Jump to content

Adware in PC even after scanning with Malwarebytes AntiMalware


Recommended Posts

Hello everyone.

 

I just signed in a few moments ago. The Anti-Malware program worked great in the last days since installation, but now this is becoming a more serious problem. I know what rules says about uTorrent and I believe it is the cause of the adware spam. 

 

Like a week ago I was searching for a soundtrack to download and found a torrent for it. At the time I didn't have the application so I downloaded it. After that, sometimes when I accesed web pages that were not Facebook, Youtube, or any derived page of Google, I would get some advertising (was it sending me to a new page or including in the actual page. At the time it was not so invasive but still identified it was an adware. Made a scan with AntiMalware, found some things and deleted them.

 

Only last like one or two days when ads start poping again. I have made several scans and even if AntiMalware finds something the browser stays same. Worst part is that now I can't browse peacefully cause almost every page redirects me to any ad or if they load en the page they completely destroy the design and even don't show anything (just a blank space with the label of "by SOMEPAGE") and an eternal page loading. uTorrent is now unistalled but guess it just doesn't care now.

 

I'm worried about this cause maybe it is taking a priority on my internet connection and even another applications that use it may be affected.

 

Here are the logs of AntiMalware and FRST.

 

Malwarebytes Anti-Malware (if there is any issues cause of the language, let me know)

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Fecha del análisis: 27/02/2016
Hora del análisis: 01:41 p. m.
Archivo de registro: 
Administrador: Sí
 
Versión: 2.2.0.1024
Base de datos de malwares: v2016.02.27.03
Base de datos de rootkits: v2016.02.27.01
Licencia: Prueba
Protección contra el malware: Activado
Protección contra sitios web maliciosos: Activado
Autoprotección: Desactivado
 
SO: Windows 10
CPU: x64
Sistema de archivos: NTFS
Usuario: Gustavo
 
Tipo de análisis: Análisis de amenazas
Resultado: Completado
Objetos analizados: 670066
Tiempo transcurrido: 2 hr, 5 min, 46 seg
 
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Advertencia
PUM: Advertencia
 
Procesos: 0
(No hay elementos maliciosos detectados)
 
Módulos: 0
(No hay elementos maliciosos detectados)
 
Claves del registro: 2
PUP.Optional.GoSearchMe, HKU\S-1-5-21-3103581204-310264570-3553376325-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}, En cuarentena, [bff0da8b6c2dec4aaaf12782f50dee12], 
PUP.Optional.GoSearchMe, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}, En cuarentena, [bff0da8b6c2dec4aaaf12782f50dee12], 
 
Valores del registro: 2
PUP.Optional.ProtectedIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}|URL, https://search.protectedio.com/search.php/?q={searchTerms}&u=f69839da7b1cbdbe362f20b8cc3fd1e9&c=p1&src=srch&inst=1456470469,En cuarentena, [16995a0b7c1d90a60a18928ea06453ad]
PUP.Optional.ProtectedIO, HKU\S-1-5-21-3103581204-310264570-3553376325-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}|URL, https://search.protectedio.com/search.php/?q={searchTerms}&u=f69839da7b1cbdbe362f20b8cc3fd1e9&c=p1&src=srch&inst=1456470469,En cuarentena, [cee1d49198018fa72ef35ec213f18878]
 
Datos del registro: 1
 
Carpetas: 0
(No hay elementos maliciosos detectados)
 
Archivos: 4
PUP.Optional.UTop, C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, En cuarentena, [f1be97ce30698aac5e32fe1c996b02fe], 
PUP.Optional.UTop, C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, En cuarentena, [d3dce5800396b5814a4675a5e61e8e72], 
PUP.Optional.CrossRider, C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Se eliminará al reiniciar, [545bf3724554bf77da2295d393718a76], 
PUP.Optional.CrossRider, C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Se eliminará al reiniciar, [4f602c397326b97ddd1f3c2c5aaae61a], 
 
Sectores físicos: 0
(No hay elementos maliciosos detectados)
 
