Jump to content

Change Mode

PC system acting up slow, slow on mail and fb, malwares don't let


hardwalking
 Share

Recommended Posts

Hello,

I was trying to eliminate some malwares and spywares that my PC was infected. And I do try with SuperAntiMalwares, Spybot and with EmsisoftEmergengyKit but still have the problem, my system is acting up slow, and it gets more slow when I go to my inbox or facebook, really don't know what's happening now. So I come here to find someone to help me out getting this issue fixed and get my PC again working all good to 100%

Thank you very much

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by DELL (2016-04-22 19:14:07)
Running from E:\Mis documentos\Overcome dangers\AntiMal toute!
Windows 8.1 (X64) (2015-04-03 01:03:48)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1640298429-2741603158-4220914053-500 - Administrator - Disabled)
DELL (S-1-5-21-1640298429-2741603158-4220914053-1001 - Administrator - Enabled) => C:\Users\DELL
Guest (S-1-5-21-1640298429-2741603158-4220914053-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.02 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.34.40 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{9E4750A7-90F6-4181-8A8A-B1ADF4216E93}) (Version: 1.0.1059.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Driver Genius (HKLM-x32\...\Driver Genius_is1) (Version: 12.0 - Driver-Soft Inc.)
Dropbox (HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.124.715 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
KMSpico v9.1.0.20131125 (Beta) (HKLM\...\KMSpico_is1) (Version: 9.1.0.20131125 - )
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
MergeModule_x64 (Version: 9.0.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 es-ES)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 4.3.00.04171 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.3.00 - Sony Corporation) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
RealDownloader (x32 Version: 18.0.1.9 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {21957A6F-A4D7-4EE8-BA35-F17B7AF95764} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-14] (AVAST Software)
Task: {22C7BBCD-F2F0-4FCB-ACC8-55D2CDC7A6FD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1640298429-2741603158-4220914053-1001UA => C:\Users\DELL\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-03] (Dropbox, Inc.)
Task: {27129197-6B71-4E8A-B46C-E0FEDD7F5772} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {29CE88C9-BC61-4F3C-9625-98052A3C41BF} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {2B67A6C5-5419-4D50-AECF-F07E057B9D7B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {373ED994-6FCD-45D2-9F96-4FD4352810D2} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {55A4CEA5-2320-4773-86EE-E1173C14C402} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {5B941111-0A36-4A32-AA9A-97C52060907A} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {5D8E1EA4-4915-449B-B460-64E87E08E602} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {64B8225E-B7BA-4FDB-A45B-EB2EE9A9ADC4} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {68FFF693-8CAB-4CC4-88D0-80A237EB6631} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {69187676-5E23-4BD4-BAA9-3F0B8EEE6D00} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {6BC6CCC2-C00A-4172-8CDD-92FCFDFF09C0} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {7BFEB714-A3A8-46E5-A654-0775D6E4D6A6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {7CD47571-47C8-4823-809D-BF3818556AAA} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {801EF2EF-3369-4D2D-B010-0736D2DC9987} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1640298429-2741603158-4220914053-1001Core => C:\Users\DELL\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-03] (Dropbox, Inc.)
Task: {8104F429-703D-480F-BB42-71A6C1D59114} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.)
Task: {99C74D7F-E0A2-4F57-BFD2-E25351118595} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {AE6FBC94-6414-4150-B595-15477F931FD0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B7865AC0-4DE8-4459-B674-715D579D0EB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.)
Task: {C8FC3380-AFDB-4348-9F43-C96670AC9EA4} - System32\Tasks\{38432518-77A4-4714-B206-664928024ED2} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.6.0.103&LastError=404
Task: {CB3C798C-F0F7-43D2-BC26-43EA5E24FF57} - System32\Tasks\update-S-1-5-21-1640298429-2741603158-4220914053-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {D335D5BF-AE87-4BE7-985B-4EF5E7FF71BD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {DC845780-57A1-43B7-8F20-28562AE8F24B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {E4321A53-F1E7-4153-82A9-C43F1E3CF5B1} - System32\Tasks\{8551F571-AC5B-45D4-91D5-9290CE873E67} => pcalua.exe -a "E:\Mis documentos\Instaladores\Registry Cleaner.exe" -d "E:\Mis documentos\Instaladores"
