator) on RAF-DDP-CONSTRU (05-02-2016 09:45:53)
Running from C:\Users\Rafay Ingenieros\Desktop
Loaded Profiles: Rafay Ingenieros (Available Profiles: Rafay Ingenieros & Administrador)
Platform: Windows 8 Single Language (X64) Language: Español (España, internacional)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-07-17] (EasyBits Software AS)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\RunOnce: [SymSilent] => C:\Program Files (x86)\SymSilent\SymSilent.exe [925080 2012-06-20] (Symantec Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-10-10] (EasyBits Software Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{0C5BC7D7-4C02-46A3-A33F-3BBC810E4457}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F062D7C3-0089-44CA-9A7F-F474A2AAEBA5}: [DhcpNameServer] 40.24.1.201 40.24.1.202
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL13/42
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL13/42
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL13/42
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL13/42
HKU\S-1-5-21-3512190692-2578643898-2366686823-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL13/42
HKU\S-1-5-21-3512190692-2578643898-2366686823-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL13/42
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ve.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ve.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3512190692-2578643898-2366686823-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3512190692-2578643898-2366686823-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ve.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll [2012-07-20] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL [2012-06-11] (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\coIEPlg.dll [2012-07-20] (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-07-10] (Skype Technologies)
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2016-02-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2016-02-05] [not signed]
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx [2012-10-10]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [143928 2012-06-14] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys [1377440 2012-06-11] (Symantec Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1400000.088\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3295984 2012-07-26] (Broadcom Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [509088 2012-06-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\ENG64.SYS [120440 2012-06-15] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\EX64.SYS [2068600 2012-06-15] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695392 2012-08-09] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSP64.SYS [753312 2012-05-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1400000.088\SRTSPX64.SYS [37496 2012-01-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1400000.088\SYMDS64.SYS [485024 2012-05-24] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1400000.088\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1400000.088\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2012-10-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1400000.088\Ironx64.SYS [222368 2012-05-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1400000.088\SYMNETS.SYS [431224 2012-05-09] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-26] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-26] (Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\drivers\usb2ser.sys [67192 2011-05-20] (MediaTek Inc.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-05 12:01 - 2016-02-05 12:01 - 00262144 _____ C:\Windows\system32\config\userdiff
2016-02-05 12:01 - 2016-02-05 12:01 - 00000000 ____D C:\Windows.old
2016-02-05 11:23 - 2016-02-05 11:24 - 00000000 ___HD C:\$SysReset
2016-02-05 09:38 - 2016-02-05 09:38 - 00000117 _____ C:\Windows\system32\netcfg-3481349.txt
2016-02-05 09:20 - 2016-02-05 09:20 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_usb2ser_01009.Wdf
2016-02-05 09:20 - 2016-02-05 09:20 - 00000000 ____D C:\Windows\LastGood
2016-02-05 09:18 - 2016-02-05 09:18 - 00001185 _____ C:\Users\Rafay Ingenieros\Desktop\VTELCA Internet.lnk
2016-02-05 09:18 - 2016-02-05 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTELCA Internet
2016-02-05 09:18 - 2016-02-05 09:18 - 00000000 ____D C:\Program Files (x86)\VTELCA Internet
2016-02-05 09:12 - 2016-02-05 09:12 - 00000000 ____D C:\Users\Rafay Ingenieros\AppData\Roaming\Hewlett-Packard
