Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads on Steam


  • This topic is locked This topic is locked
6 replies to this topic

#1 coloric

coloric

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 04 April 2015 - 07:45 PM

Hello!
I was using windows 8.1 and began to appear advertisements in Steam.
I used various programs to remove malicious files, and only one (Malwarebytes) said it found and removed the PUP.Optional.InstallCore
However popups not disappeared ... so I decided to format my PC and install Windows 10 Technical Preview.
But when I installed Steam and was using it, popups still there.
Please help me, I do not know what to do. I have tried the Malwarebytes Anti-Malware, Spybot, SUPERAntiSpyware, and others.
Thank you!

Attached Files


Edited by coloric, 04 April 2015 - 07:48 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:35 AM

Posted 05 April 2015 - 07:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run the AdwCleaner tool and clean all this if found.

===

I need to see the FRST.txt log created when you have executed the Farbar tool.

Please post it in your next reply.

#3 coloric

coloric
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 April 2015 - 04:26 PM

Hello, nasdaq!
I think I was already attached these items you requested, anyway I did again.
Thanks for your help.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ricardo (administrator) on WIN-B1EE0GGDDID on 05-04-2015 18:23:09
Running from F:\Downloads
Loaded Profiles: Ricardo (Available profiles: Ricardo)
Platform: Windows 10 Pro Technical Preview (X64) OS Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\sihost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.ShellExperienceHost_1.0.0.2_x64__8wekyb3d8bbwe\shellexperiencehost.exe
(Microsoft Corporation) C:\Windows\System32\ApplicationFrameHost.exe
() C:\Program Files\WindowsApps\Microsoft.Cortana_1.3.1.444_x64__8wekyb3d8bbwe\searchui.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsBroker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(ROCCAT GmbH Co., Ltd.) C:\Program Files (x86)\ROCCAT\Roccat Talk\Roccat Talk.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-03-24] (Raptr, Inc)
HKLM-x32\...\Run: [RoccatKova+] => C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE [539688 2011-03-17] (Roccat GmbH)
HKLM-x32\...\Run: [RoccatIsku] => C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE [536576 2013-10-30] (ROCCAT GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Winlogon: [Userinit] [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7215264 2015-01-20] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7215264 2015-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2344163777-444367991-2105101475-1000\...\Run: [OneDrive] => C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-04-03] (Microsoft Corporation)
HKU\S-1-5-21-2344163777-444367991-2105101475-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888896 2015-03-24] (Valve Corporation)
HKU\S-1-5-21-2344163777-444367991-2105101475-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roccat Talk.lnk
ShortcutTarget: Roccat Talk.lnk -> C:\Windows\Installer\{605D671E-1D1E-4840-84D9-BFACE17F160D}\NewShortcut1_38373BA15BEE4DD08E16D3720C304537.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2344163777-444367991-2105101475-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2015-01-20] (Microsoft Corporation)
Handler-x32: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2015-01-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 201.6.2.193 201.6.2.93

