Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast URL Mal Infection: svchost.exe (yep, another one!)


  • This topic is locked This topic is locked
65 replies to this topic

#1 SaintVitus

SaintVitus

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario - Canada
  • Local time:10:53 AM

Posted 05 June 2015 - 10:56 AM

hello to the forum!

 

Last week im having this:

 

URL: http//opticguardzip.net/4242/SegmentSystem_142667267704284.dll  (names can change sometimes)

Infection: URL: Mal

Process: C:\\Windows\System32\svchost.exe

 

I've read other user post and he started pasting farbar log,  so I'm doing  the same.

 

Jope to find some fix!

 

THANK YOU

 

Farbar Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Martín (administrator) on HELLMACHINE on 05-06-2015 11:54:27
Running from C:\Users\Martín\Desktop
Loaded Profiles: Martín (Available Profiles: Martín)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSWinService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 5\FMCore.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Telegram Messenger LLP) C:\Users\Martín\AppData\Roaming\Telegram Desktop\Telegram.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(http://www.emule-project.net) D:\Downloads\Emule\eMule.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-22] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-25] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-05-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-29] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1270064 2014-12-11] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-14] (SUPERAntiSpyware)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [FMCore.exe] => C:\Program Files (x86)\Extensis\Suitcase Fusion 5\FMCore.exe [10570752 2014-08-07] (Celartem, Inc., doing business as Extensis.)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [Dropbox Update] => C:\Users\Martín\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-20] (Dropbox, Inc.)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: G - "G:\OriginInstaller.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: H - "H:\autorun.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: J - "J:\Hasbro.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: {96f2f0d9-f1ec-11e4-82b1-40e2307b6c3c} - "K:\Startme.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: {ab6a18c2-d6da-11e4-8288-40e2307b6c3c} - "K:\Startme.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: {f5b751c9-bd5c-11e4-8270-40e2307b6c3c} - "H:\setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2015-02-19]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Martín\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2015-04-07]
ShortcutTarget: Telegram.lnk -> C:\Users\Martín\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-03] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-357828312-3288118444-495839077-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-357828312-3288118444-495839077-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-29] (Avast Software s.r.o.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-29] (Avast Software s.r.o.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-24] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-357828312-3288118444-495839077-1001: @client.dropbox.com/Dropbox Update;version=3 -> C:\Users\Martín\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-20] (Dropbox, Inc.)
FF Plugin HKU\S-1-5-21-357828312-3288118444-495839077-1001: @client.dropbox.com/Dropbox Update;version=9 -> C:\Users\Martín\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-20] (Dropbox, Inc.)
FF Plugin HKU\S-1-5-21-357828312-3288118444-495839077-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-04-21] (Sony Network Entertainment International LLC)
FF Extension: FireShot - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-06-04]
FF Extension: feedly - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\feedly@devhd.xpi [2015-06-01]
FF Extension: Gmail Notifier (restartless) - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2015-06-01]
FF Extension: storeTab - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\nicktco@gmail.com.xpi [2015-06-01]
FF Extension: Tile Tabs - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\tiletabs@DW-dev.xpi [2015-06-01]
FF Extension: Undo Closed Tabs Button - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2015-06-01]
FF Extension: Adblock Plus - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-05]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-02-15] (Adobe Systems Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSWinService.exe [71168 2015-02-12] (ASUS Cloud Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-03] (Avast Software s.r.o.)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671512 2014-12-22] (Wacom Technology, Corp.)

Attached Files

  • Attached File  FRST.txt   64.52KB   2 downloads


BC AdBot (Login to Remove)

 


#2 SaintVitus

SaintVitus
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario - Canada
  • Local time:10:53 AM

Posted 05 June 2015 - 10:59 AM

continues here...

 

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-03] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-03] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-03] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-03] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-03] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-03] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-12] (Microsoft Corporation)
R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-02-26] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-27] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-06-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3759320 2014-12-01] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-05] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
U3 aswMBR; \??\C:\Users\MARTN~1\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 11:43 - 2015-06-05 11:43 - 00002035 _____ C:\Users\Martín\Desktop\aswMBR.txt
2015-06-05 11:43 - 2015-06-05 11:43 - 00000512 _____ C:\Users\Martín\Desktop\MBR.dat
2015-06-05 11:32 - 2015-06-05 11:32 - 00468480 _____ () C:\Users\Martín\Desktop\CKScanner.exe
2015-06-05 11:24 - 2015-06-05 11:24 - 05200384 _____ (AVAST Software) C:\Users\Martín\Desktop\aswmbr.exe
2015-06-05 11:17 - 2015-06-05 11:22 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-05 11:17 - 2015-06-05 11:17 - 17637624 _____ C:\Users\Martín\Desktop\RogueKiller.exe
2015-06-05 11:17 - 2015-06-05 11:17 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-05 11:10 - 2015-06-05 11:54 - 00030800 _____ C:\Users\Martín\Desktop\FRST.txt
2015-06-05 11:10 - 2015-06-05 11:54 - 00000000 ____D C:\FRST
2015-06-05 11:10 - 2015-06-05 11:11 - 00054758 _____ C:\Users\Martín\Desktop\Addition.txt
2015-06-05 11:08 - 2015-06-05 11:08 - 02108928 _____ (Farbar) C:\Users\Martín\Desktop\FRST64.exe
2015-06-04 16:34 - 2015-06-04 16:38 - 101360830 _____ C:\Users\Martín\Desktop\Pinkish Black - Razed To The Ground (2013).rar
2015-06-03 21:35 - 2015-06-04 23:08 - 00294756 _____ C:\Windows\WindowsUpdate.log
2015-06-03 21:07 - 2015-06-03 21:07 - 05062464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-03 21:07 - 2015-06-03 21:07 - 00000348 _____ C:\Windows\setupact.log
2015-06-03 21:07 - 2015-06-03 21:07 - 00000000 _____ C:\Windows\setuperr.log
2015-06-03 21:06 - 2015-06-03 21:06 - 00000438 _____ C:\Windows\PFRO.log
2015-06-03 00:16 - 2015-06-03 00:16 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-02 19:33 - 2015-06-02 19:33 - 00000236 _____ C:\Users\Martín\Desktop\UrlMal.URL
2015-06-02 10:53 - 2015-06-02 10:53 - 02870984 _____ (ESET) C:\Users\Martín\Desktop\esetsmartinstaller_esn.exe
2015-06-02 09:48 - 2015-06-02 09:48 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-02 09:47 - 2015-06-02 09:47 - 02870984 _____ (ESET) C:\Users\Martín\Downloads\esetsmartinstaller_esn.exe
2015-06-02 09:38 - 2015-06-02 09:38 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Martín\Downloads\tdsskiller.exe
2015-06-01 21:47 - 2015-06-01 21:47 - 00000000 ____D C:\Users\Martín\Desktop\Old Firefox Data
2015-06-01 21:22 - 2015-06-03 21:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-01 21:09 - 2015-06-01 21:11 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-06-01 21:09 - 2015-06-01 21:09 - 00001098 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-06-01 21:09 - 2015-06-01 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-06-01 21:09 - 2015-06-01 21:09 - 00000000 ____D C:\ProgramData\Licenses
2015-06-01 21:09 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2015-06-01 21:09 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-06-01 20:52 - 2015-06-01 20:52 - 00000000 ____D C:\RegBackup
2015-06-01 20:42 - 2015-06-01 20:42 - 00000236 _____ C:\Users\Martín\Desktop\Inside L.A. Metal - Movie Documentary Facebook.URL
2015-06-01 19:39 - 2015-06-01 19:39 - 00000000 ____D C:\Users\Martín\AppData\Local\Sony
2015-06-01 19:39 - 2015-06-01 19:39 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-06-01 19:38 - 2015-06-01 19:39 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Sony
2015-06-01 19:38 - 2015-06-01 19:39 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2015-06-01 18:49 - 2015-06-01 18:49 - 00000000 ____D C:\Users\Martín\AppData\Local\GWX
2015-06-01 18:47 - 2015-05-27 23:52 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-01 18:45 - 2015-05-28 03:04 - 42719888 _____ C:\Windows\system32\nvcompiler.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 15864064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-01 18:45 - 2015-05-28 03:04 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00407112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00117576 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00039056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-06-01 18:03 - 2015-06-01 18:47 - 00000000 ____D C:\Windows\LastGood.Tmp
2015-06-01 18:03 - 2015-06-01 18:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-01 18:03 - 2015-04-03 09:21 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-01 18:03 - 2015-04-03 09:21 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-05-31 16:36 - 2015-06-01 20:51 - 00000000 ____D C:\AdwCleaner
2015-05-31 15:47 - 2015-05-31 15:47 - 00000847 _____ C:\Users\Martín\Desktop\Wolfenstein The Old Blood.lnk
2015-05-31 15:47 - 2015-05-31 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein The Old Blood
2015-05-30 19:39 - 2015-05-30 19:39 - 00000000 ____D C:\Users\Martín\Documents\EA Games
2015-05-30 19:37 - 2015-05-30 19:37 - 00000000 ____D C:\Users\Martín\AppData\Local\EA Games
2015-05-30 14:05 - 2015-05-30 14:05 - 00000000 ____D C:\Windows\ERUNT
2015-05-30 13:39 - 2015-06-03 21:07 - 00029441 _____ C:\Users\Martín\AppData\Local\BTServer.log
2015-05-30 13:39 - 2015-06-03 21:06 - 00000010 _____ C:\Users\Martín\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
2015-05-30 13:39 - 2015-06-03 21:06 - 00000010 _____ C:\ProgramData\.F4G6EEC4-B493-3E31-C6BG-8C6C9B764D36
2015-05-30 13:39 - 2015-05-30 13:39 - 00000014 _____ C:\ProgramData\.ST160
2015-05-30 13:38 - 2015-05-30 13:18 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-05-29 14:04 - 2015-05-29 14:04 - 00000226 _____ C:\Users\Martín\Desktop\▶ soy putero - YouTube.URL
2015-05-27 12:10 - 2015-06-01 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-27 12:10 - 2015-06-01 19:39 - 00000000 ____D C:\Program Files (x86)\Sony
2015-05-27 12:10 - 2015-05-27 12:10 - 00000000 ____D C:\ProgramData\Sony
2015-05-24 17:05 - 2015-05-24 17:05 - 00000000 ____D C:\Users\Martín\Tracing
2015-05-24 17:01 - 2015-06-03 18:00 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Skype
2015-05-24 17:01 - 2015-05-24 17:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-24 17:01 - 2015-05-24 17:01 - 00000000 ____D C:\Users\Martín\AppData\Local\Skype
2015-05-24 17:01 - 2015-05-24 17:01 - 00000000 ____D C:\ProgramData\Skype
2015-05-24 17:01 - 2015-05-24 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-23 19:27 - 2015-05-23 19:27 - 00000000 ____D C:\Users\Martín\Desktop\NV-Inspector-[Guru3D.com]
2015-05-23 19:20 - 2015-05-23 19:20 - 00228175 _____ C:\Users\Martín\Desktop\NV-Inspector-[Guru3D.com].rar
2015-05-23 10:08 - 2015-05-23 10:08 - 00000217 _____ C:\Users\Martín\Desktop\Registration - Habbo.URL
2015-05-23 10:08 - 2015-05-23 10:08 - 00000205 _____ C:\Users\Martín\Desktop\Tagged.URL
2015-05-21 20:14 - 2015-05-21 20:14 - 00000469 _____ C:\Users\Public\Desktop\Outlast Whistleblower.lnk
2015-05-21 20:14 - 2015-05-21 20:14 - 00000469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast Whistleblower.lnk
2015-05-20 15:10 - 2015-06-05 11:15 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001UA.job
2015-05-20 15:10 - 2015-06-04 15:15 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001Core.job
2015-05-20 15:10 - 2015-05-20 15:10 - 00003894 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001UA
2015-05-20 15:10 - 2015-05-20 15:10 - 00003514 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001Core
2015-05-20 15:10 - 2015-05-20 15:10 - 00000000 ____D C:\Users\Martín\AppData\Local\Dropbox
2015-05-20 15:10 - 2015-05-20 15:10 - 00000000 ____D C:\ProgramData\Dropbox
2015-05-18 20:38 - 2015-05-18 21:08 - 164050808 _____ C:\Users\Martín\Desktop\Wolfenstein.The.Old.Blood.Update.1-CODEX.rar
2015-05-18 16:50 - 2015-05-18 16:50 - 00000132 _____ C:\Users\Martín\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2015-05-18 16:16 - 2015-05-13 02:52 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-18 16:16 - 2015-05-13 02:52 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-18 16:16 - 2015-05-12 02:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-18 16:16 - 2015-05-12 02:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-17 20:26 - 2015-05-17 20:26 - 00000209 _____ C:\Users\Martín\Desktop\Rustlers - Hot, Satisfying & Prepared in Seconds.URL
2015-05-16 14:11 - 2015-05-16 14:11 - 00000217 _____ C:\Users\Martín\Desktop\Paul Nycz (@paulnycz_cc) • Instagram photos and videos.URL
2015-05-13 09:53 - 2015-05-13 09:53 - 00000454 _____ C:\Users\Martín\Desktop\ASOS ASOS Extreme Super Skinny Jeans In Black at ASOS.URL
2015-05-13 03:42 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:42 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:53 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 22:53 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-12 22:53 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-12 22:53 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-12 22:53 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-12 22:53 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 22:53 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-12 22:53 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-12 22:52 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 22:52 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 22:52 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 22:52 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 22:52 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 22:52 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 22:52 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 22:52 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 22:52 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 22:52 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 22:52 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 22:52 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 22:52 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 22:52 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 22:52 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 22:52 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 22:52 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 22:52 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 22:52 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 22:52 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 22:52 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 22:52 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 22:52 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 22:52 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 22:52 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 22:52 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 22:52 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 22:52 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 22:52 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 22:52 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 22:52 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 22:52 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 22:52 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 22:52 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 22:52 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 22:52 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 22:52 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 22:52 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 22:52 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 22:52 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 22:52 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 22:52 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 22:52 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 22:52 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 22:52 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 22:52 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 22:52 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-12 22:52 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 22:52 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-12 22:52 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-12 22:52 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-12 22:52 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-12 22:52 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 22:52 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 22:52 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 22:52 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 22:52 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-12 22:52 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-12 22:52 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-12 22:52 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-12 22:52 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-12 22:52 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-12 22:52 - 2015-03-12 20:29 - 00410017 _____ C:\Windows\system32\ApnDatabase.xml
2015-05-12 22:52 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 22:52 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 22:52 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 22:52 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-12 22:52 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 22:52 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-12 22:52 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 22:52 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-12 18:20 - 2015-05-12 18:26 - 00000000 ____D C:\Users\Martín\AppData\Roaming\com.adobe.AdobeMuseCC.2014.3
2015-05-12 18:20 - 2015-05-12 18:20 - 00001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2014.lnk
2015-05-12 15:50 - 2015-05-12 15:50 - 00000216 _____ C:\Users\Martín\Desktop\Whim Hamburguesas.URL
2015-05-12 15:28 - 2015-05-12 15:28 - 00000000 ____D C:\Users\Public\Documents\sun
2015-05-12 14:37 - 2015-05-12 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2015-05-12 14:36 - 2015-05-12 14:37 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-05-12 11:57 - 2015-05-12 11:57 - 00000827 _____ C:\Users\Martín\Desktop\IDEAS - Shortcut.lnk
2015-05-12 10:17 - 2015-05-12 10:17 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-05-11 19:08 - 2015-05-11 19:08 - 00000000 __SHD C:\ProgramData\System Restore
2015-05-11 10:32 - 2015-05-11 10:32 - 00001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-05-11 10:32 - 2015-05-11 10:32 - 00000000 ____D C:\Windows\en
2015-05-11 10:29 - 2015-05-21 21:22 - 00000000 ____D C:\Users\Martín\AppData\Local\Windows Live
2015-05-10 16:19 - 2015-05-10 16:19 - 00000222 _____ C:\Users\Martín\Desktop\Moolight Gates.URL
2015-05-09 09:57 - 2015-05-31 16:43 - 00000000 ____D C:\Users\Martín\Desktop\malware utilities
2015-05-08 21:08 - 2015-05-09 11:37 - 00000000 ____D C:\Users\Martín\.VirtualBox
2015-05-08 21:08 - 2015-05-09 10:45 - 00000000 ____D C:\Users\Martín\VirtualBox VMs
2015-05-08 21:07 - 2015-05-08 21:07 - 00001099 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-05-08 21:07 - 2015-05-08 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-05-08 21:07 - 2015-05-08 21:07 - 00000000 ____D C:\Program Files\Oracle
2015-05-08 21:07 - 2015-03-16 17:36 - 00922704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-05-08 21:07 - 2015-03-16 17:35 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-05-08 20:32 - 2015-05-08 20:32 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2015-05-08 20:31 - 2015-05-08 20:46 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2015-05-08 20:24 - 2015-05-08 21:36 - 00000000 ____D C:\Users\Martín\AppData\Roaming\VMware
2015-05-08 20:24 - 2015-05-08 21:04 - 00000000 ____D C:\Users\Martín\AppData\Local\VMware
2015-05-08 20:21 - 2015-05-08 21:38 - 00000000 ____D C:\ProgramData\VMware
2015-05-08 18:59 - 2015-05-08 18:59 - 00000000 ____D C:\ProgramData\Emsisoft
2015-05-08 18:30 - 2015-06-04 22:55 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357828312-3288118444-495839077-1001
2015-05-08 18:30 - 2015-05-10 16:31 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-05-08 18:20 - 2015-05-08 18:20 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HELLMACHINE-Windows-8.1-(64-bit).dat
2015-05-08 18:16 - 2015-05-29 10:20 - 00001730 _____ C:\Windows\system32\.crusader
2015-05-08 18:09 - 2015-05-08 18:16 - 00000000 ____D C:\ProgramData\HitmanPro
2015-05-08 16:11 - 2015-05-08 16:11 - 00000000 ____D C:\SUPERDelete
2015-05-07 20:44 - 2015-05-07 20:44 - 14080064 _____ (Pixologic) C:\Users\Martín\Desktop\Sculptris_Installer_WIN.exe