2016-02-05 09:02 - 2016-02-05 09:02 - 00000000 ____D C:\Users\Rafay Ingenieros\AppData\Roaming\ATI
2016-02-05 09:02 - 2016-02-05 09:02 - 00000000 ____D C:\Users\Rafay Ingenieros\AppData\Local\ATI
2016-02-05 09:02 - 2016-02-05 09:02 - 00000000 ____D C:\Users\Rafay Ingenieros\AppData\Local\AMD
2016-02-05 09:01 - 2016-02-05 09:12 - 00000000 ____D C:\Users\Rafay Ingenieros\AppData\Local\Hewlett-Packard
2016-02-05 09:01 - 2016-02-05 09:01 - 00000000 ____D C:\Users\Rafay Ingenieros\AppData\Local\bluesoleil
2016-02-05 09:00 - 2016-02-05 09:00 - 00026532 _____ C:\Users\Rafay Ingenieros\Desktop\Aplicaciones quitadas.html
2016-02-05 09:00 - 2016-02-05 09:00 - 00001418 _____ C:\Users\Rafay Ingenieros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-05 09:00 - 2016-02-05 09:00 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-02-05 09:00 - 2016-02-05 09:00 - 00000000 ____D C:\Users\Rafay Ingenieros\AppData\Roaming\Adobe
2016-02-05 08:59 - 2012-08-24 06:14 - 00002100 _____ C:\Users\Public\Desktop\HP Games.lnk
2016-02-05 08:57 - 2016-02-05 08:57 - 00000000 ____D C:\Users\Rafay Ingenieros\AppData\Roaming\Synaptics
2016-02-05 08:57 - 2016-02-05 08:57 - 00000000 ____D C:\Users\Rafay Ingenieros\AppData\Local\Power2Go8
2016-02-05 08:56 - 2016-02-05 09:18 - 00000000 ____D C:\Users\Rafay Ingenieros\AppData\Local\VirtualStore
2016-02-05 08:51 - 2016-02-05 08:51 - 00000020 ___SH C:\Users\Rafay Ingenieros\ntuser.ini
2016-02-05 08:49 - 2016-02-05 08:50 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2016-02-05 08:47 - 2016-02-05 08:47 - 00007813 _____ C:\Users\Administrator\AppData\Local\Application.xml
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\Reciente
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\Plantillas
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\Mis documentos
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\Menú Inicio
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\Impresoras
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\Entorno de red
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\Documents\Mis vídeos
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\Documents\Mis imágenes
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\Documents\Mi música
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\Datos de programa
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\Configuración local
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\AppData\Local\Historial
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\AppData\Local\Datos de programa
2016-02-05 08:44 - 2016-02-05 08:44 - 00000000 _SHDL C:\Users\Rafay Ingenieros\AppData\Local\Archivos temporales de Internet
2016-02-05 08:43 - 2016-02-05 09:00 - 00000000 ____D C:\Users\Rafay Ingenieros
2016-02-05 08:43 - 2016-02-05 08:47 - 00017148 _____ C:\Windows\diagwrn.xml
2016-02-05 08:43 - 2016-02-05 08:47 - 00017148 _____ C:\Windows\diagerr.xml
2016-02-05 08:43 - 2016-02-05 08:46 - 00000000 ___HD C:\Users\Rafay Ingenieros\Documents\hp.system.package.metadata
2016-02-05 08:43 - 2012-08-24 06:13 - 00000000 ___HD C:\Users\Rafay Ingenieros\Documents\hp.applications.package.appdata
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Public\Documents\Mis vídeos
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Public\Documents\Mis imágenes
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Public\Documents\Mi música
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\Reciente
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\Plantillas
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\Mis documentos
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\Menú Inicio
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\Impresoras
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\Entorno de red
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\Documents\Mis vídeos
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\Documents\Mis imágenes
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\Documents\Mi música
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\Datos de programa
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\Configuración local
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\AppData\Local\Historial
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\AppData\Local\Datos de programa
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Users\Default\AppData\Local\Archivos temporales de Internet
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\ProgramData\Plantillas