FireFox:
========
FF ProfilePath: C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\BoVVtL5F.default
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Extension: Avira Browser Safety - C:\Users\Ricardo\AppData\Roaming\Mozilla\Firefox\Profiles\BoVVtL5F.default\Extensions\abs@avira.com [2015-04-03]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-03]
CHR Extension: (Google Docs) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-03]
CHR Extension: (Google Drive) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-03]
CHR Extension: (YouTube) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-03]
CHR Extension: (Google Search) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-03]
CHR Extension: (Google Sheets) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-03]
CHR Extension: (Avira Browser Safety) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03]
CHR Extension: (Gmail) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AJRouter; C:\Windows\System32\AJRouter.dll [19968 2015-01-20] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 ClipSVC; C:\Windows\System32\ClipSVC.dll [515072 2015-01-20] (Microsoft Corporation)
S3 CommsAPHost; C:\Windows\System32\APHostService.dll [228864 2015-01-20] (Microsoft Corporation)
R2 CoreUIRegistrar; C:\Windows\system32\coremessaging.dll [626616 2015-01-20] (Microsoft Corporation)
R2 CoreUIRegistrar; C:\Windows\SysWOW64\coremessaging.dll [460800 2015-01-20] (Microsoft Corporation)
S3 DcpSvc; C:\Windows\system32\dcpsvc.dll [196096 2015-01-20] (Microsoft Corporation)
S3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [24064 2015-01-20] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1189376 2015-01-20] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.DeviceManagement.Enrollment.dll [455168 2015-01-20] (Microsoft Corporation)
R2 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [105472 2015-01-20] (Microsoft Corporation)
R2 DoSvc; C:\Windows\system32\svchost.exe [39456 2015-01-20] (Microsoft Corporation)
R2 DoSvc; C:\Windows\SysWOW64\svchost.exe [33752 2015-01-20] (Microsoft Corporation)
S3 DsSvc; C:\Windows\System32\DsSvc.dll [120832 2015-01-20] (Microsoft Corporation)
S3 lfsvc; C:\Windows\System32\lfsvc.dll [22528 2015-01-20] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MosHost; C:\Windows\System32\moshost.dll [169984 2015-01-20] (Microsoft Corporation)
S3 MosHost; C:\Windows\SysWOW64\moshost.dll [124416 2015-01-20] (Microsoft Corporation)
S3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [128000 2015-01-20] (Microsoft Corporation)
R3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [309760 2015-01-20] (Microsoft Corporation)
S3 NgcSvc; C:\Windows\system32\ngcsvc.dll [391168 2015-01-20] (Microsoft Corporation)
S3 PhoneSvc; C:\Windows\System32\PhoneService.dll [521216 2015-01-20] (Microsoft Corporation)
S3 PimIndexMaintenance; C:\Windows\System32\PimIndexMaintenance.dll [279552 2015-01-20] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RetailDemoService.dll [286720 2015-01-20] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SensorService; C:\Windows\system32\SensorService.dll [125440 2015-01-20] (Microsoft Corporation)
S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [512512 2015-01-20] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\threadorder.dll [19456 2015-01-20] (Microsoft Corporation)
R3 tiledatamodelsvc; C:\Windows\system32\tileobjserver.dll [321536 2015-01-30] (Microsoft Corporation)
S3 UnistoreService; C:\Windows\System32\unistore.dll [986112 2015-01-20] (Microsoft Corporation)
S3 UserDataService; C:\Windows\System32\userdataservice.dll [1053696 2015-01-20] (Microsoft Corporation)
R2 UserManager; C:\Windows\System32\usermgr.dll [444928 2015-01-20] (Microsoft Corporation)
S3 UserTrustedSignals; C:\Windows\system32\Windows.UserTrustedSignals.dll [130560 2015-01-20] (Microsoft Corporation)
S3 UsoSvc; C:\Windows\system32\usocore.dll [207872 2015-01-20] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2015-04-03] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [351832 2015-01-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16704 2015-01-20] (Microsoft Corporation)
S3 WpnService; C:\Windows\system32\WpnService.dll [46592 2015-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [31744 2015-01-20] (Microsoft Corporation)
S3 CapImg; C:\Windows\System32\drivers\capimg.sys [95232 2015-01-20] (Microsoft Corporation)
S4 cnghwassist; C:\Windows\System32\DRIVERS\cnghwassist.sys [38864 2015-01-20] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_f3cb3ea7a7db22f1\CompositeBus.sys [39424 2015-01-20] (Microsoft Corporation)
S3 fcvsc; C:\Windows\System32\drivers\fcvsc.sys [30720 2015-01-20] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfnclass.sys [20992 2015-01-20] (Microsoft Corporation)
S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [38864 2015-01-20] (Microsoft Corporation)
R3 KovaPlusFltr; C:\Windows\system32\drivers\KovaPlusFltr.sys [15104 2015-04-03] (ROCCAT Development, Inc.)
S0 LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [98256 2015-01-20] (LSI Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [90576 2015-01-20] (LSI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [61392 2015-01-20] (Avago Technologies)
R2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [37888 2015-01-20] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [67584 2015-01-20] ()
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc.sys [97280 2015-01-20] (Microsoft Corporation)
S3 NETVSCVFPP; C:\Windows\system32\DRIVERS\netvsc.sys [97280 2015-01-20] (Microsoft Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [56784 2015-01-20] (LSI Corporation)
S0 percsas3i; C:\Windows\System32\drivers\percsas3i.sys [58832 2015-01-20] (Avago Technologies)
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [934352 2015-01-20] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 storufs; C:\Windows\System32\drivers\storufs.sys [39888 2015-01-20] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_e5d68a18d2844655\swenum.sys [17872 2015-01-20] (Microsoft Corporation)
S3 Ufx01000; C:\Windows\System32\drivers\ufx01000.sys [189952 2015-01-20] (Microsoft Corporation)
S3 UfxChipidea; C:\Windows\System32\drivers\UfxChipidea.sys [83456 2015-01-20] (Microsoft Corporation)
S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [104960 2015-01-20] (Microsoft Corporation)
S3 UrsChipidea; C:\Windows\System32\drivers\urschipidea.sys [15872 2015-01-20] (Microsoft Corporation)
S3 UrsCx01000; C:\Windows\System32\drivers\urscx01000.sys [41984 2015-01-20] (Microsoft Corporation)
S3 UrsSynopsys; C:\Windows\System32\drivers\urssynopsys.sys [17920 2015-01-20] (Microsoft Corporation)
S3 vhf; C:\Windows\System32\drivers\vhf.sys [25088 2015-01-20] (Microsoft Corporation)
S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [849920 2015-01-20] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117200 2015-01-20] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [90112 2015-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: DmEnrollmentSvc -> C:\Windows\system32\Windows.DeviceManagement.Enrollment.dll (Microsoft Corporation)
NETSVC: dosvc -> No ServiceDLL Path.
NETSVC: DcpSvc -> C:\Windows\system32\dcpsvc.dll (Microsoft Corporation)
NETSVC: DiagTrack -> C:\Windows\system32\diagtrack.dll (Microsoft Corporation)
NETSVC: NetSetupSvc -> C:\Windows\System32\NetSetupSvc.dll (Microsoft Corporation)
NETSVC: RetailDemo -> C:\Windows\system32\RetailDemoService.dll (Microsoft Corporation)
NETSVC: UsoSvc -> C:\Windows\system32\usocore.dll (Microsoft Corporation)
NETSVC: dmwappushservice -> C:\Windows\system32\dmwappushsvc.dll (Microsoft Corporation)
NETSVC: UserTrustedSignals -> C:\Windows\system32\Windows.UserTrustedSignals.dll (Microsoft Corporation)
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 18:21 - 2015-04-05 18:21 - 00000969 _____ () C:\Users\Ricardo\Desktop\AdwCleanerv2.txt
2015-04-05 18:17 - 2015-04-05 18:17 - 00000000 ___HD () C:\OneDriveTemp
2015-04-04 21:33 - 2015-04-04 21:33 - 00048981 _____ () C:\Users\Ricardo\Desktop\FRST.txt
2015-04-04 21:31 - 2015-04-05 18:23 - 00000000 ____D () C:\FRST
2015-04-04 21:31 - 2015-04-04 21:31 - 00008209 _____ () C:\Users\Ricardo\Desktop\hijackthis.txt
2015-04-04 21:27 - 2015-04-04 21:27 - 00001328 _____ () C:\Users\Ricardo\Desktop\AdwCleaner.txt
2015-04-04 21:26 - 2015-04-05 18:19 - 00000000 ____D () C:\AdwCleaner
2015-04-04 21:24 - 2015-04-04 21:24 - 00015872 ___SH () C:\Users\Ricardo\Desktop\Thumbs.db
2015-04-04 21:24 - 2015-04-04 21:24 - 00001067 _____ () C:\Users\Ricardo\Desktop\IrfanView.lnk
2015-04-04 21:24 - 2015-04-04 21:24 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-04-04 21:24 - 2015-04-04 21:24 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\IrfanView
2015-04-04 21:24 - 2015-04-04 21:24 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-04-04 20:55 - 2015-04-05 18:21 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-04 20:55 - 2015-04-04 21:28 - 00000546 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c2ea569c-01bd-4a04-a6d9-811b716e089a.job
2015-04-04 20:55 - 2015-04-04 21:28 - 00000546 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 37588e00-867a-4225-80a1-a6e4710b7c03.job
2015-04-04 20:55 - 2015-04-04 20:55 - 00003790 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c2ea569c-01bd-4a04-a6d9-811b716e089a
2015-04-04 20:55 - 2015-04-04 20:55 - 00003708 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 37588e00-867a-4225-80a1-a6e4710b7c03
2015-04-04 20:55 - 2015-04-04 20:55 - 00001849 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-04 20:55 - 2015-04-04 20:55 - 00000000 ____D () C:\Users\Todos os Usuários\SUPERAntiSpyware.com
2015-04-04 20:55 - 2015-04-04 20:55 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\SUPERAntiSpyware.com
2015-04-04 20:55 - 2015-04-04 20:55 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-04 20:55 - 2015-04-04 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-04 19:46 - 2015-04-04 19:46 - 00000000 ____D () C:\Users\Todos os Usuários\USOShared
2015-04-04 19:46 - 2015-04-04 19:46 - 00000000 ____D () C:\ProgramData\USOShared
2015-04-04 19:42 - 2015-04-04 19:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-04 19:42 - 2015-02-26 21:14 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-04 19:29 - 2015-04-04 20:06 - 00000000 ____D () C:\Users\Todos os Usuários\Spybot - Search & Destroy
2015-04-04 19:29 - 2015-04-04 20:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-04 19:29 - 2015-04-04 19:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-04 19:29 - 2015-04-04 19:29 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-04 19:29 - 2015-04-04 19:29 - 00001448 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-04 19:29 - 2015-04-04 19:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-04 19:29 - 2015-04-04 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-04 19:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-04-04 08:35 - 2015-04-04 08:41 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Apple Computer
2015-04-04 08:35 - 2015-04-04 08:35 - 00001822 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-04 08:35 - 2015-04-04 08:35 - 00000000 ____D () C:\Users\Todos os Usuários\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-04 08:35 - 2015-04-04 08:35 - 00000000 ____D () C:\Users\Todos os Usuários\Apple Computer
2015-04-04 08:35 - 2015-04-04 08:35 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\Apple Computer
2015-04-04 08:35 - 2015-04-04 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-04 08:35 - 2015-04-04 08:35 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-04 08:35 - 2015-04-04 08:35 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-04-04 08:35 - 2015-04-04 08:35 - 00000000 ____D () C:\Program Files\iTunes
2015-04-04 08:35 - 2015-04-04 08:35 - 00000000 ____D () C:\Program Files\iPod
2015-04-04 08:35 - 2015-04-04 08:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-04 08:35 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-04-04 08:34 - 2015-04-04 08:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-04 08:34 - 2015-04-04 08:34 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-04-04 08:34 - 2015-04-04 08:34 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-04-04 08:34 - 2015-04-04 08:34 - 00000000 ____D () C:\Users\Todos os Usuários\Apple
2015-04-04 08:34 - 2015-04-04 08:34 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\Apple
2015-04-04 08:34 - 2015-04-04 08:34 - 00000000 ____D () C:\ProgramData\Apple
2015-04-04 08:34 - 2015-04-04 08:34 - 00000000 ____D () C:\Program Files\Bonjour
2015-04-04 08:34 - 2015-04-04 08:34 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-04-04 08:34 - 2015-04-04 08:34 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-04-03 20:02 - 2015-04-03 20:02 - 00000943 _____ () C:\Users\Ricardo\Desktop\µTorrent.lnk
2015-04-03 20:02 - 2015-04-03 20:02 - 00000923 _____ () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-04-03 20:01 - 2015-04-04 08:46 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\uTorrent
2015-04-03 19:52 - 2015-04-03 19:52 - 00001994 _____ () C:\Users\Ricardo\Desktop\Heroes of Newerth.lnk
2015-04-03 19:52 - 2015-04-03 19:52 - 00000000 ____D () C:\Users\Ricardo\Documents\Heroes of Newerth
2015-04-03 19:52 - 2015-04-03 19:52 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\vlc
2015-04-03 19:52 - 2015-04-03 19:52 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
2015-04-03 19:52 - 2015-04-03 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
2015-04-03 19:51 - 2015-04-03 19:51 - 00001139 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-03 19:51 - 2015-04-03 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-03 19:51 - 2015-04-03 19:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-04-03 19:31 - 2015-04-03 19:55 - 00000000 ____D () C:\Program Files (x86)\Heroes of Newerth
2015-04-03 19:31 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-04-03 19:31 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-04-03 19:31 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-04-03 19:31 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-04-03 19:07 - 2015-04-03 19:07 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-03 19:07 - 2015-04-03 19:07 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Mozilla
2015-04-03 19:07 - 2015-04-03 19:07 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Avira
2015-04-03 19:06 - 2015-03-17 16:47 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-03 19:06 - 2015-03-17 16:47 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-03 19:06 - 2015-03-17 16:47 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-03 19:05 - 2015-04-03 19:06 - 00000000 ____D () C:\Users\Todos os Usuários\Avira
2015-04-03 19:05 - 2015-04-03 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-03 19:05 - 2015-04-03 19:06 - 00000000 ____D () C:\ProgramData\Avira
2015-04-03 19:05 - 2015-04-03 19:06 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-03 19:05 - 2015-04-03 19:05 - 00001280 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-03 19:02 - 2015-04-03 19:02 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\Steam
2015-04-03 19:01 - 2015-04-05 18:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-03 19:01 - 2015-04-03 19:01 - 00001032 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-03 19:01 - 2015-04-03 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-03 18:51 - 2015-04-04 20:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-03 18:50 - 2015-04-03 18:50 - 00001171 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-03 18:50 - 2015-04-03 18:50 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2015-04-03 18:50 - 2015-04-03 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-03 18:50 - 2015-04-03 18:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-03 18:50 - 2015-04-03 18:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-03 18:50 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-03 18:50 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-03 18:50 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-03 18:40 - 2015-04-03 18:40 - 00000000 ____D () C:\Users\Todos os Usuários\ROCCAT
2015-04-03 18:40 - 2015-04-03 18:40 - 00000000 ____D () C:\Users\Todos os Usuários\ATI
2015-04-03 18:40 - 2015-04-03 18:40 - 00000000 ____D () C:\ProgramData\ROCCAT
2015-04-03 18:40 - 2015-04-03 18:40 - 00000000 ____D () C:\ProgramData\ATI
2015-04-03 18:39 - 2015-04-03 18:39 - 00001812 _____ () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayItem.{867A5F76-34E0-96E9-8F51-F93CFB5414D7}.lnk
2015-04-03 18:38 - 2015-04-03 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
2015-04-03 18:38 - 2015-04-03 18:39 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2015-04-03 18:38 - 2015-04-03 18:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-03 18:37 - 2015-04-03 18:37 - 00000553 _____ () C:\Windows\Cm108.ini.imi
2015-04-03 18:37 - 2015-04-03 18:37 - 00000502 _____ () C:\Windows\system\Cm108.ini
2015-04-03 18:37 - 2015-04-03 18:37 - 00000169 _____ () C:\Windows\Cm108.ini.cfl
2015-04-03 18:37 - 2015-04-03 18:37 - 00000125 _____ () C:\Windows\system\Dlap.pfx
2015-04-03 18:37 - 2012-12-07 04:29 - 00001395 ____N () C:\Windows\cm108.ini
2015-04-03 18:37 - 2012-11-27 07:49 - 00828416 ____N () C:\Windows\system32\Cmeau108.exe
2015-04-03 18:37 - 2012-11-20 00:17 - 12935168 ____N (C-Media Corporation) C:\Windows\SysWOW64\CM108.dll
2015-04-03 18:37 - 2012-06-05 22:56 - 00143360 ____N () C:\Windows\Vmix108.dll
2015-04-03 18:37 - 2012-06-04 03:15 - 04533760 ____N () C:\Windows\system32\CM108.cpl
2015-04-03 18:37 - 2009-08-18 13:00 - 00359424 ____N () C:\Windows\system32\CmiInstallResAll64.dll
2015-04-03 18:37 - 2008-10-01 14:17 - 00002029 ____N () C:\Windows\Cm108.ini.cfg
2015-04-03 18:37 - 2006-10-05 02:45 - 00524768 _____ (Microsoft Corporation) C:\Windows\difxapi.dll
2015-04-03 18:37 - 2006-09-12 23:21 - 00200704 ____N (C-Media) C:\Windows\SysWOW64\cmpa108.dll
2015-04-03 18:34 - 2015-04-05 18:21 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Raptr
2015-04-03 18:34 - 2015-04-03 18:34 - 00064052 _____ () C:\Windows\SysWOW64\CCCInstall_201504031834147376.log
2015-04-03 18:34 - 2015-04-03 18:34 - 00000000 ____D () C:\Users\Todos os Usuários\AMD
2015-04-03 18:34 - 2015-04-03 18:34 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\library_dir
2015-04-03 18:34 - 2015-04-03 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-04-03 18:34 - 2015-04-03 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-04-03 18:34 - 2015-04-03 18:34 - 00000000 ____D () C:\ProgramData\AMD
2015-04-03 18:34 - 2015-04-03 18:34 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-04-03 18:34 - 2015-04-03 18:34 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-04-03 18:33 - 2015-04-03 18:33 - 00060844 _____ () C:\Windows\SysWOW64\CCCInstall_201504031833135160.log
2015-04-03 18:33 - 2015-04-03 18:33 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\ATI
2015-04-03 18:33 - 2015-04-03 18:33 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\ATI
2015-04-03 18:33 - 2015-04-03 18:33 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-04-03 18:22 - 2015-04-05 18:21 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 18:22 - 2015-04-04 21:27 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 18:22 - 2015-04-03 19:05 - 00000000 ____D () C:\Users\Todos os Usuários\Package Cache
2015-04-03 18:22 - 2015-04-03 19:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-03 18:22 - 2015-04-03 18:22 - 27646720 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\EEP64H.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\EEP64A.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 03300528 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 02000640 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO264.DLL
2015-04-03 18:22 - 2015-04-03 18:22 - 01986048 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 01728768 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO232.DLL
2015-04-03 18:22 - 2015-04-03 18:22 - 01161336 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 01013504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00879616 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO64.DLL
2015-04-03 18:22 - 2015-04-03 18:22 - 00876544 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00739328 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO32.DLL
2015-04-03 18:22 - 2015-04-03 18:22 - 00689672 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2015-04-03 18:22 - 2015-04-03 18:22 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00619520 _____ (Creative Technology Ltd.) C:\Windows\system32\VMTHX64.DLL
2015-04-03 18:22 - 2015-04-03 18:22 - 00554496 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMTHX32.DLL
2015-04-03 18:22 - 2015-04-03 18:22 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\EED64H.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\EED64A.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00388096 _____ (Creative Technology Ltd.) C:\Windows\system32\VMWRP64.DLL
2015-04-03 18:22 - 2015-04-03 18:22 - 00248952 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00137056 _____ (Dolby Laboratories) C:\Windows\system32\EEL64H.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00137056 _____ (Dolby Laboratories) C:\Windows\system32\EEL64A.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00123512 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00120160 _____ (Dolby Laboratories) C:\Windows\system32\EEA64H.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00120160 _____ (Dolby Laboratories) C:\Windows\system32\EEA64A.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00095352 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00092280 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00086016 _____ (QSound Labs, Inc.) C:\Windows\system32\nQPropPageExt.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00083968 _____ (QSound Labs, Inc.) C:\Windows\system32\nQAPO.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00075104 _____ (Dolby Laboratories) C:\Windows\system32\EEG64H.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00075104 _____ (Dolby Laboratories) C:\Windows\system32\EEG64A.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00070776 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\VtSrdAPO.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPLD64.DLL
2015-04-03 18:22 - 2015-04-03 18:22 - 00055416 _____ (TODO: <Company name>) C:\Windows\system32\PropPageExt.dll
2015-04-03 18:22 - 2015-04-03 18:22 - 00053760 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPCN64.DLL
2015-04-03 18:22 - 2015-04-03 18:22 - 00030728 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\VMfilt64.sys
2015-04-03 18:22 - 2015-04-03 18:22 - 00027768 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2015-04-03 18:22 - 2015-04-03 18:22 - 00004058 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-03 18:22 - 2015-04-03 18:22 - 00003826 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-03 18:22 - 2015-04-03 18:22 - 00002330 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-03 18:22 - 2015-04-03 18:22 - 00000000 ____D () C:\Windows\system32\SRSLabs
2015-04-03 18:22 - 2015-04-03 18:22 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\Google
2015-04-03 18:22 - 2015-04-03 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-03 18:22 - 2015-04-03 18:22 - 00000000 ____D () C:\Program Files\VIA
2015-04-03 18:22 - 2015-04-03 18:22 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-03 18:22 - 2015-03-09 18:50 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-03 18:22 - 2015-03-09 18:09 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-03 18:22 - 2015-03-05 03:23 - 02758144 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-03 18:22 - 2015-03-05 03:21 - 02758144 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.tlb
2015-04-03 18:22 - 2015-03-05 02:46 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-03 18:22 - 2015-03-05 02:29 - 02758144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-03 18:22 - 2015-03-05 02:28 - 02758144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.tlb
2015-04-03 18:22 - 2015-03-05 02:16 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-03 18:22 - 2015-03-05 01:57 - 00532992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-03 18:22 - 2015-03-05 01:34 - 00401408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-03 18:22 - 2015-03-05 01:28 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-03 18:22 - 2015-03-05 01:18 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-03 18:22 - 2015-03-05 01:00 - 00502272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-03 18:22 - 2015-03-05 00:52 - 06909952 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2015-04-03 18:22 - 2015-03-05 00:52 - 00253440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-03 18:22 - 2015-03-05 00:43 - 05458944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-03 18:22 - 2015-03-05 00:41 - 24316416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-03 18:22 - 2015-03-05 00:37 - 22973952 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-04-03 18:22 - 2015-03-05 00:36 - 05278208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-04-03 18:22 - 2015-03-05 00:30 - 04116480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-03 18:22 - 2015-03-05 00:20 - 19053056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-03 18:22 - 2015-03-05 00:17 - 18106368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-04-03 18:22 - 2015-03-05 00:15 - 02527744 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-03 18:22 - 2015-03-05 00:15 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-03 18:22 - 2015-03-05 00:12 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2015-04-03 18:22 - 2015-03-05 00:09 - 02081792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-03 18:22 - 2015-03-05 00:09 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-03 18:22 - 2015-03-05 00:06 - 00583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2015-04-03 18:22 - 2015-02-13 07:52 - 23140904 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-03 18:22 - 2015-02-13 07:06 - 20946304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-03 18:22 - 2015-02-11 04:35 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2015-04-03 18:22 - 2015-01-30 17:46 - 00059856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-04-03 18:22 - 2015-01-30 17:43 - 01872336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-04-03 18:22 - 2015-01-30 17:43 - 00448976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2015-04-03 18:22 - 2015-01-30 17:43 - 00397264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-04-03 18:22 - 2015-01-30 17:41 - 03394032 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-04-03 18:22 - 2015-01-30 17:41 - 00471136 _____ (Microsoft Corporation) C:\Windows\system32\StartMenuBroker.exe
2015-04-03 18:22 - 2015-01-30 17:40 - 00043048 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-03 18:22 - 2015-01-30 17:36 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-04-03 18:22 - 2015-01-30 16:08 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-03 18:22 - 2015-01-30 15:54 - 02092544 _____ (Microsoft Corporation) C:\Windows\system32\RendRDP.dll
2015-04-03 18:22 - 2015-01-30 15:45 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-03 18:22 - 2015-01-30 15:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-04-03 18:22 - 2015-01-30 15:13 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\IPELoggingDictationHelper.dll