 
(end)
FRST.txt
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016

Ran by Gustavo (administrator) on CURSED (27-02-2016 12:55:49)
Running from C:\Users\Gustavo\Downloads
Loaded Profiles: Gustavo &  (Available Profiles: Gustavo & Administrador)
Platform: Windows 10 Home Single Language (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\WINDOWS\System32\hpservice.exe
(Arcai.com) C:\Program Files (x86)\netcut\services\aips.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\WINDWS\SysWOW64\irstrtsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
(Intel Corporation) C:\WINDOWS\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Gustavo\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Gustavo\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteWMPMonitor.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-07-17] (EasyBits Software AS)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1627032 2015-01-28] (Autodesk, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [522784 2015-11-16] (Autodesk Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3103581204-310264570-3553376325-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-3103581204-310264570-3553376325-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Gustavo\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3103581204-310264570-3553376325-1001\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [74144 2012-09-28] (Hewlett-Packard Company)
HKU\S-1-5-21-3103581204-310264570-3553376325-1001\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)
HKU\S-1-5-21-3103581204-310264570-3553376325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-3103581204-310264570-3553376325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Gustavo\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3103581204-310264570-3553376325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [74144 2012-09-28] (Hewlett-Packard Company)
HKU\S-1-5-21-3103581204-310264570-3553376325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)
HKU\S-1-5-21-3103581204-310264570-3553376325-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-3103581204-310264570-3553376325-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3103581204-310264570-3553376325-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\WINDOWS\SysWOW64\ezUPBHook.dll [52920 2013-05-16] (EasyBits Software Corp.)
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64\FileSyncShell64.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\FileSyncShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Gustavo\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\FileSyncShell.dll No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 200.52.196.246 200.52.196.196
Tcpip\..\Interfaces\{17df1aa7-c3de-4cb9-8b6a-8134a4a96e3e}: [DhcpNameServer] 200.52.196.246 200.52.196.196
Tcpip\..\Interfaces\{acda45aa-a9a8-4173-85a7-44a21a6114b4}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{c32634be-6100-4d76-bd49-fcc444b7a201}: [DhcpNameServer] 200.52.196.246 200.52.196.196
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3103581204-310264570-3553376325-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.protectedio.com/?u=f69839da7b1cbdbe362f20b8cc3fd1e9&c=p1&src=hp&inst=1456470469
HKU\S-1-5-21-3103581204-310264570-3553376325-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3103581204-310264570-3553376325-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPALL13/17
HKU\S-1-5-21-3103581204-310264570-3553376325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.protectedio.com/?u=f69839da7b1cbdbe362f20b8cc3fd1e9&c=p1&src=hp&inst=1456470469
HKU\S-1-5-21-3103581204-310264570-3553376325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3103581204-310264570-3553376325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPALL13/17
HKU\S-1-5-21-3103581204-310264570-3553376325-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130847635102493901&GUID=DCDEDBCB-3F6F-41C3-9FF4-89C35D71C228
HKU\S-1-5-21-3103581204-310264570-3553376325-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL13/17
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=f69839da7b1cbdbe362f20b8cc3fd1e9&c=p1&src=srch&inst=1456470469
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=f69839da7b1cbdbe362f20b8cc3fd1e9&c=p1&src=srch&inst=1456470469
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3103581204-310264570-3553376325-1001 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=f69839da7b1cbdbe362f20b8cc3fd1e9&c=p1&src=srch&inst=1456470469
SearchScopes: HKU\S-1-5-21-3103581204-310264570-3553376325-1001 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=f69839da7b1cbdbe362f20b8cc3fd1e9&c=p1&src=srch&inst=1456470469
SearchScopes: HKU\S-1-5-21-3103581204-310264570-3553376325-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3103581204-310264570-3553376325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=f69839da7b1cbdbe362f20b8cc3fd1e9&c=p1&src=srch&inst=1456470469
SearchScopes: HKU\S-1-5-21-3103581204-310264570-3553376325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=f69839da7b1cbdbe362f20b8cc3fd1e9&c=p1&src=srch&inst=1456470469
SearchScopes: HKU\S-1-5-21-3103581204-310264570-3553376325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3103581204-310264570-3553376325-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-3103581204-310264570-3553376325-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
Toolbar: HKU\S-1-5-21-3103581204-310264570-3553376325-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-19] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uu2991xs.default-1427257376236
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?u=f69839da7b1cbdbe362f20b8cc3fd1e9&c=p1&src=hp&inst=1456211257
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3103581204-310264570-3553376325-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gustavo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-11-15] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3103581204-310264570-3553376325-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gustavo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-11-15] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uu2991xs.default-1427257376236\searchplugins\search.xml [2016-02-26]
FF Extension: Firefox Helper2 - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\uu2991xs.default-1427257376236\extensions\firefox@helper2 [2016-02-21] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR Profile: C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Diapositivas de Google) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-01]
CHR Extension: (Google Docs) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-01]
CHR Extension: (Google Drive) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Búsqueda de Google) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-01]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Core) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhcgfdghbiidgeccbldhfceleibkkpe [2016-02-15]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-01]
CHR Extension: (Gmail) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-01]
CHR Extension: (f69839da7b1cbdbe362f20b8cc3fd1e9) - C:\Program Files (x86)\Google\Chrome\Application\f69839da7b1cbdbe362f20b8cc3fd1e9 [2016-02-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1139744 2015-11-16] (Autodesk Inc.)
R2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-08-04] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2015-09-25] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-10] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2015-04-23] (Intel Corporation)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2015-04-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2015-11-06] () [File not signed]
R2 MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [39622144 2016-02-02] () [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3534784 2015-04-01] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-13] (Electronic Arts)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-24] (Atheros) [File not signed]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-05] (Qualcomm Atheros Communications, Inc.)
R3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-10] (Microsoft Corp.)
S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [140600 2015-10-15] (AhnLab, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-24] ()
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2015-04-09] (Sony Mobile Communications)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.sys [14544 2016-02-27] (OpenLibSys.org)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S1 gqjnsnfg; \??\C:\WINDOWS\system32\drivers\gqjnsnfg.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-13 12:55 - 2014-01-09 07:13 - 04043776 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athrx.sys
2016-02-27 12:55 - 2016-02-27 12:57 - 00036762 _____ C:\Users\Gustavo\Downloads\FRST.txt
2016-02-27 12:55 - 2016-02-27 12:55 - 00000000 ____D C:\FRST
2016-02-27 11:42 - 2016-02-27 11:43 - 01609216 _____ (Malwarebytes) C:\Users\Gustavo\Downloads\JRT.exe
2016-02-27 11:40 - 2016-02-27 12:55 - 02371072 _____ (Farbar) C:\Users\Gustavo\Downloads\FRST64.exe
2016-02-27 11:09 - 2016-02-27 11:09 - 00016148 _____ C:\WINDOWS\system32\CURSED_Gustavo_HistoryPrediction.bin
2016-02-27 00:20 - 2016-02-27 00:21 - 00285440 _____ C:\WINDOWS\Minidump\022716-35828-01.dmp
2016-02-26 23:28 - 2016-02-26 23:29 - 00000000 ____D C:\Users\Gustavo\Downloads\PSX
2016-02-26 02:22 - 2016-02-26 02:22 - 00285496 _____ C:\WINDOWS\Minidump\022616-26265-01.dmp
2016-02-25 23:56 - 2016-02-25 23:56 - 00000000 ____D C:\Users\Gustavo\AppData\LocalLow\Freejam
2016-02-25 23:55 - 2016-02-25 23:55 - 00255224 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-02-25 23:54 - 2015-09-25 19:26 - 00245544 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2016-02-25 15:13 - 2016-02-26 20:11 - 00000000 ____D C:\Users\Gustavo\Desktop\UI_Checker
2016-02-25 13:11 - 2016-02-25 13:11 - 00776808 _____ C:\Users\Gustavo\Downloads\Ejemplo GDD Gameplay.pdf
2016-02-24 21:11 - 2016-02-24 21:11 - 00000000 ____D C:\Users\Gustavo\.minecraft
2016-02-24 20:52 - 2016-02-24 20:53 - 01589138 _____ C:\Users\Gustavo\Downloads\AMIR-ANTIVIRUS.zip
2016-02-24 20:36 - 2016-02-24 20:50 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\Enigma Software Group
2016-02-24 20:34 - 2016-02-24 20:34 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-02-23 19:57 - 2016-02-23 19:58 - 09550148 _____ C:\Users\Gustavo\Downloads\AI Techniques for Game Programming.pdf
2016-02-23 04:27 - 2016-02-27 11:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-21 01:08 - 2016-02-22 16:13 - 00000000 ____D C:\Program Files (x86)\MightySoft Memory
2016-02-21 01:08 - 2016-02-22 10:35 - 00003412 _____ C:\WINDOWS\System32\Tasks\MightySoft Memory Uninstaller
2016-02-21 01:07 - 2016-02-23 22:59 - 00000000 ____D C:\Program Files (x86)\Performance Defender
2016-02-21 01:07 - 2016-02-21 01:07 - 00003770 _____ C:\WINDOWS\System32\Tasks\Performance Defender Worker
2016-02-20 01:07 - 2016-02-20 01:07 - 00003386 _____ C:\WINDOWS\System32\Tasks\AFC Secure Net Worker
2016-02-18 11:11 - 2016-02-18 11:11 - 00000000 ____D C:\Users\Gustavo\Desktop\UAD
2016-02-18 01:05 - 2016-02-18 01:05 - 00003404 _____ C:\WINDOWS\System32\Tasks\System Defrag
2016-02-18 01:05 - 2016-02-18 01:05 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\System Defrag
2016-02-18 01:04 - 2016-02-18 01:04 - 00000000 ____D C:\Users\Gustavo\Downloads\56c5663acd8ce1455777338.8419
2016-02-18 01:01 - 2016-02-18 01:02 - 02065944 _____ (BitTorrent Inc.) C:\Users\Gustavo\Downloads\uTorrent.exe
2016-02-16 18:38 - 2016-02-16 18:38 - 02359347 _____ C:\Users\Gustavo\Downloads\sqlite-autoconf-3110000.tar.gz
2016-02-16 18:19 - 2016-02-16 18:25 - 22950211 _____ C:\Users\Gustavo\Downloads\sqlitebrowser-3.8.0-win64v2.exe
2016-02-12 19:04 - 2016-02-12 19:04 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\MySQL
2016-02-12 18:22 - 2016-02-12 18:22 - 00000000 ____D C:\SQLite
2016-02-12 18:11 - 2016-02-12 20:13 - 00000000 ____D C:\Users\Gustavo\Desktop\SQLite
2016-02-09 22:54 - 2016-01-31 00:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 22:54 - 2016-01-31 00:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 22:54 - 2016-01-31 00:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 22:54 - 2016-01-31 00:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 22:54 - 2016-01-31 00:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-09 22:54 - 2016-01-31 00:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 22:54 - 2016-01-31 00:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 22:54 - 2016-01-31 00:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 22:54 - 2016-01-31 00:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 22:54 - 2016-01-31 00:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-09 22:54 - 2016-01-30 23:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-09 22:54 - 2016-01-30 23:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-09 22:54 - 2016-01-30 23:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-02-09 22:54 - 2016-01-30 23:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 22:54 - 2016-01-30 23:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-02-09 22:54 - 2016-01-30 23:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-09 22:54 - 2016-01-30 23:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-09 22:54 - 2016-01-30 23:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-09 22:54 - 2016-01-30 23:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 22:54 - 2016-01-30 23:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-02-09 22:54 - 2016-01-30 23:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 22:54 - 2016-01-30 23:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-09 22:54 - 2016-01-30 23:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-02-09 22:54 - 2016-01-30 23:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-09 22:54 - 2016-01-30 23:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-09 22:54 - 2016-01-30 23:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-02-09 22:54 - 2016-01-30 23:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 22:54 - 2016-01-30 23:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-09 22:54 - 2016-01-30 23:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-02-09 22:54 - 2016-01-30 23:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-09 22:54 - 2016-01-30 23:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 22:54 - 2016-01-30 23:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-09 22:54 - 2016-01-30 23:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 22:54 - 2016-01-30 23:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 22:54 - 2016-01-30 23:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 22:54 - 2016-01-30 23:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 22:54 - 2016-01-30 23:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-09 22:54 - 2016-01-30 23:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 22:54 - 2016-01-30 23:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-02-09 22:54 - 2016-01-30 23:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 22:54 - 2016-01-30 23:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-09 22:54 - 2016-01-30 23:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-09 22:54 - 2016-01-30 23:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 22:54 - 2016-01-30 23:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 22:54 - 2016-01-30 23:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-09 22:54 - 2016-01-30 23:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 22:54 - 2016-01-30 23:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 22:54 - 2016-01-30 23:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 22:54 - 2016-01-30 23:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 22:54 - 2016-01-30 23:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 22:54 - 2016-01-30 23:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 22:54 - 2016-01-30 23:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-09 22:54 - 2016-01-30 22:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 22:54 - 2016-01-30 22:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 22:53 - 2016-01-30 23:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-09 22:53 - 2016-01-30 23:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 22:53 - 2016-01-30 23:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-02-09 19:21 - 2016-02-09 19:21 - 00000469 _____ C:\WINDOWS\ODBCINST.INI
2016-02-09 19:03 - 2016-02-09 19:03 - 00003746 _____ C:\WINDOWS\System32\Tasks\MySQLNotifierTask
2016-02-09 19:02 - 2016-02-09 19:02 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\Oracle
2016-02-09 18:59 - 2016-02-09 19:22 - 00000000 ____D C:\Program Files\MySQL
2016-02-09 18:57 - 2016-02-09 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2016-02-09 18:57 - 2016-02-09 18:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\MySQL
2016-02-09 18:56 - 2016-02-09 19:30 - 00000000 ____D C:\ProgramData\MySQL
2016-02-09 18:56 - 2016-02-09 19:22 - 00000000 ____D C:\Program Files (x86)\MySQL
2016-02-06 23:52 - 2016-02-09 22:12 - 00000000 ____D C:\ProgramData\TweakBit
2016-02-03 20:01 - 2016-02-03 20:01 - 00000000 ____D C:\Users\Gustavo\Desktop\InteligenciaArtificial
2016-02-03 15:49 - 2016-02-25 12:00 - 00000000 ____D C:\Users\Gustavo\Desktop\Graphics2016A
2016-02-03 02:25 - 2016-02-24 13:04 - 00000011 _____ C:\WINDOWS\EGK.ini
2016-02-03 02:21 - 1998-10-06 18:34 - 00327168 _____ (InstallShield Software Corporation, Inc.) C:\WINDOWS\IsUn040a.exe
2016-02-03 02:12 - 2008-09-21 06:20 - 514965504 _____ C:\Users\Gustavo\Downloads\Egipto kids.iso
2016-02-02 01:54 - 2016-02-04 01:15 - 00051898 _____ C:\Users\Gustavo\Downloads\fceux.cfg
2016-02-02 01:28 - 2016-02-04 01:15 - 00000000 ____D C:\Users\Gustavo\Downloads\snaps
2016-02-02 01:28 - 2016-02-02 01:28 - 00000000 ____D C:\Users\Gustavo\Downloads\sav
2016-02-02 01:28 - 2016-02-02 01:28 - 00000000 ____D C:\Users\Gustavo\Downloads\movies
2016-02-02 01:28 - 2016-02-02 01:28 - 00000000 ____D C:\Users\Gustavo\Downloads\fcs
2016-02-02 01:28 - 2016-02-02 01:28 - 00000000 ____D C:\Users\Gustavo\Downloads\cheats
2016-02-02 01:28 - 1996-12-24 23:32 - 00131088 _____ C:\Users\Gustavo\Downloads\Castlevania (USA).nes
2016-02-02 01:26 - 2013-08-18 01:21 - 00000000 ____D C:\Users\Gustavo\Downloads\luaScripts
2016-02-02 01:26 - 2013-08-18 01:20 - 00001724 _____ C:\Users\Gustavo\Downloads\auxlib.lua
2016-02-02 01:26 - 2013-08-18 01:20 - 00000000 ____D C:\Users\Gustavo\Downloads\tools
2016-02-02 01:25 - 2016-02-02 01:28 - 01105408 _____ C:\Users\Gustavo\Downloads\fceux.exe
2016-02-02 01:25 - 2013-09-24 00:32 - 00352497 _____ C:\Users\Gustavo\Downloads\fceux.chm
2016-02-02 01:25 - 2013-09-23 22:29 - 00924947 _____ C:\Users\Gustavo\Downloads\taseditor.chm
2016-02-02 01:25 - 2013-08-18 01:21 - 00167936 _____ C:\Users\Gustavo\Downloads\lua5.1.dll
2016-02-02 01:25 - 2013-08-18 01:21 - 00011264 _____ C:\Users\Gustavo\Downloads\lua51.dll
2016-02-02 01:25 - 2013-08-18 01:20 - 00941568 _____ (Igor Pavlov) C:\Users\Gustavo\Downloads\7z.dll
2016-02-02 01:25 - 2013-08-18 01:20 - 00000000 ____D C:\Users\Gustavo\Downloads\palettes
2016-01-31 04:42 - 2016-01-31 16:34 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\11bitstudios
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-27 12:44 - 2016-01-08 21:02 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-27 12:28 - 2015-02-05 23:03 - 00000838 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-27 12:01 - 2015-04-11 09:06 - 00001058 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-27 11:26 - 2015-02-04 21:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-27 11:12 - 2015-05-16 20:08 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Akamai
2016-02-27 11:12 - 2015-03-20 20:26 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-27 11:10 - 2015-04-11 09:06 - 00001054 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-27 11:09 - 2016-01-14 20:53 - 00000000 ____D C:\Users\Gustavo\AppData\Local\TSVNCache
2016-02-27 11:09 - 2015-03-22 08:40 - 00000000 __SHD C:\Users\Gustavo\IntelGraphicsProfiles
2016-02-27 03:26 - 2015-08-05 00:54 - 00000000 ____D C:\Users\Gustavo
2016-02-27 03:13 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-27 03:12 - 2015-07-10 05:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-27 00:20 - 2015-10-27 15:38 - 429912023 _____ C:\WINDOWS\MEMORY.DMP
2016-02-27 00:20 - 2015-08-05 13:13 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-27 00:20 - 2015-07-10 06:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-26 22:21 - 2015-04-14 20:07 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\Skype
2016-02-26 20:52 - 2015-02-05 17:04 - 00000000 ____D C:\Users\Gustavo\Documents\Visual Studio 2013
2016-02-26 18:42 - 2015-09-28 15:27 - 00000000 ____D C:\Users\Gustavo\AppData\Local\LOOT
2016-02-26 15:04 - 2015-07-10 03:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-02-26 14:46 - 2015-04-22 11:45 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\vlc
2016-02-25 23:54 - 2015-03-20 23:44 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-02-24 23:46 - 2015-08-05 00:53 - 02050066 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-24 23:46 - 2015-07-10 10:45 - 00893100 _____ C:\WINDOWS\system32\perfh00A.dat
2016-02-24 23:46 - 2015-07-10 10:45 - 00196166 _____ C:\WINDOWS\system32\perfc00A.dat
2016-02-24 23:46 - 2015-07-10 05:02 - 00000000 ____D C:\WINDOWS\INF
2016-02-24 21:11 - 2015-06-06 21:14 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\.minecraft
2016-02-24 19:25 - 2015-07-10 05:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-24 10:57 - 2015-07-10 07:19 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-02-24 01:26 - 2015-05-15 14:31 - 00003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGustavo
2016-02-24 01:26 - 2015-05-15 14:31 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGustavo.job
2016-02-23 19:03 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-22 10:34 - 2015-10-01 05:39 - 00002473 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-20 22:16 - 2015-02-04 21:39 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Packages
2016-02-19 02:14 - 2015-10-01 05:39 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-18 01:10 - 2015-06-18 00:45 - 00000000 ____D C:\Users\Gustavo\Documents\SavedGames
2016-02-12 20:00 - 2015-02-04 23:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-12 19:48 - 2015-02-04 23:43 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-11 15:39 - 2015-03-20 23:35 - 00000000 ____D C:\Users\Gustavo\AppData\Local\Steam
2016-02-10 19:28 - 2015-04-14 20:06 - 00000000 ____D C:\ProgramData\Skype
2016-02-10 18:03 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\rescache
2016-02-10 16:34 - 2015-07-10 04:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 12:23 - 2015-07-10 10:49 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-09 19:03 - 2015-08-05 00:53 - 02078234 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-02-08 11:07 - 2015-07-10 10:46 - 00000000 ____D C:\WINDOWS\OCR
2016-02-05 20:14 - 2015-02-07 14:59 - 00000000 ____D C:\Users\Gustavo\Desktop\Game
2016-02-03 20:01 - 2015-04-23 21:45 - 00000000 ____D C:\Users\Gustavo\AppData\Local\JDownloader 2.0
2016-02-03 12:40 - 2015-02-05 04:22 - 00000000 ____D C:\Users\Gustavo\Documents\My Games
2016-02-02 16:47 - 2015-08-12 17:11 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-02 16:47 - 2015-08-12 17:11 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 12:26 - 2015-12-02 16:20 - 00000000 ____D C:\ProgramData\VMware
2016-02-02 12:26 - 2015-12-02 16:16 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\Andy
2016-02-02 12:20 - 2015-12-02 16:26 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\VMware
2016-02-02 12:20 - 2015-12-02 16:25 - 00000000 ____D C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andy
2016-02-02 10:56 - 2015-04-11 09:06 - 00004116 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 10:56 - 2015-04-11 09:06 - 00003884 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 01:57 - 2015-07-10 06:20 - 05025400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-28 23:42 - 2015-03-22 03:38 - 00000000 ____D C:\Users\Gustavo\AppData\Local\ElevatedDiagnostics
2016-01-28 14:27 - 2015-06-07 18:34 - 00000132 _____ C:\Users\Gustavo\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
 
==================== Files in the root of some directories =======
 
2015-07-15 17:16 - 2015-07-15 17:16 - 6420480 _____ () C:\Program Files (x86)\GUTCCB8.tmp
2015-02-04 21:40 - 2015-06-09 16:26 - 0100552 _____ () C:\Users\Gustavo\AppData\Roaming\AbsoluteReminder.xml
2015-06-08 16:06 - 2015-06-10 00:21 - 0000034 _____ () C:\Users\Gustavo\AppData\Roaming\AdobeWLCMCache.dat
2015-06-07 18:34 - 2016-01-28 14:27 - 0000132 _____ () C:\Users\Gustavo\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2015-06-18 00:44 - 2015-12-25 17:48 - 0002423 _____ () C:\Users\Gustavo\AppData\Roaming\SpeedRunnersLog.txt
2015-06-20 13:21 - 2015-06-21 10:16 - 0002919 _____ () C:\Users\Gustavo\AppData\Roaming\TargetInvocationLog.txt
2015-07-29 09:43 - 2015-07-29 09:43 - 0000000 _____ () C:\Users\Gustavo\AppData\Local\{CA4F5D03-6120-43A4-B8E7-55C046A3CC2F}
2015-02-04 21:40 - 2015-02-04 21:40 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some files in TEMP:
====================
C:\Users\Gustavo\AppData\Local\Temp\A526.tmp.exe
C:\Users\Gustavo\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Gustavo\AppData\Local\Temp\Extract.exe
C:\Users\Gustavo\AppData\Local\Temp\GPUpd56C810B80.exe
C:\Users\Gustavo\AppData\Local\Temp\GPUpd56CC05350.exe
C:\Users\Gustavo\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Gustavo\AppData\Local\Temp\Nexus Mod Manager-0.60.11.exe
C:\Users\Gustavo\AppData\Local\Temp\Nexus Mod Manager-0.60.13.exe
C:\Users\Gustavo\AppData\Local\Temp\Nexus Mod Manager-0.60.14.exe
C:\Users\Gustavo\AppData\Local\Temp\Nexus Mod Manager-0.60.8.exe
C:\Users\Gustavo\AppData\Local\Temp\proxy_vole1132019877083524974.dll
C:\Users\Gustavo\AppData\Local\Temp\proxy_vole1738840670102525307.dll
C:\Users\Gustavo\AppData\Local\Temp\proxy_vole3415263976900077936.dll
C:\Users\Gustavo\AppData\Local\Temp\proxy_vole4841650694573957794.dll
C:\Users\Gustavo\AppData\Local\Temp\proxy_vole765940632662524053.dll
C:\Users\Gustavo\AppData\Local\Temp\proxy_vole8248886183432401061.dll
C:\Users\Gustavo\AppData\Local\Temp\SP72853.exe
C:\Users\Gustavo\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-25 11:30
 
==================== End of FRST.txt ============================

 

Addition.txt was a bit large so it is attached.

 

Addition.txt

 

Anyone who read this post, thanks for the attention and sorry if there are some grammar/spelling errors (I'm not a native english speaker).

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". <---- Very Important
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...



Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.



Let me see those logs in your next reply...

Thank you,

Kevin...
 

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.