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\ProgramData\Menú Inicio
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\ProgramData\Escritorio
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\ProgramData\Documentos
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\ProgramData\Datos de programa
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 _SHDL C:\Program Files\Archivos comunes
2016-02-05 08:34 - 2016-02-05 08:34 - 00002324 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3512190692-2578643898-2366686823-500
2016-02-05 08:34 - 2016-02-05 08:34 - 00001139 _____ C:\Windows\system32\netcfg-141196.txt
2016-02-05 08:34 - 2016-02-05 08:34 - 00000109 _____ C:\Windows\system32\netcfg-109871.txt
2016-02-04 22:55 - 2016-02-04 22:55 - 00021867 _____ C:\ComboFix.txt
2016-02-04 20:55 - 2016-02-04 20:57 - 01979666 _____ C:\Users\Rafay Ingenieros\Desktop\events.rar
2016-02-04 20:51 - 2016-02-04 22:22 - 00001106 _____ C:\Users\Rafay Ingenieros\Desktop\MyEventViewer.cfg
2016-02-04 20:47 - 2016-02-04 20:48 - 184589536 _____ C:\Users\Rafay Ingenieros\Desktop\events.txt
2016-02-04 20:36 - 2015-08-15 19:06 - 00125536 _____ (NirSoft) C:\Users\Rafay Ingenieros\Desktop\MyEventViewer.exe
2016-02-04 20:36 - 2015-08-15 19:06 - 00018276 _____ C:\Users\Rafay Ingenieros\Desktop\MyEventViewer.chm
2016-02-04 20:36 - 2015-08-15 19:06 - 00018131 _____ C:\Users\Rafay Ingenieros\Desktop\readme.txt
2016-02-04 20:35 - 2016-02-04 20:35 - 00078059 _____ C:\Users\Rafay Ingenieros\Downloads\myeventviewer-x64.zip
2016-02-04 20:32 - 2016-02-04 20:32 - 00061440 _____ ( ) C:\Users\Rafay Ingenieros\Desktop\VEW.exe
2016-02-04 19:18 - 2016-02-04 19:18 - 00453083 _____ C:\Users\Rafay Ingenieros\Downloads\GrantPerms.zip
2016-02-04 19:18 - 2016-02-04 19:18 - 00453083 _____ C:\Users\Rafay Ingenieros\Desktop\GrantPerms.zip
2016-02-04 19:18 - 2016-02-04 19:18 - 00000000 ____D C:\Users\Rafay Ingenieros\Desktop\GrantPerms
2016-02-04 17:41 - 2016-02-04 17:43 - 00088070 _____ C:\junk.txt
2016-02-04 13:13 - 2016-02-04 13:13 - 00007221 _____ C:\Users\Rafay Ingenieros\Desktop\EPCP.exe.txt
2016-02-04 13:05 - 2016-02-04 13:07 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\Rafay Ingenieros\Downloads\procexp.exe
2016-02-04 13:02 - 2016-02-04 13:02 - 00032778 _____ C:\Users\Rafay Ingenieros\Documents\cc_20160204_130220.reg
2016-02-03 21:15 - 2016-02-04 21:43 - 00000000 ____D C:\Users\Rafay Ingenieros\Desktop\mbar
2016-02-03 21:15 - 2016-02-03 21:14 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Rafay Ingenieros\Desktop\mbar-1.09.3.1001.exe
2016-02-03 21:13 - 2016-02-03 21:14 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Rafay Ingenieros\Downloads\mbar-1.09.3.1001.exe
2016-02-03 18:28 - 2016-02-03 18:28 - 00005093 _____ C:\Users\Rafay Ingenieros\Desktop\Fixlog.txt
2016-02-03 13:20 - 2016-02-03 07:47 - 05656479 ____R (Swearware) C:\Users\Rafay Ingenieros\Desktop\ComboFix.exe
2016-02-03 13:17 - 2016-02-03 13:17 - 00173119 _____ (Eric_71) C:\Users\Rafay Ingenieros\Desktop\Rooter.exe
2016-02-03 11:44 - 2016-02-04 22:39 - 00041016 _____ C:\Users\Rafay Ingenieros\Desktop\Addition.txt
2016-02-03 11:43 - 2016-02-05 09:46 - 00015105 _____ C:\Users\Rafay Ingenieros\Desktop\FRST.txt
2016-02-03 11:00 - 2016-02-03 07:49 - 02370560 _____ (Farbar) C:\Users\Rafay Ingenieros\Desktop\FRST64.exe
2016-02-03 10:58 - 2016-02-03 10:58 - 01402880 _____ C:\Users\Rafay Ingenieros\Downloads\HiJackThis.msi
2016-02-03 10:41 - 2016-02-04 13:07 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\Rafay Ingenieros\Desktop\procexp.exe
2016-02-03 10:41 - 2016-01-29 02:50 - 00072154 _____ C:\Users\Rafay Ingenieros\Desktop\procexp.chm
2016-02-03 10:41 - 2015-01-26 09:19 - 00002009 _____ C:\Users\Rafay Ingenieros\Desktop\Eula.txt
2016-02-03 10:39 - 2016-02-03 10:40 - 01268096 _____ C:\Users\Rafay Ingenieros\Downloads\ProcessExplorer.zip
2016-02-03 10:08 - 2016-02-05 09:45 - 00000000 ____D C:\FRST
2016-02-03 09:31 - 2016-02-04 22:55 - 00000000 ____D C:\Qoobox
2016-02-03 07:48 - 2016-02-03 07:49 - 02370560 _____ (Farbar) C:\Users\Rafay Ingenieros\Downloads\FRST64.exe
2016-02-03 07:43 - 2016-02-03 07:47 - 05656479 _____ (Swearware) C:\Users\Rafay Ingenieros\Downloads\ComboFix.exe
2016-02-03 07:08 - 2016-02-03 07:08 - 00605826 _____ C:\Users\Rafay Ingenieros\Downloads\APU (1).pdf
2016-02-03 07:06 - 2016-02-03 07:06 - 00058757 _____ C:\Users\Rafay Ingenieros\Downloads\PRESUPUESTO REV 3.pdf
2016-02-02 09:52 - 2016-02-02 10:02 - 31262032 _____ (Adlice Software ) C:\Users\Rafay Ingenieros\Downloads\setup.exe