Continues here:

 

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 11:48 - 2015-02-03 15:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-05 11:10 - 2015-02-05 18:14 - 00000000 ____D C:\Users\Martín\AppData\Roaming\uTorrent
2015-06-05 11:10 - 2015-02-03 16:12 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-05 11:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-05 10:38 - 2015-02-03 15:27 - 00000000 ____D C:\Users\Martín\AppData\Roaming\foobar2000
2015-06-05 10:18 - 2015-02-03 15:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 02:00 - 2015-02-03 15:50 - 00000000 ____D C:\Users\Martín\AppData\Local\Adobe
2015-06-04 22:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-04 15:06 - 2015-02-03 15:26 - 00000000 ____D C:\Users\Martín\AppData\Roaming\ClassicShell
2015-06-04 10:55 - 2015-03-31 16:00 - 00000000 ____D C:\Users\Martín\Desktop\Tees I WANT
2015-06-03 21:07 - 2015-02-03 13:23 - 00000000 ___DO C:\Users\Martín\OneDrive
2015-06-03 21:07 - 2014-12-05 02:50 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-03 21:07 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-03 21:06 - 2015-03-16 17:41 - 00000000 ____D C:\Windows\Minidump
2015-06-03 21:06 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-03 21:04 - 2015-02-03 15:53 - 00000000 ____D C:\Program Files\CCleaner
2015-06-03 00:16 - 2015-02-05 20:46 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Dropbox
2015-06-02 19:24 - 2015-04-21 14:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 19:24 - 2015-02-03 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-02 10:52 - 2015-02-05 14:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-01 21:21 - 2015-02-03 15:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-01 21:12 - 2014-05-22 05:34 - 00000000 ____D C:\ProgramData\Temp
2015-06-01 20:44 - 2015-02-05 19:04 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-01 20:43 - 2015-02-03 16:33 - 00000000 ____D C:\Users\Martín\AppData\Roaming\awsRun
2015-06-01 19:39 - 2015-02-03 13:18 - 00000000 ____D C:\Users\Martín
2015-06-01 18:48 - 2014-12-05 02:50 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-05-28 19:23 - 2015-02-05 20:49 - 00000000 ___RD C:\Users\Martín\Dropbox
2015-05-28 03:04 - 2015-03-17 19:03 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-28 03:04 - 2015-02-11 11:48 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-28 03:04 - 2015-02-03 20:22 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 12852152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 03379680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 00112968 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-05-28 00:15 - 2014-12-05 02:50 - 06872904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-28 00:15 - 2014-12-05 02:50 - 03491984 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-28 00:15 - 2014-12-05 02:50 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-28 00:15 - 2014-12-05 02:50 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-28 00:15 - 2014-12-05 02:50 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-28 00:15 - 2014-12-05 02:50 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-27 12:10 - 2014-05-22 05:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-27 06:48 - 2014-12-05 02:50 - 04408727 _____ C:\Windows\system32\nvcoproc.bin
2015-05-24 14:34 - 2015-02-03 15:51 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-24 14:23 - 2015-04-23 18:37 - 00000000 ____D C:\Program Files (x86)\Metro 2033 Redux
2015-05-23 13:35 - 2014-05-22 05:47 - 00000000 ____D C:\Windows\de
2015-05-22 21:47 - 2015-02-03 13:43 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-22 21:47 - 2015-02-03 13:43 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-22 21:47 - 2014-12-05 02:51 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-22 21:47 - 2014-12-05 02:51 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-22 19:17 - 2014-05-22 05:05 - 01833224 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-22 19:17 - 2014-03-12 21:08 - 00812874 _____ C:\Windows\system32\perfh00A.dat
2015-05-22 19:17 - 2014-03-12 21:08 - 00170568 _____ C:\Windows\system32\perfc00A.dat
2015-05-21 20:19 - 2015-03-12 19:20 - 00000000 ____D C:\Users\Martín\Documents\My Games
2015-05-20 02:54 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-05-20 02:52 - 2015-04-04 17:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 02:52 - 2015-04-04 17:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-19 20:30 - 2015-02-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-19 20:30 - 2015-02-03 15:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-19 13:48 - 2015-02-03 13:19 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Adobe
2015-05-15 13:44 - 2015-02-03 13:23 - 00000000 ____D C:\Users\Martín\AppData\Roaming\WebStorage
2015-05-14 18:10 - 2014-05-22 05:26 - 00000000 ____D C:\ProgramData\Adobe
2015-05-14 17:58 - 2015-02-05 17:39 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-05-14 17:58 - 2015-02-05 17:39 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-05-14 17:58 - 2015-02-05 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-05-14 05:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-05-13 15:18 - 2015-02-16 11:30 - 00000000 ____D C:\Users\Martín\AppData\Roaming\ASUS WebStorage
2015-05-13 10:02 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-13 10:02 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 03:40 - 2015-02-05 20:16 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 03:36 - 2015-02-05 20:16 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:28 - 2013-08-22 15:11 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 02:52 - 2014-12-05 02:50 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-05-12 18:20 - 2015-02-05 17:27 - 00000000 ____D C:\Program Files\Adobe
2015-05-11 10:32 - 2014-05-22 05:47 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-05-11 10:32 - 2014-05-22 05:46 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-05-09 09:57 - 2015-02-03 16:17 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-08 20:32 - 2014-12-05 02:49 - 01850030 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-08 18:03 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-05-08 16:48 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-05-08 16:02 - 2014-03-12 20:59 - 00000000 ____D C:\Windows\en-GB
2015-05-08 15:57 - 2013-08-22 09:25 - 00000226 _____ C:\Windows\win.ini
2015-05-08 15:55 - 2015-02-03 14:03 - 00001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-08 15:55 - 2015-02-03 13:19 - 00001461 _____ C:\Users\Martín\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-06 16:34 - 2015-04-07 18:03 - 00000000 ____D C:\Program Files (x86)\Activision

