Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers hijacked with words underlined with green circles and random redirects


  • This topic is locked This topic is locked
3 replies to this topic

#1 churru

churru

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 08 February 2017 - 06:34 PM

Hello guys, after trying all the tools i found (malwarebytes, adwcleaner, ccleaner, hitmanpro, sophos virus removal, rkill, junkware removal tool, zemana antimalware... etc, etc...) i am completely lost and dont know what to do next. The antivirus i am using is bitdefender.

 

Tried to restart configuration of chrome, reinstalling it, etc, but now luck. Also checked for suspicious processes in task manager but i don't see any...

 

I just ran FRST, i will post the results, maybe anyone can help me.  Thank you in advance...

 

FRST.txt :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by churru (administrator) on CHURRU_LAPTOP (09-02-2017 00:16:40)
Running from E:\antivirus
Loaded Profiles: churru (Available Profiles: churru)
Platform: Windows 10 Home Version 1607 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\Jumpstart\jswpbapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Spotify Ltd) C:\Users\churru\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Amazon.com Inc.) C:\Users\churru\AppData\Local\Amazon Drive\AmazonDrive.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-10-19] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-19] (Synaptics Incorporated)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3847727530-853212933-247748765-1002\...\Run: [Spotify Web Helper] => C:\Users\churru\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-23] (Spotify Ltd)
HKU\S-1-5-21-3847727530-853212933-247748765-1002\...\Run: [Amazon Drive] => C:\Users\churru\AppData\Local\Amazon Drive\AmazonDrive.exe [4775088 2017-01-30] (Amazon.com Inc.)
HKU\S-1-5-21-3847727530-853212933-247748765-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-3847727530-853212933-247748765-1002\...\RunOnce: [Uninstall C:\Users\churru\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\churru\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_2\amd64"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177088 2015-10-19] (NVIDIA Corporation)
AppInit_DLLs: , => No File
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-06-23]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 185.55.218.219 8.8.8.8
Tcpip\..\Interfaces\{52c18bb5-4bfe-4170-85c5-539146b4e9a5}: [DhcpNameServer] 185.55.218.219 8.8.8.8
Tcpip\..\Interfaces\{da62c732-bab0-48f0-a71a-7a3c251c8366}: [DhcpNameServer] 62.81.16.213 62.81.29.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3847727530-853212933-247748765-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3847727530-853212933-247748765-1002 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3847727530-853212933-247748765-1002 -> {A38CD12F-507C-4A06-BFCC-226AFCAB96C4} URL = hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-05] (Oracle Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-05] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} hxxps://www5.aeat.es/es13/h/tgvicab.cab
DPF: HKLM-x32 {947B00D2-962D-4A35-9E48-98EE6A442B41} hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: HKLM-x32 {B785FA3C-1DE9-4D20-8396-613C486FE95E} hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
 