2016-02-02 09:30 - 2016-02-02 09:36 - 00000000 ____D C:\AdwCleaner
2016-02-02 09:27 - 2016-02-02 09:28 - 01508352 _____ C:\Users\Rafay Ingenieros\Downloads\AdwCleaner.exe
2016-02-02 09:25 - 2016-02-02 09:26 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Rafay Ingenieros\Downloads\rkill.com
2016-02-02 09:20 - 2016-02-02 09:19 - 00217576 _____ (Kaspersky Lab ZAO) C:\Users\Rafay Ingenieros\Desktop\CleanAutoRun.exe
2016-02-02 09:18 - 2016-02-02 09:19 - 00217576 _____ (Kaspersky Lab ZAO) C:\Users\Rafay Ingenieros\Downloads\CleanAutoRun.exe
2016-02-02 08:55 - 2016-02-02 08:55 - 00920784 _____ C:\Users\Rafay Ingenieros\Downloads\wajam_uninstall.exe
2016-02-02 08:32 - 2016-02-02 08:32 - 00000946 _____ C:\Users\Rafay Ingenieros\Desktop\exe_fix_w8.zip
2016-02-02 08:32 - 2013-12-01 14:43 - 00002091 _____ C:\Users\Rafay Ingenieros\Desktop\exe_fix_w8.reg
2016-02-02 07:52 - 2016-02-02 07:52 - 00005828 _____ C:\Users\Rafay Ingenieros\Downloads\Default_EXE.reg
2016-02-01 23:13 - 2016-02-01 23:13 - 00000000 ____D C:\AMD
2016-02-01 20:35 - 2016-02-01 20:37 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Rafay Ingenieros\Downloads\autodetectutility.exe
2016-02-01 20:34 - 2016-02-01 20:36 - 03049544 _____ (Innovative Solutions) C:\Users\Rafay Ingenieros\Downloads\Chipset-Advanced-Micro-Devices-Inc-AMD-SMBus.exe
2016-02-01 20:34 - 2016-02-01 20:36 - 02449376 _____ (Megaify Software ) C:\Users\Rafay Ingenieros\Downloads\DriverToolkitInstaller.exe
2016-02-01 20:30 - 2016-02-01 20:30 - 00000000 ____D C:\OSTotoFolder
2016-02-01 20:19 - 2016-02-01 20:29 - 10610952 _____ (OSToto Co., Ltd.) C:\Users\Rafay Ingenieros\Downloads\DriverTalent_setup.exe
2016-02-01 19:25 - 2016-02-01 19:29 - 06848512 _____ C:\Users\Rafay Ingenieros\Downloads\SkypeWebPlugin-3.2.0.23388.msi
2016-02-01 19:15 - 2016-02-01 19:16 - 01331064 _____ (Solvusoft Corporation ) C:\Users\Rafay Ingenieros\Downloads\Setup_WinSweeper_2015.exe
2016-02-01 08:09 - 2014-08-18 18:40 - 00000014 _____ C:\Users\Rafay Ingenieros\Desktop\password1234.txt
2016-02-01 08:09 - 2014-06-24 13:34 - 00000023 _____ C:\Users\Rafay Ingenieros\Desktop\release.nfo
2016-02-01 08:06 - 2016-02-01 08:07 - 01115897 _____ C:\Users\Rafay Ingenieros\Downloads\Download2015__8197_.zip
2016-02-01 07:40 - 2016-02-01 07:42 - 03901072 _____ (solvusoft Corporation ) C:\Users\Rafay Ingenieros\Downloads\WinThruster_2016_Setup.exe
2016-01-29 12:23 - 2012-06-08 03:20 - 00280651 _____ C:\Users\Rafay Ingenieros\Desktop\Windows6.1-KB2719594-x64.msu
2016-01-29 12:22 - 2016-01-29 12:23 - 00405560 _____ C:\Users\Rafay Ingenieros\Downloads\449179_intl_x64_zip.exe
2016-01-29 12:15 - 2016-01-29 12:19 - 15562240 _____ C:\Users\Rafay Ingenieros\Downloads\ApplicationVerifier.amd64.msi
2016-01-29 12:06 - 2016-01-29 12:10 - 25527544 _____ C:\Users\Rafay Ingenieros\Downloads\SeaToolsforWindowsSetup.exe
2016-01-29 11:13 - 2016-01-29 11:19 - 08508752 _____ ( ) C:\Users\Rafay Ingenieros\Downloads\DllTool.exe
2016-01-29 11:13 - 2016-01-29 11:16 - 08551224 _____ (SpeedyPC Software) C:\Users\Rafay Ingenieros\Downloads\SpeedyPC Pro Installer_226C4915-F479-46BC-B8E8-6DDFF90F998E_.exe
2016-01-29 10:27 - 2016-01-29 10:27 - 00121069 _____ C:\Users\Rafay Ingenieros\Downloads\memtest86+-5.01.usb.installer.zip
2016-01-29 10:22 - 2016-01-29 10:23 - 00367912 _____ (RegNow.com) C:\Users\Rafay Ingenieros\Downloads\Download_ReimageRepair (2).exe
2016-01-29 10:16 - 2016-01-29 10:17 - 00367912 _____ (RegNow.com) C:\Users\Rafay Ingenieros\Downloads\Download_ReimageRepair (1).exe
2016-01-29 10:11 - 2016-01-29 10:11 - 00367912 _____ (RegNow.com) C:\Users\Rafay Ingenieros\Downloads\Download_ReimageRepair.exe
2016-01-28 08:40 - 2016-01-28 08:40 - 00460909 ____T C:\Users\Rafay Ingenieros\Desktop\CURRICULUM ESTEFANY OJEDA 2016.pdf
2016-01-28 07:22 - 2016-01-28 07:22 - 00197120 _____ C:\Users\Rafay Ingenieros\Desktop\Solicitud de permiso.xls
2016-01-26 13:35 - 2016-01-26 13:35 - 00426228 _____ C:\Users\Rafay Ingenieros\Desktop\FCAS-OLEODUCTO42.pdf
2016-01-25 13:33 - 2016-01-25 13:33 - 00249192 _____ C:\Users\Rafay Ingenieros\Downloads\Statement (1).PDF
2016-01-25 08:02 - 2016-01-25 08:02 - 00019300 _____ C:\Users\Rafay Ingenieros\Documents\cc_20160125_080235.reg
2016-01-22 09:26 - 2016-01-22 09:28 - 00404929 _____ C:\Users\Rafay Ingenieros\Desktop\Monoboyas-FaseIII_REPORTE-Semanal-220116.pdf
2016-01-20 13:45 - 2016-01-20 13:50 - 01454944 _____ (Microsoft Corporation) C:\Users\Rafay Ingenieros\Downloads\vcredist_arm.exe