==================== Files in the root of some directories =======

2015-04-19 17:58 - 2015-04-19 17:58 - 0000016 ____H () C:\Program Files (x86)\Common Files\dw1-astg
2015-04-19 17:53 - 2015-04-19 17:53 - 0000016 ____H () C:\Program Files (x86)\Common Files\pcs2-astg
2015-04-19 17:56 - 2015-04-19 17:56 - 0000016 ____H () C:\Program Files (x86)\Common Files\vs1-astg
2015-04-19 17:59 - 2015-04-19 17:59 - 0000016 ____H () C:\Program Files (x86)\Common Files\ws1-astg
2015-05-18 16:50 - 2015-05-18 16:50 - 0000132 _____ () C:\Users\Martín\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2015-05-30 13:39 - 2015-06-03 21:06 - 0000010 _____ () C:\Users\Martín\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
2015-05-30 13:39 - 2015-06-03 21:07 - 0029441 _____ () C:\Users\Martín\AppData\Local\BTServer.log
2015-05-30 13:39 - 2015-06-03 21:06 - 0000010 _____ () C:\ProgramData\.F4G6EEC4-B493-3E31-C6BG-8C6C9B764D36
2015-05-30 13:39 - 2015-05-30 13:39 - 0000014 _____ () C:\ProgramData\.ST160
2014-05-22 05:24 - 2014-05-22 05:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Martín\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Martín\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 03:11

==================== End of log ============================

 

 

Thanks in advance! :)



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 AM

Posted 10 June 2015 - 11:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/578493 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 12 June 2015 - 10:37 AM

Greetings SaintVitus and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have eMule and uTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again. There are also a couple of open ports assigned to eMule which allows access to your computer.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall eMule and uTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition, it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: G - "G:\OriginInstaller.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: H - "H:\autorun.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: J - "J:\Hasbro.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: {96f2f0d9-f1ec-11e4-82b1-40e2307b6c3c} - "K:\Startme.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: {ab6a18c2-d6da-11e4-8288-40e2307b6c3c} - "K:\Startme.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: {f5b751c9-bd5c-11e4-8270-40e2307b6c3c} - "H:\setup.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
U3 aswMBR; \??\C:\Users\MARTN~1\AppData\Local\Temp\aswMBR.sys [X]
2015-05-08 20:32 - 2015-05-08 20:32 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2015-04-19 17:58 - 2015-04-19 17:58 - 0000016 ____H () C:\Program Files (x86)\Common Files\dw1-astg
2015-04-19 17:53 - 2015-04-19 17:53 - 0000016 ____H () C:\Program Files (x86)\Common Files\pcs2-astg
2015-04-19 17:56 - 2015-04-19 17:56 - 0000016 ____H () C:\Program Files (x86)\Common Files\vs1-astg
2015-04-19 17:59 - 2015-04-19 17:59 - 0000016 ____H () C:\Program Files (x86)\Common Files\ws1-astg
2015-05-30 13:39 - 2015-06-03 21:06 - 0000010 _____ () C:\Users\Martín\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
2015-05-30 13:39 - 2015-06-03 21:07 - 0029441 _____ () C:\Users\Martín\AppData\Local\BTServer.log
2015-05-30 13:39 - 2015-06-03 21:06 - 0000010 _____ () C:\ProgramData\.F4G6EEC4-B493-3E31-C6BG-8C6C9B764D36
2015-05-30 13:39 - 2015-05-30 13:39 - 0000014 _____ () C:\ProgramData\.ST160
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Rerun a FRST scan making sure to place a check mark in Addition.txt
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST logs (2)
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 SaintVitus

SaintVitus
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario - Canada
  • Local time:10:53 AM

Posted 12 June 2015 - 11:09 AM

Hello Oh My! and Thank you so much for your help!,

 

This is all the stuff:

 

Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Martín at 2015-06-12 11:54:25 Run:1
Running from C:\Users\Martín\Desktop
Loaded Profiles: Martín (Available Profiles: Martín)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: G - "G:\OriginInstaller.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: H - "H:\autorun.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: J - "J:\Hasbro.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: {96f2f0d9-f1ec-11e4-82b1-40e2307b6c3c} - "K:\Startme.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: {ab6a18c2-d6da-11e4-8288-40e2307b6c3c} - "K:\Startme.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: {f5b751c9-bd5c-11e4-8270-40e2307b6c3c} - "H:\setup.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
U3 aswMBR; \??\C:\Users\MARTN~1\AppData\Local\Temp\aswMBR.sys [X]
2015-05-08 20:32 - 2015-05-08 20:32 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2015-04-19 17:58 - 2015-04-19 17:58 - 0000016 ____H () C:\Program Files (x86)\Common Files\dw1-astg
2015-04-19 17:53 - 2015-04-19 17:53 - 0000016 ____H () C:\Program Files (x86)\Common Files\pcs2-astg
2015-04-19 17:56 - 2015-04-19 17:56 - 0000016 ____H () C:\Program Files (x86)\Common Files\vs1-astg
2015-04-19 17:59 - 2015-04-19 17:59 - 0000016 ____H () C:\Program Files (x86)\Common Files\ws1-astg
2015-05-30 13:39 - 2015-06-03 21:06 - 0000010 _____ () C:\Users\Martín\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
2015-05-30 13:39 - 2015-06-03 21:07 - 0029441 _____ () C:\Users\Martín\AppData\Local\BTServer.log
2015-05-30 13:39 - 2015-06-03 21:06 - 0000010 _____ () C:\ProgramData\.F4G6EEC4-B493-3E31-C6BG-8C6C9B764D36
2015-05-30 13:39 - 2015-05-30 13:39 - 0000014 _____ () C:\ProgramData\.ST160
*****************

"HKU\S-1-5-21-357828312-3288118444-495839077-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-357828312-3288118444-495839077-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key removed successfully
"HKU\S-1-5-21-357828312-3288118444-495839077-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J" => key removed successfully
"HKU\S-1-5-21-357828312-3288118444-495839077-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96f2f0d9-f1ec-11e4-82b1-40e2307b6c3c}" => key removed successfully
HKCR\CLSID\{96f2f0d9-f1ec-11e4-82b1-40e2307b6c3c} => key not found.
"HKU\S-1-5-21-357828312-3288118444-495839077-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab6a18c2-d6da-11e4-8288-40e2307b6c3c}" => key removed successfully
HKCR\CLSID\{ab6a18c2-d6da-11e4-8288-40e2307b6c3c} => key not found.
"HKU\S-1-5-21-357828312-3288118444-495839077-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5b751c9-bd5c-11e4-8270-40e2307b6c3c}" => key removed successfully
HKCR\CLSID\{f5b751c9-bd5c-11e4-8270-40e2307b6c3c} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
vmci => Service removed successfully
VMnetAdapter => Service removed successfully
aswMBR => Service not found.
C:\Windows\SysWOW64\%TMP% => moved successfully.
C:\Program Files (x86)\Common Files\dw1-astg => moved successfully.
C:\Program Files (x86)\Common Files\pcs2-astg => moved successfully.
C:\Program Files (x86)\Common Files\vs1-astg => moved successfully.
C:\Program Files (x86)\Common Files\ws1-astg => moved successfully.
C:\Users\Martín\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56 => moved successfully.
C:\Users\Martín\AppData\Local\BTServer.log => moved successfully.
C:\ProgramData\.F4G6EEC4-B493-3E31-C6BG-8C6C9B764D36 => moved successfully.
C:\ProgramData\.ST160 => moved successfully.



#6 SaintVitus

SaintVitus
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario - Canada
  • Local time:10:53 AM

Posted 12 June 2015 - 11:16 AM

FRST.txt  Part1:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Martín (administrator) on HELLMACHINE on 12-06-2015 12:06:48
Running from C:\Users\Martín\Desktop
Loaded Profiles: Martín (Available Profiles: Martín)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSWinService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 5\FMCore.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Telegram Messenger LLP) C:\Users\Martín\AppData\Roaming\Telegram Desktop\Telegram.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-22] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-25] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-05-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-29] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1270064 2014-12-11] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-14] (SUPERAntiSpyware)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [FMCore.exe] => C:\Program Files (x86)\Extensis\Suitcase Fusion 5\FMCore.exe [10570752 2014-08-07] (Celartem, Inc., doing business as Extensis.)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [Dropbox Update] => C:\Users\Martín\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-20] (Dropbox, Inc.)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2015-02-19]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Martín\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2015-04-07]
ShortcutTarget: Telegram.lnk -> C:\Users\Martín\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-03] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-357828312-3288118444-495839077-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-357828312-3288118444-495839077-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-29] (Avast Software s.r.o.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-29] (Avast Software s.r.o.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-24] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-24] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-357828312-3288118444-495839077-1001: @client.dropbox.com/Dropbox Update;version=3 -> C:\Users\Martín\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-20] (Dropbox, Inc.)
FF Plugin HKU\S-1-5-21-357828312-3288118444-495839077-1001: @client.dropbox.com/Dropbox Update;version=9 -> C:\Users\Martín\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-20] (Dropbox, Inc.)
FF Plugin HKU\S-1-5-21-357828312-3288118444-495839077-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-04-21] (Sony Network Entertainment International LLC)
FF Extension: FireShot - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-06-12]
FF Extension: feedly - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\feedly@devhd.xpi [2015-06-01]
FF Extension: Gmail Notifier (restartless) - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2015-06-01]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2015-06-12]
FF Extension: storeTab - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\nicktco@gmail.com.xpi [2015-06-01]
FF Extension: Tile Tabs - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\tiletabs@DW-dev.xpi [2015-06-01]
FF Extension: Undo Closed Tabs Button - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2015-06-01]
FF Extension: Adblock Plus - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-05]
 


FRST.txt  Part2:

 