Task: {E52895F8-A113-40C9-A1CD-AD5E0664F584} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {EBB5F8ED-03CC-4F2B-81B2-9BD8EF05378D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {F1CF4387-ADBA-4AF3-8CDF-015510CB0D68} - System32\Tasks\SafeZone scheduled Autoupdate 1457992710 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {FB41B42F-4382-4EC7-AF3A-F0E4A568BEF1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-01-09] (Synaptics Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1640298429-2741603158-4220914053-1001Core.job => C:\Users\DELL\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1640298429-2741603158-4220914053-1001UA.job => C:\Users\DELL\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1640298429-2741603158-4220914053-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 13:40 - 2013-08-22 13:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 13:40 - 2013-08-22 13:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-07-11 15:20 - 2014-03-12 14:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-07-11 15:20 - 2014-03-12 14:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300432 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-07-11 15:20 - 2014-03-12 14:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-01-08 03:00 - 2014-01-08 03:00 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-08 02:58 - 2014-01-08 02:58 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-08 03:03 - 2014-01-08 03:03 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2016-03-14 15:33 - 2016-03-14 15:33 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-14 15:33 - 2016-03-14 15:33 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-19 12:26 - 2016-04-19 12:26 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16041904\algo.dll
2016-04-16 15:35 - 2016-04-16 15:35 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-14 15:33 - 2016-03-14 15:33 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-04-21 12:56 - 2016-04-21 12:56 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16042103\algo.dll
2016-04-22 17:20 - 2016-04-22 17:20 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16042201\algo.dll
2016-04-19 18:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-19 18:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-19 18:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-04-19 18:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-04-19 18:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-07-11 15:07 - 2013-12-10 10:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-03-14 15:33 - 2016-03-14 15:33 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-04-11 17:43 - 2016-04-06 05:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-11 17:43 - 2016-04-06 05:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
2014-07-11 15:03 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-04-08 20:01 - 2016-04-08 13:53 - 17532096 _____ () C:\Users\DELL\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7887 more sites.
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\123simsen.com -> www.123simsen.com
There are 7887 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2016-04-21 12:47 - 00451800 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15500 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 200.107.10.105
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\StartupApproved\StartupFolder: => "Recorte de pantalla y Selector de OneNote 2010.lnk"
HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\StartupApproved\Run: => "WowApp"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EAEDD4FB-1904-4F32-A7B5-357AFD80F797}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{5AC45A89-315A-4EDC-AC46-30238D9F0F46}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{736D137D-6F70-4106-8FF5-12974CA59CF7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0F187662-BD50-42EF-831F-B2F985A6E721}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{EB9B04A8-2E4D-41F5-9717-42F819611079}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{12A3A4D7-76AC-42F2-B0DE-DEDBE0AC61AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A53C95B8-FF97-4315-BA4E-0734586D9CA7}] => (Allow) C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6D290711-09D5-4481-AFAD-0C19A7929165}] => (Allow) C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C3FEF933-0588-4BA3-A10A-7545CCBDBCDD}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{27FD4685-1436-4A2D-8E64-EDEE012B7F40}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [TCP Query User{08B73AB4-A5A1-4A80-86E1-A91758B9298A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{0D7AAB15-B31E-4FBF-86E5-59ACDF08CA6D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7A561970-79BA-428E-A8A2-A7937E92EF65}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{038A41F2-F0A6-448D-8E9C-AB4B5344948C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4A59A053-588B-4F11-B8FD-4E648226C706}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9C78191-49A0-4932-8E92-2E50609C65E5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6F190B21-314F-487E-B516-E981A86B5E9C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{79024FE4-7C47-4F7A-BC69-8928730E44B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
31-03-2016 13:46:18 Punto de control programado
09-04-2016 22:05:01 Punto de control programado
10-04-2016 22:03:19 Antes del Emsisoft emergency - funciona sistema OK-proceso lent
19-04-2016 18:06:41 Antes Spy-Bot y despues de SuperAntiMalw, works OK
22-04-2016 11:06:33 antes de borrar infected logs
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/21/2016 02:59:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa Explorer.EXE, versión 6.3.9600.17667, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
Identificador de proceso: b04
Hora de inicio: 01d19bf6e08e70f1
Hora de finalización: 0
Ruta de acceso de la aplicación: C:\Windows\Explorer.EXE
Identificador de informe: e280fd10-07fa-11e6-828a-645a046a56bc
Nombre completo de paquete con errores:
Identificador de aplicación relativa del paquete con errores:
Error: (04/19/2016 06:07:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
El sistema no puede encontrar el archivo especificado.
.
Error: (04/19/2016 04:53:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SUPERAntiSpyware.exe, versión: 6.0.0.1216, marca de tiempo: 0x56d4d361
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17668, marca de tiempo: 0x54c850f5
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f12a0
Identificador del proceso con errores: 0x207c
Hora de inicio de la aplicación con errores: 0xSUPERAntiSpyware.exe0
Ruta de acceso de la aplicación con errores: SUPERAntiSpyware.exe1
Ruta de acceso del módulo con errores: SUPERAntiSpyware.exe2
Identificador del informe: SUPERAntiSpyware.exe3
Nombre completo del paquete con errores: SUPERAntiSpyware.exe4
Identificador de aplicación relativa del paquete con errores: SUPERAntiSpyware.exe5
Error: (04/19/2016 04:53:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SUPERAntiSpyware.exe, versión: 6.0.0.1216, marca de tiempo: 0x56d4d361
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17668, marca de tiempo: 0x54c850f5
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f12a0
Identificador del proceso con errores: 0xa10
Hora de inicio de la aplicación con errores: 0xSUPERAntiSpyware.exe0
Ruta de acceso de la aplicación con errores: SUPERAntiSpyware.exe1
Ruta de acceso del módulo con errores: SUPERAntiSpyware.exe2
Identificador del informe: SUPERAntiSpyware.exe3
Nombre completo del paquete con errores: SUPERAntiSpyware.exe4
Identificador de aplicación relativa del paquete con errores: SUPERAntiSpyware.exe5
Error: (04/19/2016 04:40:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SUPERAntiSpyware.exe, versión: 6.0.0.1216, marca de tiempo: 0x56d4d361
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17668, marca de tiempo: 0x54c850f5
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f12a0
Identificador del proceso con errores: 0xe08
Hora de inicio de la aplicación con errores: 0xSUPERAntiSpyware.exe0
Ruta de acceso de la aplicación con errores: SUPERAntiSpyware.exe1
Ruta de acceso del módulo con errores: SUPERAntiSpyware.exe2
Identificador del informe: SUPERAntiSpyware.exe3
Nombre completo del paquete con errores: SUPERAntiSpyware.exe4
Identificador de aplicación relativa del paquete con errores: SUPERAntiSpyware.exe5
Error: (04/19/2016 04:40:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SUPERAntiSpyware.exe, versión: 6.0.0.1216, marca de tiempo: 0x56d4d361
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17668, marca de tiempo: 0x54c850f5
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f12a0
Identificador del proceso con errores: 0x9a0
Hora de inicio de la aplicación con errores: 0xSUPERAntiSpyware.exe0
Ruta de acceso de la aplicación con errores: SUPERAntiSpyware.exe1
Ruta de acceso del módulo con errores: SUPERAntiSpyware.exe2
Identificador del informe: SUPERAntiSpyware.exe3
Nombre completo del paquete con errores: SUPERAntiSpyware.exe4
Identificador de aplicación relativa del paquete con errores: SUPERAntiSpyware.exe5
Error: (04/19/2016 04:40:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SUPERAntiSpyware.exe, versión: 6.0.0.1216, marca de tiempo: 0x56d4d361
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17668, marca de tiempo: 0x54c850f5