2016-01-20 12:56 - 2016-01-20 12:01 - 14177341 _____ C:\Users\Rafay Ingenieros\Desktop\Lenovo.zip
2016-01-20 12:56 - 2012-11-07 20:02 - 00000000 ____D C:\Users\Rafay Ingenieros\Desktop\Lenovo
2016-01-20 12:56 - 2011-05-20 15:29 - 01718392 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01009.dll
2016-01-20 12:56 - 2011-05-20 15:28 - 00067192 _____ (MediaTek Inc.) C:\Windows\system32\Drivers\usb2ser.sys
2016-01-20 11:52 - 2016-01-20 12:01 - 14177341 _____ C:\Users\Rafay Ingenieros\Downloads\Lenovo.zip
2016-01-20 11:18 - 2016-01-20 11:18 - 00340136 _____ (PC Drivers HeadQuarters LP) C:\Users\Rafay Ingenieros\Downloads\DriverDetective (1).exe
2016-01-20 11:14 - 2016-01-20 11:14 - 00340136 _____ (PC Drivers HeadQuarters LP) C:\Users\Rafay Ingenieros\Downloads\DriverDetective.exe
2016-01-20 10:48 - 2016-01-20 11:00 - 04275596 _____ (DriverIdentifier ) C:\Users\Rafay Ingenieros\Downloads\driverdouble_setup.exe
2016-01-20 09:55 - 2016-01-20 09:56 - 00042918 _____ C:\Users\Rafay Ingenieros\Documents\cc_20160120_095545.reg
2016-01-20 09:09 - 2016-01-20 09:09 - 00070694 _____ C:\Users\Rafay Ingenieros\Desktop\ARI-FC.pdf
2016-01-20 08:54 - 2016-01-26 14:13 - 00000000 ____D C:\Users\Rafay Ingenieros\Documents\RAFAY
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-05 12:01 - 2012-07-26 03:43 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2016-02-05 09:20 - 2012-07-26 01:07 - 00000000 ____D C:\Windows\Inf
2016-02-05 09:13 - 2012-08-24 14:47 - 00873338 _____ C:\Windows\system32\perfh00A.dat
2016-02-05 09:13 - 2012-08-24 14:47 - 00198560 _____ C:\Windows\system32\perfc00A.dat
2016-02-05 09:13 - 2012-07-26 02:58 - 02002686 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-05 09:07 - 2012-07-26 03:29 - 00000000 ____D C:\Windows\CbsTemp
2016-02-05 09:05 - 2012-07-26 03:42 - 00000000 ____D C:\Windows\AUInstallAgent
2016-02-05 09:01 - 2012-10-10 13:48 - 00004524 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2016-02-05 09:00 - 2014-06-29 12:38 - 00000000 ____D C:\Users\Rafay Ingenieros\AppData\Local\Packages
2016-02-05 09:00 - 2012-08-24 05:47 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-02-05 09:00 - 2012-07-26 03:42 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-02-05 08:59 - 2012-10-10 14:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-02-05 08:59 - 2012-10-10 13:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-02-05 08:59 - 2012-08-24 05:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-02-05 08:59 - 2012-08-24 05:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-02-05 08:59 - 2012-08-24 05:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-02-05 08:59 - 2012-08-03 19:32 - 00000000 ___HD C:\SYSTEM.SAV
2016-02-05 08:49 - 2012-10-10 14:32 - 00000000 ____D C:\ProgramData\Norton
2016-02-05 08:49 - 2012-07-26 00:56 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-02-05 08:48 - 2012-08-03 18:51 - 00000000 ____D C:\Windows\Panther
2016-02-05 08:47 - 2012-07-26 03:42 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-05 08:46 - 2012-07-26 03:42 - 00000000 ____D C:\Windows\rescache
2016-02-05 08:45 - 2012-08-10 11:15 - 00000821 _____ C:\Windows\SysWOW64\bscs.ini
2016-02-05 08:42 - 2012-10-10 13:48 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2016-02-05 08:41 - 2012-07-26 03:42 - 00000000 ____D C:\Program Files\Windows NT
2016-02-05 08:41 - 2012-07-26 02:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-05 08:33 - 2012-07-26 02:49 - 00291328 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-04 22:19 - 2012-07-26 00:56 - 01048576 ___SH C:\Windows\system32\config\BBI
2016-02-04 19:54 - 2014-07-08 07:25 - 03404288 ___SH C:\Users\Rafay Ingenieros\Desktop\Thumbs.db
2016-02-04 11:52 - 2014-07-03 12:27 - 00000000 ____D C:\Users\Rafay Ingenieros\Documents\Archivos de Outlook
2016-02-04 11:15 - 2015-11-06 07:19 - 00000000 ____D C:\Users\Rafay Ingenieros\Desktop\Oleoducto 42 - Palmichal-TAEJ
2016-02-03 10:21 - 2012-07-26 03:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-03 07:10 - 2014-09-30 16:10 - 00289280 ___SH C:\Users\Rafay Ingenieros\Downloads\Thumbs.db
2016-02-03 07:05 - 2015-08-20 07:38 - 00000000 ____D C:\Users\Rafay Ingenieros\Documents\PETROCEDEÑO-Monoboya Fase III
2016-01-28 09:01 - 2014-07-08 09:34 - 00000000 ____D C:\Users\Rafay Ingenieros\Desktop\FC
2016-01-22 09:27 - 2015-10-27 10:07 - 00152064 _____ C:\Users\Rafay Ingenieros\Desktop\Monoboyas-FaseIII_REPORTE-Semanal.xls
2016-01-20 08:57 - 2015-05-28 10:41 - 00000000 ____D C:\Users\Rafay Ingenieros\Desktop\Licitaciones RAFAY
 