FireFox:
========
FF HKU\S-1-5-21-3847727530-853212933-247748765-1002\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\churru\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-08] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: @xmlauthor.com/downloads -> C:\WINDOWS\system32\npmirage.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3847727530-853212933-247748765-1002: @acestream.net/acestreamplugin,version=2.2.4-next -> C:\Users\churru\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-3847727530-853212933-247748765-1002: @spoon.net/Spoon Plugin 3.33 -> C:\Users\churru\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://duckduckgo.com/"
CHR Profile: C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default [2017-02-09]
CHR Extension: (Presentaciones de Google) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-08]
CHR Extension: (Google Docs) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-08]
CHR Extension: (Google Drive) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-08]
CHR Extension: (YouTube) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-08]
CHR Extension: (Adblock Plus) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-02-08]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-08]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-08]
CHR Extension: (TweetDeck by Twitter) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-02-08]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-08]
CHR Extension: (Gmail) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows ® Win 7 DDK provider) [File not signed]
S4 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-10-19] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1104544 2016-11-21] (Bitdefender)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [336616 2013-12-03] (Dell SonicWALL, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-19] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2016-11-30] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2016-11-30] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2016-11-30] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Bitdefender Antivirus Free\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R1 DNE; C:\WINDOWS\system32\DRIVERS\dnelwf64.sys [133456 2013-10-03] (Citrix Systems, Inc.)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [342016 2016-12-13] (BitDefender S.R.L. Bucharest, ROMANIA)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 ewusbnet; C:\WINDOWS\system32\DRIVERS\ewusbnet.sys [132608 2009-06-22] (Huawei Technologies Co., Ltd.)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
S3 hwusbdev; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [113792 2009-06-22] (Huawei Technologies Co., Ltd.)
S3 InputFilter_Hid_FlexDef2b; C:\WINDOWS\System32\drivers\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-07] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-08] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-08] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-08] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-19] (Synaptics Incorporated)
R2 SWIPsec; C:\WINDOWS\system32\Drivers\SWIPsec.sys [110064 2013-12-03] (Dell SonicWALL, Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-02-08] (Zemana Ltd.)
R0 ZAM_EarlyBoot; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-02-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-02-08] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-08 23:44 - 2017-02-08 23:44 - 00028171 _____ C:\ProgramData\agent.1486593847.bdinstall.bin
2017-02-08 23:30 - 2017-02-08 23:30 - 00290084 _____ C:\TDSSKiller.3.1.0.12_08.02.2017_23.30.26_log.txt
2017-02-08 23:29 - 2017-02-08 23:30 - 00003816 _____ C:\Users\churru\Desktop\Rkill.txt
2017-02-08 23:05 - 2017-02-08 23:05 - 00002353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-08 23:05 - 2017-02-08 23:05 - 00002341 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-08 23:04 - 2017-02-08 23:04 - 01129376 _____ (Google Inc.) C:\Users\churru\Downloads\ChromeSetup.exe
2017-02-08 23:04 - 2017-02-08 23:04 - 00003618 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-08 23:04 - 2017-02-08 23:04 - 00003494 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-08 22:51 - 2017-02-08 22:51 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-02-08 22:47 - 2017-02-08 22:47 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-08 22:15 - 2017-02-08 22:15 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\004B663F.sys
2017-02-08 21:55 - 2017-02-08 22:04 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-08 21:25 - 2017-02-08 21:27 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-08 21:24 - 2017-02-08 21:24 - 00009100 _____ C:\WINDOWS\system32\.crusader
2017-02-08 21:17 - 2017-02-08 21:24 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-08 21:16 - 2017-02-08 21:16 - 11581544 _____ (SurfRight B.V.) C:\Users\churru\Downloads\hitmanpro_x64.exe
2017-02-08 21:04 - 2017-02-09 00:16 - 00000000 ____D C:\FRST
2017-02-08 20:38 - 2017-02-08 20:39 - 00202032 _____ C:\Users\churru\Documents\cc_20170208_203848.reg
2017-02-08 20:31 - 2017-02-08 20:31 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-08 20:31 - 2017-02-08 20:31 - 00000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-08 20:31 - 2017-02-08 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-08 20:31 - 2017-02-08 20:31 - 00000000 ____D C:\Program Files\CCleaner
2017-02-08 19:52 - 2017-02-08 19:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\churru\Downloads\rkill.exe
2017-02-08 03:40 - 2017-02-08 03:40 - 00000000 ____D C:\ProgramData\USOShared
2017-02-08 03:39 - 2017-02-08 03:39 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-02-08 03:37 - 2017-02-08 19:51 - 00000000 ____D C:\Users\churru\AppData\Local\ConnectedDevicesPlatform
2017-02-08 03:37 - 2017-02-08 03:37 - 00000020 ___SH C:\Users\churru\ntuser.ini
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\Reciente
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\Plantillas
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\Mis documentos
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\Menú Inicio
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\Impresoras
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\Entorno de red
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\Documents\Mis vídeos
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\Documents\Mis imágenes
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\Documents\Mi música
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\Datos de programa
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\Configuración local
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\AppData\Local\Historial
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\AppData\Local\Datos de programa
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default\AppData\Local\Archivos temporales de Internet
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default User\Documents\Mis vídeos
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default User\Documents\Mis imágenes
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default User\Documents\Mi música
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Historial
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Datos de programa
2017-02-08 03:36 - 2017-02-08 03:36 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Archivos temporales de Internet
2017-02-08 03:35 - 2017-02-08 23:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-08 03:35 - 2017-02-08 03:36 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-02-08 03:35 - 2017-02-08 03:36 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-02-08 03:35 - 2017-02-08 03:35 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-02-08 03:35 - 2017-02-08 03:35 - 00003356 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4B297B09-9633-42A3-9710-DAB3D2230A74}
2017-02-08 03:35 - 2017-02-08 03:35 - 00002936 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3847727530-853212933-247748765-1002
2017-02-08 03:35 - 2017-02-08 03:35 - 00002874 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3847727530-853212933-247748765-500
2017-02-08 03:35 - 2017-02-08 03:35 - 00002668 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-02-08 03:35 - 2017-02-08 03:35 - 00002552 _____ C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-3847727530-853212933-247748765-1002
2017-02-08 03:35 - 2017-02-08 03:35 - 00002546 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2017-02-08 03:35 - 2017-02-08 03:35 - 00002532 _____ C:\WINDOWS\System32\Tasks\SamsungMagician
2017-02-08 03:35 - 2017-02-08 03:35 - 00002414 _____ C:\WINDOWS\System32\Tasks\Resolution+ Setting Task
2017-02-08 03:35 - 2017-02-08 03:35 - 00002368 _____ C:\WINDOWS\System32\Tasks\{87614E80-100B-488C-A44D-8A5479FDB687}
2017-02-08 03:35 - 2017-02-08 03:35 - 00002262 _____ C:\WINDOWS\System32\Tasks\{37BC2D7B-F96D-4312-9BC8-766719F5FB01}
2017-02-08 03:35 - 2017-02-08 03:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-02-08 03:35 - 2017-02-08 03:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\TOSHIBA
2017-02-08 03:35 - 2017-02-08 03:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-02-08 03:35 - 2013-09-17 18:47 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4187315219-1119265374-1218896551-500
2017-02-08 03:29 - 2017-02-08 03:29 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-08 03:27 - 2017-02-08 03:29 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-02-08 03:26 - 2017-02-08 23:51 - 00000000 ____D C:\Users\churru
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\Reciente
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\Plantillas
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\Mis documentos
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\Menú Inicio
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\Impresoras
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\Entorno de red
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\Documents\Mis vídeos
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\Documents\Mis imágenes
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\Documents\Mi música
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\Datos de programa
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\Configuración local
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\AppData\Local\Historial
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\AppData\Local\Datos de programa
2017-02-08 03:26 - 2017-02-08 03:26 - 00000000 _SHDL C:\Users\churru\AppData\Local\Archivos temporales de Internet
2017-02-08 03:26 - 2016-07-16 12:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-02-08 03:25 - 2017-02-08 03:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 03:25 - 2017-02-08 03:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 03:25 - 2017-02-08 03:27 - 00000000 ____D C:\Program Files\IDT
2017-02-08 03:25 - 2017-02-08 03:27 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-08 03:25 - 2017-02-08 03:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-02-08 03:25 - 2017-02-08 03:25 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-08 03:25 - 2015-10-19 19:11 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-02-08 03:25 - 2015-10-19 19:11 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-02-08 03:25 - 2015-07-13 18:37 - 06873744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-08 03:25 - 2015-07-13 18:37 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-08 03:25 - 2015-07-13 18:37 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-08 03:25 - 2015-07-13 18:37 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-08 03:25 - 2015-07-13 18:37 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2017-02-08 03:25 - 2015-07-13 18:37 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-08 03:25 - 2015-07-13 18:37 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-08 03:25 - 2015-07-13 18:37 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-08 03:25 - 2015-07-13 17:28 - 05096627 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-08 03:24 - 2017-02-08 22:14 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-08 03:24 - 2017-02-08 20:14 - 00231808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-08 03:24 - 2017-02-08 03:27 - 00000000 ____D C:\Program Files\Intel
2017-02-08 03:24 - 2017-02-08 03:24 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-02-08 03:24 - 2017-02-08 03:24 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-02-08 03:24 - 2017-02-08 03:24 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-02-08 03:24 - 2017-02-08 03:24 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-02-08 03:24 - 2017-02-08 03:24 - 00000000 ____D C:\Program Files\Synaptics
2017-02-08 03:24 - 2017-02-08 03:24 - 00000000 ____D C:\Program Files\Common Files\Atheros
2017-02-08 03:23 - 2017-02-08 20:35 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-08 03:21 - 2017-02-08 03:21 - 00000000 ____D C:\Windows.old
2017-02-08 03:20 - 2017-02-08 03:20 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-02-08 03:19 - 2017-02-08 03:19 - 03753984 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2017-02-08 03:19 - 2017-02-08 03:19 - 01349128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-02-08 03:19 - 2017-02-08 03:19 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-02-08 03:19 - 2017-02-08 03:19 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-02-08 03:19 - 2017-02-08 03:19 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-02-08 03:19 - 2017-02-08 03:19 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-02-08 03:19 - 2017-02-08 03:19 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-02-08 03:19 - 2017-02-08 03:19 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2017-02-08 03:19 - 2017-02-08 03:19 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-02-08 03:19 - 2017-02-08 03:19 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-08 03:19 - 2017-02-08 03:19 - 00000000 ____D C:\Program Files\MSBuild
2017-02-08 03:19 - 2017-02-08 03:19 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-08 03:19 - 2017-02-08 03:19 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-08 03:19 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-02-08 03:19 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-08 03:19 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-02-08 03:19 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-02-08 03:19 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-08 03:19 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-02-08 02:16 - 2017-02-09 00:16 - 00178901 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-08 02:16 - 2017-02-09 00:16 - 00033724 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-08 02:16 - 2017-02-08 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-08 02:16 - 2017-02-08 02:16 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-02-08 02:16 - 2017-02-08 02:16 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-02-08 02:16 - 2017-02-08 02:16 - 00001228 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-02-08 02:16 - 2017-02-08 02:16 - 00000000 ____D C:\Users\churru\AppData\Local\Zemana
2017-02-08 02:16 - 2017-02-08 02:16 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-02-08 02:13 - 2017-02-08 02:14 - 04747704 _____ (AO Kaspersky Lab) C:\Users\churru\Downloads\tdsskiller.exe
2017-02-08 02:09 - 2017-02-08 02:10 - 05677776 _____ (Zemana Ltd. ) C:\Users\churru\Downloads\Zemana.AntiMalware.Setup.exe
2017-02-08 02:07 - 2017-02-08 02:31 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-08 02:06 - 2017-02-08 03:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-02-08 02:06 - 2017-02-08 02:06 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-02-08 02:06 - 2017-02-08 02:06 - 00000000 ____D C:\ProgramData\Sophos
2017-02-08 02:05 - 2017-02-08 02:05 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-02-08 02:03 - 2017-02-08 02:07 - 00000036 _____ C:\WINDOWS\progress.ini
2017-02-08 01:32 - 2017-02-08 03:37 - 00000000 ___HD C:\$GetCurrent
2017-02-08 01:32 - 2017-02-08 03:37 - 00000000 ____D C:\Windows10Upgrade
2017-02-08 01:32 - 2017-02-08 01:32 - 05741448 _____ (Microsoft Corporation) C:\Users\churru\Downloads\Windows10Upgrade9252.exe
2017-02-08 01:32 - 2017-02-08 01:32 - 00000742 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asistente para actualización a Windows 10.lnk
2017-02-08 01:32 - 2017-02-08 01:32 - 00000730 _____ C:\Users\churru\Desktop\Asistente para actualización a Windows 10.lnk
2017-02-08 00:50 - 2017-02-08 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-02-08 00:50 - 2017-02-08 00:50 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-02-08 00:50 - 2017-02-08 00:50 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2017-02-08 00:50 - 2017-02-08 00:50 - 00000000 ____D C:\Program Files\KMSpico
2017-02-08 00:50 - 2010-12-06 03:16 - 00090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2017-02-08 00:47 - 2017-02-08 00:47 - 03120118 _____ C:\Users\churru\Downloads\KMSpico Install.rar
2017-02-07 23:18 - 2017-02-07 23:18 - 00000000 ___HD C:\$Windows.~WS
2017-02-07 23:01 - 2017-02-08 23:49 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-07 23:01 - 2017-02-08 23:49 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-07 23:01 - 2017-02-08 23:49 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-07 23:01 - 2017-02-08 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-07 23:01 - 2017-02-07 23:01 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-07 23:01 - 2017-02-07 23:01 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-07 23:01 - 2017-02-07 23:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-07 23:01 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-07 22:57 - 2017-02-08 23:41 - 00000548 _____ C:\Users\churru\Desktop\JRT.txt
2017-02-06 23:47 - 2017-02-06 23:47 - 00001203 _____ C:\Users\churru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2017-02-06 23:46 - 2017-02-06 23:46 - 00000000 ____D C:\Users\churru\AppData\Local\Bitdefender Antivirus Free
2017-02-06 23:45 - 2016-03-14 22:04 - 00023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2017-02-06 23:44 - 2017-02-08 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2017-02-06 23:44 - 2017-02-06 23:44 - 00001218 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2017-02-06 23:44 - 2017-02-06 23:44 - 00000000 ____D C:\ProgramData\Bitdefender
2017-02-06 23:44 - 2016-12-13 18:18 - 00342016 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2017-02-06 23:44 - 2016-10-29 09:54 - 00182944 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2017-02-06 23:44 - 2016-09-20 04:17 - 01605376 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2017-02-06 23:44 - 2016-09-20 04:16 - 00878072 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2017-02-06 23:42 - 2017-02-09 00:16 - 00000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-02-06 23:42 - 2017-02-06 23:42 - 00000000 ____D C:\Users\churru\AppData\Roaming\QuickScan
2017-02-06 23:42 - 2016-06-22 15:40 - 00520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2017-02-06 23:34 - 2017-02-08 23:50 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-02-06 23:34 - 2017-02-08 23:44 - 00000000 ____D C:\ProgramData\BDLogging
2017-02-06 23:34 - 2017-02-06 23:34 - 00047467 _____ C:\ProgramData\agent.1486420472.bdinstall.bin
2017-02-06 23:34 - 2017-02-06 23:34 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-02-06 23:18 - 2017-02-06 23:18 - 18309328 _____ (Microsoft Corporation) C:\Users\churru\Downloads\MediaCreationTool (1).exe
2017-02-04 22:36 - 2017-02-04 22:36 - 00021825 _____ C:\Users\churru\Downloads\9601a8874d1b1daac8295bec64f79a69-megasubtitulos.com.rar
2017-02-04 22:36 - 2016-11-23 00:52 - 00062890 _____ C:\Users\churru\Downloads\I.Am.a.Hero.2016.BluRay.720p.900MB.Ganool.srt
2017-01-31 20:36 - 2017-01-31 20:36 - 00000000 ____D C:\Users\churru\AppData\Local\Amazon Drive
2017-01-30 22:59 - 2017-01-30 22:59 - 00000220 _____ C:\Users\churru\Desktop\X-COM UFO Defense.url
2017-01-28 16:26 - 2017-01-28 16:26 - 00145793 _____ C:\Users\churru\Downloads\V8PRO_Lista Movistar+ Astra - 13-10-16 (195 Canales).zip
2017-01-28 13:51 - 2017-01-28 13:51 - 1807058944 _____ C:\Users\churru\Downloads\wifislax-4-12-final.iso
2017-01-28 11:06 - 2017-01-28 11:06 - 00130108 _____ C:\Users\churru\Downloads\V8 Super ind.bin
2017-01-26 21:41 - 2017-01-26 21:41 - 06293184 _____ (Piriform Ltd) C:\Users\churru\Downloads\spsetup130.exe
2017-01-24 22:10 - 2017-01-24 22:10 - 00018611 _____ C:\Users\churru\Downloads\487023.zip
2017-01-24 22:08 - 2017-01-24 22:08 - 00049040 _____ C:\Users\churru\Downloads\The Man in the High Castle 1x07 - Truth (Español (España)).srt
2017-01-24 22:08 - 2016-12-13 17:03 - 00047551 _____ C:\Users\churru\Downloads\The Man in the High Castle 1x07 - Truth.srt
2017-01-24 20:47 - 2017-01-24 20:47 - 00000044 _____ C:\Users\churru\Documents\medidas.txt
2017-01-23 22:33 - 2017-01-23 22:33 - 06254595 _____ C:\Users\churru\Downloads\V8_Super_V482.rar
2017-01-23 22:12 - 2017-01-23 22:12 - 06272351 _____ C:\Users\churru\Downloads\V8_Super_V500.rar
2017-01-21 12:07 - 2017-01-21 12:07 - 00000000 ____D C:\Users\churru\AppData\Roaming\Nitroplus
2017-01-21 11:47 - 2017-02-08 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steins;Gate
2017-01-21 11:47 - 2017-01-21 11:47 - 00001399 _____ C:\Users\Public\Desktop\Steins;Gate.lnk
2017-01-20 19:34 - 2017-01-20 19:34 - 00079028 _____ C:\Users\churru\Downloads\justificanteMEH.zip
2017-01-20 19:34 - 2017-01-20 19:34 - 00048804 _____ C:\Users\churru\Downloads\47616992T.pdf
2017-01-15 16:39 - 2017-01-15 16:43 - 270532608 _____ C:\Users\churru\Downloads\clonezilla-live-20161121-yakkety-amd64.iso
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-08 23:56 - 2016-07-16 23:40 - 00617382 _____ C:\WINDOWS\system32\perfh00A.dat
2017-02-08 23:56 - 2016-07-16 23:40 - 00113128 _____ C:\WINDOWS\system32\perfc00A.dat
2017-02-08 23:56 - 2015-10-19 02:09 - 01668508 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-08 23:49 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-08 23:49 - 2015-10-21 02:36 - 00000000 __SHD C:\Users\churru\IntelGraphicsProfiles
2017-02-08 23:49 - 2015-07-13 23:14 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-08 23:37 - 2015-08-09 22:00 - 00000000 ____D C:\AdwCleaner
2017-02-08 23:29 - 2016-06-18 19:55 - 00000000 ____D C:\Users\churru\AppData\Local\TSVNCache
2017-02-08 23:05 - 2014-01-23 19:56 - 00000000 ____D C:\Users\churru\AppData\Local\Google
2017-02-08 23:05 - 2014-01-23 19:56 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-08 23:02 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 22:57 - 2016-08-04 21:11 - 00000000 ____D C:\Users\churru\AppData\Roaming\AvitoDvd
2017-02-08 22:55 - 2014-09-08 18:38 - 00000000 ____D C:\Program Files (x86)\JDownloader
2017-02-08 22:15 - 2016-09-11 12:09 - 00000000 ____D C:\Users\churru\AppData\Roaming\Amazon Cloud Drive
2017-02-08 21:24 - 2016-01-16 19:31 - 00000000 ____D C:\Users\churru\AppData\Roaming\mgyun
2017-02-08 20:35 - 2015-12-22 21:43 - 00000000 ____D C:\Users\churru\AppData\Roaming\FileZilla
2017-02-08 20:35 - 2015-09-17 11:53 - 00000000 ____D C:\Users\churru\AppData\Roaming\TeamViewer
2017-02-08 20:35 - 2015-06-11 22:06 - 00000000 ____D C:\Users\churru\AppData\Roaming\Media Player Classic
2017-02-08 20:35 - 2014-09-20 20:51 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-08 20:35 - 2014-01-25 21:32 - 00000000 ____D C:\Users\churru\AppData\Roaming\MPC-HC
2017-02-08 20:35 - 2014-01-23 20:04 - 00000000 ____D C:\Users\churru\AppData\Roaming\uTorrent
2017-02-08 20:10 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Registration
2017-02-08 04:45 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-08 04:01 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-08 03:55 - 2014-01-23 13:18 - 00000000 ____D C:\Users\churru\AppData\Local\Packages
2017-02-08 03:40 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\USOPrivate
2017-02-08 03:40 - 2015-10-19 07:31 - 00002453 _____ C:\Users\churru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-08 03:40 - 2015-10-19 07:31 - 00000000 ___RD C:\Users\churru\OneDrive
2017-02-08 03:37 - 2016-08-13 13:26 - 00000282 __RSH C:\ProgramData\ntuser.pol
2017-02-08 03:37 - 2015-10-21 02:36 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-02-08 03:37 - 2015-09-10 06:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-08 03:36 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Windows NT
2017-02-08 03:35 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-02-08 03:35 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-02-08 03:35 - 2015-10-19 02:13 - 00023172 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-02-08 03:32 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-08 03:29 - 2017-01-06 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2017-02-08 03:29 - 2016-07-16 23:39 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-02-08 03:29 - 2016-07-16 12:47 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-02-08 03:29 - 2016-07-16 12:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-02-08 03:29 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-02-08 03:29 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-08 03:29 - 2016-07-16 07:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-02-08 03:29 - 2016-06-23 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-02-08 03:29 - 2016-06-18 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2017-02-08 03:29 - 2016-06-18 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2017-02-08 03:29 - 2016-06-12 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-02-08 03:29 - 2016-06-11 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
2017-02-08 03:29 - 2016-05-15 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SP Driver
2017-02-08 03:29 - 2016-01-20 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Colasoft MAC Scanner Free
2017-02-08 03:29 - 2015-12-22 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-02-08 03:29 - 2015-10-30 07:28 - 00000000 ____D C:\Users\Default.migrated
2017-02-08 03:29 - 2015-06-17 02:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-08 03:29 - 2015-04-06 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3 WiFi Manager
2017-02-08 03:29 - 2015-02-22 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astroburn Lite
2017-02-08 03:29 - 2014-10-29 22:58 - 00000000 ____D C:\Users\churru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-08 03:29 - 2014-09-20 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-08 03:29 - 2014-09-08 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2017-02-08 03:29 - 2014-08-25 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaUploader
2017-02-08 03:29 - 2014-08-08 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-08 03:29 - 2014-07-30 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
2017-02-08 03:29 - 2014-07-13 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader
2017-02-08 03:29 - 2014-06-20 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-02-08 03:29 - 2014-05-31 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-02-08 03:29 - 2014-04-25 22:51 - 00000000 ____D C:\WINDOWS\WindowsMobile
2017-02-08 03:29 - 2014-04-12 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Universalis IV
2017-02-08 03:29 - 2014-03-08 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
2017-02-08 03:29 - 2014-02-09 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
2017-02-08 03:29 - 2014-02-07 21:23 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2017-02-08 03:29 - 2014-01-25 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2017-02-08 03:29 - 2014-01-23 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack
2017-02-08 03:29 - 2014-01-23 22:41 - 00000000 ____D C:\Users\churru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-08 03:29 - 2014-01-23 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-08 03:29 - 2013-10-15 03:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-08 03:29 - 2013-10-15 03:35 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2017-02-08 03:29 - 2013-10-15 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS, Inc
2017-02-08 03:29 - 2013-10-15 03:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 03:29 - 2013-09-17 18:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2017-02-08 03:27 - 2017-01-06 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-02-08 03:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-02-08 03:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\spool
2017-02-08 03:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-08 03:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-08 03:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-02-08 03:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-08 03:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\InputMethod
2017-02-08 03:27 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-08 03:27 - 2015-01-31 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
2017-02-08 03:27 - 2014-09-16 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2017-02-08 03:27 - 2014-09-16 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-02-08 03:27 - 2014-04-25 18:17 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-02-08 03:27 - 2014-04-18 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agencia Tributaria
2017-02-08 03:27 - 2013-10-15 03:37 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-02-08 03:27 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-08 03:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-02-08 03:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-02-08 03:26 - 2016-11-08 21:07 - 00000000 ____D C:\Users\churru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
2017-02-08 03:26 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-08 03:26 - 2016-04-23 11:11 - 00000000 ____D C:\Users\churru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Agencia Tributaria
2017-02-08 03:25 - 2017-01-06 21:43 - 00000000 ____D C:\Temp
2017-02-08 03:25 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-02-08 03:25 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-02-08 03:25 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-08 03:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2017-02-08 03:23 - 2016-07-16 12:49 - 00000000 ____D C:\WINDOWS\Setup
2017-02-08 03:23 - 2016-07-16 12:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-02-08 03:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-02-08 03:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-02-08 03:19 - 2016-07-16 12:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2017-02-08 03:19 - 2016-07-16 12:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-02-08 03:19 - 2016-07-16 12:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-02-08 03:19 - 2016-07-16 12:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-02-08 03:19 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-02-08 03:19 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-02-08 03:19 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-08 02:22 - 2014-07-30 13:08 - 00000000 ____D C:\Program Files (x86)\Jumpstart
2017-02-08 00:20 - 2016-09-24 12:05 - 00000000 ____D C:\ESD
2017-02-07 23:01 - 2015-07-13 23:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-07 22:58 - 2016-05-01 17:09 - 00000000 ____D C:\Julio
2017-01-31 20:36 - 2017-01-04 19:10 - 00001272 _____ C:\Users\churru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Drive.lnk
2017-01-31 20:36 - 2017-01-04 19:10 - 00001260 _____ C:\Users\churru\Desktop\Amazon Drive.lnk
2017-01-30 23:01 - 2015-02-20 21:41 - 00000000 ____D C:\Users\churru\AppData\Local\Steam
2017-01-28 15:58 - 2014-04-18 10:20 - 00000000 ____D C:\aeat
2017-01-28 13:36 - 2014-05-02 23:03 - 00000000 ____D C:\Programas
2017-01-21 22:51 - 2015-11-29 22:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-21 11:47 - 2014-04-12 12:55 - 00000000 ____D C:\Juegos
 
==================== Files in the root of some directories =======
 
2014-01-23 22:48 - 2014-01-23 22:48 - 0000282 _____ () C:\Users\churru\AppData\Roaming\GPU MeterV2_Settings.ini
2015-04-18 13:00 - 2016-07-03 18:15 - 0464384 _____ (Dirección General de la Policía) C:\Users\churru\AppData\Local\DNIeService.exe
2015-06-11 21:07 - 2015-06-11 21:07 - 0000001 _____ () C:\Users\churru\AppData\Local\llftool.4.40.agreement
2015-12-22 21:49 - 2016-02-23 17:12 - 0000600 _____ () C:\Users\churru\AppData\Local\PUTTY.RND
2017-02-06 23:34 - 2017-02-06 23:34 - 0047467 _____ () C:\ProgramData\agent.1486420472.bdinstall.bin
2017-02-08 23:44 - 2017-02-08 23:44 - 0028171 _____ () C:\ProgramData\agent.1486593847.bdinstall.bin
2016-06-23 20:01 - 2016-06-23 20:07 - 0000825 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\churru\Renta2015_windows_1_09.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-08 03:24
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 AM

Posted 09 February 2017 - 09:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
AppInit_DLLs: , => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF HKU\S-1-5-21-3847727530-853212933-247748765-1002\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\churru\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin-x32: @xmlauthor.com/downloads -> C:\WINDOWS\system32\npmirage.dll [No File]
FF Plugin HKU\S-1-5-21-3847727530-853212933-247748765-1002: @acestream.net/acestreamplugin,version=2.2.4-next -> C:\Users\churru\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-3847727530-853212933-247748765-1002: @spoon.net/Spoon Plugin 3.33 -> C:\Users\churru\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll [No File]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
Task: {15702C54-1201-4EFA-ADEC-D8621C51B1F7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1CB476D1-B51A-4E24-B29C-9873E2D4A15C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1EEE4A0A-7CDB-43EA-8041-F6EBE26A37EF} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {2B5EF969-300F-4C93-B5AB-A20FA0CE0E25} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {31D41D63-D259-42A8-8A19-199B570D9E3C} - \WPD\SqmUpload_S-1-5-21-3847727530-853212933-247748765-1002 -> No File <==== ATTENTION
Task: {74AEF5E7-981E-4B5C-B623-22E6A85D8036} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7A5DD423-0376-4B47-8DAA-6B4F56D3E44A} - System32\Tasks\{87614E80-100B-488C-A44D-8A5479FDB687} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=404
Task: {941767A4-3DDC-4730-8799-2D7DE81D9AF1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9C1E3E9A-4D78-4BCF-B531-9FCFB635E117} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B19FC26F-4ABD-4A92-BB67-19610F870099} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C9DF018D-C2D4-47B7-B6F6-8CF75F36C9EB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D76DC593-35ED-44CD-8A0F-38CFE9301871} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EFDB7BC7-111F-45CE-9FA4-0273DED9FD7B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FC7312EC-3A11-4AE6-A6A7-E58C494FD595} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FD13BA9A-B6D4-4BD0-91EB-956453F2081C} - System32\Tasks\avastBCLRestartS-1-5-21-3847727530-853212933-247748765-1002 => Chrome.exe
AlternateDataStreams: C:\Users\churru\Amazon Drive:com.amazon.drive.sync [86]
AlternateDataStreams: C:\Users\churru\Amazon Drive:com.amazon.drive.sync.root [42]
AlternateDataStreams: C:\Users\churru\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\churru\Downloads\hitmanpro_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\churru\Downloads\rkill.exe:BDU [0]
AlternateDataStreams: C:\Users\churru\Downloads\tdsskiller.exe:BDU [0]
AlternateDataStreams: C:\Users\churru\Downloads\Windows10Upgrade9252.exe:BDU [0]
AlternateDataStreams: C:\Users\churru\Downloads\Zemana.AntiMalware.Setup.exe:BDU [0]
HKU\S-1-5-21-3847727530-853212933-247748765-1002\Software\Classes\.com:  =>  <===== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

For your added security I suggest that you update the following programs.

JAVA

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882
===

Remove this old version is still present.
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)

Please post the Fixlog.txt and let me know if the probem persists.

#3 churru

churru
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 09 February 2017 - 02:25 PM

Thanks! After browsing about half hour the problem seems to have dissapeared... thank you very much! 

 

Here is the fixlog.txt :

 

---------------------------------------------------------------------------------------------------------------

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-02-2017
Ran by churru (09-02-2017 20:07:51) Run:1
Running from E:\antivirus
Loaded Profiles: churru (Available Profiles: churru)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs: , => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF HKU\S-1-5-21-3847727530-853212933-247748765-1002\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\churru\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin-x32: @xmlauthor.com/downloads -> C:\WINDOWS\system32\npmirage.dll [No File]
FF Plugin HKU\S-1-5-21-3847727530-853212933-247748765-1002: @acestream.net/acestreamplugin,version=2.2.4-next -> C:\Users\churru\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-3847727530-853212933-247748765-1002: @spoon.net/Spoon Plugin 3.33 -> C:\Users\churru\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll [No File]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
Task: {15702C54-1201-4EFA-ADEC-D8621C51B1F7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1CB476D1-B51A-4E24-B29C-9873E2D4A15C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1EEE4A0A-7CDB-43EA-8041-F6EBE26A37EF} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {2B5EF969-300F-4C93-B5AB-A20FA0CE0E25} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {31D41D63-D259-42A8-8A19-199B570D9E3C} - \WPD\SqmUpload_S-1-5-21-3847727530-853212933-247748765-1002 -> No File <==== ATTENTION
Task: {74AEF5E7-981E-4B5C-B623-22E6A85D8036} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7A5DD423-0376-4B47-8DAA-6B4F56D3E44A} - System32\Tasks\{87614E80-100B-488C-A44D-8A5479FDB687} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.14.0.104&amp;LastError=404
Task: {941767A4-3DDC-4730-8799-2D7DE81D9AF1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9C1E3E9A-4D78-4BCF-B531-9FCFB635E117} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B19FC26F-4ABD-4A92-BB67-19610F870099} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C9DF018D-C2D4-47B7-B6F6-8CF75F36C9EB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D76DC593-35ED-44CD-8A0F-38CFE9301871} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EFDB7BC7-111F-45CE-9FA4-0273DED9FD7B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FC7312EC-3A11-4AE6-A6A7-E58C494FD595} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FD13BA9A-B6D4-4BD0-91EB-956453F2081C} - System32\Tasks\avastBCLRestartS-1-5-21-3847727530-853212933-247748765-1002 => Chrome.exe
AlternateDataStreams: C:\Users\churru\Amazon Drive:com.amazon.drive.sync [86]
AlternateDataStreams: C:\Users\churru\Amazon Drive:com.amazon.drive.sync.root [42]
AlternateDataStreams: C:\Users\churru\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\churru\Downloads\hitmanpro_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\churru\Downloads\rkill.exe:BDU [0]
AlternateDataStreams: C:\Users\churru\Downloads\tdsskiller.exe:BDU [0]
AlternateDataStreams: C:\Users\churru\Downloads\Windows10Upgrade9252.exe:BDU [0]
AlternateDataStreams: C:\Users\churru\Downloads\Zemana.AntiMalware.Setup.exe:BDU [0]
HKU\S-1-5-21-3847727530-853212933-247748765-1002\Software\Classes\.com:  =>  <===== ATTENTION
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"," => Value data removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} => key removed successfully
HKCR\Wow6432Node\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
HKCR\PROTOCOLS\Handler\skype4com => key not found. 
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found. 
HKU\S-1-5-21-3847727530-853212933-247748765-1002\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org => value removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@xmlauthor.com/downloads => key removed successfully
HKU\S-1-5-21-3847727530-853212933-247748765-1002\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.2.4-next => key removed successfully
C:\Users\churru\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
HKU\S-1-5-21-3847727530-853212933-247748765-1002\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33 => key removed successfully
C:\Users\churru\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll => not found.
C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\churru\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15702C54-1201-4EFA-ADEC-D8621C51B1F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15702C54-1201-4EFA-ADEC-D8621C51B1F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CB476D1-B51A-4E24-B29C-9873E2D4A15C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CB476D1-B51A-4E24-B29C-9873E2D4A15C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EEE4A0A-7CDB-43EA-8041-F6EBE26A37EF} => key not found. 
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B5EF969-300F-4C93-B5AB-A20FA0CE0E25} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B5EF969-300F-4C93-B5AB-A20FA0CE0E25} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31D41D63-D259-42A8-8A19-199B570D9E3C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31D41D63-D259-42A8-8A19-199B570D9E3C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3847727530-853212933-247748765-1002 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74AEF5E7-981E-4B5C-B623-22E6A85D8036} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74AEF5E7-981E-4B5C-B623-22E6A85D8036} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A5DD423-0376-4B47-8DAA-6B4F56D3E44A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A5DD423-0376-4B47-8DAA-6B4F56D3E44A} => key removed successfully
C:\WINDOWS\System32\Tasks\{87614E80-100B-488C-A44D-8A5479FDB687} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{87614E80-100B-488C-A44D-8A5479FDB687} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{941767A4-3DDC-4730-8799-2D7DE81D9AF1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{941767A4-3DDC-4730-8799-2D7DE81D9AF1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C1E3E9A-4D78-4BCF-B531-9FCFB635E117} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C1E3E9A-4D78-4BCF-B531-9FCFB635E117} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B19FC26F-4ABD-4A92-BB67-19610F870099} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B19FC26F-4ABD-4A92-BB67-19610F870099} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C9DF018D-C2D4-47B7-B6F6-8CF75F36C9EB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9DF018D-C2D4-47B7-B6F6-8CF75F36C9EB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D76DC593-35ED-44CD-8A0F-38CFE9301871} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D76DC593-35ED-44CD-8A0F-38CFE9301871} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EFDB7BC7-111F-45CE-9FA4-0273DED9FD7B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFDB7BC7-111F-45CE-9FA4-0273DED9FD7B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC7312EC-3A11-4AE6-A6A7-E58C494FD595} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC7312EC-3A11-4AE6-A6A7-E58C494FD595} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD13BA9A-B6D4-4BD0-91EB-956453F2081C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD13BA9A-B6D4-4BD0-91EB-956453F2081C} => key removed successfully
C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-3847727530-853212933-247748765-1002 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-3847727530-853212933-247748765-1002 => key removed successfully
C:\Users\churru\Amazon Drive => ":com.amazon.drive.sync" ADS removed successfully.
C:\Users\churru\Amazon Drive => ":com.amazon.drive.sync.root" ADS removed successfully.
C:\Users\churru\Downloads\ChromeSetup.exe => ":BDU" ADS removed successfully.
C:\Users\churru\Downloads\hitmanpro_x64.exe => ":BDU" ADS removed successfully.
C:\Users\churru\Downloads\rkill.exe => ":BDU" ADS removed successfully.
C:\Users\churru\Downloads\tdsskiller.exe => ":BDU" ADS removed successfully.
C:\Users\churru\Downloads\Windows10Upgrade9252.exe => ":BDU" ADS removed successfully.
C:\Users\churru\Downloads\Zemana.AntiMalware.Setup.exe => ":BDU" ADS removed successfully.
HKU\S-1-5-21-3847727530-853212933-247748765-1002\Software\Classes\.com => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 782505 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8142470 B
Java, Flash, Steam htmlcache => 108650275 B
Windows/system/drivers => 14079907 B
Edge => 5620596 B
Chrome => 109851733 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2474 B
NetworkService => 0 B
churru => 3000966 B
 
RecycleBin => 17325 B
EmptyTemp: => 238.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:08:28 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 AM

Posted 10 February 2017 - 09:00 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users