2015-04-03 18:22 - 2015-01-30 15:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-03 18:22 - 2015-01-30 15:13 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-03 18:22 - 2015-01-30 15:08 - 01095168 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-03 18:22 - 2015-01-30 15:07 - 01643008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-04-03 18:22 - 2015-01-30 15:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-03 18:22 - 2015-01-30 14:52 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\wuapihost.exe
2015-04-03 18:22 - 2015-01-30 14:39 - 00871424 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-03 18:22 - 2015-01-30 14:24 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\NotificationObjFactory.dll
2015-04-03 18:22 - 2015-01-30 14:19 - 03271168 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-03 18:22 - 2015-01-30 14:00 - 02332672 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-04-03 18:22 - 2015-01-30 13:54 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2015-04-03 18:22 - 2015-01-30 13:52 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2015-04-03 18:22 - 2015-01-30 13:50 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-04-03 18:22 - 2015-01-30 13:50 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2015-04-03 18:22 - 2015-01-30 13:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2015-04-03 18:22 - 2015-01-30 13:49 - 01004032 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2015-04-03 18:22 - 2015-01-30 13:39 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2015-04-03 18:22 - 2015-01-30 13:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll
2015-04-03 18:22 - 2015-01-30 13:38 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-03 18:22 - 2015-01-30 13:30 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2015-04-03 18:22 - 2015-01-30 13:29 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-03 18:22 - 2015-01-30 13:28 - 01644544 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-03 18:22 - 2015-01-30 13:24 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-03 18:22 - 2015-01-30 13:17 - 00983552 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-04-03 18:22 - 2015-01-30 13:15 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2015-04-03 18:22 - 2015-01-30 13:13 - 00520192 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2015-04-03 18:22 - 2015-01-30 13:04 - 03564032 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2015-04-03 18:22 - 2015-01-30 13:02 - 07771648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-03 18:22 - 2015-01-30 13:01 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2015-04-03 18:22 - 2015-01-30 12:16 - 02950368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-04-03 18:22 - 2015-01-30 10:31 - 01630720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RendRDP.dll
2015-04-03 18:22 - 2015-01-30 10:18 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-04-03 18:22 - 2015-01-30 09:58 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPELoggingDictationHelper.dll
2015-04-03 18:22 - 2015-01-30 09:58 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-03 18:22 - 2015-01-30 09:54 - 00852480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-03 18:22 - 2015-01-30 09:41 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapihost.exe
2015-04-03 18:22 - 2015-01-30 09:32 - 00700928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-03 18:22 - 2015-01-30 09:18 - 03046912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-03 18:22 - 2015-01-30 09:05 - 01922560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-04-03 18:22 - 2015-01-30 08:57 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-04-03 18:22 - 2015-01-30 08:51 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2015-04-03 18:22 - 2015-01-30 08:43 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-04-03 18:22 - 2015-01-30 08:40 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-03 18:22 - 2015-01-30 08:35 - 00818176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-04-03 18:22 - 2015-01-30 08:25 - 06706688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-03 18:22 - 2015-01-30 08:24 - 01110528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2015-04-03 18:21 - 2015-04-04 21:34 - 01728590 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 18:21 - 2015-04-04 19:22 - 00004142 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C7989B16-2836-4DF7-982F-A8A2171CB756}
2015-04-03 18:21 - 2015-04-03 18:34 - 00000000 ____D () C:\Program Files\AMD
2015-04-03 18:21 - 2015-04-03 18:27 - 00000000 ____D () C:\AMD
2015-04-03 18:21 - 2015-04-03 18:21 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2015-04-03 18:21 - 2015-04-03 18:21 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2015-04-03 18:21 - 2015-04-03 18:21 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2015-04-03 18:21 - 2015-04-03 18:21 - 00826368 _____ (AMD) C:\Windows\system32\coinst_14.20.dll
2015-04-03 18:21 - 2015-04-03 18:21 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2015-04-03 18:21 - 2015-04-03 18:21 - 00734861 _____ () C:\Windows\system32\atiicdxx.dat
2015-04-03 18:21 - 2015-04-03 18:21 - 00332800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2015-04-03 18:21 - 2015-04-03 18:21 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2015-04-03 18:21 - 2015-04-03 18:21 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2015-04-03 18:21 - 2015-04-03 18:21 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2015-04-03 18:21 - 2015-04-03 18:21 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
2015-04-03 18:21 - 2015-04-03 18:21 - 00138832 _____ () C:\Windows\system32\samu_krnl_isv_ci.sbin
2015-04-03 18:21 - 2015-04-03 18:21 - 00118784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atibtmon.exe
2015-04-03 18:21 - 2015-04-03 18:21 - 00051200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2015-04-03 18:21 - 2015-04-03 18:21 - 00003917 _____ () C:\Windows\SysWOW64\atipblag.dat
2015-04-03 18:21 - 2015-04-03 18:21 - 00003917 _____ () C:\Windows\system32\atipblag.dat
2015-04-03 18:21 - 2015-04-03 18:21 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Macromedia
2015-04-03 18:21 - 2015-04-03 18:21 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-04-03 18:21 - 2015-04-03 18:21 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-04-03 18:21 - 2014-11-20 23:44 - 11076784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-04-03 18:21 - 2014-11-20 23:44 - 09401480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-04-03 18:21 - 2014-11-20 23:44 - 01348928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-04-03 18:21 - 2014-11-20 23:44 - 01127496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-04-03 18:21 - 2014-11-20 23:44 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-04-03 18:21 - 2014-11-20 23:44 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-04-03 18:21 - 2014-11-20 23:44 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-04-03 18:21 - 2014-11-20 23:40 - 18959360 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-04-03 18:21 - 2014-11-20 23:08 - 00589312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-04-03 18:20 - 2015-04-03 18:20 - 00015104 _____ (ROCCAT Development, Inc.) C:\Windows\system32\Drivers\KovaPlusFltr.sys
2015-04-03 18:19 - 2015-03-03 10:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-04-03 18:17 - 2015-04-05 18:21 - 00000000 ___RD () C:\Users\Ricardo\OneDrive
2015-04-03 18:17 - 2015-04-03 18:17 - 00002346 _____ () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-04-03 18:17 - 2015-04-03 18:17 - 00000000 ____D () C:\Users\Todos os Usuários\USOPrivate
2015-04-03 18:17 - 2015-04-03 18:17 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft OneDrive
2015-04-03 18:17 - 2015-04-03 18:17 - 00000000 ____D () C:\ProgramData\USOPrivate
2015-04-03 18:17 - 2015-04-03 18:17 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-04-03 18:16 - 2015-04-05 18:21 - 00016148 _____ () C:\Windows\system32\WIN-B1EE0GGDDID_Ricardo_HistoryPrediction.bin
2015-04-03 18:16 - 2015-04-03 18:40 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\VirtualStore
2015-04-03 18:16 - 2015-04-03 18:17 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\Packages
2015-04-03 18:16 - 2015-04-03 18:17 - 00000000 ____D () C:\Users\Ricardo
2015-04-03 18:16 - 2015-04-03 18:16 - 00001313 _____ () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-03 18:16 - 2015-04-03 18:16 - 00000020 ___SH () C:\Users\Ricardo\ntuser.ini
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\Modelos
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\Meus Documentos
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\Menu Iniciar
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\Documents\Minhas Músicas
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\Documents\Minhas Imagens
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\Documents\Meus Vídeos
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\Dados de Aplicativos
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\Configurações Locais
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\AppData\Local\Histórico
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\AppData\Local\Dados de Aplicativos
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\Ambiente de Rede
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 _SHDL () C:\Users\Ricardo\Ambiente de Impressão
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Adobe
2015-04-03 18:16 - 2015-04-03 18:16 - 00000000 ____D () C:\Users\Ricardo\AppData\Local\TileDataLayer
2015-04-03 18:16 - 2015-01-20 09:10 - 00000000 ___RD () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-03 18:16 - 2015-01-20 09:10 - 00000000 ___RD () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-03 18:16 - 2015-01-20 09:10 - 00000000 ___RD () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-03 18:16 - 2015-01-20 09:10 - 00000000 ____D () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-03 18:16 - 2015-01-20 08:48 - 00000369 _____ () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-03 18:16 - 2015-01-20 08:48 - 00000369 _____ () C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-03 18:14 - 2015-04-05 18:20 - 00110421 _____ () C:\Windows\WindowsUpdate_AU_deprecated.log
2015-04-03 18:14 - 2015-04-04 21:30 - 00000191 _____ () C:\Windows\WindowsUpdate.log
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Usuário Padrão\Documents\Minhas Músicas
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Usuário Padrão\Documents\Minhas Imagens
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Usuário Padrão\Documents\Meus Vídeos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Usuário Padrão\AppData\Local\Histórico
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Usuário Padrão\AppData\Local\Dados de Aplicativos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Usuário Padrão
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Todos os Usuários\Modelos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Todos os Usuários\Menu Iniciar
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Todos os Usuários\Documentos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Todos os Usuários\Dados de Aplicativos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Todos os Usuários
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Public\Documents\Minhas Músicas
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Public\Documents\Minhas Imagens
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Public\Documents\Meus Vídeos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\Modelos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\Meus Documentos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\Menu Iniciar
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\Documents\Minhas Músicas
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\Documents\Minhas Imagens
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\Documents\Meus Vídeos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\Dados de Aplicativos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\Configurações Locais
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Histórico
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Dados de Aplicativos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\Ambiente de Rede
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default\Ambiente de Impressão
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default User\Documents\Minhas Músicas
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default User\Documents\Minhas Imagens
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default User\Documents\Meus Vídeos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Histórico
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Dados de Aplicativos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\ProgramData\Modelos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\ProgramData\Menu Iniciar
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\ProgramData\Documentos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\ProgramData\Dados de Aplicativos
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Program Files\Common Files\Sistema
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Program Files\Arquivos Comuns
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 _SHDL () C:\Arquivos de Programas
2015-04-03 18:14 - 2015-04-03 18:14 - 00000000 ____D () C:\Windows\CSC
2015-04-03 18:14 - 2015-01-20 08:45 - 02706944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2015-04-03 18:12 - 2015-04-04 19:44 - 00133694 _____ () C:\Windows\PFRO.log
2015-04-03 18:11 - 2015-04-03 18:16 - 00000000 ____D () C:\Windows\Panther