==================== Files in the root of some directories =======
 
2012-10-10 14:12 - 2012-10-10 14:12 - 0000525 _____ () C:\ProgramData\CyberlinkOutput.txt
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2012-08-03 17:53
 
==================== End of FRST.txt ============================
 
And:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Rafay Ingenieros (2016-02-05 09:48:00)
Running from C:\Users\Rafay Ingenieros\Desktop
Windows 8 Single Language (X64) (2016-02-05 13:18:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-3512190692-2578643898-2366686823-500 - Administrator - Disabled) => C:\Users\Administrator
HomeGroupUser$ (S-1-5-21-3512190692-2578643898-2366686823-1004 - Limited - Enabled)
Invitado (S-1-5-21-3512190692-2578643898-2366686823-501 - Limited - Enabled)
Rafay Ingenieros (S-1-5-21-3512190692-2578643898-2366686823-1002 - Administrator - Enabled) => C:\Users\Rafay Ingenieros
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7 Wonders II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{1F56414D-D7F6-2DBF-BF65-1AC1A8609C03}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{81AB7F16-1A8A-4671-BA1B-8CCD193E6333}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{3AD2C353-825B-47E6-9396-3C2F78D194FE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{AA15B17F-365C-4BCE-A076-AEABF5B7C8B7}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Juegos WildTangent (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.0.0.136 - Symantec Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VTELCA Internet (HKLM-x32\...\VTELCA Internet_is1) (Version: 1.0.1 - VTELCA Internet)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {467361AF-4C9E-4E59-8CBF-B877399AA8B1} - System32\Tasks\Microsoft\Windows\SysResetServicingCleanup => C:\$SysReset\Framework\Stack\SystemResetOSUpdates.exe [2012-07-25] (Microsoft Corporation)
Task: {5A985157-98A8-4C96-99D7-5DD9C37292F5} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe [2012-07-05] (Symantec Corporation)
Task: {6EC69237-3576-49B0-8959-0E8C13B70EB1} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {8369370E-5E15-4B5C-B014-859E059E1C06} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe [2012-07-24] (Symantec Corporation)
Task: {841AF562-5FFD-442E-8287-3517D1122825} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2012-07-25] (Microsoft Corporation)
Task: {96223C16-32D4-4286-A7F8-818DF7821DEC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe [2012-07-05] (Symantec Corporation)
Task: {9F1578F2-3470-4928-BC4F-310518E1E9D8} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {E01DEC1F-827E-4537-8CF4-BF302F793698} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {E6064E54-1BD9-4D0B-A966-CBDFB4F623DB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
Task: {FBD3F0DE-3605-4DC2-9F34-794631B97D1E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {FC340E49-B65B-484A-9A9C-154338520B56} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-08-10] (Hewlett-Packard Company)
Task: {FDB651AA-5171-4506-BE43-7FC3A13C2286} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-08-10] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-08 04:06 - 2012-08-08 04:06 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-07-10 11:41 - 2012-07-10 11:41 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-07-10 11:39 - 2012-07-10 11:39 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2012-07-10 11:41 - 2012-07-10 11:41 - 00052736 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2012-08-08 04:06 - 2012-08-08 04:06 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-08 03:52 - 2012-08-08 03:52 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-07-10 11:39 - 2012-07-10 11:39 - 00022528 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-08-10 04:25 - 2012-08-10 04:25 - 00323648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 10:58 - 2012-05-02 10:58 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2012-07-10 11:41 - 2012-07-10 11:41 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-07-10 11:41 - 2012-07-10 11:41 - 00052736 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2012-10-10 14:34 - 2012-05-30 02:21 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.0.0.136\wincfi39.dll
2012-10-10 14:09 - 2012-06-07 23:04 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 05:04 - 2012-06-08 05:04 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-07-10 11:44 - 2012-07-10 11:44 - 00072192 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll
2012-07-27 08:21 - 2012-07-27 08:21 - 00346112 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:56 - 2012-07-26 00:56 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3512190692-2578643898-2366686823-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2B5A6F5A-0775-4991-94A3-63CC21851063}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1A37F926-DC7F-4030-A14E-1C28E56029D6}] => (Allow) LPort=2869
FirewallRules: [{14C542E8-0269-4EBC-B917-E40B27B877F0}] => (Allow) LPort=1900
FirewallRules: [{AE03F138-3B0F-4915-A987-BEB190A2322A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{57342EFC-C62B-4296-B139-94AD9CECD7F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5B39E78F-019E-479B-B82E-743A73057A3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4FBB643E-183A-4C90-B88A-0928FEC5C2AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{31DC91A6-4516-47AB-B319-448829EEFA56}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{B0E9BF5C-5BEE-45D3-8484-8481923E9254}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{E4E650FE-4D48-412D-8DBF-A9E5CB53FEB1}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{243EEE34-E14A-48DC-BBE6-C9A56E1AFA8E}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{C4276F97-38FC-4801-A230-401902E6DB4E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{21986B32-A7A0-45D1-8D8E-57540F81E0FC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/05/2016 09:41:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa wwahost.exe, versión 6.2.9200.16384, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 25c
 
Hora de inicio: 01d1601ee240aeff
 
Hora de finalización: 4294967295
 
Ruta de acceso de la aplicación: C:\Windows\system32\wwahost.exe
 
Identificador de informe: 4ade1d68-cc12-11e5-be73-9c2a7041d5d6
 
Nombre completo de paquete con errores: microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe
 
Identificador de aplicación relativa del paquete con errores: Microsoft.WindowsLive.Mail
 
Error: (02/05/2016 09:40:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: RAF-DDP-CONSTRU)
Description: Se detuvo el paquete microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe porque se tardó demasiado en suspender.
 
Error: (02/05/2016 09:38:33 AM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: El sistema no puede encontrar el archivo especificado. (Excepción de HRESULT: 0x80070002)     en TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
   en HPMetrics.ScheduleTask.DeleteTask(String TaskName)
 
Error: (02/05/2016 09:12:42 AM) (Source: HP Registration Service) (EventID: 0) (User: )
Description: El sistema no puede encontrar el archivo especificado. (Excepción de HRESULT: 0x80070002)     en TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)
   en HPMetrics.ScheduleTask.DeleteTask(String TaskName)
 
 
System errors:
=============
Error: (02/05/2016 09:40:59 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió una alerta irrecuperable desde el extremo remoto. El código de alerta irrecuperable definido del protocolo TLS es: 40.
 
Error: (02/05/2016 08:49:58 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Search no respondió después de iniciar.
 
