cell512 Posted January 15, 2016 ID:1012739 Share Posted January 15, 2016 Hello, My laptop computer is infected with some kind of undetectable malware.This is my computer from work and I think it got infected with a USB drive, I am not sure.I am attaching 2 pictures: One is a scan I performed with Malwarebytes resulting with no infection and the other picture is a malicious popup when I was browsing on the Internet. Please help!Thank You Link to post Share on other sites More sharing options...
kevinf80 Posted January 15, 2016 ID:1012740 Share Posted January 15, 2016 Hello and welcome to Malwarebytes,Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…If Malwarebytes is not installed follow these instructions first:Download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish. Follow the instructions above....Next,Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...Next,Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply.Let me see those logs in your next reply...Thank you,Kevin... Link to post Share on other sites More sharing options...
cell512 Posted January 16, 2016 Author ID:1013063 Share Posted January 16, 2016 Hello Kevin thank you very much for your assistance! Here I paste the log information provided from Malwarebytes AntiMalware. I will continue to download and use the other software that you gave me. THANK YOU! Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 1/16/2016Scan Time: 3:57 PMLogfile: Administrator: Yes Version: 2.2.0.1024Malware Database: v2016.01.16.04Rootkit Database: v2016.01.09.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Ivan.Moreno Scan Type: Threat ScanResult: CompletedObjects Scanned: 422316Time Elapsed: 26 min, 23 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
kevinf80 Posted January 16, 2016 ID:1013064 Share Posted January 16, 2016 Thank you, post other logs whenever ready.... Link to post Share on other sites More sharing options...
cell512 Posted January 16, 2016 Author ID:1013065 Share Posted January 16, 2016 This is the log information of AdwCleaner... I will now continue with the last software... # AdwCleaner v5.029 - Logfile created 16/01/2016 at 16:35:00# Updated 11/01/2016 by Xplode# Database : 2016-01-15.2 [server]# Operating system : Windows 7 Enterprise Service Pack 1 (x64)# Username : Ivan.Moreno - RMG_LP_PBHFE23# Running from : C:\Users\Ivan Moreno\Downloads\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Program Files (x86)\Applian Technologies[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies[-] Folder Deleted : C:\Users\Ivan Moreno\AppData\Local\PackageAware[!] Folder Not Deleted : C:\Users\Ivan Moreno\AppData\Local\PackageAware[!] Folder Not Deleted : C:\Users\Ivan Moreno\AppData\Local\PackageAware ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\S ***** [ Web browsers ] ***** ************************* :: "Tracing" keys removed:: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1115 bytes] ########## Link to post Share on other sites More sharing options...
cell512 Posted January 16, 2016 Author ID:1013067 Share Posted January 16, 2016 Hi again Kevin, this is the log from the last software... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01Ran by Ivan.Moreno (administrator) on RMG_LP_PBHFE23 (16-01-2016 16:43:36)Running from C:\Users\Ivan Moreno\DownloadsLoaded Profiles: Ivan.Moreno (Available Profiles: fcfs & Ivan.Moreno & backdoor)Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler64.exe(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitorHKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-431013118-809749992-1248859224-1001\...\Run: [Google Update] => C:\Users\Ivan Moreno\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-06-01] (Google Inc.)HKU\S-1-5-21-431013118-809749992-1248859224-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)HKU\S-1-5-18\...\RunOnce: [ ISSetupPrerequisistes] => "C:\ProgramData\Lenovo\SystemUpdate\session\Repository\lscsetup_x64_28004_7\securedfolder\lscsetup_x64_28004.exe" /s /v"/qn /norestart REBOOT=ReallySuppress"Lsa: [Notification Packages] scecli ACGinaStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2015-02-21]ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 93.158.216.100 8.8.8.8Tcpip\..\Interfaces\{09D2DC1F-A686-447C-AD31-33D0CBCCEE79}: [DhcpNameServer] 93.158.216.100 8.8.8.8Tcpip\..\Interfaces\{5D3BA6DD-1A47-4D3D-B40B-F7AB60135A7B}: [NameServer] 172.17.1.13 Internet Explorer:==================HKU\S-1-5-21-431013118-809749992-1248859224-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://login.microsoftonline.com/SearchScopes: HKU\S-1-5-21-431013118-809749992-1248859224-1001 -> {FB0F028C-29CC-4C9A-8029-54EE22AAF8A4} URL = hxxps://www.google.com/search?q={searchTerms}BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-27] (Oracle Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-27] (Oracle Corporation)BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-27] (Oracle Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-27] (Oracle Corporation) FireFox:========FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-27] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-27] (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2014-07-09] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2014-07-09] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-27] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-27] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-431013118-809749992-1248859224-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ivan Moreno\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)FF Plugin HKU\S-1-5-21-431013118-809749992-1248859224-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ivan Moreno\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation) Chrome: =======CHR Profile: C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (BIODIGITAL HUMAN) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-06-01]CHR Extension: (Duolingo on the Web) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-06-01]CHR Extension: (Google Drive) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-20]CHR Extension: (YouTube) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-01]CHR Extension: (Spotify - Music for every moment) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-06-01]CHR Extension: (Google Search) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-01]CHR Extension: (Gun Blood) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbkahmbgcfjocgliikbkfiieemcjkoj [2015-06-01]CHR Extension: (Box) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-06-01]CHR Extension: (EWC Presenter) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdginhbdpekijhadlcniofmnmpbgdkjd [2015-06-01]CHR Extension: (Pixlr Express) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2015-06-01]CHR Extension: (Pixlr Editor) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-06-01]CHR Extension: (Build with Chrome) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2015-06-01]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-01]CHR Extension: (Sketchpad) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2015-06-01]CHR Extension: (Google Classroom) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2015-06-01]CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2015-06-01]CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]CHR Extension: (Deezer) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2015-06-01]CHR Extension: (Gmail) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-01]CHR Extension: (Canvas Rider) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-06-01]CHR Profile: C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-09-02]CHR Extension: (Duolingo on the Web) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-09-02]CHR Extension: (Google Drive) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-24]CHR Extension: (YouTube) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-24]CHR Extension: (Spotify - Music for every moment) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-09-02]CHR Extension: (Google Search) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-24]CHR Extension: (Gun Blood) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cpbkahmbgcfjocgliikbkfiieemcjkoj [2015-09-02]CHR Extension: (Box) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-09-02]CHR Extension: (EWC Presenter) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdginhbdpekijhadlcniofmnmpbgdkjd [2015-09-02]CHR Extension: (Pixlr Editor) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-09-02]CHR Extension: (Build with Chrome) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2015-09-02]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-24]CHR Extension: (Sketchpad) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2015-09-02]CHR Extension: (Google Classroom) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2015-09-02]CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2015-09-02]CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-24]CHR Extension: (Deezer) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2015-09-02]CHR Extension: (Gmail) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-24]CHR Extension: (Canvas Rider) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-09-02]CHR Profile: C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2CHR Extension: (Google Slides) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-02]CHR Extension: (Google Docs) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-03]CHR Extension: (Google Drive) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]CHR Extension: (YouTube) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]CHR Extension: (Google Search) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]CHR Extension: (Google Sheets) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-02]CHR Extension: (Google Docs Offline) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-02]CHR Extension: (Gmail) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-03]CHR Profile: C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-11-12]CHR Extension: (Duolingo on the Web) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-11-12]CHR Extension: (Google Drive) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12]CHR Extension: (YouTube) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-12]CHR Extension: (Spotify - Music for every moment) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-11-12]CHR Extension: (Google Search) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]CHR Extension: (Gun Blood) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cpbkahmbgcfjocgliikbkfiieemcjkoj [2015-11-12]CHR Extension: (Box) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-11-12]CHR Extension: (Google Docs Offline) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-12]CHR Extension: (EWC Presenter) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hdginhbdpekijhadlcniofmnmpbgdkjd [2015-11-12]CHR Extension: (Pixlr Editor) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-11-12]CHR Extension: (Build with Chrome) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2015-11-12]CHR Extension: (Sketchpad) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2015-11-12]CHR Extension: (Google Classroom) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2015-11-12]CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2015-11-12]CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-12]CHR Extension: (Deezer) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2015-11-12]CHR Extension: (Gmail) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-12]CHR Extension: (Privacy Badger) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2015-11-12]CHR Extension: (Canvas Rider) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-11-12]CHR Profile: C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 5CHR Profile: C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6CHR Extension: (Google Slides) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-17]CHR Extension: (Google Docs) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-17]CHR Extension: (Google Drive) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-17]CHR Extension: (YouTube) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-17]CHR Extension: (Google Search) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-17]CHR Extension: (Session Buddy) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-12-31]CHR Extension: (Google Sheets) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-17]CHR Extension: (Google Docs Offline) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]CHR Extension: (Cisco WebEx Extension) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-01-15]CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-17]CHR Extension: (Gmail) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-17]StartMenuInternet: Google Chrome.PF7CAFPGK2LBCHDWMDMKWYWIKI - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2015-11-11] ()R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-16] (Malwarebytes)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-16 16:43 - 2016-01-16 16:44 - 00029031 _____ C:\Users\Ivan Moreno\Downloads\FRST.txt2016-01-16 16:43 - 2016-01-16 16:43 - 00000000 ____D C:\FRST2016-01-16 16:42 - 2016-01-16 16:42 - 02370560 _____ (Farbar) C:\Users\Ivan Moreno\Downloads\FRST64.exe2016-01-16 16:31 - 2016-01-16 16:35 - 00000000 ____D C:\AdwCleaner2016-01-16 16:30 - 2016-01-16 16:30 - 01754112 _____ C:\Users\Ivan Moreno\Downloads\AdwCleaner.exe2016-01-15 13:58 - 2016-01-15 13:58 - 00000000 ____D C:\Users\Ivan Moreno\AppData\Roaming\webex2016-01-15 13:57 - 2016-01-15 15:05 - 00000000 ____D C:\Users\Ivan Moreno\AppData\LocalLow\WebEx2016-01-15 13:57 - 2016-01-15 13:58 - 00000000 ____D C:\ProgramData\WebEx2016-01-15 13:57 - 2016-01-15 13:57 - 00708280 _____ (Cisco WebEx LLC) C:\Users\Ivan Moreno\Downloads\Cisco_WebEx_Add-On.exe2016-01-15 13:57 - 2016-01-15 13:57 - 00000000 ____D C:\Users\Ivan Moreno\AppData\Roaming\Mozilla2016-01-15 13:57 - 2016-01-15 13:57 - 00000000 ____D C:\Users\Ivan Moreno\AppData\Local\WebEx2016-01-14 17:17 - 2016-01-14 17:19 - 22908888 _____ (Malwarebytes ) C:\Users\Ivan Moreno\Downloads\mbam-setup-web.NT-2.2.0.1024.exe2016-01-14 12:00 - 2016-01-14 12:00 - 02017853 _____ C:\Users\Ivan Moreno\Downloads\QUICK TEAM-BUILDING ACTIVITIES FOR BUSY MANAGERS.pdf2016-01-13 07:52 - 2015-12-11 12:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2016-01-13 07:52 - 2015-12-08 15:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2016-01-13 07:52 - 2015-12-08 15:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll2016-01-13 07:52 - 2015-12-08 15:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2016-01-13 07:52 - 2015-12-08 15:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax2016-01-13 07:52 - 2015-12-08 15:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2016-01-13 07:52 - 2015-12-08 15:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2016-01-13 07:52 - 2015-12-08 15:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll2016-01-13 07:52 - 2015-12-08 15:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2016-01-13 07:52 - 2015-12-08 13:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2016-01-13 07:52 - 2015-12-08 13:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2016-01-13 07:52 - 2015-12-08 13:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2016-01-13 07:52 - 2015-12-08 13:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll2016-01-13 07:52 - 2015-12-08 13:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll2016-01-13 07:52 - 2015-12-08 13:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll2016-01-13 07:52 - 2015-12-08 13:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2016-01-13 07:52 - 2015-12-08 13:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll2016-01-13 07:52 - 2015-12-08 13:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax2016-01-13 07:52 - 2015-12-08 13:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2016-01-13 07:52 - 2015-12-08 13:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2016-01-13 07:52 - 2015-12-08 12:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys2016-01-13 07:52 - 2015-12-08 12:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys2016-01-13 07:52 - 2015-12-08 12:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys2016-01-13 07:52 - 2015-12-08 11:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2016-01-13 07:52 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll2016-01-13 07:52 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll2016-01-13 07:52 - 2015-11-13 17:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe2016-01-13 07:52 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll2016-01-13 07:52 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll2016-01-13 07:52 - 2015-11-13 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe2016-01-13 07:51 - 2015-12-23 17:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2016-01-13 07:51 - 2015-12-23 16:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2016-01-13 07:51 - 2015-12-12 12:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2016-01-13 07:51 - 2015-12-12 12:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2016-01-13 07:51 - 2015-12-12 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2016-01-13 07:51 - 2015-12-12 12:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2016-01-13 07:51 - 2015-12-12 12:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2016-01-13 07:51 - 2015-12-12 12:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2016-01-13 07:51 - 2015-12-12 12:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2016-01-13 07:51 - 2015-12-12 12:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2016-01-13 07:51 - 2015-12-12 12:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2016-01-13 07:51 - 2015-12-12 12:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2016-01-13 07:51 - 2015-12-12 12:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2016-01-13 07:51 - 2015-12-12 12:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2016-01-13 07:51 - 2015-12-12 12:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2016-01-13 07:51 - 2015-12-12 12:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2016-01-13 07:51 - 2015-12-12 12:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2016-01-13 07:51 - 2015-12-12 12:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2016-01-13 07:51 - 2015-12-12 12:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2016-01-13 07:51 - 2015-12-12 12:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2016-01-13 07:51 - 2015-12-12 11:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2016-01-13 07:51 - 2015-12-12 11:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2016-01-13 07:51 - 2015-12-12 11:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2016-01-13 07:51 - 2015-12-12 11:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2016-01-13 07:51 - 2015-12-12 11:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2016-01-13 07:51 - 2015-12-12 11:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2016-01-13 07:51 - 2015-12-12 11:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2016-01-13 07:51 - 2015-12-12 11:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2016-01-13 07:51 - 2015-12-12 11:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2016-01-13 07:51 - 2015-12-12 11:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2016-01-13 07:51 - 2015-12-12 11:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2016-01-13 07:51 - 2015-12-12 11:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2016-01-13 07:51 - 2015-12-12 11:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2016-01-13 07:51 - 2015-12-12 11:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2016-01-13 07:51 - 2015-12-12 11:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2016-01-13 07:51 - 2015-12-12 11:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2016-01-13 07:51 - 2015-12-12 11:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2016-01-13 07:51 - 2015-12-12 11:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2016-01-13 07:51 - 2015-12-12 11:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2016-01-13 07:51 - 2015-12-12 11:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2016-01-13 07:51 - 2015-12-12 11:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2016-01-13 07:51 - 2015-12-12 11:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2016-01-13 07:51 - 2015-12-12 11:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2016-01-13 07:51 - 2015-12-12 11:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2016-01-13 07:51 - 2015-12-12 11:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2016-01-13 07:51 - 2015-12-12 11:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2016-01-13 07:51 - 2015-12-12 11:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2016-01-13 07:51 - 2015-12-12 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2016-01-13 07:51 - 2015-12-12 11:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2016-01-13 07:51 - 2015-12-12 11:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2016-01-13 07:51 - 2015-12-12 11:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2016-01-13 07:51 - 2015-12-12 11:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2016-01-13 07:51 - 2015-12-12 11:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2016-01-13 07:51 - 2015-12-12 11:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2016-01-13 07:51 - 2015-12-12 11:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2016-01-13 07:51 - 2015-12-12 11:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2016-01-13 07:51 - 2015-12-12 11:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2016-01-13 07:51 - 2015-12-12 11:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2016-01-13 07:51 - 2015-12-12 11:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2016-01-13 07:51 - 2015-12-12 10:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2016-01-13 07:51 - 2015-12-12 10:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2016-01-13 07:51 - 2015-12-12 10:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2016-01-13 07:51 - 2015-12-12 10:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2016-01-13 07:51 - 2015-12-12 10:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2016-01-13 07:47 - 2015-12-30 13:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2016-01-13 07:47 - 2015-12-30 13:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2016-01-13 07:47 - 2015-12-30 13:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2016-01-13 07:47 - 2015-12-30 13:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2016-01-13 07:47 - 2015-12-30 13:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2016-01-13 07:47 - 2015-12-30 13:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2016-01-13 07:47 - 2015-12-30 13:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2016-01-13 07:47 - 2015-12-30 13:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2016-01-13 07:47 - 2015-12-30 13:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2016-01-13 07:47 - 2015-12-30 13:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2016-01-13 07:47 - 2015-12-30 13:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2016-01-13 07:47 - 2015-12-30 13:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2016-01-13 07:47 - 2015-12-30 13:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2016-01-13 07:47 - 2015-12-30 13:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2016-01-13 07:47 - 2015-12-30 13:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2016-01-13 07:47 - 2015-12-30 13:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2016-01-13 07:47 - 2015-12-30 13:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2016-01-13 07:47 - 2015-12-30 13:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2016-01-13 07:47 - 2015-12-30 12:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2016-01-13 07:47 - 2015-12-30 12:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2016-01-13 07:47 - 2015-12-30 12:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2016-01-13 07:47 - 2015-12-30 12:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2016-01-13 07:47 - 2015-12-30 12:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2016-01-13 07:47 - 2015-12-30 12:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2016-01-13 07:47 - 2015-12-30 12:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2016-01-13 07:47 - 2015-12-30 12:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2016-01-13 07:47 - 2015-12-30 12:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2016-01-13 07:47 - 2015-12-30 12:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll2016-01-13 07:47 - 2015-12-30 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2016-01-13 07:47 - 2015-12-30 12:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2016-01-13 07:47 - 2015-12-30 12:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2016-01-13 07:47 - 2015-12-30 12:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2016-01-13 07:47 - 2015-12-30 12:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2016-01-13 07:47 - 2015-12-30 12:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2016-01-13 07:47 - 2015-12-30 12:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2016-01-13 07:47 - 2015-12-30 12:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2016-01-13 07:47 - 2015-12-30 12:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2016-01-13 07:47 - 2015-12-30 12:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2016-01-13 07:47 - 2015-12-30 12:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2016-01-13 07:47 - 2015-12-30 12:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 11:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2016-01-13 07:47 - 2015-12-30 11:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2016-01-13 07:47 - 2015-12-30 11:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2016-01-13 07:47 - 2015-12-30 11:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2016-01-13 07:47 - 2015-12-30 11:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2016-01-13 