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-02-15] (Adobe Systems Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSWinService.exe [71168 2015-02-12] (ASUS Cloud Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-03] (Avast Software s.r.o.)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671512 2014-12-22] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-03] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-03] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-03] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-03] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-03] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-03] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-12] (Microsoft Corporation)
R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-02-26] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-27] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-06-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3759320 2014-12-01] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-05] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-12 12:06 - 2015-06-12 12:06 - 00029535 _____ C:\Users\Martín\Desktop\FRST.txt
2015-06-12 12:01 - 2015-06-12 12:02 - 00000000 ____D C:\Users\Martín\Desktop\New folder (2)
2015-06-12 11:56 - 2015-06-12 11:57 - 01243526 _____ C:\Users\Martín\Desktop\Summary.nfo
2015-06-10 18:16 - 2015-06-10 18:16 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-09 19:59 - 2015-06-12 04:41 - 00197911 _____ C:\Windows\WindowsUpdate.log
2015-06-09 19:28 - 2015-06-09 19:28 - 05062464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-09 19:28 - 2015-06-09 19:28 - 00000348 _____ C:\Windows\setupact.log
2015-06-09 19:28 - 2015-06-09 19:28 - 00000000 _____ C:\Windows\setuperr.log
2015-06-09 14:24 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 14:24 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 14:24 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 14:24 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 14:24 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 14:24 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 14:24 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 14:24 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 14:24 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 14:24 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 14:24 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 14:24 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 14:24 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 14:24 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 14:24 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 14:24 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 14:24 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 14:24 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 14:24 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 14:24 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 14:24 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 14:24 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 14:24 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 14:24 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 14:24 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 14:24 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 14:24 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 14:24 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 14:24 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 14:24 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 14:24 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 14:24 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 14:24 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 14:24 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 14:24 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 14:24 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 14:24 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 14:24 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 14:24 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 14:24 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 14:24 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 14:24 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 14:24 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-09 14:24 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-09 14:24 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-09 14:24 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-09 14:24 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-09 14:24 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-09 14:24 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-09 14:24 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 14:24 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 14:24 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-09 14:24 - 2015-04-16 02:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-09 14:24 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-09 14:24 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-09 14:24 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-09 14:24 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-09 14:24 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-09 14:24 - 2015-04-08 18:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-09 14:24 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-09 14:24 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-09 14:24 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-09 14:24 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-09 14:24 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-09 14:24 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-09 14:24 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-09 14:24 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-09 14:24 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-09 14:24 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-09 14:24 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 14:24 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-09 14:24 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-09 14:24 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-09 14:24 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-09 14:24 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-09 14:24 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-09 14:24 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-09 14:24 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-09 14:24 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-09 14:24 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-09 14:23 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 12:03 - 2006-05-05 19:53 - 00055543 _____ C:\Users\Martín\Desktop\Dark Tales Of Japan 2005.srt
2015-06-08 12:37 - 2015-06-08 12:53 - 00000000 ____D C:\Users\Martín\Desktop\New folder
2015-06-07 16:39 - 2015-06-07 16:39 - 00000853 _____ C:\Users\Public\Desktop\Hatred.lnk
2015-06-07 16:39 - 2015-06-07 16:39 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hatred.lnk
2015-06-05 13:50 - 2015-06-05 13:50 - 00000296 _____ C:\Users\Martín\Desktop\Avast URL Mal Infection svchost.exe (yep, another one!) - Virus, Trojan, Spyware, and Malware Removal Logs.URL
2015-06-05 11:43 - 2015-06-05 11:43 - 00002035 _____ C:\Users\Martín\Desktop\aswMBR.txt
2015-06-05 11:17 - 2015-06-05 11:22 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-05 11:17 - 2015-06-05 11:17 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-05 11:10 - 2015-06-12 12:06 - 00000000 ____D C:\FRST
2015-06-05 11:10 - 2015-06-05 11:11 - 00054758 _____ C:\Users\Martín\Desktop\Addition.txt
2015-06-05 11:08 - 2015-06-05 11:08 - 02108928 _____ (Farbar) C:\Users\Martín\Desktop\FRST64.exe
2015-06-02 09:48 - 2015-06-02 09:48 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-02 09:47 - 2015-06-02 09:47 - 02870984 _____ (ESET) C:\Users\Martín\Downloads\esetsmartinstaller_esn.exe
2015-06-02 09:38 - 2015-06-02 09:38 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Martín\Downloads\tdsskiller.exe
2015-06-01 21:47 - 2015-06-01 21:47 - 00000000 ____D C:\Users\Martín\Desktop\Old Firefox Data
2015-06-01 21:22 - 2015-06-03 21:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-01 21:09 - 2015-06-06 21:40 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-06-01 21:09 - 2015-06-01 21:09 - 00001098 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-06-01 21:09 - 2015-06-01 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-06-01 21:09 - 2015-06-01 21:09 - 00000000 ____D C:\ProgramData\Licenses
2015-06-01 21:09 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2015-06-01 21:09 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-06-01 20:52 - 2015-06-01 20:52 - 00000000 ____D C:\RegBackup
2015-06-01 19:39 - 2015-06-01 19:39 - 00000000 ____D C:\Users\Martín\AppData\Local\Sony
2015-06-01 19:39 - 2015-06-01 19:39 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-06-01 19:38 - 2015-06-01 19:39 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Sony
2015-06-01 19:38 - 2015-06-01 19:39 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2015-06-01 18:49 - 2015-06-01 18:49 - 00000000 ____D C:\Users\Martín\AppData\Local\GWX
2015-06-01 18:47 - 2015-05-27 23:52 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-01 18:45 - 2015-05-28 03:04 - 42719888 _____ C:\Windows\system32\nvcompiler.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 15864064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-01 18:45 - 2015-05-28 03:04 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00407112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00117576 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00039056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-06-01 18:03 - 2015-06-01 18:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-01 18:03 - 2015-04-03 09:21 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-01 18:03 - 2015-04-03 09:21 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-05-31 16:36 - 2015-06-05 16:01 - 00000000 ____D C:\AdwCleaner
2015-05-31 15:47 - 2015-05-31 15:47 - 00000847 _____ C:\Users\Martín\Desktop\Wolfenstein The Old Blood.lnk
2015-05-31 15:47 - 2015-05-31 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein The Old Blood
2015-05-30 19:39 - 2015-05-30 19:39 - 00000000 ____D C:\Users\Martín\Documents\EA Games
2015-05-30 19:37 - 2015-05-30 19:37 - 00000000 ____D C:\Users\Martín\AppData\Local\EA Games
2015-05-30 14:05 - 2015-05-30 14:05 - 00000000 ____D C:\Windows\ERUNT
2015-05-30 13:38 - 2015-05-30 13:18 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-05-27 12:10 - 2015-06-01 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-27 12:10 - 2015-06-01 19:39 - 00000000 ____D C:\Program Files (x86)\Sony
2015-05-27 12:10 - 2015-05-27 12:10 - 00000000 ____D C:\ProgramData\Sony
2015-05-24 17:05 - 2015-05-24 17:05 - 00000000 ____D C:\Users\Martín\Tracing
2015-05-24 17:01 - 2015-06-03 18:00 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Skype
2015-05-24 17:01 - 2015-05-24 17:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-24 17:01 - 2015-05-24 17:01 - 00000000 ____D C:\Users\Martín\AppData\Local\Skype
2015-05-24 17:01 - 2015-05-24 17:01 - 00000000 ____D C:\ProgramData\Skype
2015-05-24 17:01 - 2015-05-24 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-23 19:27 - 2015-05-23 19:27 - 00000000 ____D C:\Users\Martín\Desktop\NV-Inspector-[Guru3D.com]
2015-05-21 20:14 - 2015-05-21 20:14 - 00000469 _____ C:\Users\Public\Desktop\Outlast Whistleblower.lnk
2015-05-21 20:14 - 2015-05-21 20:14 - 00000469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast Whistleblower.lnk
2015-05-20 15:10 - 2015-06-12 11:15 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001UA.job
2015-05-20 15:10 - 2015-06-10 15:15 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001Core.job
2015-05-20 15:10 - 2015-05-20 15:10 - 00003894 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001UA
2015-05-20 15:10 - 2015-05-20 15:10 - 00003514 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001Core
2015-05-20 15:10 - 2015-05-20 15:10 - 00000000 ____D C:\Users\Martín\AppData\Local\Dropbox
2015-05-20 15:10 - 2015-05-20 15:10 - 00000000 ____D C:\ProgramData\Dropbox
2015-05-18 16:50 - 2015-05-18 16:50 - 00000132 _____ C:\Users\Martín\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2015-05-18 16:16 - 2015-05-13 02:52 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-18 16:16 - 2015-05-13 02:52 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-18 16:16 - 2015-05-12 02:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-18 16:16 - 2015-05-12 02:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-13 03:42 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:42 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-12 12:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-12 11:55 - 2015-02-03 15:26 - 00000000 ____D C:\Users\Martín\AppData\Roaming\ClassicShell
2015-06-12 11:51 - 2015-02-03 15:27 - 00000000 ____D C:\Users\Martín\AppData\Roaming\foobar2000
2015-06-12 11:48 - 2015-02-03 15:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-12 11:17 - 2015-02-03 15:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-12 11:14 - 2015-02-05 18:14 - 00000000 ____D C:\Users\Martín\AppData\Roaming\uTorrent
2015-06-12 04:26 - 2015-02-03 16:12 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-12 02:00 - 2015-02-03 15:50 - 00000000 ____D C:\Users\Martín\AppData\Local\Adobe
2015-06-11 16:16 - 2015-02-03 13:23 - 00000000 ___DO C:\Users\Martín\OneDrive
2015-06-11 09:50 - 2015-02-05 20:49 - 00000000 ___RD C:\Users\Martín\Dropbox
2015-06-11 09:50 - 2015-02-05 20:46 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Dropbox
2015-06-10 19:19 - 2015-05-08 18:30 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357828312-3288118444-495839077-1001
2015-06-10 05:51 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-06-09 19:28 - 2014-12-05 02:50 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-09 19:28 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 19:27 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-09 18:56 - 2015-04-14 20:27 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-09 18:56 - 2015-04-14 20:27 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-09 18:56 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-09 18:56 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-09 16:44 - 2015-02-05 20:16 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 16:44 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-09 16:42 - 2015-02-05 20:16 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 14:07 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-08 13:21 - 2014-05-22 05:05 - 01833224 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-08 13:21 - 2014-03-12 21:08 - 00812874 _____ C:\Windows\system32\perfh00A.dat
2015-06-08 13:21 - 2014-03-12 21:08 - 00170568 _____ C:\Windows\system32\perfc00A.dat
2015-06-06 21:41 - 2014-05-22 05:34 - 00000000 ____D C:\ProgramData\Temp
2015-06-04 10:55 - 2015-03-31 16:00 - 00000000 ____D C:\Users\Martín\Desktop\Tees I WANT
2015-06-03 21:06 - 2015-03-16 17:41 - 00000000 ____D C:\Windows\Minidump
2015-06-03 21:04 - 2015-02-03 15:53 - 00000000 ____D C:\Program Files\CCleaner
2015-06-03 12:18 - 2015-02-06 02:11 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 12:18 - 2015-02-06 02:11 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-02 19:24 - 2015-04-21 14:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 19:24 - 2015-02-03 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-02 10:52 - 2015-02-05 14:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-01 21:21 - 2015-02-03 15:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-01 20:44 - 2015-02-05 19:04 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-01 20:43 - 2015-02-03 16:33 - 00000000 ____D C:\Users\Martín\AppData\Roaming\awsRun
2015-06-01 19:39 - 2015-02-03 13:18 - 00000000 ____D C:\Users\Martín
2015-06-01 18:48 - 2014-12-05 02:50 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-05-31 16:43 - 2015-05-09 09:57 - 00000000 ____D C:\Users\Martín\Desktop\malware utilities
2015-05-29 10:20 - 2015-05-08 18:16 - 00001730 _____ C:\Windows\system32\.crusader
2015-05-28 03:04 - 2015-03-17 19:03 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-28 03:04 - 2015-02-11 11:48 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-28 03:04 - 2015-02-03 20:22 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 12852152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 03379680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 00112968 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-05-28 00:15 - 2014-12-05 02:50 - 06872904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-28 00:15 - 2014-12-05 02:50 - 03491984 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-28 00:15 - 2014-12-05 02:50 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-28 00:15 - 2014-12-05 02:50 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-28 00:15 - 2014-12-05 02:50 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-28 00:15 - 2014-12-05 02:50 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-27 12:10 - 2014-05-22 05:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-27 06:48 - 2014-12-05 02:50 - 04408727 _____ C:\Windows\system32\nvcoproc.bin
2015-05-24 14:34 - 2015-02-03 15:51 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-24 14:23 - 2015-04-23 18:37 - 00000000 ____D C:\Program Files (x86)\Metro 2033 Redux
2015-05-23 13:35 - 2014-05-22 05:47 - 00000000 ____D C:\Windows\de
2015-05-22 21:47 - 2015-02-03 13:43 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-22 21:47 - 2015-02-03 13:43 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-22 21:47 - 2014-12-05 02:51 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-22 21:47 - 2014-12-05 02:51 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-21 21:22 - 2015-05-11 10:29 - 00000000 ____D C:\Users\Martín\AppData\Local\Windows Live
2015-05-21 20:19 - 2015-03-12 19:20 - 00000000 ____D C:\Users\Martín\Documents\My Games
2015-05-20 02:52 - 2015-04-04 17:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 02:52 - 2015-04-04 17:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-19 20:30 - 2015-02-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-19 20:30 - 2015-02-03 15:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-19 13:48 - 2015-02-03 13:19 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Adobe
2015-05-15 13:44 - 2015-02-03 13:23 - 00000000 ____D C:\Users\Martín\AppData\Roaming\WebStorage
2015-05-14 18:10 - 2014-05-22 05:26 - 00000000 ____D C:\ProgramData\Adobe
2015-05-14 17:58 - 2015-02-05 17:39 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-05-14 17:58 - 2015-02-05 17:39 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-05-14 17:58 - 2015-02-05 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-05-13 15:18 - 2015-02-16 11:30 - 00000000 ____D C:\Users\Martín\AppData\Roaming\ASUS WebStorage
2015-05-13 10:02 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-13 10:02 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 03:28 - 2013-08-22 15:11 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 02:52 - 2014-12-05 02:50 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