Error: (02/05/2016 08:39:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (02/05/2016 08:37:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Servicio de lista de redes se cerró con el siguiente error: 
%%21
 
Error: (02/05/2016 08:36:57 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (02/05/2016 08:34:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Servicio de lista de redes se cerró con el siguiente error: 
%%21
 
Error: (02/05/2016 08:34:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Aplicación auxiliar IP se cerró con el siguiente error: 
%%1058
 
Error: (10/10/2012 03:00:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (10/10/2012 02:58:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (10/10/2012 02:56:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
 
CodeIntegrity:
===================================
  Date: 2016-02-05 09:45:44.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-05 09:45:33.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-05 09:41:36.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-05 09:36:40.169
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-05 09:36:40.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-05 09:36:40.001
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-05 09:35:48.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-05 09:35:48.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-05 09:35:48.771
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-05 09:35:43.808
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-1800 APU with Radeon™ HD Graphics
Percentage of memory in use: 55%
Total physical RAM: 3682.26 MB
Available physical RAM: 1647.91 MB
Total Virtual: 7138.26 MB
Available Virtual: 5040.18 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:570.87 GB) (Free:438.38 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.53 GB) (Free:2.92 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 662809A2)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#33
poceta

poceta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

in process explorer I can't find dllhost.exe again.... looks bad?


  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

No we don't really want it to run.  Your log looks clean except for the errors.  Got to go now.


  • 0

#35
poceta

poceta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

OK.....  after combofix, I'm going to reboot.

 

ComboFix 16-01-31.01 - Rafay Ingenieros 05-02-2016  10:17:14.1.2 - x64
Microsoft Windows 8 Single Language  6.2.9200.0.1252.58.3082.18.3682.2264 [GMT -4,5:30]
Running from: c:\users\Rafay Ingenieros\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2016-01-05 to 2016-02-05  )))))))))))))))))))))))))))))))
.
.
2016-02-05 16:31 . 2016-02-05 16:31 -------- d-----w- C:\Windows.old
2016-02-05 15:53 . 2016-02-05 15:54 -------- d-----w- C:\$SysReset
2016-02-05 14:58 . 2016-02-05 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-05 14:40 . 2016-02-05 14:40 -------- d-----w- c:\program files (x86)\Trend Micro
2016-02-05 14:34 . 2016-02-05 14:34 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-05 14:17 . 2016-02-05 14:17 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2016-02-05 13:50 . 2016-02-05 13:50 -------- d-----w- c:\windows\LastGood
2016-02-05 13:48 . 2016-02-05 13:48 -------- d-----w- c:\program files (x86)\VTELCA Internet
2016-02-05 13:17 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{659EFFC6-88C2-41D9-96ED-AD4D5C7EE644}\mpengine.dll
2016-02-05 13:13 . 2016-02-05 13:30 -------- d-----w- c:\users\Rafay Ingenieros
2016-02-03 14:38 . 2016-02-05 14:19 -------- d-----w- C:\FRST
2016-02-02 14:00 . 2016-02-02 14:06 -------- d-----w- C:\AdwCleaner
2016-02-02 03:43 . 2016-02-02 03:43 -------- d-----w- C:\AMD
2016-02-02 01:00 . 2016-02-02 01:00 -------- d-----w- C:\OSTotoFolder
2016-01-20 17:26 . 2011-05-20 19:59 1718392 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
2016-01-20 17:26 . 2011-05-20 19:58 67192 ----a-w- c:\windows\system32\drivers\usb2ser.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-01 12:03 . 2015-08-05 12:08 269992 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-08 642216]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-08-02 363520]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2012-07-17 61112]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"SymSilent"="c:\program files (x86)\SymSilent\SymSilent.exe" [2012-06-20 925080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1400000.088\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1400000.088\SymELAM.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 wdf_usb;wdf_usb;c:\windows\system32\drivers\usb2ser.sys;c:\windows\SYSNATIVE\drivers\usb2ser.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1400000.088\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1400000.088\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1400000.088\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1400000.088\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1400000.088\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1400000.088\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1400000.088\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1400000.088\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1400000.088\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1400000.088\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Controlador de Bluetooth de bajo consumo;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-21 1425408]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 172.20.10.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2016-02-05  10:33:01
ComboFix-quarantined-files.txt  2016-02-05 15:03
ComboFix2.txt  2016-02-05 03:25
ComboFix3.txt  2016-02-03 18:23
ComboFix4.txt  2016-02-03 14:35
.
Pre-Run: 470.511.267.840 bytes libres
Post-Run: 470.313.140.224 bytes libres
.
- - End Of File - - 9F5C8FD1D27A9235842F46225FF72C8F
5FB38429D5D77768867C76DCBDB35194
__________________________________________
 
 
long reboot but clean.... I wondered about programs deleted (microsoft suite, AVG antivirus, chrome, etc). But with your excellent help, my pc is working better now!
 
THANKS a lot! THANK YOU very much!
 
SOLVED

  • 0

#36
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Hi. :)

Ill be assisting your good self whist RKinner is unavailable.
 

with your excellent help, my pc is working better now!

Very good, to err on the side of caution lets run two further scans as follows...

Scan with Zoek:

Please download Zoek and save to the desktop.

You will need to temp' disable your current installed Anti-Virus/Security software, how to do so can be read here.

  • Right-click on zoek.exe and select Run as Administrator .
  • Once the GUI(graphical user interface) has loaded >> click on the More Options tab >> select Auto Clean only.
  • Ensure the option Scan All Users is selected >> now click on the Run Script tab.
  • Zoek will momentary close and a new GUI will appear and the scan will commence.
  • Please be patient as the scan may take some time depending on the specifications of your computer.
  • Once the scan is completed a log file named zoek-results.log will open via notepad, post the contents in your next reply.
  • If the system requires a reboot after the aforementioned scan, click on OK at the prompt(the log will appear after the reboot).
  • The zoek-results.log can also be found on your system drive.