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 18:20 - 2015-01-20 12:34 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-05 18:20 - 2015-01-20 09:09 - 00000000 ____D () C:\Windows\system32\sru
2015-04-05 18:20 - 2015-01-20 06:54 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-04 21:34 - 2015-01-20 18:17 - 00744028 _____ () C:\Windows\system32\prfh0416.dat
2015-04-04 21:34 - 2015-01-20 18:17 - 00154064 _____ () C:\Windows\system32\prfc0416.dat
2015-04-04 19:43 - 2015-01-20 09:09 - 00000000 ___RD () C:\Windows\ToastData
2015-04-04 19:43 - 2015-01-20 09:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-04 19:43 - 2015-01-20 08:35 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-04 19:42 - 2015-01-20 06:54 - 00032768 ___SH () C:\Windows\system32\config\ELAM
2015-04-04 19:19 - 2015-01-20 12:33 - 00008005 _____ () C:\Windows\setupact.log
2015-04-04 07:37 - 2015-01-20 09:09 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-03 18:37 - 2015-01-20 09:09 - 00000000 ____D () C:\Windows\System
2015-04-03 18:22 - 2015-01-20 09:09 - 00000000 ____D () C:\Windows\system32\restore
2015-04-03 18:16 - 2015-01-20 09:09 - 00000000 ___RD () C:\Windows\PrintDialog
2015-04-03 18:16 - 2015-01-20 09:09 - 00000000 ___RD () C:\Windows\MtcUvc
2015-04-03 18:16 - 2015-01-20 09:09 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-04-03 18:16 - 2015-01-20 09:09 - 00000000 ____D () C:\Windows\WinStore
2015-04-03 18:16 - 2015-01-20 09:09 - 00000000 ____D () C:\Windows\FileManager
2015-04-03 18:16 - 2015-01-20 09:09 - 00000000 ____D () C:\Windows\Camera
2015-04-03 18:14 - 2015-01-20 09:09 - 00000000 ____D () C:\Windows\system32\spool
2015-04-03 18:14 - 2015-01-20 09:09 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-03 18:14 - 2015-01-20 09:09 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-03 18:14 - 2015-01-20 06:54 - 00000000 __RHD () C:\Users\Default
2015-04-03 18:13 - 2015-01-20 09:13 - 00002133 _____ () C:\Windows\DtcInstall.log
2015-04-03 18:13 - 2015-01-20 09:09 - 00000000 ____D () C:\Windows\system32\Recovery
2015-04-03 18:13 - 2015-01-20 06:54 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-04-03 18:12 - 2015-01-20 12:32 - 00367752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-03 18:11 - 2015-01-20 09:11 - 00262144 _____ () C:\Windows\system32\config\BCD-Template

Some content of TEMP:
====================
C:\Users\Ricardo\AppData\Local\Temp\avgnt.exe
C:\Users\Ricardo\AppData\Local\Temp\Quarantine.exe
C:\Users\Ricardo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-03 18:12

==================== End Of Log ============================

p.s. You attached the Additonal.txt file not the FRST.txt.

Attached Files


Edited by nasdaq, 06 April 2015 - 06:59 AM.
FRST log posted.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:35 AM

Posted 06 April 2015 - 07:15 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKLM-x32\...\Winlogon: [Userinit] [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR Extension: (Avira Browser Safety) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#5 coloric

coloric
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 06 April 2015 - 07:59 PM

Hi nasdaq!

 

I followed your instructions, but the ads still appearing on Steam...
The log is attached. Thanks for attention.

Attached Files



#6 coloric

coloric
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 06 April 2015 - 08:11 PM

Hi nasdaq!

 

After following your instructions and restart the pc the ads on Steam still appearing, but after using the pc for about 10 minutes, the ads are gone!
If they return I'll let you know.
Thank you for support!


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:35 AM

Posted 11 April 2015 - 08:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users