==================== Files in the root of some directories =======

2015-05-18 16:50 - 2015-05-18 16:50 - 0000132 _____ () C:\Users\Martín\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2014-05-22 05:24 - 2014-05-22 05:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Martín\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphttfog.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-12 04:52

==================== End of log ============================

 

 



#7 SaintVitus

SaintVitus
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario - Canada
  • Local time:10:53 AM

Posted 12 June 2015 - 11:17 AM

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Martín at 2015-06-12 12:07:03
Running from C:\Users\Martín\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-357828312-3288118444-495839077-500 - Administrator - Disabled)
Guest (S-1-5-21-357828312-3288118444-495839077-501 - Limited - Disabled)
Martín (S-1-5-21-357828312-3288118444-495839077-1001 - Administrator - Enabled) => C:\Users\Martín

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Activision® (x32 Version: 1.00.0000 - Activision) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Muse CC 2014 (HKLM-x32\...\{F80BB030-D3E3-11E4-B787-F144E7411942}) (Version: 2014.3.2.11 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
ASUS Manager - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.12 - ASUSTeK Computer Inc.)
ASUS Manager - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.10 - ASUSTeK Computer Inc.)
ASUS Manager - Family Safety (HKLM-x32\...\{016AFF97-4E18-4560-B8E5-B684BB124E32}) (Version: 2.00.03 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.08 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.02 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.02.04 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.08.00 - ASUSTeK Computer Inc.)
ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.4.1 - MAGIX AG)
ASUS Music Maker (Version: 18.0.4.1 - MAGIX AG) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5424.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5424.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
calibre 64bit (HKLM\...\{A96A1330-17E9-485A-BC51-341CF4FE2CE3}) (Version: 2.26.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DFX (HKLM-x32\...\DFX) (Version: 11.306.0.0 - Power Technology)
Doom 3 BFG Edition (HKLM-x32\...\Doom 3 BFG Edition_is1) (Version:  - )
DrawScribe (HKLM-x32\...\{a7b4563e-2156-41bf-8cb5-3dd6fe3d3db1}) (Version: 1.4.1 - Astute Graphics Limited)
DrawScribe v1.4.1 for Adobe™ Illustrator™ CS4-CS6 (Version: 1.4.1 - Astute Graphics Limited) Hidden
Dropbox (HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.07 - ASUSTeK Computer Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Extensis Suitcase Fusion 5 (HKLM-x32\...\{C55F93FB-88BC-48AD-9546-620F7662DCE3}) (Version: 16.2.4 - 2014 Celartem, Inc. d.b.a Extensis All rights reserved)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Hatred (HKLM-x32\...\SGF0cmVk_is1) (Version: 1 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 10.9.5 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
LibreOffice 4.3.7.2 (HKLM-x32\...\{8ED4A1FC-56CF-414C-A9AB-A37714AA9EA7}) (Version: 4.3.7.2 - The Document Foundation)
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{70DB09B8-1BA5-410A-992F-1C1CE288229E}) (Version: 2.9.316 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.16.108.12020 (HKLM-x32\...\{D4E76014-8D95-87D9-991F-287823C60736}) (Version: 2.16.108.12020 - Sony)
Metro: Last Light Redux (HKLM-x32\...\Metro: Last Light Redux_is1) (Version:  - Deep Silver)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
One Unit Whole Blood (HKLM-x32\...\One Unit Whole Blood_is1) (Version:  - GOG.com)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
Outlast: Whistleblower (HKLM-x32\...\T3V0bGFzdFdoaXN0bGVibG93ZXI=_is1) (Version: 1 - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Phantasm CS (HKLM-x32\...\{8b4ae641-b603-4eef-bee2-112dba939316}) (Version: 2.8.1 - Astute Graphics Limited)
Phantasm CS v2.8.1 for Adobe™ Illustrator™ CS4-CS6 (Version: 2.8.1 - Astute Graphics Limited) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.0 - Power Software Ltd)
Raccolta foto (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.092613 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30166 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0247 - REALTEK Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Singularity™ (HKLM-x32\...\InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}) (Version: 1.00.0000 - Activision)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SubScribe Designer (HKLM-x32\...\{8c1e31c8-0a24-4580-b292-14eaa22d2ede}) (Version: 1.0.4 - Astute Graphics Limited)
SubScribe Designer v1.0.4 for Adobe™ Illustrator™ CS4-CS6 (Version: 1.0.4 - Astute Graphics Limited) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Telegram Desktop version 0.8.24 (HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.8.24 - Telegram Messenger LLP)
The Incredible Adventures of Van Helsing II (HKLM-x32\...\Steam App 272470) (Version:  - NeocoreGames)
Valokuvavalikoima (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VectorScribe (HKLM-x32\...\{de160f98-e03b-4270-9129-1d2959d8d227}) (Version: 1.8.0 - Astute Graphics Limited)
VectorScribe v1.8.0 for Adobe™ Illustrator™ CS4-CS6 (Version: 1.8.0 - Astute Graphics Limited) Hidden
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.11w3 - Wacom Technology Corp.)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WidthScribe (HKLM-x32\...\{ea80c622-a842-4654-a10d-e4acb5959e81}) (Version: 1.0.1 - Astute Graphics Limited)
WidthScribe v1.0.1 for Adobe™ Illustrator™ CS5-CS6 (Version: 1.0.1 - Astute Graphics Limited) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.2 - win.rar GmbH)
Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version: 1.0 - PLAZA)
YACReader 7.2.0 (HKLM-x32\...\YACReader_is1) (Version:  - )
Συλλογή φωτογραφιών (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-357828312-3288118444-495839077-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Martín\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357828312-3288118444-495839077-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357828312-3288118444-495839077-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357828312-3288118444-495839077-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357828312-3288118444-495839077-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357828312-3288118444-495839077-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357828312-3288118444-495839077-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357828312-3288118444-495839077-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357828312-3288118444-495839077-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-357828312-3288118444-495839077-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

30-05-2015 14:05:15 End of disinfection
07-06-2015 03:43:59 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-02-05 17:00 - 2015-02-05 17:50 - 00001028 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10B423AE-E0B7-47F1-91EC-46F2EA7E8D62} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {3F12F845-CB97-4383-AAD1-F289043EC3C5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4244C3BC-3CA7-4533-BD98-5A6B82F9DBDF} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2013-08-23] ()
Task: {45C2D90E-BD71-487F-B9F8-DBB6D073CA7D} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-15] (Microsoft Corporation)
Task: {5836B7A3-AA00-41FC-A110-4CD611741CF8} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2013-11-28] ()
Task: {59A7E43A-C98E-4DAC-95F9-F51182ED459F} - \SMW_UpdateTask_Time_3437353934323835302d4137345a376c453278345a41 No Task File <==== ATTENTION
Task: {5A762A37-09A3-433A-B2EA-62399EA64197} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2013-11-27] (ASUSTeK Computer Inc.)
Task: {5FD8318E-4114-4EAA-84E6-F9721017A443} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001UA => C:\Users\Martín\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-20] (Dropbox, Inc.)
Task: {755DAA99-4D45-47EA-9B18-6F74B2FB8DFA} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe [2014-02-20] (ASUSTeK)
Task: {75BD6AFA-4947-444B-8F6E-2F49F4329E53} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2014-03-25] ()
Task: {7DA73805-BD5C-4DB5-8BAF-05A02CC9C30E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {82172B07-2CE7-4428-8667-0659BC795755} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-24] (Adobe Systems Incorporated)
Task: {822FBB02-3D04-4E7C-9DC4-BCF528BE5804} - System32\Tasks\{707A0EF6-9F95-4219-8B5A-CC9942465BFE} => pcalua.exe -a "C:\Program Files (x86)\BlueVoda Website Builder\uninstall.exe" -c "/U:C:\Program Files (x86)\BlueVoda Website Builder\irunin.xml"
Task: {8886A173-8BD3-46F0-8F58-BAF95429AB15} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001Core => C:\Users\Martín\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-05-20] (Dropbox, Inc.)
Task: {8CED0ED6-4F4A-4B37-A918-ADD96CE72D9E} - \HDNINSTSCHD No Task File <==== ATTENTION
Task: {A4AED131-1F66-4741-8BF9-B6C24D1318D9} - System32\Tasks\{0BD13DDB-0830-492B-88CA-F1B6617F429A} => pcalua.exe -a C:\ProgramData\ZombieNews\uninstall.exe -c /kb=y /ic=1
Task: {A4EB5078-D2C1-47D8-A3BB-52B064C30E81} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2013-11-27] ()
Task: {A50CDB94-27C0-4C4E-9CDA-9F3C6A3382C7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {A95E0835-7AE4-4E8B-8128-5E25E3A15113} - System32\Tasks\{45A6C7EB-5712-4037-8BA9-52DCDE263675} => pcalua.exe -a "C:\Program Files\PeerGuardian2\pg2.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2"
Task: {B2668393-5020-4EDB-A8F3-A99462BB2B9B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {BE7F92BF-7C43-43D9-A537-4B6AA469AA6C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-03] (Avast Software s.r.o.)
Task: {C3CACAB9-B193-4019-9BC3-708F8EF47A48} - \UPDTEXE4_WDR No Task File <==== ATTENTION
Task: {CF4F9996-4864-4F1C-8B73-F2835C2C789B} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {D8940229-FA2A-4EEB-9DB8-85C5CE46F10C} - \IE_ERR4WDR No Task File <==== ATTENTION
Task: {DC4080DF-A666-464A-BD9F-DC3437AFEF27} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ghostly.arts@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {DE2A3E7B-4047-4806-83EE-CADC27E1AA0D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: {FBA14454-6182-4D2B-A990-6B84DD135F9C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001Core.job => C:\Users\Martín\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001UA.job => C:\Users\Martín\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-12-05 02:52 - 2013-09-26 14:15 - 00059392 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2011-03-09 12:41 - 2011-03-09 12:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2011-03-09 12:41 - 2011-03-09 12:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2014-12-05 02:55 - 2013-11-06 06:58 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-12-05 02:50 - 2015-05-28 00:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-11 15:13 - 2015-02-11 15:13 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-12-05 02:56 - 2014-03-12 18:50 - 00854016 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandlerBin.dll
2015-02-03 14:20 - 2014-12-22 16:42 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-12-05 02:56 - 2014-03-25 21:36 - 00929936 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
2015-04-19 16:47 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2015-05-27 12:10 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2015-05-03 15:27 - 2015-05-03 15:27 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-03 15:27 - 2015-05-03 15:27 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-09 12:33 - 2015-06-09 12:33 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060901\algo.dll
2015-06-12 06:18 - 2015-06-12 06:18 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061200\algo.dll
2010-03-05 10:24 - 2010-03-05 10:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2014-12-05 02:55 - 2015-06-09 19:30 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-12-05 02:55 - 2010-06-28 22:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-12-05 02:49 - 2013-09-16 16:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-03-30 19:32 - 2015-05-22 21:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-19 16:47 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-08-07 00:08 - 2014-08-07 00:08 - 01007616 _____ () C:\Program Files (x86)\Extensis\Suitcase Fusion 5\libxml2.2.6.24.dll
2014-08-07 00:08 - 2014-08-07 00:08 - 00901120 _____ () C:\Program Files (x86)\Extensis\Suitcase Fusion 5\iconv-1.9.2.dll
2014-08-07 00:08 - 2014-08-07 00:08 - 00007168 _____ () C:\Program Files (x86)\Extensis\Suitcase Fusion 5\libcharset.dll
2015-05-27 12:10 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2015-05-27 12:10 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2013-06-11 09:31 - 2013-06-11 09:31 - 00090112 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
2011-01-05 15:01 - 2011-01-05 15:01 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2015-05-27 12:10 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2012-04-04 14:33 - 2012-04-04 14:33 - 00139776 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
2013-01-08 17:02 - 2013-01-08 17:02 - 00163840 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
2012-07-26 11:51 - 2012-07-26 11:51 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
2015-05-27 12:10 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2015-03-23 19:19 - 2015-03-23 19:19 - 02620416 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\libxt.dll
2015-04-10 11:26 - 2015-04-10 11:26 - 00669696 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2015-03-29 22:27 - 2015-03-29 22:27 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Martín\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\1001movie.com -> 1001movie.com

There are 6091 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-357828312-3288118444-495839077-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B726DD9B5E85A9C2CCC2C50ABF39B365"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\StartupApproved\Run: => "YTDownloader"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{15245B83-7655-4E2B-8CD3-B4453ED5722D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{82E3BE35-2262-4336-BF95-CE6D2F36C24D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F1B75465-D17E-4D39-85B3-09CAD2159416}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{34878D9E-E0DA-429E-89B7-D59AA5426078}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DC12ABD6-BEBA-4256-887E-E29E5BCBB687}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3C0B2251-6AB3-4C52-AA07-3A6E6CF9B65B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9EBB33A5-BA7A-4FE0-8FB1-F0EC4BC2C990}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{E2640AB0-0501-4E05-8937-AB4DC52EDD4D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E41E4896-FA6D-4E72-8B96-BFB68C1259D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BD09DC5E-CB51-4B50-9CF8-9309F2C5E72A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46CFA193-4DBF-421F-B97A-EC88C9C3FDAF}] => (Allow) C:\Users\Martín\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9BF670C2-9E53-4606-B085-EAA622136B27}] => (Allow) C:\Users\Martín\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9019FA91-950C-4AA4-8478-F1C661851B49}D:\downloads\emule\emule.exe] => (Allow) D:\downloads\emule\emule.exe
FirewallRules: [UDP Query User{64023959-5586-46B6-BAE6-F4586CE05C56}D:\downloads\emule\emule.exe] => (Allow) D:\downloads\emule\emule.exe
FirewallRules: [TCP Query User{B9808419-3EF4-42D1-A1A8-684EBF38ED16}C:\program files\adobe\adobe illustrator cs6 (64 bit)\support files\contents\windows\illustrator.exe] => (Allow) C:\program files\adobe\adobe illustrator cs6 (64 bit)\support files\contents\windows\illustrator.exe
FirewallRules: [UDP Query User{8E4956B2-17DF-4346-AFDA-D69E319C096A}C:\program files\adobe\adobe illustrator cs6 (64 bit)\support files\contents\windows\illustrator.exe] => (Allow) C:\program files\adobe\adobe illustrator cs6 (64 bit)\support files\contents\windows\illustrator.exe
FirewallRules: [TCP Query User{859881C2-8E64-400A-815F-F1A6B35889FE}C:\program files\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe] => (Allow) C:\program files\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe
FirewallRules: [UDP Query User{623C0648-E97F-479E-9050-3C52859DA1D4}C:\program files\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe] => (Allow) C:\program files\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe
FirewallRules: [{EF0EDF01-2D46-4929-AC29-AC2960A71979}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{37BB282C-11BA-4773-9F19-49239F4498CF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7094BA83-0E21-4D88-B178-35F91499400D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{22E9B9FE-E237-4F4B-83CE-67EA7CC2106D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4CA799FB-7055-4384-8CEF-FA5105156BA1}] => (Allow) C:\Users\Martín\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{54684E2D-A5C0-4D3C-920F-60A4E626CB6B}] => (Allow) C:\Users\Martín\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{026BFDE9-931B-4950-87E1-F262EC7CB934}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe
FirewallRules: [{6BC11F43-17C2-4B43-9ECF-7BB66AA4A28B}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe
FirewallRules: [{822A0081-6607-4FDA-AF33-A8347420C839}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe
FirewallRules: [{58E61187-9F33-4A18-8FD1-2A4CE08D45FB}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe
FirewallRules: [TCP Query User{F1F4BF5E-9ED1-4228-B29B-7ECFE461E643}D:\downloads\emule\emule.exe] => (Allow) D:\downloads\emule\emule.exe
FirewallRules: [UDP Query User{25237A05-3832-4138-A47C-180212FAD4C5}D:\downloads\emule\emule.exe] => (Allow) D:\downloads\emule\emule.exe
FirewallRules: [TCP Query User{52A20E5F-FF0A-455A-A291-9B328C9C941B}C:\users\martín\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\martín\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{88E42972-3905-48FC-868B-3E99C842F248}C:\users\martín\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\martín\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{BB158BD1-77B0-46D8-8929-1085E5CEFE0F}C:\program files\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe] => (Allow) C:\program files\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe
FirewallRules: [UDP Query User{3B8D790B-B258-4E69-B816-9D742B9FCD4E}C:\program files\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe] => (Allow) C:\program files\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe
FirewallRules: [TCP Query User{A0926C2E-7CB5-40A3-B4F3-502881F4F429}C:\program files\adobe\adobe illustrator cs6 (64 bit)\support files\contents\windows\illustrator.exe] => (Allow) C:\program files\adobe\adobe illustrator cs6 (64 bit)\support files\contents\windows\illustrator.exe
FirewallRules: [UDP Query User{3934C43D-B0AC-4269-B66C-92CA4CCCAA54}C:\program files\adobe\adobe illustrator cs6 (64 bit)\support files\contents\windows\illustrator.exe] => (Allow) C:\program files\adobe\adobe illustrator cs6 (64 bit)\support files\contents\windows\illustrator.exe
FirewallRules: [TCP Query User{59D8D891-FA93-400C-8E15-AF8BD7AB4EDE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8170FDC4-CF0B-4FB8-85E2-2CF51260735E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{8B2A7B15-1A17-4C65-B400-844330B8FAEB}C:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Allow) C:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [UDP Query User{60B8A7C0-7DB0-4573-AF4C-DB3E6E962B46}C:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe] => (Allow) C:\program files (x86)\wolfenstein the new order\wolfneworder_x64.exe
FirewallRules: [{473E10B5-E147-4D78-9D9E-DDA06ACE1864}] => (Allow) D:\Steam\steamapps\common\The Incredible Adventures of Van Helsing II\VanHelsing.exe
FirewallRules: [{26C6C7B7-364C-4E55-944E-89DF39F81A84}] => (Allow) D:\Steam\steamapps\common\The Incredible Adventures of Van Helsing II\VanHelsing.exe
FirewallRules: [TCP Query User{74A90BCB-5E3C-4D4B-A55D-B908CE7CBF19}C:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe] => (Block) C:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe
FirewallRules: [UDP Query User{175989DE-5D0B-44B1-BDE9-C24B2FC8FD70}C:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe] => (Block) C:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe
FirewallRules: [{F420BFE0-3EEF-4761-B896-1E53131B6B60}] => (Allow) C:\Program Files (x86)\Activision\Singularity™\Binaries\Singularity.exe
FirewallRules: [{5E69BCB3-8FBC-4E6E-ABD0-9E66592E9BBB}] => (Allow) C:\Program Files (x86)\Activision\Singularity™\Binaries\Singularity.exe
FirewallRules: [TCP Query User{0E791A9C-12CE-4B5B-832E-02955C3CB822}D:\downloads\torrent\quake with darkplace sourceport (v.2008)\darkplaces.exe] => (Block) D:\downloads\torrent\quake with darkplace sourceport (v.2008)\darkplaces.exe
FirewallRules: [UDP Query User{14C14A1B-2E70-4D0A-B62F-17CA395DA8A7}D:\downloads\torrent\quake with darkplace sourceport (v.2008)\darkplaces.exe] => (Block) D:\downloads\torrent\quake with darkplace sourceport (v.2008)\darkplaces.exe
FirewallRules: [TCP Query User{074A1111-337F-41F7-9911-D4653AF61CDE}D:\downloads\torrent\quake with darkplace sourceport (v.2008)\darkplaces-sdl.exe] => (Block) D:\downloads\torrent\quake with darkplace sourceport (v.2008)\darkplaces-sdl.exe
FirewallRules: [UDP Query User{B9C2751B-1889-4C9C-84BF-4A1901879C2E}D:\downloads\torrent\quake with darkplace sourceport (v.2008)\darkplaces-sdl.exe] => (Block) D:\downloads\torrent\quake with darkplace sourceport (v.2008)\darkplaces-sdl.exe
FirewallRules: [{73339242-6704-46BC-AA6B-ED939DF52C0A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D77C1C86-112F-48BE-B84B-784886A469F8}] => (Allow) LPort=2869
FirewallRules: [{DD119A76-E0C8-43EC-885D-77BED52852E4}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2DB780B6-4FE1-40E5-8525-16282E68FB82}C:\program files\adobe\adobe muse cc 2014\muse.exe] => (Block) C:\program files\adobe\adobe muse cc 2014\muse.exe
FirewallRules: [UDP Query User{0E7BE236-9115-4F7A-AEB0-4FA03BABD423}C:\program files\adobe\adobe muse cc 2014\muse.exe] => (Block) C:\program files\adobe\adobe muse cc 2014\muse.exe
FirewallRules: [TCP Query User{67719D00-3E32-44D7-B012-22C1D04A04D4}D:\outlast whistleblower\binaries\win64\olgame.exe] => (Block) D:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{910E32EA-0FDE-4AE6-A95B-EDFDF26D40E1}D:\outlast whistleblower\binaries\win64\olgame.exe] => (Block) D:\outlast whistleblower\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{322899B2-8F93-4B6C-A4BB-8F4035D6387B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F0DA8B1F-5824-40AC-BEBC-E5F53D01DDEB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2015 01:58:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (06/10/2015 01:58:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.


System errors:
=============

Microsoft Office:
=========================
Error: (06/10/2015 01:58:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestc:\users\martín\desktop\esetsmartinstaller_esn.exe

Error: (06/10/2015 01:58:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestc:\users\martín\downloads\esetsmartinstaller_esn.exe


CodeIntegrity Errors:
===================================
  Date: 2015-05-09 12:49:13.420
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2015-05-09 12:49:12.998
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2015-05-09 12:49:12.607
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2015-05-09 12:49:12.091
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2015-05-09 12:49:08.248
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.

  Date: 2015-04-11 16:50:12.572
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-11 16:49:57.206
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-11 16:49:40.812
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-11 16:48:48.045
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-11 16:48:13.553
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 21%
Total physical RAM: 16323.25 MB
Available physical RAM: 12767.55 MB
Total Pagefile: 32707.25 MB
Available Pagefile: 28450.12 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:150 GB) (Free:46.9 GB) NTFS
Drive d: (Data) (Fixed) (Total:1693.95 GB) (Free:943.38 GB) NTFS
Drive e: (Back Up) (Fixed) (Total:2794.49 GB) (Free:1304.53 GB) NTFS
Drive l: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:627.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 9F2EFF5E)

Partition: GPT Partition Type.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 7DC7DBBF)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of log ============================



#8 SaintVitus

SaintVitus
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario - Canada
  • Local time:10:53 AM

Posted 12 June 2015 - 11:24 AM

I just used Utorrent for some Tv Shows and emule for some hard to find movie, right now not active until  your advice :)

 

Attached on this post  all the  logs and summary.

 

 

Thank you again for your time and kindness! :thumbsup:

 

 

 

 

 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 12 June 2015 - 11:27 AM

Greetings,

 

Unfortunately there is evidence of pirated and illegal software on your computer. If you wish to continue to receive help I am going to ask you to remove all of the illegitimate Adobe programs that are currently installed. If you are willing to do that please uninstall all the programs, run the FRST scans again and post the logs.

 

Please post all the information at once if possible.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 15 June 2015 - 09:42 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 SaintVitus

SaintVitus
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario - Canada
  • Local time:10:53 AM

Posted 15 June 2015 - 05:59 PM

Hi Oh My! yes i must to unistiall all adobe pirated after your comment, but I'm not on the "affected" PC for the last 3 days. the URL:Mal is still appearing on that PC.

can  you give me one more day  until can put in front of the affected PC?

 

THank you so much for your time and effort :)



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 15 June 2015 - 06:09 PM

Absolutely. Let me know when we are ready to go.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 SaintVitus

SaintVitus
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario - Canada
  • Local time:10:53 AM

Posted 17 June 2015 - 10:32 AM

Hi again Oh My!, Uninstalled Adobe Creative suite, and  FRST scan log:

 

Part1:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Martín (administrator) on HELLMACHINE on 17-06-2015 11:31:39
Running from C:\Users\Martín\Desktop
Loaded Profiles: Martín (Available Profiles: Martín)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSWinService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 5\FMCore.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Telegram Messenger LLP) C:\Users\Martín\AppData\Roaming\Telegram Desktop\Telegram.exe
(Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-22] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-25] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-05-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1270064 2014-12-11] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-14] (SUPERAntiSpyware)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [FMCore.exe] => C:\Program Files (x86)\Extensis\Suitcase Fusion 5\FMCore.exe [10570752 2014-08-07] (Celartem, Inc., doing business as Extensis.)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [Dropbox Update] => C:\Users\Martín\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-05-20] (Dropbox, Inc.)
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2015-02-19]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Martín\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2015-04-07]
ShortcutTarget: Telegram.lnk -> C:\Users\Martín\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Martín\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-03] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-357828312-3288118444-495839077-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-357828312-3288118444-495839077-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-29] (Avast Software s.r.o.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-29] (Avast Software s.r.o.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-15] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-357828312-3288118444-495839077-1001: @client.dropbox.com/Dropbox Update;version=3 -> C:\Users\Martín\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-20] (Dropbox, Inc.)
FF Plugin HKU\S-1-5-21-357828312-3288118444-495839077-1001: @client.dropbox.com/Dropbox Update;version=9 -> C:\Users\Martín\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-20] (Dropbox, Inc.)
FF Plugin HKU\S-1-5-21-357828312-3288118444-495839077-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-04-21] (Sony Network Entertainment International LLC)
FF Extension: FireShot - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-06-12]
FF Extension: feedly - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\feedly@devhd.xpi [2015-06-01]
FF Extension: Gmail Notifier (restartless) - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2015-06-01]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2015-06-12]
FF Extension: storeTab - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\nicktco@gmail.com.xpi [2015-06-01]
FF Extension: Tile Tabs - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\tiletabs@DW-dev.xpi [2015-06-01]
FF Extension: Undo Closed Tabs Button - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\undoclosedtabsbutton@supernova00.biz.xpi [2015-06-01]
FF Extension: Adblock Plus - C:\Users\Martín\AppData\Roaming\Mozilla\Firefox\Profiles\u0s6miax.default-1433209626351\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-03]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-02-15] (Adobe Systems Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.0.496\AsusWSWinService.exe [71168 2015-02-12] (ASUS Cloud Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-03] (Avast Software s.r.o.)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [59392 2013-09-26] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-22] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-17] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-22] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-22] (NVIDIA Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671512 2014-12-22] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-03] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-03] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-03] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-03] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-03] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-03] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-12] (Microsoft Corporation)
R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-02-26] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-27] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-06-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3759320 2014-12-01] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-05] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 



#14 SaintVitus

SaintVitus
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario - Canada
  • Local time:10:53 AM

Posted 17 June 2015 - 10:34 AM

FRST Log Part2:

 

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 11:31 - 2015-06-17 11:31 - 00027582 _____ C:\Users\Martín\Desktop\FRST.txt
2015-06-17 11:26 - 2015-06-17 11:26 - 00000000 ____D C:\Users\Martín\Desktop\FRST-OlderVersion
2015-06-16 15:48 - 2015-06-16 15:48 - 00000240 _____ C:\Users\Martín\Desktop\▶ MARE Spheres Like Death Black Magick Funeral Nidrosian IV - YouTube.URL
2015-06-16 15:47 - 2015-06-16 15:47 - 00000240 _____ C:\Users\Martín\Desktop\BLACK MAJESTY- Trondheim, Norway 11-13-10 - YouTube.URL
2015-06-16 15:47 - 2015-06-16 15:47 - 00000240 _____ C:\Users\Martín\Desktop\▶ MARE BLACK MAJESTY @ NIDROSIAN BLACK MASS IV BRUSSEL - YouTube.URL
2015-06-16 11:58 - 2015-06-16 12:01 - 00000267 _____ C:\Users\Martín\Desktop\Lambs of Rot — Abominations of the Antichrist.URL
2015-06-16 10:13 - 2015-06-16 10:13 - 00195929 _____ C:\Users\Martín\Desktop\retronautas-27-rod-serling-y-audios-mp3_rf_4641925_1.html
2015-06-16 08:09 - 2015-06-16 08:09 - 00000284 _____ C:\Users\Martín\Desktop\httpswww.facebook.comphoto.phpfbid=10207049380495884&set=gm.447113405467751&type=1.URL
2015-06-14 10:17 - 2015-06-14 10:17 - 00014060 _____ C:\Users\Martín\Desktop\431311.zip
2015-06-13 15:52 - 2015-06-13 15:52 - 00000267 _____ C:\Users\Martín\Desktop\Xbox 360 Controller for Windows for PC at EBGames - EBGames.ca.URL
2015-06-13 15:49 - 2015-06-13 15:49 - 00000231 _____ C:\Users\Martín\Desktop\Black Metal The Early Days (memorabilia, reviews, articles).URL
2015-06-12 20:45 - 2015-06-12 20:45 - 00001912 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-06-12 20:45 - 2015-06-12 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-06-12 20:45 - 2015-06-12 20:45 - 00000000 ____D C:\Program Files\HitmanPro
2015-06-12 20:38 - 2015-06-17 11:25 - 00000000 ____D C:\Users\Martín\AppData\Local\CrashDumps
2015-06-12 14:39 - 2015-06-17 11:00 - 00010312 _____ C:\Users\Martín\AppData\Local\BTServer.log
2015-06-12 14:35 - 2015-06-12 14:35 - 00000014 _____ C:\ProgramData\.ST160
2015-06-12 14:35 - 2015-06-12 14:35 - 00000010 _____ C:\Users\Martín\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
2015-06-12 14:35 - 2015-06-12 14:35 - 00000010 _____ C:\ProgramData\.F4G6EEC4-B493-3E31-C6BG-8C6C9B764D36
2015-06-12 12:01 - 2015-06-12 12:02 - 00000000 ____D C:\Users\Martín\Desktop\New folder (2)
2015-06-10 18:16 - 2015-06-10 18:16 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-09 19:59 - 2015-06-16 22:00 - 00674042 ____N C:\Windows\WindowsUpdate.log
2015-06-09 14:24 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 14:24 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 14:24 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 14:24 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 14:24 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 14:24 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 14:24 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 14:24 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 14:24 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 14:24 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 14:24 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 14:24 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 14:24 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 14:24 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 14:24 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 14:24 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 14:24 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 14:24 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 14:24 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 14:24 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 14:24 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 14:24 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 14:24 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 14:24 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 14:24 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 14:24 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 14:24 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 14:24 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 14:24 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 14:24 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 14:24 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 14:24 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 14:24 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 14:24 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 14:24 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 14:24 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 14:24 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 14:24 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 14:24 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 14:24 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 14:24 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 14:24 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 14:24 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-09 14:24 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-09 14:24 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-09 14:24 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-09 14:24 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-09 14:24 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-09 14:24 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-09 14:24 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 14:24 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 14:24 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-09 14:24 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-09 14:24 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-09 14:24 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-09 14:24 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-09 14:24 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-09 14:24 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-09 14:24 - 2015-04-08 18:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-09 14:24 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-09 14:24 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-09 14:24 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-09 14:24 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-09 14:24 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-09 14:24 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-09 14:24 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-09 14:24 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-09 14:24 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-09 14:24 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-09 14:24 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 14:24 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-09 14:24 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-09 14:24 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-09 14:24 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-09 14:24 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-09 14:24 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-09 14:24 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-09 14:24 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-09 14:24 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-09 14:24 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-09 14:23 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 12:03 - 2006-05-05 19:53 - 00055543 _____ C:\Users\Martín\Desktop\Dark Tales Of Japan 2005.srt
2015-06-07 16:39 - 2015-06-07 16:39 - 00000853 _____ C:\Users\Public\Desktop\Hatred.lnk
2015-06-07 16:39 - 2015-06-07 16:39 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hatred.lnk
2015-06-05 13:50 - 2015-06-05 13:50 - 00000296 _____ C:\Users\Martín\Desktop\Avast URL Mal Infection svchost.exe (yep, another one!) - Virus, Trojan, Spyware, and Malware Removal Logs.URL
2015-06-05 11:17 - 2015-06-05 11:22 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-05 11:17 - 2015-06-05 11:17 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-05 11:10 - 2015-06-17 11:31 - 00000000 ____D C:\FRST
2015-06-05 11:08 - 2015-06-17 11:26 - 02109952 _____ (Farbar) C:\Users\Martín\Desktop\FRST64.exe
2015-06-02 09:48 - 2015-06-02 09:48 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-02 09:47 - 2015-06-02 09:47 - 02870984 _____ (ESET) C:\Users\Martín\Downloads\esetsmartinstaller_esn.exe
2015-06-02 09:38 - 2015-06-02 09:38 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Martín\Downloads\tdsskiller.exe
2015-06-01 21:47 - 2015-06-01 21:47 - 00000000 ____D C:\Users\Martín\Desktop\Old Firefox Data
2015-06-01 21:22 - 2015-06-03 21:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-01 21:09 - 2015-06-15 12:21 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-06-01 21:09 - 2015-06-01 21:09 - 00001098 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-06-01 21:09 - 2015-06-01 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-06-01 21:09 - 2015-06-01 21:09 - 00000000 ____D C:\ProgramData\Licenses
2015-06-01 21:09 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2015-06-01 21:09 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-06-01 20:52 - 2015-06-01 20:52 - 00000000 ____D C:\RegBackup
2015-06-01 19:39 - 2015-06-01 19:39 - 00000000 ____D C:\Users\Martín\AppData\Local\Sony
2015-06-01 19:39 - 2015-06-01 19:39 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-06-01 19:38 - 2015-06-01 19:39 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Sony
2015-06-01 19:38 - 2015-06-01 19:39 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2015-06-01 18:49 - 2015-06-01 18:49 - 00000000 ____D C:\Users\Martín\AppData\Local\GWX
2015-06-01 18:47 - 2015-05-27 23:52 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-01 18:45 - 2015-05-28 03:04 - 42719888 _____ C:\Windows\system32\nvcompiler.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 15864064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-01 18:45 - 2015-05-28 03:04 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00407112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00117576 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-06-01 18:45 - 2015-05-28 03:04 - 00039056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-06-01 18:03 - 2015-06-01 18:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-01 18:03 - 2015-04-03 09:21 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-01 18:03 - 2015-04-03 09:21 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-05-31 16:36 - 2015-06-12 14:45 - 00000000 ____D C:\AdwCleaner
2015-05-31 15:47 - 2015-05-31 15:47 - 00000847 _____ C:\Users\Martín\Desktop\Wolfenstein The Old Blood.lnk
2015-05-31 15:47 - 2015-05-31 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein The Old Blood
2015-05-30 19:39 - 2015-05-30 19:39 - 00000000 ____D C:\Users\Martín\Documents\EA Games
2015-05-30 19:37 - 2015-05-30 19:37 - 00000000 ____D C:\Users\Martín\AppData\Local\EA Games
2015-05-30 14:05 - 2015-05-30 14:05 - 00000000 ____D C:\Windows\ERUNT
2015-05-30 13:38 - 2015-05-30 13:18 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-05-27 12:10 - 2015-06-01 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-27 12:10 - 2015-06-01 19:39 - 00000000 ____D C:\Program Files (x86)\Sony
2015-05-27 12:10 - 2015-05-27 12:10 - 00000000 ____D C:\ProgramData\Sony
2015-05-24 17:05 - 2015-05-24 17:05 - 00000000 ____D C:\Users\Martín\Tracing
2015-05-24 17:01 - 2015-06-17 09:30 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Skype
2015-05-24 17:01 - 2015-06-15 12:30 - 00000000 ____D C:\ProgramData\Skype
2015-05-24 17:01 - 2015-05-24 17:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-24 17:01 - 2015-05-24 17:01 - 00000000 ____D C:\Users\Martín\AppData\Local\Skype
2015-05-24 17:01 - 2015-05-24 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-23 19:27 - 2015-05-23 19:27 - 00000000 ____D C:\Users\Martín\Desktop\NV-Inspector-[Guru3D.com]
2015-05-21 20:14 - 2015-05-21 20:14 - 00000469 _____ C:\Users\Public\Desktop\Outlast Whistleblower.lnk
2015-05-21 20:14 - 2015-05-21 20:14 - 00000469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast Whistleblower.lnk
2015-05-20 15:10 - 2015-06-17 11:15 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001UA.job
2015-05-20 15:10 - 2015-06-16 15:15 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001Core.job
2015-05-20 15:10 - 2015-05-20 15:10 - 00003894 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001UA
2015-05-20 15:10 - 2015-05-20 15:10 - 00003514 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-357828312-3288118444-495839077-1001Core
2015-05-20 15:10 - 2015-05-20 15:10 - 00000000 ____D C:\Users\Martín\AppData\Local\Dropbox
2015-05-20 15:10 - 2015-05-20 15:10 - 00000000 ____D C:\ProgramData\Dropbox
2015-05-18 16:50 - 2015-05-18 16:50 - 00000132 _____ C:\Users\Martín\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2015-05-18 16:16 - 2015-05-13 02:52 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-18 16:16 - 2015-05-13 02:52 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-18 16:16 - 2015-05-12 02:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-18 16:16 - 2015-05-12 02:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 11:26 - 2015-02-05 18:14 - 00000000 ____D C:\Users\Martín\AppData\Roaming\uTorrent
2015-06-17 11:25 - 2015-05-08 18:30 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-357828312-3288118444-495839077-1001
2015-06-17 11:25 - 2014-05-22 05:26 - 00000000 ____D C:\ProgramData\Adobe
2015-06-17 11:24 - 2015-02-05 17:27 - 00000000 ____D C:\Program Files\Adobe
2015-06-17 11:24 - 2014-05-22 05:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-17 11:20 - 2015-02-05 16:04 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-06-17 11:19 - 2015-02-03 15:26 - 00000000 ____D C:\Users\Martín\AppData\Roaming\ClassicShell
2015-06-17 11:01 - 2015-02-03 15:27 - 00000000 ____D C:\Users\Martín\AppData\Roaming\foobar2000
2015-06-17 11:00 - 2015-02-03 15:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 11:00 - 2015-02-03 13:23 - 00000000 ___DO C:\Users\Martín\OneDrive
2015-06-17 11:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-17 08:48 - 2015-02-03 15:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-17 02:00 - 2015-02-03 15:50 - 00000000 ____D C:\Users\Martín\AppData\Local\Adobe
2015-06-16 19:40 - 2014-05-22 05:05 - 01833224 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 19:40 - 2014-03-12 21:08 - 00812874 _____ C:\Windows\system32\perfh00A.dat
2015-06-16 19:40 - 2014-03-12 21:08 - 00170568 _____ C:\Windows\system32\perfc00A.dat
2015-06-16 08:56 - 2015-02-03 16:12 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-16 08:29 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-15 12:35 - 2015-02-03 15:51 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-15 12:21 - 2014-05-22 05:34 - 00000000 ____D C:\ProgramData\Temp
2015-06-13 13:27 - 2014-12-05 02:50 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-13 13:27 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-12 20:41 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-11 09:50 - 2015-02-05 20:49 - 00000000 ___RD C:\Users\Martín\Dropbox
2015-06-11 09:50 - 2015-02-05 20:46 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Dropbox
2015-06-10 05:51 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-06-09 18:56 - 2015-04-14 20:27 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-09 18:56 - 2015-04-14 20:27 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-09 18:56 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-09 18:56 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-09 16:44 - 2015-02-05 20:16 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 16:44 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-09 16:42 - 2015-02-05 20:16 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-04 10:55 - 2015-03-31 16:00 - 00000000 ____D C:\Users\Martín\Desktop\Tees I WANT
2015-06-03 21:06 - 2015-03-16 17:41 - 00000000 ____D C:\Windows\Minidump
2015-06-03 21:04 - 2015-02-03 15:53 - 00000000 ____D C:\Program Files\CCleaner
2015-06-03 12:18 - 2015-02-06 02:11 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 12:18 - 2015-02-06 02:11 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-02 19:24 - 2015-04-21 14:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 19:24 - 2015-02-03 14:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-02 10:52 - 2015-02-05 14:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-01 21:21 - 2015-02-03 15:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-01 20:44 - 2015-02-05 19:04 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-01 20:43 - 2015-02-03 16:33 - 00000000 ____D C:\Users\Martín\AppData\Roaming\awsRun
2015-06-01 19:39 - 2015-02-03 13:18 - 00000000 ____D C:\Users\Martín
2015-06-01 18:48 - 2014-12-05 02:50 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-05-31 16:43 - 2015-05-09 09:57 - 00000000 ____D C:\Users\Martín\Desktop\malware utilities
2015-05-29 10:20 - 2015-05-08 18:16 - 00001730 _____ C:\Windows\system32\.crusader
2015-05-28 03:04 - 2015-03-17 19:03 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-28 03:04 - 2015-02-11 11:48 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-28 03:04 - 2015-02-03 20:22 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 12852152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 03379680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 00112968 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-05-28 03:04 - 2014-12-05 02:50 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-05-28 00:15 - 2014-12-05 02:50 - 06872904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-28 00:15 - 2014-12-05 02:50 - 03491984 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-28 00:15 - 2014-12-05 02:50 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-28 00:15 - 2014-12-05 02:50 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-28 00:15 - 2014-12-05 02:50 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-28 00:15 - 2014-12-05 02:50 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-27 12:10 - 2014-05-22 05:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-27 06:48 - 2014-12-05 02:50 - 04408727 _____ C:\Windows\system32\nvcoproc.bin
2015-05-24 14:23 - 2015-04-23 18:37 - 00000000 ____D C:\Program Files (x86)\Metro 2033 Redux
2015-05-23 13:35 - 2014-05-22 05:47 - 00000000 ____D C:\Windows\de
2015-05-22 21:47 - 2015-02-03 13:43 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-22 21:47 - 2015-02-03 13:43 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-22 21:47 - 2014-12-05 02:51 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-22 21:47 - 2014-12-05 02:51 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-21 21:22 - 2015-05-11 10:29 - 00000000 ____D C:\Users\Martín\AppData\Local\Windows Live
2015-05-21 20:19 - 2015-03-12 19:20 - 00000000 ____D C:\Users\Martín\Documents\My Games
2015-05-20 02:52 - 2015-04-04 17:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 02:52 - 2015-04-04 17:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-19 20:30 - 2015-02-03 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-19 20:30 - 2015-02-03 15:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-19 13:48 - 2015-02-03 13:19 - 00000000 ____D C:\Users\Martín\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2015-05-18 16:50 - 2015-05-18 16:50 - 0000132 _____ () C:\Users\Martín\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2015-06-12 14:35 - 2015-06-12 14:35 - 0000010 _____ () C:\Users\Martín\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
2015-06-12 14:39 - 2015-06-17 11:00 - 0010312 _____ () C:\Users\Martín\AppData\Local\BTServer.log
2015-06-12 14:35 - 2015-06-12 14:35 - 0000010 _____ () C:\ProgramData\.F4G6EEC4-B493-3E31-C6BG-8C6C9B764D36
2015-06-12 14:35 - 2015-06-12 14:35 - 0000014 _____ () C:\ProgramData\.ST160
2014-05-22 05:24 - 2014-05-22 05:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 04:21

==================== End of log ============================

 

Attached Files

  • Attached File  FRST.txt   56.53KB   0 downloads


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:53 AM

Posted 17 June 2015 - 10:43 AM

Greetings SaintVitus and thank you for your understanding. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have eMule and uTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again. There are also a couple of open ports assigned to eMule which allows access to your computer.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall eMule and uTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition, it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: G - "G:\OriginInstaller.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: H - "H:\autorun.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: J - "J:\Hasbro.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: {96f2f0d9-f1ec-11e4-82b1-40e2307b6c3c} - "K:\Startme.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: {ab6a18c2-d6da-11e4-8288-40e2307b6c3c} - "K:\Startme.exe"
HKU\S-1-5-21-357828312-3288118444-495839077-1001\...\MountPoints2: {f5b751c9-bd5c-11e4-8270-40e2307b6c3c} - "H:\setup.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
U3 aswMBR; \??\C:\Users\MARTN~1\AppData\Local\Temp\aswMBR.sys [X]
2015-05-08 20:32 - 2015-05-08 20:32 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2015-04-19 17:58 - 2015-04-19 17:58 - 0000016 ____H () C:\Program Files (x86)\Common Files\dw1-astg
2015-04-19 17:53 - 2015-04-19 17:53 - 0000016 ____H () C:\Program Files (x86)\Common Files\pcs2-astg
2015-04-19 17:56 - 2015-04-19 17:56 - 0000016 ____H () C:\Program Files (x86)\Common Files\vs1-astg
2015-04-19 17:59 - 2015-04-19 17:59 - 0000016 ____H () C:\Program Files (x86)\Common Files\ws1-astg
2015-05-30 13:39 - 2015-06-03 21:06 - 0000010 _____ () C:\Users\Martín\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
2015-05-30 13:39 - 2015-06-03 21:07 - 0029441 _____ () C:\Users\Martín\AppData\Local\BTServer.log
2015-05-30 13:39 - 2015-06-03 21:06 - 0000010 _____ () C:\ProgramData\.F4G6EEC4-B493-3E31-C6BG-8C6C9B764D36
2015-05-30 13:39 - 2015-05-30 13:39 - 0000014 _____ () C:\ProgramData\.ST160
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Rerun a FRST scan making sure to place a check mark in Addition.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Junkware log
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users