Código de excepción: 0xc0000374
Desplazamiento de errores: 0x00000000000f12a0
Identificador del proceso con errores: 0x1904
Hora de inicio de la aplicación con errores: 0xSUPERAntiSpyware.exe0
Ruta de acceso de la aplicación con errores: SUPERAntiSpyware.exe1
Ruta de acceso del módulo con errores: SUPERAntiSpyware.exe2
Identificador del informe: SUPERAntiSpyware.exe3
Nombre completo del paquete con errores: SUPERAntiSpyware.exe4
Identificador de aplicación relativa del paquete con errores: SUPERAntiSpyware.exe5
Error: (04/19/2016 04:39:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SUPERAntiSpyware.exe, versión: 6.0.0.1216, marca de tiempo: 0x56d4d361
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17668, marca de tiempo: 0x54c850f5
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000031991
Identificador del proceso con errores: 0xfe0
Hora de inicio de la aplicación con errores: 0xSUPERAntiSpyware.exe0
Ruta de acceso de la aplicación con errores: SUPERAntiSpyware.exe1
Ruta de acceso del módulo con errores: SUPERAntiSpyware.exe2
Identificador del informe: SUPERAntiSpyware.exe3
Nombre completo del paquete con errores: SUPERAntiSpyware.exe4
Identificador de aplicación relativa del paquete con errores: SUPERAntiSpyware.exe5
Error: (04/19/2016 04:39:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SUPERAntiSpyware.exe, versión: 6.0.0.1216, marca de tiempo: 0x56d4d361
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17668, marca de tiempo: 0x54c850f5
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000031991
Identificador del proceso con errores: 0x1fa8
Hora de inicio de la aplicación con errores: 0xSUPERAntiSpyware.exe0
Ruta de acceso de la aplicación con errores: SUPERAntiSpyware.exe1
Ruta de acceso del módulo con errores: SUPERAntiSpyware.exe2
Identificador del informe: SUPERAntiSpyware.exe3
Nombre completo del paquete con errores: SUPERAntiSpyware.exe4
Identificador de aplicación relativa del paquete con errores: SUPERAntiSpyware.exe5
Error: (04/19/2016 02:37:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SUPERAntiSpyware.exe, versión: 6.0.0.1216, marca de tiempo: 0x56d4d361
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17668, marca de tiempo: 0x54c850f5
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000031991
Identificador del proceso con errores: 0x2040
Hora de inicio de la aplicación con errores: 0xSUPERAntiSpyware.exe0
Ruta de acceso de la aplicación con errores: SUPERAntiSpyware.exe1
Ruta de acceso del módulo con errores: SUPERAntiSpyware.exe2
Identificador del informe: SUPERAntiSpyware.exe3
Nombre completo del paquete con errores: SUPERAntiSpyware.exe4
Identificador de aplicación relativa del paquete con errores: SUPERAntiSpyware.exe5
System errors:
=============
Error: (04/22/2016 02:25:50 PM) (Source: DCOM) (EventID: 10010) (User: DAVIDVARGAS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (04/22/2016 02:25:50 PM) (Source: DCOM) (EventID: 10010) (User: DAVIDVARGAS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (04/22/2016 02:25:46 PM) (Source: DCOM) (EventID: 10010) (User: DAVIDVARGAS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (04/22/2016 02:25:46 PM) (Source: DCOM) (EventID: 10010) (User: DAVIDVARGAS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (04/22/2016 11:51:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Se generó una alerta irrecuperable y se envió al extremo remoto. Esto puede provocar la finalización de la conexión. El código de error irrecuperable definido del protocolo TLS es 10. El estado del error SChannel de Windows es 10.
Error: (04/21/2016 11:41:46 PM) (Source: DCOM) (EventID: 10010) (User: DAVIDVARGAS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (04/21/2016 11:41:46 PM) (Source: DCOM) (EventID: 10010) (User: DAVIDVARGAS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (04/21/2016 02:55:38 PM) (Source: DCOM) (EventID: 10010) (User: DAVIDVARGAS)
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
Error: (04/21/2016 01:27:58 PM) (Source: DCOM) (EventID: 10010) (User: DAVIDVARGAS)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (04/19/2016 10:47:46 PM) (Source: DCOM) (EventID: 10010) (User: DAVIDVARGAS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
CodeIntegrity:
===================================
Date: 2015-05-17 18:17:24.373
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 74%
Total physical RAM: 4000.18 MB
Available physical RAM: 1023.1 MB
Total Virtual: 7945.07 MB
Available Virtual: 2397 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:465.37 GB) (Free:410.8 GB) NTFS
Drive e: (Nuevo vol) (Fixed) (Total:456.52 GB) (Free:320.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 34F1E624)
Partition: GPT.
==================== End of Addition.txt ============================

 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by DELL (administrator) on DAVIDVARGAS (22-04-2016 19:12:48)
Running from E:\Mis documentos\Overcome dangers\AntiMal toute!
Loaded Profiles: DELL (Available Profiles: DELL)
Platform: Windows 8.1 (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Atheros Communications)
HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [786432 2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-14] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk.disabled [2015-04-29]
ShortcutTarget: RealPlayer Cloud Service UI.lnk.disabled -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk.disabled [2015-07-01]
ShortcutTarget: RealTimes.lnk.disabled -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (No File)
Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla y Selector de OneNote 2010.lnk [2015-10-26]
ShortcutTarget: Recorte de pantalla y Selector de OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.107.10.105 0.0.0.0
Tcpip\..\Interfaces\{058E4B5E-6B80-4DD3-BB22-423689136186}: [DhcpNameServer] 172.151.1.174
Tcpip\..\Interfaces\{784F4AC3-3EF7-
Link to comment
Share on other sites

Registry Cleaners

We do not recommend the use of registry cleaners. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.

If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you.

Our colleague miekiemoes has an excellent writeup here

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

 

We suggest uninstalling them via Add or Remove Programs in your Control Panel.

~~~~~~~~~~~~~~~~~~

 

C:\Program Files\KMSpico\AutoPico.exe

Those are illegal activation tools for Microsoft Windows and Office products. It's quite common those files infect your system.

Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

PCPitStop does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

 

 

 

Running from E:\Mis documentos\Overcome dangers\AntiMal toute!

 

It's best we move Farbar's to desktop.

 

Please go to your E:\Mis documentos\Overcome dangers\AntiMal toute! folder, locate Farbar Recovery Scan Tool, right click and select CUT

Go to an open spot on your desktop, right click and select PASTE

You should now have Farbar Recovery Scan Tool on your desktop.

 

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

FRSTfix.JPG

 

 

start

CreateRestorePoint:

CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

Task: {7BFEB714-A3A8-46E5-A654-0775D6E4D6A6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\Software\Microsoft\Internet Explorer\Main,Start Page =

URLSearchHook: [s-1-5-21-1640298429-2741603158-4220914053-1001] ATTENTION => Default URLSearchHook is missing

URLSearchHook: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001 - (No Name) - {5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} - No File

SearchScopes: HKLM -> DefaultScope value is missing

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope value is missing

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq3&utm_campaign=install_ie&utm_content=ds&from=2sq3&uid=ST1000LM024XHN-M101MBB_S314J90F622539622539&ts=1439168221&type=default&q={searchTerms}

Toolbar: HKLM-x32 - No Name - {0AE831B0-427E-4D0A-BC88-4BA47E7471C3} - No File

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1439168102&z=d781da6584332bb233d86a1gez2c2tbgbqeb3g4e6z&from=2sq3&uid=ST1000LM024XHN-M101MBB_S314J90F622539622539

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]

FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [No File]

FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [No File]

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]

FF SearchPlugin: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\searchplugins\oursurfing.xml [2015-12-11]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found

FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\extensions\defsearchp@gmail.com => not found

FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\extensions\deskCutv2@gmail.com => not found

CHR StartupUrls: Default -> "hxxps://www.google.com.ec/","hxxp://www.oursurfing.com/?type=hp&ts=1439168102&z=d781da6584332bb233d86a1gez2c2tbgbqeb3g4e6z&from=2sq3&uid=ST1000LM024XHN-M101MBB_S314J90F622539622539","hxxp://www.oursurfing.com/?type=hppp&ts=1439168198&z=072f60fa1d70dd2cf7489f9gdz9c1t8gcq8b7obe0e&from=2sq3&uid=ST1000LM024XHN-M101MBB_S314J90F622539622539"

S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-04-03] () [File not signed]

C:\Windows\SysWOW64\srvany.exe

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

 

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~

 

BY4dvz9.pngAdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click A49sxPr.pngScan.
  • Upon completion, click 6cyn5v5.pngLogfile. A log (AdwCleaner[s1].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
  • Click MqHawIb.pngClean.
  • Follow the prompts and allow your computer to reboot.
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

 

 

 

 

======================================================

 

 

 

Please download Junkware Removal Tool

or from here http://downloads.malwarebytes.org/file/jrt

to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~

please post

Fixlog.txt

AdwCleaner[C1].txt

JRT.txt

Link to comment
Share on other sites

OK sorry I didn't know about that Pico program I have an authorized licence in this machine, I have deleted it already and I have moved Farbar's to desktop, thank you. Here are the logs that you ask me for: :)


Fixlog.txt



Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016

Ran by DELL (2016-04-23 17:32:35) Run:2

Running from C:\Users\DELL\Desktop

Loaded Profiles: DELL (Available Profiles: DELL)

Boot Mode: Normal

==============================================


fixlist content:

*****************


start

CreateRestorePoint:

CloseProcesses:

GroupPolicy: Restriction - Chrome <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

Task: {7BFEB714-A3A8-46E5-A654-0775D6E4D6A6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\Software\Microsoft\Internet Explorer\Main,Start Page =

URLSearchHook: [s-1-5-21-1640298429-2741603158-4220914053-1001] ATTENTION => Default URLSearchHook is missing

URLSearchHook: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001 - (No Name) - {5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} - No File

SearchScopes: HKLM -> DefaultScope value is missing

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope value is missing

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1640298429-2741603158-4220914053-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&utm_medium=2sq3&utm_campaign=install_ie&utm_content=ds&from=2sq3&uid=ST1000LM024XHN-M101MBB_S314J90F622539622539&ts=1439168221&type=default&q={searchTerms}

Toolbar: HKLM-x32 - No Name - {0AE831B0-427E-4D0A-BC88-4BA47E7471C3} - No File

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1439168102&z=d781da6584332bb233d86a1gez2c2tbgbqeb3g4e6z&from=2sq3&uid=ST1000LM024XHN-M101MBB_S314J90F622539622539

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]

FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [No File]

FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [No File]

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]

FF SearchPlugin: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\searchplugins\oursurfing.xml [2015-12-11]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found

FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\extensions\defsearchp@gmail.com => not found

FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\extensions\deskCutv2@gmail.com => not found

CHR StartupUrls: Default -> "hxxps://www.google.com.ec/","hxxp://www.oursurfing.com/?type=hp&ts=1439168102&z=d781da6584332bb233d86a1gez2c2tbgbqeb3g4e6z&from=2sq3&uid=ST1000LM024XHN-M101MBB_S314J90F622539622539","hxxp://www.oursurfing.com/?type=hppp&ts=1439168198&z=072f60fa1d70dd2cf7489f9gdz9c1t8gcq8b7obe0e&from=2sq3&uid=ST1000LM024XHN-M101MBB_S314J90F622539622539"

S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-04-03] () [File not signed]

C:\Windows\SysWOW64\srvany.exe

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f


Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

End

*****************


Restore point was successfully created.

Processes closed successfully.

"C:\Windows\system32\GroupPolicy\Machine" => not found.

HKLM\SOFTWARE\Policies\Google => key not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BFEB714-A3A8-46E5-A654-0775D6E4D6A6}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BFEB714-A3A8-46E5-A654-0775D6E4D6A6}" => key removed successfully

C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key removed successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

Could not restore Default URLSearchHook.

HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} => value removed successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.

"HKU\S-1-5-21-1640298429-2741603158-4220914053-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => key removed successfully

HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0AE831B0-427E-4D0A-BC88-4BA47E7471C3} => value removed successfully

HKCR\Wow6432Node\CLSID\{0AE831B0-427E-4D0A-BC88-4BA47E7471C3} => key not found.

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully

"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=18.0.1.9" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=18.0.1.9" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully

C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\searchplugins\oursurfing.xml => moved successfully

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\defsearchp@gmail.com => value removed successfully

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\deskCutv2@gmail.com => value removed successfully

Chrome StartupUrls => removed successfully

KMService => service removed successfully

C:\Windows\SysWOW64\srvany.exe => moved successfully


========= ipconfig /flushdns =========



Configuraci�n IP de Windows


Se vaci� correctamente la cach� de resoluci�n de DNS.


========= End of CMD: =========



========= netsh winsock reset all =========



El cat�logo Winsock se restableci� correctamente.

Debe reiniciar el equipo para completar el restablecimiento.



========= End of CMD: =========



========= netsh int ipv4 reset =========


Global se restableci� correctamente.

Interfaz se restableci� correctamente.

Direcci�n de unidifusi�n se restableci� correctamente.

Vecino se restableci� correctamente.

Ruta de acceso se restableci� correctamente.

Error al restablecer .

Acceso denegado.


se restableci� correctamente.

Reinicie el equipo para completar esta acci�n.



========= End of CMD: =========



========= netsh int ipv6 reset =========


Interfaz se restableci� correctamente.

Vecino se restableci� correctamente.

Ruta de acceso se restableci� correctamente.

Error al restablecer .

Acceso denegado.


se restableci� correctamente.

se restableci� correctamente.

Reinicie el equipo para completar esta acci�n.



========= End of CMD: =========



========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


La operaci¢n se complet¢ correctamente.




========= End of Reg: =========



========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


La operaci¢n se complet¢ correctamente.




========= End of Reg: =========



========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


La operaci¢n se complet¢ correctamente.




========= End of Reg: =========



========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========


La operaci¢n se complet¢ correctamente.




========= End of Reg: =========


EmptyTemp: => 537.8 MB temporary data Removed.



The system needed a reboot.


==== End of Fixlog 17:33:41 ====



AdwCleaner[C1]



# AdwCleaner v5.112 - Logfile created 23/04/2016 at 21:30:43

# Updated 17/04/2016 by Xplode

# Database : 2016-04-19.5 [server]

# Operating system : Windows 8.1 (X64)

# Username : DELL - DAVIDVARGAS

# Running from : C:\Users\DELL\Desktop\AdwCleaner.exe

# Option : Clean



***** [ Services ] *****



***** [ Folders ] *****


[-] Folder Deleted : C:\ProgramData\IHProtectUpDate

[-] Folder Deleted : C:\ProgramData\ZWinManProZ

[#] Folder Deleted : C:\ProgramData\Application Data\IHProtectUpDate

[#] Folder Deleted : C:\ProgramData\Application Data\ZWinManProZ

[-] Folder Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

[-] Folder Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil

[-] Folder Deleted : C:\Users\DELL\AppData\Roaming\SSN


***** [ Files ] *****


[-] File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage

[-] File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage-journal

[-] File Deleted : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil

[-] File Deleted : C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\searchplugins\default.xml


***** [ DLLs ] *****



***** [ Shortcuts ] *****



***** [ Scheduled tasks ] *****


[-] Task Deleted : amiupdaterExd

[-] Task Deleted : amiupdaterExi


***** [ Registry ] *****


[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}

[-] Key Deleted : HKCU\Software\APN PIP

[-] Key Deleted : HKCU\Software\ICSW1.17

[-] Key Deleted : HKCU\Software\Mozilla\Extends

[-] Key Deleted : HKLM\SOFTWARE\Clara

[-] Key Deleted : HKLM\SOFTWARE\Driver-Soft

[-] Key Deleted : HKLM\SOFTWARE\FFPluginHp

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius_is1


***** [ Web browsers ] *****


[-] [C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\prefs.js] Deleted : user_pref("browser.search.searchengine.alias", "oursurfing");

[-] [C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\prefs.js] Deleted : user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");

[-] [C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\prefs.js] Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.oursurfing.com/web/favicon.ico");

[-] [C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\prefs.js] Deleted : user_pref("browser.search.searchengine.name", "oursurfing");

[-] [C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\prefs.js] Deleted : user_pref("browser.search.searchengine.ptid", "2sq3");

[-] [C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\prefs.js] Deleted : user_pref("browser.search.searchengine.uid", "ST1000LM024XHN-M101MBB_S314J90F622539622539");

[-] [C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\prefs.js] Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.oursurfing.com/web/?type=dspp&ts=1439168198&z=072f60fa1d70dd2cf7489f9gdz9c1t8gcq8b7obe0e&from=2sq3&uid=ST1000LM024XHN-M101MBB_S314J90F622539622[...]

[-] [C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\prefs.js] Deleted : user_pref("extensions.quick_start.enable_search1", false);

[-] [C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\0zhvlcj4.default\prefs.js] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);


*************************


:: "Tracing" keys deleted

:: Winsock settings cleared


*************************


C:\AdwCleaner\AdwCleaner[C1].txt - [3996 bytes] - [23/04/2016 21:30:43]

C:\AdwCleaner\AdwCleaner[s1].txt - [4131 bytes] - [23/04/2016 21:22:28]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4142 bytes] ##########


JRT.txt



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.5 (04.20.2016)

Operating System: Windows 8.1 x64

Ran by DELL (Administrator) on 23/04/2016 at 21:49:49,83

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





File System: 10


Successfully deleted: C:\ProgramData\drivergenius (Folder)

Successfully deleted: C:\ProgramData\Start Menu\Programs\driver genius (Folder)

Successfully deleted: C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod (Folder)

Successfully deleted: C:\Users\DELL\Desktop\driver genius.lnk (Shortcut)

Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)

Successfully deleted: C:\Windows\system32\Tasks\update-S-1-5-21-1640298429-2741603158-4220914053-1001 (Task)

Successfully deleted: C:\Windows\system32\Tasks\update-sys (Task)

Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-1640298429-2741603158-4220914053-1001.job (Task)

Successfully deleted: C:\Windows\Tasks\update-sys.job (Task)

Successfully deleted: C:\Program Files (x86)\driver-soft (Folder)




Registry: 0






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 23/04/2016 at 21:52:10,25

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Thank you Juliet.




Link to comment
Share on other sites

BTW after AdwareCleaner's reboot, it appears me an Icon on desktop that says: Group at home or grupo en el hogar. I tried to eliminate manually but it doesn't dissapear, not even with the Spybot, so I tell you because this icon appears every time I use a Malwares desinfection, thanks

 

PD: I couldn't upload the image

Link to comment
Share on other sites

Usually refreshing (F5) the desktop will remove it

How to Add or Remove Homegroup Desktop Icon in Windows 8 and 8.1

http://www.eightforums.com/tutorials/48735-homegroup-desktop-icon-add-remove-windows-8-a.html

 