07:47 - 2015-12-30 11:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2016-01-13 07:47 - 2015-12-30 11:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2016-01-13 07:47 - 2015-12-30 11:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2016-01-13 07:47 - 2015-12-30 11:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2016-01-13 07:47 - 2015-12-30 11:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2016-01-13 07:47 - 2015-12-30 11:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2016-01-13 07:47 - 2015-12-30 11:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2016-01-13 07:47 - 2015-12-30 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2016-01-13 07:47 - 2015-12-30 11:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll2016-01-13 07:47 - 2015-12-30 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2016-01-13 07:47 - 2015-12-08 15:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2016-01-13 07:47 - 2015-12-08 15:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2016-01-13 07:47 - 2015-12-08 13:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2016-01-13 07:47 - 2015-12-08 13:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2016-01-13 07:47 - 2015-11-16 19:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2016-01-13 07:47 - 2015-11-16 19:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2016-01-13 07:47 - 2015-11-16 19:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2016-01-13 07:47 - 2015-11-16 19:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2016-01-13 07:47 - 2015-11-16 19:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2016-01-13 07:47 - 2015-11-16 19:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2016-01-13 07:47 - 2015-11-16 14:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2016-01-11 16:41 - 2016-01-11 16:41 - 42089679 _____ C:\Users\Ivan Moreno\Downloads\Make a Subsite SP v1.wmv2016-01-11 10:56 - 2016-01-15 11:53 - 00000000 ____D C:\Users\Ivan Moreno\Desktop\New folder2016-01-07 08:48 - 2016-01-07 08:48 - 00000000 ____D C:\Users\Ivan Moreno\AppData\Roaming\LSC2016-01-06 17:02 - 2016-01-06 17:02 - 00001991 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk2016-01-06 10:50 - 2016-01-06 10:50 - 93747134 _____ C:\Users\Ivan Moreno\Downloads\Seguridad enero 2016.mp42015-12-29 13:33 - 2015-12-29 13:33 - 00536597 _____ C:\Users\Ivan Moreno\Downloads\WhistleblowerHotline1877844.wma2015-12-23 19:27 - 2015-12-23 19:27 - 08307025 _____ C:\Users\Ivan Moreno\Documents\Firmas electrónicas.zip2015-12-23 16:00 - 2015-12-31 09:43 - 00000000 ____D C:\Users\Ivan Moreno\Documents\Firmas electrónicas2015-12-22 20:54 - 2015-12-22 20:54 - 00009949 _____ C:\Users\Ivan Moreno\Downloads\Nomina2015-12-21 15:25 - 2015-12-21 15:50 - 76742656 _____ C:\Users\Ivan Moreno\Downloads\V2w-20.mp4.2lqb1z5.partial2015-12-18 11:23 - 2015-12-18 11:23 - 00224376 _____ C:\Users\Ivan Moreno\Downloads\WhistleblowerHotline1871290.wma2015-12-18 11:19 - 2015-12-18 11:19 - 00350082 _____ C:\Users\Ivan Moreno\Downloads\WhistleblowerHotline1871288.wma ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-16 16:44 - 2015-06-01 08:09 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-431013118-809749992-1248859224-1001UA.job2016-01-16 16:43 - 2014-01-08 11:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2016-01-16 16:43 - 2009-07-13 21:20 - 00000000 ____D C:\Windows2016-01-16 16:42 - 2009-07-13 23:13 - 00785942 _____ C:\Windows\system32\PerfStringBackup.INI2016-01-16 16:42 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf2016-01-16 16:38 - 2015-02-21 17:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2016-01-16 16:36 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2016-01-16 15:55 - 2009-07-13 22:45 - 00022400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02016-01-16 15:55 - 2009-07-13 22:45 - 00022400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02016-01-15 13:57 - 2015-05-04 12:05 - 00000000 ____D C:\Users\Ivan Moreno\AppData\LocalLow\Temp2016-01-15 10:44 - 2015-06-01 08:09 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-431013118-809749992-1248859224-1001Core.job2016-01-15 06:54 - 2015-02-21 17:00 - 00000000 ____D C:\Program Files (x86)\TeamViewer2016-01-14 21:13 - 2014-01-08 11:22 - 00000000 ____D C:\ProgramData\Microsoft Help2016-01-14 21:12 - 2015-02-23 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2016-01-14 21:12 - 2014-01-08 11:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 20132016-01-14 21:11 - 2015-02-23 15:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight2016-01-14 21:11 - 2015-02-23 15:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2016-01-14 21:10 - 2014-08-15 19:57 - 00000000 ____D C:\Windows\system32\MRT2016-01-14 21:05 - 2014-08-15 19:57 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2016-01-14 21:04 - 2009-07-13 20:34 - 00000478 _____ C:\Windows\win.ini2016-01-14 17:19 - 2015-02-21 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2016-01-14 17:19 - 2015-02-21 17:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2016-01-14 07:57 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache2016-01-14 07:30 - 2015-09-21 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit2016-01-14 07:18 - 2009-07-13 22:45 - 00433760 _____ C:\Windows\system32\FNTCACHE.DAT2016-01-14 07:17 - 2015-02-21 15:22 - 00000000 ___SD C:\Windows\system32\CompatTel2016-01-14 07:17 - 2015-02-21 15:22 - 00000000 ____D C:\Windows\system32\appraiser2016-01-13 19:40 - 2015-02-21 12:51 - 00000000 ____D C:\ProgramData\Package Cache2016-01-12 20:55 - 2014-01-08 11:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2016-01-06 17:02 - 2015-02-21 12:43 - 00000000 ____D C:\Program Files\Lenovo2016-01-06 17:02 - 2015-02-21 12:35 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo2016-01-06 17:02 - 2015-02-21 11:53 - 00000000 ____D C:\Program Files (x86)\Lenovo2016-01-06 17:02 - 2015-02-21 11:49 - 00000000 ____D C:\Windows\Downloaded Installations2016-01-06 16:59 - 2015-02-21 12:34 - 00000000 ____D C:\ProgramData\Lenovo2016-01-06 16:58 - 2015-02-21 12:37 - 00000000 ____D C:\Windows\System32\Tasks\TVT2016-01-06 16:58 - 2015-02-21 11:54 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools2016-01-04 09:44 - 2014-01-08 11:30 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2016-01-04 09:44 - 2014-01-08 11:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2016-01-04 09:44 - 2014-01-08 11:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-12-31 10:24 - 2015-02-28 10:51 - 00000000 ____D C:\Users\Ivan Moreno\AppData\Roaming\TeamViewer2015-12-31 09:43 - 2015-04-01 10:43 - 00000000 ____D C:\Users\Ivan Moreno\Documents\Temporal2015-12-21 08:31 - 2009-07-13 23:08 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-12-18 09:56 - 2015-04-17 11:13 - 00000000 ____D C:\Users\Ivan Moreno\Documents\Formato semanal Some files in TEMP:====================C:\Users\fcfs\AppData\Local\Temp\jre-8u31-windows-au.exeC:\Users\Ivan Moreno\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-11 08:55 ==================== End of FRST.txt ============================Addition.txt Link to post Share on other sites More sharing options...
cell512 Posted January 16, 2016 Author ID:1013068 Share Posted January 16, 2016 Kevin, I didnt find the log called Shortcut.txt only the Addition.txtThank you, I will now wait for your instructions. Link to post Share on other sites More sharing options...
kevinf80 Posted January 16, 2016 ID:1013070 Share Posted January 16, 2016 Yes ignore shortcut request, is my mistake... Continue please: Reset your router, instructons available at the following link:http://setuprouter.com/networking/how-to-reset-your-router/Follow those instructions very carefully.Next,Download and unzip DNSJumper to your Desktop, the tool is portable no installation necessary.Tool can be downloaded here: http://www.sordum.org/downloads/?dns-jumperRight click on Dnsjumper.exe and select "Run as Administrator" to start the tool, For XP just double click to run.From the left hand pane select "Flush DNS"From the main interface select the dropdown under "Choose a DNS Server"From the list select either "Google Public DNS" or "Open DNS"From the left hand pane select "Apply DNS"When done re-boot your system.... Let me know if your system responds better..... Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs.... Link to post Share on other sites More sharing options...
cell512 Posted January 16, 2016 Author ID:1013074 Share Posted January 16, 2016 Ok Kevin, I will follow your instructions and then comment... Thank you!!! Link to post Share on other sites More sharing options...
kevinf80 Posted January 16, 2016 ID:1013075 Share Posted January 16, 2016 Ok.... Link to post Share on other sites More sharing options...
cell512 Posted January 17, 2016 Author ID:1013087 Share Posted January 17, 2016 Kevin I made the reset of my router and there was no need for Internet configuration. After a minute I got Internet back!I changed the DNS using your software and rebooted my latop. pop ups came back, still not clean. I will post the logs now. Thank you!!! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01Ran by Ivan.Moreno (administrator) on RMG_LP_PBHFE23 (16-01-2016 18:13:33)Running from C:\Users\Ivan Moreno\DesktopLoaded Profiles: Ivan.Moreno (Available Profiles: fcfs & Ivan.Moreno & backdoor)Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler64.exe(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe(Google Inc.) C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitorHKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-431013118-809749992-1248859224-1001\...\Run: [Google Update] => C:\Users\Ivan Moreno\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-06-01] (Google Inc.)HKU\S-1-5-21-431013118-809749992-1248859224-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)HKU\S-1-5-18\...\RunOnce: [ ISSetupPrerequisistes] => "C:\ProgramData\Lenovo\SystemUpdate\session\Repository\lscsetup_x64_28004_7\securedfolder\lscsetup_x64_28004.exe" /s /v"/qn /norestart REBOOT=ReallySuppress"Lsa: [Notification Packages] scecli ACGinaStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2015-02-21]ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.213.1.11 10.213.5.15Tcpip\..\Interfaces\{09D2DC1F-A686-447C-AD31-33D0CBCCEE79}: [NameServer] 8.8.8.8,8.8.4.4,192.168.0.1Tcpip\..\Interfaces\{09D2DC1F-A686-447C-AD31-33D0CBCCEE79}: [DhcpNameServer] 10.213.1.11 10.213.5.15Tcpip\..\Interfaces\{5D3BA6DD-1A47-4D3D-B40B-F7AB60135A7B}: [NameServer] 8.8.8.8,8.8.4.4,10.103.67.254 Internet Explorer:==================HKU\S-1-5-21-431013118-809749992-1248859224-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://login.microsoftonline.com/SearchScopes: HKU\S-1-5-21-431013118-809749992-1248859224-1001 -> {FB0F028C-29CC-4C9A-8029-54EE22AAF8A4} URL = hxxps://www.google.com/search?q={searchTerms}BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-27] (Oracle Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-27] (Oracle Corporation)BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-27] (Oracle Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-27] (Oracle Corporation) FireFox:========FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-27] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-27] (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2014-07-09] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2014-07-09] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-27] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-27] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-431013118-809749992-1248859224-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ivan Moreno\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)FF Plugin HKU\S-1-5-21-431013118-809749992-1248859224-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ivan Moreno\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation) Chrome: =======CHR Profile: C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (BIODIGITAL HUMAN) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-06-01]CHR Extension: (Duolingo on the Web) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-06-01]CHR Extension: (Google Drive) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-20]CHR Extension: (YouTube) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-01]CHR Extension: (Spotify - Music for every moment) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-06-01]CHR Extension: (Google Search) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-01]CHR Extension: (Gun Blood) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbkahmbgcfjocgliikbkfiieemcjkoj [2015-06-01]CHR Extension: (Box) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-06-01]CHR Extension: (EWC Presenter) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdginhbdpekijhadlcniofmnmpbgdkjd [2015-06-01]CHR Extension: (Pixlr Express) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2015-06-01]CHR Extension: (Pixlr Editor) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-06-01]CHR Extension: (Build with Chrome) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2015-06-01]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-01]CHR Extension: (Sketchpad) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2015-06-01]CHR Extension: (Google Classroom) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2015-06-01]CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2015-06-01]CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]CHR Extension: (Deezer) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2015-06-01]CHR Extension: (Gmail) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-01]CHR Extension: (Canvas Rider) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-06-01]CHR Profile: C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-09-02]CHR Extension: (Duolingo on the Web) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-09-02]CHR Extension: (Google Drive) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-24]CHR Extension: (YouTube) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-24]CHR Extension: (Spotify - Music for every moment) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-09-02]CHR Extension: (Google Search) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-24]CHR Extension: (Gun Blood) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cpbkahmbgcfjocgliikbkfiieemcjkoj [2015-09-02]CHR Extension: (Box) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-09-02]CHR Extension: (EWC Presenter) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdginhbdpekijhadlcniofmnmpbgdkjd [2015-09-02]CHR Extension: (Pixlr Editor) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-09-02]CHR Extension: (Build with Chrome) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2015-09-02]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-24]CHR Extension: (Sketchpad) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2015-09-02]CHR Extension: (Google Classroom) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2015-09-02]CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2015-09-02]CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-24]CHR Extension: (Deezer) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2015-09-02]CHR Extension: (Gmail) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-24]CHR Extension: (Canvas Rider) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-09-02]CHR Profile: C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2CHR Extension: (Google Slides) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-02]CHR Extension: (Google Docs) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-03]CHR Extension: (Google Drive) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]CHR Extension: (YouTube) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]CHR Extension: (Google Search) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]CHR Extension: (Google Sheets) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-02]CHR Extension: (Google Docs Offline) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-02]CHR Extension: (Gmail) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-03]CHR Profile: C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-11-12]CHR Extension: (Duolingo on the Web) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-11-12]CHR Extension: (Google Drive) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12]CHR Extension: (YouTube) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-12]CHR Extension: (Spotify - Music for every moment) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-11-12]CHR Extension: (Google Search) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]CHR Extension: (Gun Blood) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cpbkahmbgcfjocgliikbkfiieemcjkoj [2015-11-12]CHR Extension: (Box) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-11-12]CHR Extension: (Google Docs Offline) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-12]CHR Extension: (EWC Presenter) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hdginhbdpekijhadlcniofmnmpbgdkjd [2015-11-12]CHR Extension: (Pixlr Editor) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2015-11-12]CHR Extension: (Build with Chrome) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2015-11-12]CHR Extension: (Sketchpad) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2015-11-12]CHR Extension: (Google Classroom) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2015-11-12]CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2015-11-12]CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-12]CHR Extension: (Deezer) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2015-11-12]CHR Extension: (Gmail) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-12]CHR Extension: (Privacy Badger) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2015-11-12]CHR Extension: (Canvas Rider) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-11-12]CHR Profile: C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 5CHR Profile: C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6CHR Extension: (Google Slides) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-17]CHR Extension: (Google Docs) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-17]CHR Extension: (Google Drive) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-17]CHR Extension: (YouTube) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-17]CHR Extension: (Google Search) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-17]CHR Extension: (Session Buddy) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-12-31]CHR Extension: (Google Sheets) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-17]CHR Extension: (Google Docs Offline) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]CHR Extension: (Cisco WebEx Extension) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-01-15]CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-17]CHR Extension: (Gmail) - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-17]StartMenuInternet: Google Chrome.PF7CAFPGK2LBCHDWMDMKWYWIKI - C:\Users\Ivan Moreno\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-11-14] (Lenovo.)S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2015-11-11] ()R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-16] (Malwarebytes)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-16 18:13 - 2016-01-16 18:14 - 00029271 _____ C:\Users\Ivan Moreno\Desktop\FRST.txt2016-01-16 18:12 - 2016-01-16 16:42 - 02370560 _____ (Farbar) C:\Users\Ivan Moreno\Desktop\FRST64.exe2016-01-16 17:29 - 2016-01-16 17:29 - 00647111 _____ C:\Users\Ivan Moreno\Downloads\DnsJumper.zip2016-01-16 17:29 - 2016-01-16 17:29 - 00647111 _____ C:\Users\Ivan Moreno\Desktop\DnsJumper.zip2016-01-16 17:29 - 2016-01-16 17:29 - 00000000 ____D C:\Users\Ivan Moreno\Desktop\DnsJumper2016-01-16 16:44 - 2016-01-16 16:45 - 00030670 _____ C:\Users\Ivan Moreno\Downloads\Addition.txt2016-01-16 16:43 - 2016-01-16 18:13 - 00000000 ____D C:\FRST2016-01-16 16:43 - 2016-01-16 16:45 - 00070276 _____ C:\Users\Ivan Moreno\Downloads\FRST.txt2016-01-16 16:42 - 2016-01-16 16:42 - 02370560 _____ (Farbar) C:\Users\Ivan Moreno\Downloads\FRST64.exe2016-01-16 16:31 - 2016-01-16 16:35 - 00000000 ____D C:\AdwCleaner2016-01-16 16:30 - 2016-01-16 16:30 - 01754112 _____ C:\Users\Ivan Moreno\Downloads\AdwCleaner.exe2016-01-15 13:58 - 2016-01-15 13:58 - 00000000 ____D C:\Users\Ivan Moreno\AppData\Roaming\webex2016-01-15 13:57 - 2016-01-15 15:05 - 00000000 ____D C:\Users\Ivan Moreno\AppData\LocalLow\WebEx2016-01-15 13:57 - 2016-01-15 13:58 - 00000000 ____D C:\ProgramData\WebEx2016-01-15 13:57 - 2016-01-15 13:57 - 00708280 _____ (Cisco WebEx LLC) C:\Users\Ivan Moreno\Downloads\Cisco_WebEx_Add-On.exe2016-01-15 13:57 - 2016-01-15 13:57 - 00000000 ____D C:\Users\Ivan Moreno\AppData\Roaming\Mozilla2016-01-15 13:57 - 2016-01-15 13:57 - 00000000 ____D C:\Users\Ivan Moreno\AppData\Local\WebEx2016-01-14 17:17 - 2016-01-14 17:19 - 22908888 _____ (Malwarebytes ) C:\Users\Ivan Moreno\Downloads\mbam-setup-web.NT-2.2.0.1024.exe2016-01-14 12:00 - 2016-01-14 12:00 - 02017853 _____ C:\Users\Ivan Moreno\Downloads\QUICK TEAM-BUILDING ACTIVITIES FOR BUSY MANAGERS.pdf2016-01-13 07:52 - 2015-12-11 12:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2016-01-13 07:52 - 2015-12-08 15:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2016-01-13 07:52 - 2015-12-08 15:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll2016-01-13 07:52 - 2015-12-08 15:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL2016-01-13 07:52 - 2015-12-08 15:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2016-01-13 07:52 - 2015-12-08 15:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax2016-01-13 07:52 - 2015-12-08 15:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL2016-01-13 07:52 - 2015-12-08 15:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll2016-01-13 07:52 - 2015-12-08 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2016-01-13 07:52 - 2015-12-08 15:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2016-01-13 07:52 - 2015-12-08 15:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll2016-01-13 07:52 - 2015-12-08 15:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2016-01-13 07:52 - 2015-12-08 13:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2016-01-13 07:52 - 2015-12-08 13:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2016-01-13 07:52 - 2015-12-08 13:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2016-01-13 07:52 - 2015-12-08 13:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll2016-01-13 07:52 - 2015-12-08 13:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll2016-01-13 07:52 - 2015-12-08 13:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll2016-01-13 07:52 - 2015-12-08 13:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL2016-01-13 07:52 - 2015-12-08 13:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll2016-01-13 07:52 - 2015-12-08 13:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2016-01-13 07:52 - 2015-12-08 13:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll2016-01-13 07:52 - 2015-12-08 13:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax2016-01-13 07:52 - 2015-12-08 13:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2016-01-13 07:52 - 2015-12-08 13:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2016-01-13 07:52 - 2015-12-08 12:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys2016-01-13 07:52 - 2015-12-08 12:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys2016-01-13 07:52 - 2015-12-08 12:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys2016-01-13 07:52 - 2015-12-08 11:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2016-01-13 07:52 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll2016-01-13 07:52 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll2016-01-13 07:52 - 2015-11-13 17:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe2016-01-13 07:52 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll2016-01-13 07:52 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll2016-01-13 07:52 - 2015-11-13 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe2016-01-13 07:51 - 2015-12-23 17:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2016-01-13 07:51 - 2015-12-23 16:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2016-01-13 07:51 - 2015-12-12 12:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2016-01-13 07:51 - 2015-12-12 12:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2016-01-13 07:51 - 2015-12-12 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2016-01-13 07:51 - 2015-12-12 12:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2016-01-13 07:51 - 2015-12-12 12:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2016-01-13 07:51 - 2015-12-12 12:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2016-01-13 07:51 - 2015-12-12 12:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2016-01-13 07:51 - 2015-12-12 12:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2016-01-13 07:51 - 2015-12-12 12:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2016-01-13 07:51 - 2015-12-12 12:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2016-01-13 07:51 - 2015-12-12 12:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2016-01-13 07:51 - 2015-12-12 12:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2016-01-13 07:51 - 2015-12-12 12:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2016-01-13 07:51 - 2015-12-12 12:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2016-01-13 07:51 - 2015-12-12 12:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2016-01-13 07:51 - 2015-12-12 12:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2016-01-13 07:51 - 2015-12-12 12:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2016-01-13 07:51 - 2015-12-12 12:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2016-01-13 07:51 - 2015-12-12 11:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2016-01-13 07:51 - 2015-12-12 11:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2016-01-13 07:51 - 2015-12-12 11:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2016-01-13 07:51 - 2015-12-12 11:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2016-01-13 07:51 - 2015-12-12 11:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2016-01-13 07:51 - 2015-12-12 11:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2016-01-13 07:51 - 2015-12-12 11:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2016-01-13 07:51 - 2015-12-12 11:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2016-01-13 07:51 - 2015-12-12 11:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2016-01-13 07:51 - 2015-12-12 11:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2016-01-13 07:51 - 2015-12-12 11:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2016-01-13 07:51 - 2015-12-12 11:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2016-01-13 07:51 - 2015-12-12 11:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2016-01-13 07:51 - 2015-12-12 11:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2016-01-13 07:51 - 2015-12-12 11:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2016-01-13 07:51 - 2015-12-12 11:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2016-01-13 07:51 - 2015-12-12 11:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2016-01-13 07:51 - 2015-12-12 11:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2016-01-13 07:51 - 2015-12-12 11:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2016-01-13 07:51 - 2015-12-12 11:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2016-01-13 07:51 - 2015-12-12 11:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2016-01-13 07:51 - 2015-12-12 11:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2016-01-13 07:51 - 2015-12-12 11:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2016-01-13 07:51 - 2015-12-12 11:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2016-01-13 07:51 - 2015-12-12 11:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2016-01-13 07:51 - 2015-12-12 11:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2016-01-13 07:51 - 2015-12-12 11:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2016-01-13 07:51 - 2015-12-12 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2016-01-13 07:51 - 2015-12-12 11:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2016-01-13 07:51 - 2015-12-12 11:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2016-01-13 07:51 - 2015-12-12 11:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2016-01-13 07:51 - 2015-12-12 11:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2016-01-13 07:51 - 2015-12-12 11:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2016-01-13 07:51 - 2015-12-12 11:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2016-01-13 07:51 - 2015-12-12 11:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2016-01-13 07:51 - 2015-12-12 11:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2016-01-13 07:51 - 2015-12-12 11:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2016-01-13 07:51 - 2015-12-12 11:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2016-01-13 07:51 - 2015-12-12 11:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2016-01-13 07:51 - 2015-12-12 10:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2016-01-13 07:51 - 2015-12-12 10:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2016-01-13 07:51 - 2015-12-12 10:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2016-01-13 07:51 - 2015-12-12 10:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2016-01-13 07:51 - 2015-12-12 10:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2016-01-13 07:47 - 2015-12-30 13:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2016-01-13 07:47 - 2015-12-30 13:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2016-01-13 07:47 - 2015-12-30 13:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2016-01-13 07:47 - 2015-12-30 13:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2016-01-13 07:47 - 2015-12-30 13:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2016-01-13 07:47 - 2015-12-30 13:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2016-01-13 07:47 - 2015-12-30 13:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2016-01-13 07:47 - 2015-12-30 13:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2016-01-13 07:47 - 2015-12-30 13:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2016-01-13 07:47 - 2015-12-30 13:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2016-01-13 07:47 - 2015-12-30 13:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2016-01-13 07:47 - 2015-12-30 13:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2016-01-13 07:47 - 2015-12-30 13:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2016-01-13 07:47 - 2015-12-30 13:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2016-01-13 07:47 - 2015-12-30 13:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2016-01-13 07:47 - 2015-12-30 13:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2016-01-13 07:47 - 2015-12-30 13:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2016-01-13 07:47 - 2015-12-30 13:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2016-01-13 07:47 - 2015-12-30 12:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2016-01-13 07:47 - 2015-12-30 12:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2016-01-13 07:47 - 2015-12-30 12:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2016-01-13 07:47 - 2015-12-30 12:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2016-01-13 07:47 - 2015-12-30 12:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2016-01-13 07:47 - 2015-12-30 12:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2016-01-13 07:47 - 2015-12-30 12:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2016-01-13 07:47 - 2015-12-30 12:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2016-01-13 07:47 - 2015-12-30 12:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2016-01-13 07:47 - 2015-12-30 12:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll2016-01-13 07:47 - 2015-12-30 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2016-01-13 07:47 - 2015-12-30 12:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2016-01-13 07:47 - 2015-12-30 12:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2016-01-13 07:47 - 2015-12-30 12:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2016-01-13 07:47 - 2015-12-30 12:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2016-01-13 07:47 - 2015-12-30 12:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2016-01-13 07:47 - 2015-12-30 12:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2016-01-13 07:47 - 2015-12-30 12:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2016-01-13 07:47 - 2015-12-30 12:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2016-01-13 07:47 - 2015-12-30 12:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2016-01-13 07:47 - 2015-12-30 12:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2016-01-13 07:47 - 2015-12-30 12:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2016-01-13 07:47 - 2015-12-30 12:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 11:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2016-01-13 07:47 - 2015-12-30 11:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2016-01-13 07:47 - 2015-12-30 11:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2016-01-13 07:47 - 2015-12-30 11:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2016-01-13 07:47 - 2015-12-30 11:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2016-01-13 07:47 - 2015-12-30 11:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2016-01-13 07:47 - 2015-12-30 11:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2016-01-13 07:47 - 2015-12-30 11:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2016-01-13 07:47 - 2015-12-30 11:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2016-01-13 07:47 - 2015-12-30 11:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2016-01-13 07:47 - 2015-12-30 11:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2016-01-13 07:47 - 2015-12-30 11:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2016-01-13 07:47 - 2015-12-30 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2016-01-13 07:47 - 2015-12-30 11:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll2016-01-13 07:47 - 2015-12-30 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2016-01-13 07:47 - 2015-12-30 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2016-01-13 07:47 - 2015-12-08 15:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2016-01-13 07:47 - 2015-12-08 15:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2016-01-13 07:47 - 2015-12-08 13:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2016-01-13 07:47 - 2015-12-08 13:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2016-01-13 07:47 - 2015-11-16 19:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2016-01-13 07:47 - 2015-11-16 19:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2016-01-13 07:47 - 2015-11-16 19:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2016-01-13 07:47 - 2015-11-16 19:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2016-01-13 07:47 - 2015-11-16 19:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2016-01-13 07:47 - 2015-11-16 19:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2016-01-13 07:47 - 2015-11-16 14:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2016-01-11 16:41 - 2016-01-11 16:41 - 42089679 _____ C:\Users\Ivan Moreno\Downloads\Make a Subsite SP v1.wmv2016-01-11 10:56 - 2016-01-15 11:53 - 00000000 ____D C:\Users\Ivan Moreno\Desktop\New folder2016-01-07 08:48 - 2016-01-07 08:48 - 00000000 ____D C:\Users\Ivan Moreno\AppData\Roaming\LSC2016-01-06 17:02 - 2016-01-06 17:02 - 00001991 _____ C:\Users\Public\Desktop\Lenovo Solution Center.lnk2016-01-06 10:50 - 2016-01-06 10:50 - 93747134 _____ C:\Users\Ivan Moreno\Downloads\Seguridad enero 2016.mp42015-12-29 13:33 - 2015-12-29 13:33 - 00536597 _____ C:\Users\Ivan Moreno\Downloads\WhistleblowerHotline1877844.wma2015-12-23 19:27 - 2015-12-23 19:27 - 08307025 _____ C:\Users\Ivan Moreno\Documents\Firmas electrónicas.zip2015-12-23 16:00 - 2015-12-31 09:43 - 00000000 ____D C:\Users\Ivan Moreno\Documents\Firmas electrónicas2015-12-22 20:54 - 2015-12-22 20:54 - 00009949 _____ C:\Users\Ivan Moreno\Downloads\Nomina2015-12-21 15:25 - 2015-12-21 15:50 - 76742656 _____ C:\Users\Ivan Moreno\Downloads\V2w-20.mp4.2lqb1z5.partial2015-12-18 11:23 - 2015-12-18 11:23 - 00224376 _____ C:\Users\Ivan Moreno\Downloads\WhistleblowerHotline1871290.wma2015-12-18 11:19 - 2015-12-18 11:19 - 00350082 _____ C:\Users\Ivan Moreno\Downloads\WhistleblowerHotline1871288.wma ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-16 18:09 - 2015-02-21 17:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2016-01-16 18:08 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2016-01-16 17:44 - 2015-06-01 08:09 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-431013118-809749992-1248859224-1001UA.job2016-01-16 17:43 - 2014-01-08 11:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2016-01-16 16:44 - 2009-07-13 22:45 - 00022400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02016-01-16 16:44 - 2009-07-13 22:45 - 00022400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02016-01-16 16:44 - 2009-07-13 21:20 - 00000000 ____D C:\Windows2016-01-16 16:42 - 2009-07-13 23:13 - 00785942 _____ C:\Windows\system32\PerfStringBackup.INI2016-01-16 16:42 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf2016-01-15 13:57 - 2015-05-04 12:05 - 00000000 ____D C:\Users\Ivan Moreno\AppData\LocalLow\Temp2016-01-15 10:44 - 2015-06-01 08:09 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-431013118-809749992-1248859224-1001Core.job2016-01-15 06:54 - 2015-02-21 17:00 - 00000000 ____D C:\Program Files (x86)\TeamViewer2016-01-14 21:13 - 2014-01-08 11:22 - 00000000 ____D C:\ProgramData\Microsoft Help2016-01-14 21:12 - 2015-02-23 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2016-01-14 21:12 - 2014-01-08 11:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 20132016-01-14 21:11 - 2015-02-23 15:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight2016-01-14 21:11 - 2015-02-23 15:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2016-01-14 21:10 - 2014-08-15 19:57 - 00000000 ____D C:\Windows\system32\MRT2016-01-14 21:05 - 2014-08-15 19:57 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2016-01-14 21:04 - 2009-07-13 20:34 - 00000478 _____ C:\Windows\win.ini2016-01-14 17:19 - 2015-02-21 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2016-01-14 17:19 - 2015-02-21 17:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2016-01-14 07:57 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache2016-01-14 07:30 - 2015-09-21 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit2016-01-14 07:18 - 2009-07-13 22:45 - 00433760 _____ C:\Windows\system32\FNTCACHE.DAT2016-01-14 07:17 - 2015-02-21 15:22 - 00000000 ___SD C:\Windows\system32\CompatTel2016-01-14 07:17 - 2015-02-21 15:22 - 00000000 ____D C:\Windows\system32\appraiser2016-01-13 19:40 - 2015-02-21 12:51 - 00000000 ____D C:\ProgramData\Package Cache2016-01-12 20:55 - 2014-01-08 11:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2016-01-06 17:02 - 2015-02-21 12:43 - 00000000 ____D C:\Program Files\Lenovo2016-01-06 17:02 - 2015-02-21 12:35 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo2016-01-06 17:02 - 2015-02-21 11:53 - 00000000 ____D C:\Program Files (x86)\Lenovo2016-01-06 17:02 - 2015-02-21 11:49 - 00000000 ____D C:\Windows\Downloaded Installations2016-01-06 16:59 - 2015-02-21 12:34 - 00000000 ____D C:\ProgramData\Lenovo2016-01-06 16:58 - 2015-02-21 12:37 - 00000000 ____D C:\Windows\System32\Tasks\TVT2016-01-06 16:58 - 2015-02-21 11:54 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools2016-01-04 09:44 - 2014-01-08 11:30 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2016-01-04 09:44 - 2014-01-08 11:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2016-01-04 09:44 - 2014-01-08 11:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-12-31 10:24 - 2015-02-28 10:51 - 00000000 ____D C:\Users\Ivan Moreno\AppData\Roaming\TeamViewer2015-12-31 09:43 - 2015-04-01 10:43 - 00000000 ____D C:\Users\Ivan Moreno\Documents\Temporal2015-12-21 08:31 - 2009-07-13 23:08 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-12-18 09:56 - 2015-04-17 11:13 - 00000000 ____D C:\Users\Ivan Moreno\Documents\Formato semanal Some files in TEMP:====================C:\Users\fcfs\AppData\Local\Temp\jre-8u31-windows-au.exeC:\Users\Ivan Moreno\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-11 08:55 ==================== End of FRST.txt ============================Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 17, 2016 ID:1013089 Share Posted January 17, 2016 mmm, DNS settings are correct now, what popups do you see, are these happening with browser open? Link to post Share on other sites More sharing options...
cell512 Posted January 17, 2016 Author ID:1013091 Share Posted January 17, 2016 I was trying to capture some screenshots of the popups, but now they don´t show again....I dont know why, just a few minutes ago 2 of them showed, but not now...When they show up is when I navigate the web.And also I can see that content in pages display much, much faster!!! Link to post Share on other sites More sharing options...
kevinf80 Posted January 17, 2016 ID:1013093 Share Posted January 17, 2016 Which browser does this affect, or more than one browser? Link to post Share on other sites More sharing options...
cell512 Posted January 17, 2016 Author ID:1013094 Share Posted January 17, 2016 More than one... in my case I am using IE and Chrome.I don´t know if this is helpful or not, but I have a cellphone (android) with more or less the same issues. In the case of the cellphone, if I navigate or click on a link after some seconds it will display that I got a virus and that I should buy an antivirus, but you can tell it is a fake webpage. Link to post Share on other sites More sharing options...
kevinf80 Posted January 17, 2016 ID:1013096 Share Posted January 17, 2016 Ok, I want you to make clean install of Chrome, see if that clears the popups on Chrome..... If your Chrome Bookmarks are important do this first:Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....Continue for a clean install:Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.htmlInstall Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb is Chrome now popup free? Link to post Share on other sites More sharing options...
cell512 Posted January 17, 2016 Author ID:1013097 Share Posted January 17, 2016 Ok Kevin, I will do that!!! Just before I proceed with that I will post 2 images.I was browsing some site in Mexico similar to ebay and when I tried to select some text, it was like an invisible wall that I clicked on, becase another webpage tried to open and Malwarebytes blocked the web page. I will now complete your instructions!!! Thank you!!! Link to post Share on other sites More sharing options...
kevinf80 Posted January 17, 2016 ID:1013099 Share Posted January 17, 2016 yes it look like Chrome is exploited, see what happens with the clean install.... Its getting late for me, 1:15am i`m logging off very shortly, will catch up later... Link to post Share on other sites More sharing options...
cell512 Posted January 17, 2016 Author ID:1013104 Share Posted January 17, 2016 Kevin I just did what you told me. I will continue continue to browse and see it this solved the problem!Thank you for you assistance and I contribute to your cause!Thank you Kevin!I will keep you posted tomorrow or on Monday!!! Have a good rest and thank you again! Link to post Share on other sites More sharing options...
kevinf80 Posted January 17, 2016 ID:1013171 Share Posted January 17, 2016 Thanks for ther update, yes please let me know the outcome of Chrome clean install... Link to post Share on other sites More sharing options...
cell512 Posted January 17, 2016 Author ID:1013212 Share Posted January 17, 2016 Kevin good morning,It seems that you have solved my problem. Thank you very much for your help!I made a small donation, the economic situation here in Mexico is not very good! One more question, do you recommend and good antivirus or set of tools for protection that I should use?Thank you for all!!! Link to post Share on other sites More sharing options...
kevinf80 Posted January 17, 2016 ID:1013247 Share Posted January 17, 2016 Thank you for the update and thank you very much for the donation, I appreciate your kindness. If no remaining issues or concerns run the following to clean up: Download "Delfix by Xplode" and save it to your desktop.Or use the following if first link is down:"Delfix link mirror"If your security program alerts to Delfix either, accept the alert or turn your security off.Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administratorMake Sure the following items are checked: Remove disinfection tools Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settingsNow click on "Run" and wait patiently until the tool has completed.The tool will create a log when it has completed. We don't need you to post this.Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner?Take care and surf safeKevin... Link to post Share on other sites More sharing options...
cell512 Posted January 17, 2016 Author ID:1013257 Share Posted January 17, 2016 I sure will Kevin!!Thank you very much for all!!!You too take care!! Link to post Share on other sites More sharing options...
kevinf80 Posted January 17, 2016 ID:1013262 Share Posted January 17, 2016 You`re very welcome, come back anytime... Regards, Kevin..... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 18, 2016 Root Admin ID:1013329 Share Posted January 18, 2016 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts