Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware problems


  • This topic is locked This topic is locked
21 replies to this topic

#1 GreyPilgrim

GreyPilgrim

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 29 September 2016 - 06:41 AM

Hello! this is my very first time here in the forum and I've come because, similarly as in the topic @http://www.bleepingcomputer.com/forums/t/625694/several-adware-infections/; my pc seems to have been acquired one of these so called adware/malwares.. this had changed my default homepage, but I've managed to sort that out (the 'target' line in the properties of the shortcuts/icons had been altered) and what's annoying me now is that often, when using any of the browsers installed and opening a website, the first click I make on that page opens a new tab/window with ads (onclickads or others as such)..
 
I've downloaded the FSRT64.exe, JRT.exe and EEK as well in hope they could solve the problem without me having to ask for help here, but so far it hasn't been of help (I ran the JRT and EEK programs; and the FSRT I ran only to scan since I don't find myself qualified to run the 'Fix' mode without some help).
 
Can someone please give me some help?

thanks in advance!

 

PS: I've tried to post this before but I forgot to add the FRST log and Addition, I tried to update the original post (@http://www.bleepingcomputer.com/forums/t/627929/adware-problems/#entry4091817) but ended creating this one because I couldn't add the attachment there, I looked for a way to delete that original post but I couldn't, so please, whomever can delete it so it doesn't stays there confusing..

many thanks again! and sorry for the inconveniences..  Mod Edit:  No problem, I deleted previous effort - Hamluis.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2016
Ran by Nicolás (administrator) on MYPC (29-09-2016 08:13:11)
Running from C:\Users\nicolas\Desktop
Loaded Profiles: Nicolás (Available Profiles: Nicolás & Adrián)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) D:\Programs\iTunes\iTunesHelper.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nullsoft, Inc.) D:\- NICOLAS -\My Programs\Winamp\winampa.exe
(Cyberlink Corp.) D:\Programs\CyberLink\PowerDVD\PDVDServ.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) D:\Programs\CCleaner\CCleaner64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Mozilla Corporation) D:\- NICOLAS -\My Programs\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\- NICOLAS -\My Programs\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\Programs\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Eraser] => D:\- NICOLAS -\My Programs\eraser\Eraser.exe [1074600 2016-08-28] (The Eraser Project)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-23] (Raptr, Inc)
HKLM-x32\...\Run: [WinampAgent] => D:\- NICOLAS -\My Programs\Winamp\winampa.exe [85600 2013-12-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [RemoteControl] => D:\Programs\CyberLink\PowerDVD\PDVDServ.exe [30208 2005-12-07] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => D:\Programs\CyberLink\PowerDVD\Language\Language.exe [49152 2006-05-18] ()
HKLM-x32\...\Run: [DVD43] => D:\Programs\DVD Region+CSS Free\DVDRegionFree.exe [278016 2004-10-22] (Fengtao Software Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6718224 2016-08-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-09-06] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\Run: [CCleaner Monitoring] => D:\Programs\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] False
HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\MountPoints2: {1d7d8165-bd38-11e4-9568-74d435f490be} - G:\iStudio.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-21] (Microsoft Corporation)
ShellExecuteHooks-x32: DVDIdleShell Class - {93994DE8-8239-4655-B1D1-5F4E91300429} - D:\Programs\DVD Region+CSS Free\DVDShell.dll [49152 2004-10-09] (Fengtao Software Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2015-11-26]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
BootExecute:
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2553175386-3452905793-897856751-1000] => hxxp://un-stop.net/wpad.dat?0900e6079f4e86c80276b9c63d10341b16919234
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D2825744-7F1C-4E81-9B89-CBAA315C977E}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://un-stop.net/wpad.dat?0900e6079f4e86c80276b9c63d10341b16919234

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-2553175386-3452905793-897856751-1000 -> {57D70313-70BE-4CA4-85EE-EEC35604D8EB} URL = hxxps://ar.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2553175386-3452905793-897856751-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\g3wfp6ei.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxps://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxps://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.5\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2553175386-3452905793-897856751-1000: @citrixonline.com/appdetectorplugin -> C:\Users\nicolas\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-23] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension => not found
StartMenuInternet: FIREFOX.EXE - D:\- NICOLAS -\My Programs\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default [2016-09-28]
CHR Extension: (YouTube) - C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-17]
CHR Extension: (Google Search) - C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-04]
CHR Extension: (Light Abstract Red Orange Theme) - C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gefhaildplamgfoolnjeknficiolokgh [2016-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-08]
CHR Extension: (Gmail) - C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-04]
CHR Extension: (Chrome Media Router) - C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2015-11-12] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-08-26] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5285344 2016-08-26] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-08-26] (AVG Technologies CZ, s.r.o.)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-05-09] (Plays.tv, LLC)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [167936 2005-08-08] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S2 SkypeUpdate; D:\Programs\Skype\Updater\Updater.exe [324224 2016-07-25] (Skype Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-09-06] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-08-23] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [262400 2016-08-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-09-29] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-29 08:13 - 2016-09-29 08:14 - 00019939 _____ C:\Users\nicolas\Desktop\FRST.txt
2016-09-29 08:07 - 2016-09-29 08:07 - 00000000 ____D C:\Users\nicolas\Desktop\FRST-OlderVersion
2016-09-27 08:54 - 2016-09-02 12:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-27 08:54 - 2016-09-02 12:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-27 08:54 - 2016-09-02 12:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-27 08:54 - 2016-09-02 12:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-27 08:54 - 2016-09-02 12:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-27 08:54 - 2016-09-02 12:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-27 08:54 - 2016-09-02 12:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-27 08:54 - 2016-09-02 12:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-27 08:54 - 2016-09-02 12:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-27 08:54 - 2016-09-02 12:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-27 08:54 - 2016-09-02 12:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-27 08:54 - 2016-09-02 11:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-27 08:54 - 2016-09-02 11:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-27 08:54 - 2016-09-02 11:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-27 08:54 - 2016-09-02 11:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-27 08:54 - 2016-09-02 11:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-27 08:54 - 2016-09-02 11:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-27 08:54 - 2016-09-02 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-27 08:54 - 2016-09-02 11:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-27 08:54 - 2016-09-02 11:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-27 08:54 - 2016-09-02 11:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-27 08:54 - 2016-09-02 11:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-27 08:54 - 2016-09-02 11:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-27 08:54 - 2016-09-02 11:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-27 08:54 - 2016-09-02 11:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 11:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-27 08:54 - 2016-06-06 13:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-27 08:54 - 2016-06-06 13:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-27 08:54 - 2016-06-06 13:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-27 08:54 - 2016-06-06 13:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-27 08:54 - 2016-06-06 12:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-27 08:54 - 2016-06-06 12:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-27 08:54 - 2016-06-06 12:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-27 08:54 - 2016-06-06 12:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-27 08:54 - 2016-05-13 19:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-27 08:54 - 2016-05-13 19:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-27 08:54 - 2016-05-13 19:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-27 08:54 - 2016-05-13 19:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-27 08:54 - 2016-05-13 18:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-27 08:54 - 2016-05-13 18:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-27 08:54 - 2016-05-13 18:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-27 08:54 - 2016-05-13 18:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-27 08:54 - 2016-05-13 18:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-27 08:54 - 2016-05-13 18:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-27 08:54 - 2016-05-13 18:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-27 08:54 - 2016-05-13 18:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-27 08:54 - 2016-05-13 18:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-27 08:54 - 2016-05-13 18:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-27 08:54 - 2016-05-13 18:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-27 08:54 - 2016-05-13 18:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-27 08:54 - 2016-05-12 14:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-27 08:54 - 2016-05-12 12:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-27 08:54 - 2016-05-12 12:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-27 08:54 - 2016-05-04 14:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-27 08:54 - 2016-05-04 14:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-27 08:54 - 2016-05-04 14:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-27 08:54 - 2016-05-04 14:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-27 08:54 - 2016-05-04 14:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-27 08:54 - 2016-05-04 14:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-27 08:54 - 2016-05-04 14:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-27 08:54 - 2016-05-04 14:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-27 08:54 - 2016-05-04 14:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-27 08:54 - 2016-05-04 14:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-27 08:54 - 2016-05-04 12:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-27 08:54 - 2016-05-04 11:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-27 08:52 - 2016-08-12 13:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-27 08:52 - 2016-08-12 13:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-27 08:52 - 2016-08-12 13:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-27 08:52 - 2016-07-07 12:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-27 08:52 - 2016-07-07 12:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-27 08:52 - 2016-07-07 12:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-27 08:52 - 2016-07-07 12:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-27 08:52 - 2016-07-01 12:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-27 08:52 - 2016-07-01 12:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-27 08:52 - 2016-07-01 12:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-27 08:52 - 2016-07-01 12:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-27 08:51 - 2016-09-27 08:58 - 00000000 ____D C:\Users\nicolas\Desktop\xls varios
2016-09-27 08:46 - 2016-08-16 14:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-27 08:46 - 2016-08-15 23:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-27 08:46 - 2016-08-15 23:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-27 08:46 - 2016-08-06 12:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-27 08:46 - 2016-08-06 12:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-27 08:46 - 2016-08-05 12:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-27 08:46 - 2016-08-05 12:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-26 19:57 - 2016-09-26 19:57 - 00001971 _____ C:\Users\nicolas\Desktop\JRT.txt
2016-09-26 14:33 - 2016-09-26 14:33 - 01615456 _____ (Malwarebytes) C:\Users\nicolas\Desktop\JRT.exe
2016-09-26 13:18 - 2016-09-29 08:13 - 00000000 ____D C:\FRST
2016-09-26 13:18 - 2016-09-29 08:07 - 02404352 _____ (Farbar) C:\Users\nicolas\Desktop\FRST64.exe
2016-09-25 17:41 - 2016-09-25 17:58 - 00210756 _____ C:\TDSSKiller.3.1.0.11_25.09.2016_17.41.00_log.txt
2016-09-25 16:41 - 2016-09-25 16:41 - 00211172 _____ C:\Users\nicolas\Desktop\bookmarks-2016-09-25.json
2016-09-25 15:13 - 2016-09-25 16:49 - 00000000 ____D C:\Users\nicolas\AppData\Roaming\Mozilla
2016-09-25 15:12 - 2016-09-26 11:18 - 00000900 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-25 15:12 - 2016-09-26 11:18 - 00000900 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-25 15:12 - 2016-09-25 15:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-24 11:41 - 2016-09-24 11:41 - 00000000 ____D C:\Users\nicolas\AppData\Local\Eraser 6
2016-09-24 10:02 - 2016-09-26 12:38 - 00000000 ___RD C:\Users\nicolas\Desktop\q!
2016-09-24 09:38 - 2016-09-24 09:58 - 00000846 _____ C:\Users\nicolas\Desktop\Eraser.lnk
2016-09-24 09:38 - 2016-09-24 09:38 - 00001642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2016-09-24 09:17 - 2016-09-24 09:24 - 00002625 _____ C:\Users\nicolas\Desktop\freac.exe.lnk
2016-09-24 08:48 - 2016-09-28 14:03 - 00000000 ____D C:\Users\nicolas\Downloads\installers
2016-09-23 08:43 - 2016-09-23 08:43 - 00000000 ____D C:\Program Files (x86)\Skype
2016-09-20 21:39 - 2016-09-28 22:45 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-09-13 21:22 - 2016-09-13 21:22 - 00000000 ____D C:\Users\Adrián\AppData\Local\Apple
2016-09-13 21:21 - 2016-09-13 21:22 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-09-13 21:21 - 2016-09-13 21:21 - 00000000 ____D C:\Users\Adrián\AppData\Local\Apple Computer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-29 08:11 - 2009-07-14 01:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-29 08:11 - 2009-07-14 01:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-29 08:10 - 2016-01-27 21:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-29 08:06 - 2016-05-17 20:20 - 00000000 ____D C:\ProgramData\MFAData
2016-09-29 08:05 - 2015-02-23 19:33 - 00000000 ____D C:\Users\nicolas\AppData\Roaming\Raptr
2016-09-29 08:03 - 2016-06-04 09:06 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2016-09-29 08:03 - 2015-02-09 01:42 - 00030528 _____ C:\Windows\GVTDrv64.sys
2016-09-29 08:03 - 2015-02-09 01:42 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2016-09-29 08:03 - 2015-02-09 01:42 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys
2016-09-29 08:03 - 2015-02-09 01:29 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-29 08:02 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-28 23:24 - 2015-02-09 01:59 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-09-28 22:54 - 2015-11-23 20:08 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2553175386-3452905793-897856751-1000.job
2016-09-28 22:34 - 2015-02-23 20:40 - 00000000 ____D C:\Users\Adrián\AppData\Roaming\Raptr
2016-09-28 19:26 - 2015-02-09 01:29 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-28 19:25 - 2015-11-23 20:08 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2553175386-3452905793-897856751-1000.job
2016-09-28 15:31 - 2015-05-13 21:02 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-28 14:39 - 2015-02-09 02:24 - 00000000 ___RD C:\Users\nicolas\Desktop\b&
2016-09-28 10:49 - 2016-07-20 19:00 - 00000000 ___RD C:\Users\nicolas\Desktop\y-s
2016-09-27 20:45 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2016-09-27 16:08 - 2009-07-14 02:13 - 00828146 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-27 16:08 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-09-27 16:04 - 2009-07-14 01:45 - 00360752 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-27 16:01 - 2009-07-14 04:46 - 00000000 ____D C:\Windows\ShellNew
2016-09-27 15:29 - 2015-02-09 02:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-09-27 15:12 - 2015-09-24 23:57 - 00000000 ____D C:\Windows\system32\MRT
2016-09-27 15:05 - 2015-09-24 23:57 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-26 15:01 - 2015-09-24 20:50 - 00000000 ____D C:\Users\nicolas\Documents\CCleaner _ Registry Backup
2016-09-26 14:23 - 2015-02-09 01:53 - 00000000 ____D C:\ProgramData\Trend Micro
2016-09-26 14:16 - 2015-02-09 01:29 - 00002268 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-24 10:49 - 2015-02-09 01:08 - 00000000 ____D C:\Users\nicolas
2016-09-23 17:06 - 2015-12-09 17:53 - 00000000 ____D C:\Users\nicolas\AppData\Roaming\Skype
2016-09-23 08:43 - 2015-12-09 17:52 - 00000000 ____D C:\ProgramData\Skype
2016-09-21 10:32 - 2015-02-09 01:29 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-21 10:32 - 2015-02-09 01:09 - 00001507 _____ C:\Users\nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-20 21:43 - 2015-11-23 20:08 - 00003692 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2553175386-3452905793-897856751-1000
2016-09-20 21:43 - 2015-11-23 20:08 - 00003596 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2553175386-3452905793-897856751-1000
2016-09-14 14:23 - 2016-05-17 20:19 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2016-09-14 14:23 - 2016-05-17 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-09-13 21:47 - 2015-03-07 18:31 - 00000000 ____D C:\Users\Adrián\AppData\Roaming\Apple Computer
2016-09-13 15:33 - 2015-02-21 00:27 - 00000000 ____D C:\Users\nicolas\AppData\Local\Adobe
2016-09-13 15:32 - 2016-01-27 21:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 15:32 - 2015-02-21 00:29 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 15:32 - 2015-02-21 00:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 15:32 - 2015-02-21 00:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 15:32 - 2015-02-21 00:29 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 13:27 - 2016-05-17 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-09-13 11:10 - 2016-03-11 20:10 - 06502080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-09-09 07:38 - 2009-07-14 02:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-06 12:20 - 2016-05-17 20:37 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-09-06 12:20 - 2016-05-17 20:37 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-09-06 09:47 - 2015-09-25 03:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-27 20:38

==================== End of FRST.txt ============================

 

Attached File  Addition.txt   39.73KB   4 downloads


Edited by hamluis, 29 September 2016 - 08:03 AM.


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:28 PM

Posted 29 September 2016 - 08:40 AM

Welcome to Bleeping Computer's Malware Removal Logs area. My name is Sintharius. I will assist you with your problem.

Please allow me some time to review your log and I will be back with instructions.

#3 GreyPilgrim

GreyPilgrim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 29 September 2016 - 09:20 AM

Welcome to Bleeping Computer's Malware Removal Logs area. My name is Sintharius. I will assist you with your problem.

Please allow me some time to review your log and I will be back with instructions.

Sure! pleased to meet you Sintharius, and thanks a lot!



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:28 PM

Posted 01 October 2016 - 05:42 AM

Hello GreyPilgrim,

Below are some rules that you will need to follow while receiving my assistance:
  • I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.
  • Please do not seek assistance elsewhere without letting me know, as it will make it harder for me to track the changes in your system.
  • Please do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • If you wish to do other interventions, please let me know. I will assist you if possible.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.
  • Please stay with me until I have confirmed that you are clean. Absence of symptoms does not mean that the computer is clean.
  • If you do not agree with any of the above, please let me know so I can have this topic closed.
===

Do you know these entries?
C:\Users\nicolas\Desktop\q!
C:\Users\nicolas\Desktop\b&
C:\Users\nicolas\Desktop\y-s


#5 GreyPilgrim

GreyPilgrim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 01 October 2016 - 07:32 AM

 

Do you know these entries?
  C:\Users\nicolas\Desktop\q!
  C:\Users\nicolas\Desktop\b&
  C:\Users\nicolas\Desktop\y-s

Yes! those are not suspect at all for me, I've created those little folders myself, their names being abbreviations.

 

However, if this is of any help, after having a glance at the log and, and admiting not knowing much about these adware/malware stuff, this parts below does look suspicious to me, the highlighted in red at least, as what's between I don't know what it means.. quoting this in hope this helps you..

 

 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2553175386-3452905793-897856751-1000] => hxxp://un-stop.net/wpad.dat?0900e6079f4e86c80276b9c63d10341b16919234
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D2825744-7F1C-4E81-9B89-CBAA315C977E}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://un-stop.net/wpad.dat?0900e6079f4e86c80276b9c63d10341b16919234

 



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:28 PM

Posted 03 October 2016 - 02:10 PM

Hello GreyPilgrim,

My apologies for the delay.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office 2013 and all other products for which you do not have a valid Product Key. If you are willing to do that please rerun a FRST scan with Addition.txt checked and post both logs. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please do this.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Edited by Oh My!, 03 October 2016 - 03:33 PM.


#7 GreyPilgrim

GreyPilgrim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 03 October 2016 - 06:41 PM

Ok, I removed MS Office 2013 and ran the CKScanner as requested.. here you go:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2016
Ran by Nicolás (administrator) on MYPC (03-10-2016 20:05:19)
Running from C:\Users\nicolas\Desktop
Loaded Profiles: Nicolás (Available Profiles: Nicolás & Adrián)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) D:\Programs\iTunes\iTunesHelper.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nullsoft, Inc.) D:\- NICOLAS -\My Programs\Winamp\winampa.exe
(Cyberlink Corp.) D:\Programs\CyberLink\PowerDVD\PDVDServ.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Piriform Ltd) D:\Programs\CCleaner\CCleaner64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Mozilla Corporation) D:\- NICOLAS -\My Programs\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\- NICOLAS -\My Programs\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\Programs\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Eraser] => D:\- NICOLAS -\My Programs\eraser\Eraser.exe [1074600 2016-08-28] (The Eraser Project)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM-x32\...\Run: [WinampAgent] => D:\- NICOLAS -\My Programs\Winamp\winampa.exe [85600 2013-12-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [RemoteControl] => D:\Programs\CyberLink\PowerDVD\PDVDServ.exe [30208 2005-12-07] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => D:\Programs\CyberLink\PowerDVD\Language\Language.exe [49152 2006-05-18] ()
HKLM-x32\...\Run: [DVD43] => D:\Programs\DVD Region+CSS Free\DVDRegionFree.exe [278016 2004-10-22] (Fengtao Software Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices,

Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems

Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6718224 2016-08-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-09-06] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640

2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\Run: [CCleaner Monitoring] => D:\Programs\CCleaner\CCleaner64.exe [8698584 2016-04-15]

(Piriform Ltd)
HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[313472 2006-03-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] False
HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\MountPoints2: {1d7d8165-bd38-11e4-9568-74d435f490be} - G:\iStudio.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-21] (Microsoft Corporation)
ShellExecuteHooks-x32: DVDIdleShell Class - {93994DE8-8239-4655-B1D1-5F4E91300429} - D:\Programs\DVD Region+CSS Free\DVDShell.dll [49152 2004-10-

09] (Fengtao Software Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2015-11-26]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
BootExecute:
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2553175386-3452905793-897856751-1000] => hxxp://un-stop.net/wpad.dat?0900e6079f4e86c80276b9c63d10341b16919234
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D2825744-7F1C-4E81-9B89-CBAA315C977E}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://un-stop.net/wpad.dat?0900e6079f4e86c80276b9c63d10341b16919234

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-2553175386-3452905793-897856751-1000 -> {57D70313-70BE-4CA4-85EE-EEC35604D8EB} URL =

hxxps://ar.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced

Micro Devices)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX

\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14]

(Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04]

(Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat

\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-

08-04] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[2006-12-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2553175386-3452905793-897856751-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro

Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced

Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro

Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08]

(Advanced Micro Devices)

FireFox:
========
FF DefaultProfile: g3wfp6ei.default
FF ProfilePath: C:\Users\nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\g3wfp6ei.default [2016-10-03]
FF NewTab: Mozilla\Firefox\Profiles\g3wfp6ei.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\g3wfp6ei.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\g3wfp6ei.default -> hxxps://www.google.com/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\g3wfp6ei.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\g3wfp6ei.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\g3wfp6ei.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\g3wfp6ei.default -> hxxps://www.google.com/search
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module

\20002\7.1.1104\7.1.1104\firefoxextension => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG

Secure Search\SiteSafetyInstaller\40.3.5\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-04] (Oracle

Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle

Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google

Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google

Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2553175386-3452905793-897856751-1000: @citrixonline.com/appdetectorplugin -> C:\Users\nicolas\AppData\Local\Citrix\Plugins

\104\npappdetector.dll [2015-11-23] (Citrix Online)
StartMenuInternet: FIREFOX.EXE - D:\- NICOLAS -\My Programs\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default [2016-09-28]
CHR Extension: (YouTube) - C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-17]
CHR Extension: (Google Search) - C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-

08-04]
CHR Extension: (Light Abstract Red Orange Theme) - C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions

\gefhaildplamgfoolnjeknficiolokgh [2016-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-08]
CHR Extension: (Gmail) - C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-04]
CHR Extension: (Chrome Media Router) - C:\Users\nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

[2016-09-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2015-11-12] (Adobe Systems) [File not

signed]
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple

Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-08-26] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5285344 2016-08-26] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-08-26] (AVG Technologies CZ, s.r.o.)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not

signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File

not signed]
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-05-09] (Plays.tv, LLC)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [167936 2005-08-08] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S2 SkypeUpdate; D:\Programs\Skype\Updater\Updater.exe [324224 2016-07-25] (Skype Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-09-06] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-08-23] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [262400 2016-08-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-10-03] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-03 20:04 - 2016-10-03 20:04 - 00000127 _____ C:\Users\nicolas\Desktop\ckfiles.txt
2016-10-03 19:47 - 2016-10-03 19:47 - 00468480 _____ () C:\Users\nicolas\Desktop\CKScanner.exe
2016-09-29 08:14 - 2016-09-29 08:15 - 00040684 _____ C:\Users\nicolas\Desktop\Addition.txt
2016-09-29 08:13 - 2016-10-03 20:06 - 00018664 _____ C:\Users\nicolas\Desktop\FRST.txt
2016-09-29 08:07 - 2016-10-03 20:05 - 00000000 ____D C:\Users\nicolas\Desktop\FRST-OlderVersion
2016-09-27 08:54 - 2016-09-02 12:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-27 08:54 - 2016-09-02 12:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-27 08:54 - 2016-09-02 12:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-27 08:54 - 2016-09-02 12:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-27 08:54 - 2016-09-02 12:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-27 08:54 - 2016-09-02 12:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-27 08:54 - 2016-09-02 12:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-27 08:54 - 2016-09-02 12:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-27 08:54 - 2016-09-02 12:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 12:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-27 08:54 - 2016-09-02 12:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-27 08:54 - 2016-09-02 12:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-27 08:54 - 2016-09-02 12:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-27 08:54 - 2016-09-02 11:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-27 08:54 - 2016-09-02 11:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-27 08:54 - 2016-09-02 11:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-27 08:54 - 2016-09-02 11:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-27 08:54 - 2016-09-02 11:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-27 08:54 - 2016-09-02 11:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-27 08:54 - 2016-09-02 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-27 08:54 - 2016-09-02 11:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-27 08:54 - 2016-09-02 11:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-27 08:54 - 2016-09-02 11:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-27 08:54 - 2016-09-02 11:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-27 08:54 - 2016-09-02 11:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-27 08:54 - 2016-09-02 11:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-27 08:54 - 2016-09-02 11:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 11:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-27 08:54 - 2016-09-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-27 08:54 - 2016-06-06 13:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-27 08:54 - 2016-06-06 13:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-27 08:54 - 2016-06-06 13:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-27 08:54 - 2016-06-06 13:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-27 08:54 - 2016-06-06 12:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-27 08:54 - 2016-06-06 12:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-27 08:54 - 2016-06-06 12:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-27 08:54 - 2016-06-06 12:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-27 08:54 - 2016-05-13 19:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-27 08:54 - 2016-05-13 19:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-27 08:54 - 2016-05-13 19:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-27 08:54 - 2016-05-13 19:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-27 08:54 - 2016-05-13 18:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-27 08:54 - 2016-05-13 18:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-27 08:54 - 2016-05-13 18:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-27 08:54 - 2016-05-13 18:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-27 08:54 - 2016-05-13 18:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-27 08:54 - 2016-05-13 18:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-27 08:54 - 2016-05-13 18:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-27 08:54 - 2016-05-13 18:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-27 08:54 - 2016-05-13 18:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-27 08:54 - 2016-05-13 18:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-27 08:54 - 2016-05-13 18:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-27 08:54 - 2016-05-13 18:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-27 08:54 - 2016-05-12 14:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-27 08:54 - 2016-05-12 12:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-27 08:54 - 2016-05-12 12:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-27 08:54 - 2016-05-04 14:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-27 08:54 - 2016-05-04 14:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-27 08:54 - 2016-05-04 14:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-27 08:54 - 2016-05-04 14:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-27 08:54 - 2016-05-04 14:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-27 08:54 - 2016-05-04 14:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-27 08:54 - 2016-05-04 14:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-27 08:54 - 2016-05-04 14:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-27 08:54 - 2016-05-04 14:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-27 08:54 - 2016-05-04 14:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-27 08:54 - 2016-05-04 12:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-27 08:54 - 2016-05-04 11:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-27 08:52 - 2016-08-12 13:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-27 08:52 - 2016-08-12 13:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-27 08:52 - 2016-08-12 13:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-27 08:52 - 2016-07-07 12:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-27 08:52 - 2016-07-07 12:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-27 08:52 - 2016-07-07 12:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-27 08:52 - 2016-07-07 12:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-27 08:52 - 2016-07-01 12:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-27 08:52 - 2016-07-01 12:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-27 08:52 - 2016-07-01 12:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-27 08:52 - 2016-07-01 12:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-27 08:51 - 2016-09-27 08:58 - 00000000 ____D C:\Users\nicolas\Desktop\xls varios
2016-09-27 08:46 - 2016-08-16 14:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-27 08:46 - 2016-08-15 23:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-27 08:46 - 2016-08-15 23:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-27 08:46 - 2016-08-06 12:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-27 08:46 - 2016-08-06 12:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-27 08:46 - 2016-08-05 12:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-27 08:46 - 2016-08-05 12:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-26 19:57 - 2016-09-26 19:57 - 00001971 _____ C:\Users\nicolas\Desktop\JRT.txt
2016-09-26 14:33 - 2016-09-26 14:33 - 01615456 _____ (Malwarebytes) C:\Users\nicolas\Desktop\JRT.exe
2016-09-26 13:18 - 2016-10-03 20:05 - 02404864 _____ (Farbar) C:\Users\nicolas\Desktop\FRST64.exe
2016-09-26 13:18 - 2016-10-03 20:05 - 00000000 ____D C:\FRST
2016-09-25 17:41 - 2016-09-25 17:58 - 00210756 _____ C:\TDSSKiller.3.1.0.11_25.09.2016_17.41.00_log.txt
2016-09-25 16:41 - 2016-09-25 16:41 - 00211172 _____ C:\Users\nicolas\Desktop\bookmarks-2016-09-25.json
2016-09-25 15:13 - 2016-09-25 16:49 - 00000000 ____D C:\Users\nicolas\AppData\Roaming\Mozilla
2016-09-25 15:12 - 2016-09-26 11:18 - 00000900 _____ C:\Users\nicolas\Desktop\Mozilla Firefox.lnk
2016-09-25 15:12 - 2016-09-26 11:18 - 00000900 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-25 15:12 - 2016-09-25 15:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-24 11:41 - 2016-09-24 11:41 - 00000000 ____D C:\Users\nicolas\AppData\Local\Eraser 6
2016-09-24 10:02 - 2016-09-29 15:41 - 00000000 ___RD C:\Users\nicolas\Desktop\q!
2016-09-24 09:38 - 2016-09-24 09:58 - 00000846 _____ C:\Users\nicolas\Desktop\Eraser.lnk
2016-09-24 09:38 - 2016-09-24 09:38 - 00001642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2016-09-24 09:17 - 2016-09-24 09:24 - 00002625 _____ C:\Users\nicolas\Desktop\freac.exe.lnk
2016-09-24 08:48 - 2016-09-28 14:03 - 00000000 ____D C:\Users\nicolas\Downloads\installers
2016-09-23 08:43 - 2016-09-23 08:43 - 00000000 ____D C:\Program Files (x86)\Skype
2016-09-20 21:39 - 2016-10-03 12:28 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-09-13 21:22 - 2016-09-13 21:22 - 00000000 ____D C:\Users\Adrián\AppData\Local\Apple
2016-09-13 21:21 - 2016-09-13 21:22 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-09-13 21:21 - 2016-09-13 21:21 - 00000000 ____D C:\Users\Adrián\AppData\Local\Apple Computer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-03 19:55 - 2015-09-25 03:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-03 19:54 - 2015-11-23 20:08 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2553175386-3452905793-897856751-1000.job
2016-10-03 19:54 - 2009-07-14 04:46 - 00000000 ____D C:\Windows\ShellNew
2016-10-03 19:52 - 2009-07-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-10-03 19:46 - 2009-07-14 01:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-

601632D005A0
2016-10-03 19:46 - 2009-07-14 01:45 - 00017360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-

601632D005A0
2016-10-03 19:42 - 2015-02-23 19:33 - 00000000 ____D C:\Users\nicolas\AppData\Roaming\Raptr
2016-10-03 19:41 - 2016-06-04 09:06 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2016-10-03 19:41 - 2015-02-09 01:42 - 00030528 _____ C:\Windows\GVTDrv64.sys
2016-10-03 19:41 - 2015-02-09 01:42 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2016-10-03 19:41 - 2015-02-09 01:42 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys
2016-10-03 19:41 - 2015-02-09 01:29 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-03 19:27 - 2015-02-09 01:29 - 00002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-03 19:27 - 2015-02-09 01:29 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-03 19:27 - 2015-02-09 01:29 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-03 19:25 - 2015-11-23 20:08 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2553175386-3452905793-897856751-1000.job
2016-10-03 19:10 - 2016-01-27 21:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-03 17:38 - 2015-02-23 20:40 - 00000000 ____D C:\Users\Adrián\AppData\Roaming\Raptr
2016-10-03 17:36 - 2016-05-17 20:20 - 00000000 ____D C:\ProgramData\MFAData
2016-10-03 17:35 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-03 16:10 - 2015-02-09 01:59 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-10-03 10:26 - 2015-12-09 17:53 - 00000000 ____D C:\Users\nicolas\AppData\Roaming\Skype
2016-10-03 09:34 - 2015-12-09 17:52 - 00000000 ____D C:\ProgramData\Skype
2016-09-30 08:44 - 2016-05-17 20:19 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2016-09-30 08:44 - 2016-05-17 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-09-28 15:31 - 2015-05-13 21:02 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-28 14:39 - 2015-02-09 02:24 - 00000000 ___RD C:\Users\nicolas\Desktop\b&
2016-09-28 10:49 - 2016-07-20 19:00 - 00000000 ___RD C:\Users\nicolas\Desktop\y-s
2016-09-27 20:45 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2016-09-27 16:08 - 2009-07-14 02:13 - 00828146 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-27 16:08 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-09-27 16:04 - 2009-07-14 01:45 - 00360752 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-27 15:12 - 2015-09-24 23:57 - 00000000 ____D C:\Windows\system32\MRT
2016-09-27 15:05 - 2015-09-24 23:57 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-26 15:01 - 2015-09-24 20:50 - 00000000 ____D C:\Users\nicolas\Documents\CCleaner _ Registry Backup
2016-09-26 14:23 - 2015-02-09 01:53 - 00000000 ____D C:\ProgramData\Trend Micro
2016-09-24 10:49 - 2015-02-09 01:08 - 00000000 ____D C:\Users\nicolas
2016-09-21 10:32 - 2015-02-09 01:09 - 00001507 _____ C:\Users\nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-20 21:43 - 2015-11-23 20:08 - 00003692 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2553175386-3452905793-897856751-1000
2016-09-20 21:43 - 2015-11-23 20:08 - 00003596 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2553175386-3452905793-897856751-1000
2016-09-13 21:47 - 2015-03-07 18:31 - 00000000 ____D C:\Users\Adrián\AppData\Roaming\Apple Computer
2016-09-13 15:33 - 2015-02-21 00:27 - 00000000 ____D C:\Users\nicolas\AppData\Local\Adobe
2016-09-13 15:32 - 2016-01-27 21:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 15:32 - 2015-02-21 00:29 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 15:32 - 2015-02-21 00:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 15:32 - 2015-02-21 00:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 15:32 - 2015-02-21 00:29 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-13 13:27 - 2016-05-17 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-09-13 11:10 - 2016-03-11 20:10 - 06502080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-09-09 07:38 - 2009-07-14 02:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-06 12:20 - 2016-05-17 20:37 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-09-06 12:20 - 2016-05-17 20:37 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp

Some files in TEMP:
====================
C:\Users\nicolas\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-27 20:38

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-10-2016
Ran by Nicolás (03-10-2016 20:06:56)
Running from C:\Users\nicolas\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-02-09 04:08:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2553175386-3452905793-897856751-500 - Administrator - Disabled)
Adrián (S-1-5-21-2553175386-3452905793-897856751-1004 - Limited - Enabled) => C:\Users\Adrián
Guest (S-1-5-21-2553175386-3452905793-897856751-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2553175386-3452905793-897856751-1003 - Limited - Enabled)
Nicolás (S-1-5-21-2553175386-3452905793-897856751-1000 - Administrator - Enabled) => C:\Users\nicolas

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 7.1.0 Professional (HKLM-x32\...\Adobe Acrobat 7.0 Professional) (Version: 7.1.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\Adobe Connect 9 Add-in) (Version: 11,9,972,8 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Apple Application Support (32 bits) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astroburn Lite (HKLM\...\Astroburn Lite) (Version: 2.0.0.0204 - Disc Soft Ltd)
AVG (HKLM\...\AvgZen) (Version: 1.101.2.40207 - AVG Technologies)
AVG (Version: 16.111.7797 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4656 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.111.7797 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.5.160 - AVG Technologies)
AVG Zen (Version: 1.101.4 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.77.0.2015 - Georgy Berdyshev)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
DVD Region+CSS Free 5.58 (HKLM-x32\...\DVD Region+CSS Free_is1) (Version:  - Fengtao Software Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Easy Tune 6 B14.0508.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B14.0508.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.23.0.5573 (HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\GoToMeeting) (Version: 7.23.0.5573 - CitrixOnline)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Max Recorder (HKLM-x32\...\Max Recorder) (Version: 2.006.0.0 - Silver Vine, LLC)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 49.0 (x64 en-US) (HKLM\...\Mozilla Firefox 49.0 (x64 en-US)) (Version: 49.0 - Mozilla)
Mozilla Firefox 49.0.1 (x64 en-US) (HKU\S-1-5-21-2553175386-3452905793-897856751-1000\...\Mozilla Firefox 49.0.1 (x64 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0 - Mozilla)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.1-r112682-release - Plays.tv, LLC)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.1815.0 - CyberLink Corporation)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.8.0.119 - PandoraTV)
The RHETI Sampler v1.0 (HKLM-x32\...\{EACFDF5B-EB4E-4E9B-8644-D3DA5662719B}) (Version: 1.00.0000 - Enneagram Institute)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2553175386-3452905793-897856751-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\nicolas\AppData\Local\Citrix\GoToMeeting\5530\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09E789EB-BCFA-4C8E-BF63-B05B25AA0EFE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {0D83BFD9-7849-4D0A-9B8C-116882AAACEC} - System32\Tasks\{783BCEAF-50C9-47D9-B1E2-BE1FE6559097} => pcalua.exe -a "G:\KMPlayer\The KMPlayer\KMPSetup.exe" -d "G:\KMPlayer\The KMPlayer"
Task: {0EE5D22C-4D18-415C-8857-16797087509A} - System32\Tasks\G2MUploadTask-S-1-5-21-2553175386-3452905793-897856751-1000 => C:\Users\nicolas\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-20] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {18270127-6574-45B6-B22F-44E479C1A8B7} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {2B3DBFB5-8274-4523-950F-FE90920F9E0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {372988F6-C093-4DB2-935D-FF890B62FCAF} - System32\Tasks\{D55359D0-2134-45D4-92B0-617048EDCD86} => Firefox.exe hxxp://ui.skype.com/ui/0/7.16.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {460F2515-1DFD-478A-97F8-34F7C96F139E} - System32\Tasks\{9E3A7CB2-A364-4CB7-BA36-67AC73749A64} => C:\Program Files (x86)\Ahead\Nero\nero.exe
Task: {4677785E-E595-42E8-91FE-553AE297C41E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {51322A54-7D97-400B-A4EF-F9EBD9304A78} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {A497CA4C-1E86-4406-9232-B5B080D2BE47} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.)
Task: {C60C08EF-3602-43D6-8FD4-0D571FFFC4B4} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {C80AE4DF-21B0-4C58-B173-0B536DAAAFF2} - System32\Tasks\G2MUpdateTask-S-1-5-21-2553175386-3452905793-897856751-1000 => C:\Users\nicolas\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-20] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CEF6C5D7-C03D-4981-A3D6-1F91060E283B} - System32\Tasks\CCleanerSkipUAC => D:\Programs\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {FF46C9F0-5DCD-4E48-B350-7BB1A538E0C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2553175386-3452905793-897856751-1000.job => C:\Users\nicolas\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2553175386-3452905793-897856751-1000.job => C:\Users\nicolas\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://tech-connect.biz/?ssid=1474464615&a=1054667&src=sh&uuid=0b275230-f58f-49ef-b445-e535a3da37b7,1474464477986"
ShortcutWithArgument: C:\Users\nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://tech-connect.biz/?ssid=1474464615&a=1054667&src=sh&uuid=0b275230-f58f-49ef-b445-e535a3da37b7,1474464477986"
ShortcutWithArgument: C:\Users\nicolas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://tech-connect.biz/?ssid=1474464615&a=1054667&src=sh&uuid=0b275230-f58f-49ef-b445-e535a3da37b7,1474464477986"
ShortcutWithArgument: C:\Users\nicolas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://tech-connect.biz/?ssid=1474464615&a=1054667&src=sh&uuid=0b275230-f58f-49ef-b445-e535a3da37b7,1474464477986"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://tech-connect.biz/?ssid=1474464615&a=1054667&src=sh&uuid=0b275230-f58f-49ef-b445-e535a3da37b7,1474464477986"

==================== Loaded Modules (Whitelisted) ==============

2016-05-17 20:37 - 2016-09-06 12:20 - 00980552 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-07-15 21:39 - 2015-07-15 21:39 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-08 22:29 - 2005-08-08 13:54 - 00167936 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2012-01-13 13:04 - 2012-01-13 13:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2016-05-17 20:37 - 2016-09-06 12:20 - 02180680 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-07-15 21:38 - 2015-07-15 21:38 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-11-24 17:48 - 2015-11-24 17:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 17:46 - 2015-11-24 17:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 17:48 - 2015-11-24 17:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 17:48 - 2015-11-24 17:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 17:43 - 2015-11-24 17:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 17:48 - 2015-11-24 17:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 17:48 - 2015-11-24 17:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 17:48 - 2015-11-24 17:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 17:43 - 2015-11-24 17:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 17:43 - 2015-11-24 17:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 17:43 - 2015-11-24 17:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 17:46 - 2015-11-24 17:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 17:48 - 2015-11-24 17:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 17:47 - 2015-11-24 17:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 17:57 - 2015-12-07 17:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 17:47 - 2015-11-24 17:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 17:47 - 2015-11-24 17:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 17:47 - 2015-11-24 17:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 17:43 - 2015-11-24 17:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2014-03-07 12:23 - 2014-03-07 12:23 - 02887751 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2014-01-06 13:29 - 2014-01-06 13:29 - 00659523 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2013-09-13 14:26 - 2013-09-13 14:26 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 14:22 - 2008-05-07 14:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2012-05-08 14:01 - 2012-05-08 14:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
2012-11-27 14:03 - 2012-11-27 14:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2010-06-24 14:50 - 2010-06-24 14:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
2011-03-01 18:00 - 2011-03-01 18:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
2011-10-18 08:26 - 2011-10-18 08:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
2013-12-18 15:39 - 2013-12-18 15:39 - 01503300 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2013-11-06 16:59 - 2013-11-06 16:59 - 01335358 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2013-03-23 09:59 - 2013-03-23 09:59 - 01433674 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 13:11 - 2003-02-14 13:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2013-11-01 09:29 - 2013-11-01 09:29 - 01318984 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2013-05-23 23:50 - 2013-05-23 23:50 - 03860520 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2013-05-23 23:50 - 2013-05-23 23:50 - 00579616 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2014-01-06 14:28 - 2014-01-06 14:28 - 00311296 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
2016-05-17 20:16 - 2016-05-17 20:14 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2010-11-22 19:56 - 2010-11-22 19:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-22 19:56 - 2010-11-22 19:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-22 19:56 - 2010-11-22 19:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-13 20:26 - 2014-05-13 20:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-13 20:26 - 2014-05-13 20:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-13 20:26 - 2014-05-13 20:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-13 20:26 - 2014-05-13 20:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 19:57 - 2010-11-22 19:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-22 19:56 - 2010-11-22 19:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-22 19:56 - 2010-11-22 19:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-22 19:56 - 2010-11-22 19:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-22 19:57 - 2010-11-22 19:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-22 19:57 - 2010-11-22 19:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-22 19:56 - 2010-11-22 19:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-15 15:17 - 2011-02-15 15:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-22 19:57 - 2010-11-22 19:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-13 20:26 - 2014-05-13 20:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 19:56 - 2010-11-22 19:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-22 19:56 - 2010-11-22 19:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-21 17:29 - 2015-10-21 17:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-21 17:29 - 2015-10-21 17:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-22 19:56 - 2010-11-22 19:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2010-11-22 19:56 - 2010-11-22 19:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
2015-06-26 20:09 - 2015-06-26 20:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2010-11-22 19:57 - 2010-11-22 19:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-19 14:08 - 2016-04-19 14:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-15 15:17 - 2011-02-15 15:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-22 20:06 - 2010-11-22 20:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-09 20:52 - 2013-05-09 20:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-09 20:52 - 2013-05-09 20:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-09 20:52 - 2013-05-09 20:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-03 15:57 - 2013-05-03 15:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-03 15:56 - 2013-05-03 15:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-03 15:56 - 2013-05-03 15:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-03 15:57 - 2013-05-03 15:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-03 15:56 - 2013-05-03 15:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-03 15:57 - 2013-05-03 15:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-03 15:57 - 2013-05-03 15:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-03 15:57 - 2013-05-03 15:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-03 15:57 - 2013-05-03 15:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2553175386-3452905793-897856751-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\nicolas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: NeroCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: Trend Micro Client Framework => "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8C3B30A2-D2C5-4F1E-A1D6-0A7C8938E779}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{7C841F48-7309-4331-B306-F7F800699BFD}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{E7502CC7-D3D3-4216-8138-FFD2821EFE78}] => (Allow) D:\Office15\lync.exe
FirewallRules: [{94FD9088-9E07-461C-A4BE-AF621F96D29D}] => (Allow) D:\Office15\lync.exe
FirewallRules: [{8543BE28-FB48-4F83-805B-770184233D8A}] => (Allow) D:\Office15\UcMapi.exe
FirewallRules: [{9A59D3FC-AFE5-4810-B82C-0949AF990B20}] => (Allow) D:\Office15\UcMapi.exe
FirewallRules: [{A89983DF-8E8E-419F-B2E2-944A87D6E543}] => (Allow) D:\- NICOLAS -\My Programs\Winamp\winamp.exe
FirewallRules: [{D1FB29E0-EAE1-4B2F-AC49-7B87D9ABEE54}] => (Allow) D:\- NICOLAS -\My Programs\Winamp\winamp.exe
FirewallRules: [{BDC99B57-42B9-4661-921C-F616AFD6A528}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B67A7896-23AB-4BA0-AB5E-F2112E95EC46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3550BE33-6158-4F44-8A63-26A4436F7537}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{36E9A7C0-8B21-429E-9032-1E350667D407}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{927EDBC3-9229-44AE-A116-A03F5B6262B4}] => (Allow) D:\Programs\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3F02EBCE-6A32-4B81-AA6F-44F8CC2D7C86}D:\- nicolas -\my programs\mozilla firefox\firefox.exe] => (Block) D:\- nicolas -\my programs\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6C0280AF-0CD1-4E0C-8D1D-C66B2CD94F6E}D:\- nicolas -\my programs\mozilla firefox\firefox.exe] => (Block) D:\- nicolas -\my programs\mozilla firefox\firefox.exe
FirewallRules: [{83CE5139-A861-415D-9F88-98D2A78CE03F}] => (Allow) D:\Programs\Skype\Phone\Skype.exe
FirewallRules: [{D4B74109-AC67-4C95-9D23-4CFA38D3358D}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{42C14002-C45F-4C4F-9E71-77792AE72A98}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{F82BDC4B-7B19-4020-B538-FCEB33E39BC7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{17C354ED-58D8-43BC-BEA4-3D20AEFD4001}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{C73C867E-3279-43D8-A77D-108E33091966}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{67B018EF-95B7-4387-B801-5B8D1141E748}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{E1DA0BE9-A45F-45DA-81C8-DE97F157531E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{11B81B48-ED42-40F1-B341-F46287816DD9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{DB18834D-65C5-4C0D-BAF2-5B084D39EA6D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{F6C7D441-51EF-4868-94F6-8079FA29D217}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{1C5CEABD-34A7-45AD-9733-65EE197C7A09}] => (Allow) D:\- NICOLAS -\My Programs\Mozilla Firefox\firefox.exe
FirewallRules: [{91DBA3B1-C174-4B06-9AEF-5ED35C593A92}] => (Allow) D:\- NICOLAS -\My Programs\Mozilla Firefox\firefox.exe
FirewallRules: [{8B5E3EF9-B447-4055-B42F-9059F6C83A8D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{4697CEEB-8177-474C-AECF-474841043E03}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D4561985-930B-4844-98D5-CB8F2613D6D2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{2F117D29-6895-4FE8-8170-5119D5FFC149}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{66D1E1F7-6A2C-4AB0-BE7F-187CCD6284B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-09-2016 09:37:30 Installed Eraser 6.2.0.2979
26-09-2016 14:44:11 JRT Pre-Junkware Removal
26-09-2016 19:54:49 JRT Pre-Junkware Removal
27-09-2016 15:04:36 Windows Update
03-10-2016 19:50:41 Removed Microsoft Office Professional Plus 2013
03-10-2016 19:51:06 PROPLUS

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/28/2016 04:14:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Eraser.exe, version: 6.2.0.2979, time stamp: 0x57c2350a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23539, time stamp: 0x57c99bd4
Exception code: 0xc0020001
Fault offset: 0x000000000001a06d
Faulting process id: 0x1ea8
Faulting application start time: 0x01d2197f15dd52d9
Faulting application path: D:\- NICOLAS -\My Programs\eraser\Eraser.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: b7a94f02-85af-11e6-9130-74d435f490be

Error: (09/28/2016 01:59:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 15.0.4859.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d78

Start Time: 01d219a2b31ef159

Termination Time: 30

Application Path: D:\Office15\WINWORD.EXE

Report Id:

Error: (09/26/2016 07:54:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service vToolbarUpdater40.3.5 since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (09/20/2016 10:45:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.7601.19148, time stamp: 0x56b9adac
Faulting module name: AUDIOSES.DLL, version: 6.1.7601.18741, time stamp: 0x54d03ba0
Exception code: 0xc0000005
Fault offset: 0x00008d6d
Faulting process id: 0xaac
Faulting application start time: 0x01d213a9c8603d2d
Faulting application path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Faulting module path: C:\Windows\system32\AUDIOSES.DLL
Report Id: 1d89c281-7f9d-11e6-9ca3-74d435f490be

Error: (09/20/2016 10:45:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.7601.19148, time stamp: 0x56b9adac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000a00d1
Faulting process id: 0x20a0
Faulting application start time: 0x01d213a9b3f66a48
Faulting application path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Faulting module path: unknown
Report Id: 02afbd6a-7f9d-11e6-9ca3-74d435f490be

Error: (08/09/2016 05:05:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4841.1000, time stamp: 0x575fd3ff
Faulting module name: ltc_help32-114978.dll, version: 1.0.0.1, time stamp: 0x57a27e0c
Exception code: 0xc0000417
Fault offset: 0x00008483
Faulting process id: 0x1de4
Faulting application start time: 0x01d1f279589e6ef5
Faulting application path: D:\Office15\WINWORD.EXE
Faulting module path: C:\PROGRA~2\RAPTRI~1\Raptr\ltc_help32-114978.dll
Report Id: 9a8e6879-5e6c-11e6-94cf-74d435f490be

Error: (08/05/2016 11:23:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atiesrxx.exe, version: 6.14.11.1199, time stamp: 0x55a7061a
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a857
Exception code: 0xc0000005
Fault offset: 0x0000000000048d84
Faulting process id: 0x5a8
Faulting application start time: 0x01d1ef1114b9a64b
Faulting application path: C:\Windows\system32\atiesrxx.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 1f33aff5-5b18-11e6-91f0-74d435f490be

Error: (07/27/2016 03:02:07 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Installed QuickTime 7). Additional information: 0xc0000022.

Error: (07/27/2016 01:44:45 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/27/2016 01:44:45 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (10/03/2016 07:41:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.

Error: (10/03/2016 04:10:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (10/01/2016 11:59:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} did not register with DCOM within the required timeout.

Error: (10/01/2016 11:59:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (10/01/2016 01:22:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (09/30/2016 07:13:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/30/2016 04:02:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (09/29/2016 04:38:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} did not register with DCOM within the required timeout.

Error: (09/29/2016 04:37:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (09/28/2016 04:14:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: AMD A8-6600K APU with Radeon™ HD Graphics
Percentage of memory in use: 70%
Total physical RAM: 3270.52 MB
Available physical RAM: 950.2 MB
Total Virtual: 6539.23 MB
Available Virtual: 3232.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:199.98 GB) (Free:132.1 GB) NTFS
Drive d: () (Fixed) (Total:265.69 GB) (Free:227.65 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BBC2C036)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.FCCPR0
 ----- EOF -----



#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:28 PM

Posted 07 October 2016 - 06:58 PM

My apologies for the delay - I am consulting with my instructor and will be back shortly.

#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:28 PM

Posted 08 October 2016 - 04:12 AM

Hello GreyPilgrim,

Can you post the logs from EEK and JRT here?

Fix with Farbar Recovery Scan Tool
  • Please download the attached fixlist.txt and save it to your Desktop.
    Note: It's important that both FRST/FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST/FRST64.exe and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply.
Please let me know if any issues arise during the process.

Attached Files



#10 GreyPilgrim

GreyPilgrim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 10 October 2016 - 09:09 PM

Hi, and apologies for the delay, been away the weekend..

 

I ran the EEK twice with different settings because I wasn't sure I had run it right the 1st one, here are both logs:

 

Emsisoft Emergency Kit - Versión 11.9
Última actualización: 27/09/2016 03:27:51 p.m.

Cuenta de usuario: MYPC\Nicolás
Computer name: MYPC
OS version: Windows 7x64 Service Pack 1

Configuraciones del análisis:

Tipo de análisis: Análisis de programas maliciosos
Objetos: Rootkits, Memoria, Trazas, Archivos

Detectar PUP: Activado
Análisis de archivos: Desactivado
Análisis ADS: Activado
Filtrar las extensiones de archivo: Desactivado
Caché avanzada: Activado
Acceso directo al disco: Desactivado

Inicio del análisis:    27/09/2016 04:20:19 p.m.
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}     detectado: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}     detectado: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}     detectado: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}     detectado: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}     detectado: Application.AdReg (A)

Scanned    76747
Found    5

Scan end:    27/09/2016 04:28:42 p.m.
Scan time:    0:08:23

 

 

Emsisoft Emergency Kit - Version 11.9
Last update: 27/09/2016 03:27:51 p.m.

User account: MYPC\Nicolás
Computer name: MYPC
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, F:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    27/09/2016 04:29:53 p.m.
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}     detected: Application.AdReg (A)

Scanned    245303
Found    5

Scan end:    27/09/2016 05:27:36 p.m.
Scan time:    0:57:43

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}     Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}     Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}     Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}     Application.AdReg (A)

Quarantined    4

 

 

and here's the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)

Operating System: Windows 7 Ultimate x64
Ran by Nicol s (Administrator) on 26/09/2016 at 19:54:48,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9

Failed to delete: C:\Program Files (x86)\Common Files\avg secure search\vtoolbarupdater (Folder)
Successfully deleted: C:\Users\nicolas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57HRENGI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nicolas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Q7CANF9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nicolas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ82PV83 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nicolas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKQTHDEY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57HRENGI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Q7CANF9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ82PV83 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKQTHDEY (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/09/2016 at 19:57:11,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

And now the FSRTfixlist log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by Nicolás (08-10-2016 08:15:43) Run:1
Running from C:\Users\nicolas\Desktop
Loaded Profiles: Nicolás (Available Profiles: Nicolás & Adrián)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy: Restriction <======= ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension => not found
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
ShortcutWithArgument: C:\Users\nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://tech-connect.biz/?ssid=1474464615&a=1054667&src=sh&uuid=0b275230-f58f-49ef-b445-e535a3da37b7,1474464477986"
ShortcutWithArgument: C:\Users\nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://tech-connect.biz/?ssid=1474464615&a=1054667&src=sh&uuid=0b275230-f58f-49ef-b445-e535a3da37b7,1474464477986"
ShortcutWithArgument: C:\Users\nicolas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://tech-connect.biz/?ssid=1474464615&a=1054667&src=sh&uuid=0b275230-f58f-49ef-b445-e535a3da37b7,1474464477986"
ShortcutWithArgument: C:\Users\nicolas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://tech-connect.biz/?ssid=1474464615&a=1054667&src=sh&uuid=0b275230-f58f-49ef-b445-e535a3da37b7,1474464477986"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://tech-connect.biz/?ssid=1474464615&a=1054667&src=sh&uuid=0b275230-f58f-49ef-b445-e535a3da37b7,1474464477986"
*****************

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2} => value removed successfully
atillk64 => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
C:\Users\nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument restored successfully
C:\Users\nicolas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\nicolas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.


The system needed a reboot.

==== End of Fixlog 08:15:44 ====

 

 

Would you please be so kind and tell me if you saw my previous message quoting something that looks suspect to me? (quoting here again just in case)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2553175386-3452905793-897856751-1000] => hxxp://un-stop.net/wpad.dat?0900e6079f4e86c80276b9c63d10341b16919234
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D2825744-7F1C-4E81-9B89-CBAA315C977E}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://un-stop.net/wpad.dat?0900e6079f4e86c80276b9c63d10341b16919234

 

Asides that, for the next steps I am to take, could you walk me a bit through the process? just briefly, so I have an idea of how this goes and not just limit myself to follow instructions blindly..

I'd appreciate that.


 

 



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:28 PM

Posted 12 October 2016 - 04:49 AM

Hello GreyPilgrim,

How is your computer doing? Are there any other problems?

The AutoConfigURL line is the default URL used by configured proxies on your computer. ManualProxies define a manually configured proxy used by browsers on the computer.

#12 GreyPilgrim

GreyPilgrim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 12 October 2016 - 07:45 AM

Hi Sintharius! asides the problem that prompted me to start the topic (redirectioning to other pages, which still persists), computer seems to be doing ok, at least to my untrained eyes, if there is something else going on hidden I don't know..

 

the AutoConfigURL and ManualProxies weren't configured that way by me, and I'd bet they are, if not the very culprits of the issue, at least partners.. is there any way to 'clean' those?

 

also may I ask what these lines mean:

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D2825744-7F1C-4E81-9B89-CBAA315C977E}: [DhcpNameServer] 192.168.1.1

Is this something that could have been altered too to make the connection go another way?



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:28 PM

Posted 16 October 2016 - 03:06 AM

Hello GreyPilgrim,

We will clean the proxy with FRST, since you did not set them yourself so it is likely that it was tampered with by the malware.

Fix with Farbar Recovery Scan Tool
  • Please download the attached fixlist.txt and save it to your Desktop.
    Note: It's important that both FRST/FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST/FRST64.exe and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply.
Once the fixing is complete, please create a new set of FRST logs and post them here.

The DhcpNameServer are legistimate, and they are common in all kinds of networks. Please let me know if you have any other questions.

#14 GreyPilgrim

GreyPilgrim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 16 October 2016 - 03:19 PM

the fixlist.txt is missing, would you please repost it?



#15 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:28 PM

Posted 16 October 2016 - 03:33 PM

My bad, it should be posted now.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users