~~~~~~~~~~~~~~~~~~~~~``

 

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

 

 

OR from this location Malwarebytes' Anti-Malware

  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs, followed by the first Scan Log.
  • Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~``

     

    What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.

    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

    This scanner can take quite a bit of time to run, depending of course how full your computer is.

     

     

     

    GzlsbnV.pngESET Online Scan

    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points.
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

     

     

    ************************

     

    Please post these 2 logs when finished also, tell me how the computer is now.

Link to comment
Share on other sites

Hello Juliet,

I have removed the GroupHome Desktop Icon and have done the process with the programs you recommend me, here are the logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
Fecha del análisis: 24/04/2016
Hora del análisis: 17:13
Archivo de registro: Malwares_antmalwares_log.txt
Administrador: Sí
Versión: 2.2.1.1043
Base de datos de malwares: v2016.04.24.05
Base de datos de rootkits: v2016.04.17.01
Licencia: Prueba
Protección contra el malware: Activado
Protección contra sitios web maliciosos: Activado
Autoprotección: Desactivado
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: DELL
Tipo de análisis: Análisis de amenazas
Resultado: Completado
Objetos analizados: 345869
Tiempo transcurrido: 14 min, 49 seg
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Activado
PUM: Activado
Procesos: 0
(No hay elementos maliciosos detectados)
Módulos: 0
(No hay elementos maliciosos detectados)
Claves del registro: 1
PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, En cuarentena, [891c535fa0f973c3d451292f4db70000],
Valores del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Carpetas: 0
(No hay elementos maliciosos detectados)
Archivos: 0
(No hay elementos maliciosos detectados)
Sectores físicos: 0
(No hay elementos maliciosos detectados)
(end)
MyEsetScan.txt
C:\Users\DELL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.00\agent\stub_data\askrt_es.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\Mis documentos\Ganancias Secretas_tools\programas_edicion_videos\vppsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
E:\Mis documentos\Locutores\aTubeCatcher.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\Mis documentos\ploglamilla\Auto_Facebook_Marketer.rar a variant of MSIL/Ubot.D potentially unsafe application
The system of this computer is now faster, I didn't browse on the web yet but I think that everything will be alright. Even more the system will improve its performance after removing this last part that are showing the logs, what should I do now?
Thank you very much Juliet.
David
Link to comment
Share on other sites

Glad it's better.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

FRSTfix.JPG

 

 

start

CreateRestorePoint:

CloseProcesses:

C:\Users\DELL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.00\agent\stub_data\askrt_es.cab

E:\Mis documentos\Ganancias Secretas_tools\programas_edicion_videos\vppsetup.exe

E:\Mis documentos\Locutores\aTubeCatcher.exe

E:\Mis documentos\ploglamilla\Auto_Facebook_Marketer.rar

EmptyTemp:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Link to comment
Share on other sites

Hello Juliet,

I have done this task you told me and here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by DELL (2016-04-25 12:43:48) Run:3
Running from C:\Users\DELL\Desktop
Loaded Profiles: DELL (Available Profiles: DELL)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\DELL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.00\agent\stub_data\askrt_es.cab
E:\Mis documentos\Ganancias Secretas_tools\programas_edicion_videos\vppsetup.exe
E:\Mis documentos\Locutores\aTubeCatcher.exe
E:\Mis documentos\ploglamilla\Auto_Facebook_Marketer.rar
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Users\DELL\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.00\agent\stub_data\askrt_es.cab => moved successfully
E:\Mis documentos\Ganancias Secretas_tools\programas_edicion_videos\vppsetup.exe => moved successfully
E:\Mis documentos\Locutores\aTubeCatcher.exe => moved successfully
E:\Mis documentos\ploglamilla\Auto_Facebook_Marketer.rar => moved successfully
EmptyTemp: => 43.5 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 12:44:33 ====
BTW do you suggest me to delete the atube catcher file, auto fb marketer and video edition program, the last two I have never used but was thinking on using now, are they reliable for me or it's better that not to run this programs? Thank you very much
Have a nice day,
David. :)
Link to comment
Share on other sites

BTW do you suggest me to delete the atube catcher file, auto fb marketer and video edition program, the last two I have never used but was thinking on using now, are they reliable for me or it's better that not to run this programs? Thank you very much

I'm not familiar with these tools. You can ask member in this forum what they might recommend

http://forums.pcpitstop.com/index.php?/forum/3-user-to-user-help/

 

How is your computer now?

Link to comment
Share on other sites

AFZxnZc.jpg DelFix

  • Please download DelFix or from Here and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Click the Run button.
  • -- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
~~~~~~~~~~~~~~~~~~~~~``
  • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
  • EG85Vjt.pngMalwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • 6YRrgUC.pngMalwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • jv4nhMJ.pngNoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.pngSecunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • j1OLIec.pngSpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • sHjS79L.pngUnchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
  • JEP5iWI.pngWeb of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.Want to help others? Join the ClassRoom and learn how.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...