Note: Do not forget to re-enable your Security software after running the above scan!

Scan with Panda Cloud Cleaner:

Please download Panda Cloud Cleaner and save to your desktop.

Alternate downloads are here and here.

  • Right-click on PandaCloudCleaner.exe and select Run as Administrator >> Next > >> >> Next >
  • Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
  • Please be patient as the scan may take some time to complete depending on your system's specifications.
  • Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
  • Now within the GUI click on the > tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
  • Save this to your desktop and post the contents in your next reply.
  • Then click on Back >> Exit

Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish.

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Zoek Log.
  • Panda Cloud Cleaner Log.

  • 0

#37
poceta

poceta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

thanks again foy your help. I'm coming back to check the laptop and I'm inform later.


  • 0

#38
poceta

poceta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

I have a doubt about to continue with Panda Cloud Cleaner, I have a message about to take actions: clean or exit?

2 malwares found: Navigator Hijack and System Hijack


  • 0

#39
poceta

poceta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

well, I made zoek scan by first time and apparently did not works fine. So, I made a reboot and performed zoek scan properly and was required a reboot with this log:

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Rafay Ingenieros on 07-02-2016 at 13:10:24,71.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Rafay Ingenieros\Desktop\zoek.exe [Scan all users]  [Checkboxes used]
 
==== Older Logs ======================
 
C:\zoek-results2016-02-07-165836.log 1999 bytes
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
"C:\windows\Installer\13b0eb.msi" not found
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn" [07-02-2016 12:58 p.m.]
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx[20-07-2012 10:35 a.m.]
 
Norton Security Toolbar - Rafay Ingenieros\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...TR&pc=HPNTDFJS"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1ADB7B61769BD2D4B8721E72722C3805 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16B7BDA1-B967-4D2D-8B27-E12727C28350} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1ADB7B61769BD2D4B8721E72722C3805 deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rafay Ingenieros\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Rafay Ingenieros\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=7 folders=1 113159859 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Rafay Ingenieros\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\RAFAYI~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 07-02-2016 at 13:53:33,07 ======================
 
Also, for Panda just as informed before. Not possible to obtain log file.
 
laptop is going better... I think that after W8 re-installation, is running better. How to know if error is solved?

  • 0

#40
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Also, for Panda just as informed before. Not possible to obtain log file.

Not a problem nor a cause for concern.

laptop is going better... I think that after W8 re-installation, is running better. How to know if error is solved?

Good and aye appears to be the case. Congratulations your computer appears to be malware free!

Clean-Up with DelFix:

Please download DelFix to your desktop.
  • Right-click on delfix.exe and select Run as Administrator to launch the application.
  • Referring to the image below, select the three options denoted:
DF2.gif
  • Then click on Run.
  • Once it has finished processing, a notepad file named DelFix.txt will open. Post the contents in your next reply for my review.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.
  • After you have posted the aforementioned DelFix.txt, delete it and empty the Recycle Bin.
Note: The above application/overall process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

The below is worth reading/bookmarking for future reference:

Computer Security - a short guide to staying safer online

Next:

Any questions? Feel free to ask, if not stay safe!
  • 0

Advertisements


#41
poceta

poceta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Good Day and Thanks a lot for excellent help.

 

Now the final log:

 

# DelFix v1.011 - Logfile created 08/02/2016 at 10:44:03
# Updated 18/08/2015 by Xplode
# Username : Rafay Ingenieros - RAF-DDP-CONSTRU
# Operating System : Windows 8 Single Language  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\Rafay Ingenieros\Desktop\mbar
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2016-02-07-165836.log
Deleted : C:\Users\Rafay Ingenieros\Desktop\Addition.txt
Deleted : C:\Users\Rafay Ingenieros\Desktop\ComboFix.docx
Deleted : C:\Users\Rafay Ingenieros\Desktop\ComboFix.exe
Deleted : C:\Users\Rafay Ingenieros\Desktop\Fixlog.txt
Deleted : C:\Users\Rafay Ingenieros\Desktop\FRST.docx
Deleted : C:\Users\Rafay Ingenieros\Desktop\FRST.txt
Deleted : C:\Users\Rafay Ingenieros\Desktop\FRST64.exe
Deleted : C:\Users\Rafay Ingenieros\Desktop\GrantPerms.zip
Deleted : C:\Users\Rafay Ingenieros\Desktop\HiJackThis.lnk
Deleted : C:\Users\Rafay Ingenieros\Desktop\HiJackThis.msi
Deleted : C:\Users\Rafay Ingenieros\Desktop\Rooter.exe
Deleted : C:\Users\Rafay Ingenieros\Desktop\zoek.exe
Deleted : C:\Users\Rafay Ingenieros\Downloads\AdwCleaner.exe
Deleted : C:\Users\Rafay Ingenieros\Downloads\ComboFix.exe
Deleted : C:\Users\Rafay Ingenieros\Downloads\FRST64.exe
Deleted : C:\Users\Rafay Ingenieros\Downloads\GrantPerms.zip
Deleted : C:\Users\Rafay Ingenieros\Downloads\HiJackThis.msi
Deleted : C:\Users\Rafay Ingenieros\Downloads\rkill.com
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #3 [Installed HiJackThis | 02/05/2016 14:39:17]
Deleted : RP #4 [zoek.exe restore point | 02/07/2016 15:59:54]
 
New restore point created !
 
########## - EOF - ##########

  • 0

#42
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, windows 8, exe files

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP