Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Loopback Malware


  • This topic is locked This topic is locked
7 replies to this topic

#1 cbfmercado

cbfmercado

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 12 August 2017 - 02:31 AM

Hi guys! I read a thread in this forum about this pesky malware. i havent attempted anything yet, but ive gone as far as downloading Farbar. please see the scan log below.

 

If you guys can help me fix this that would be GREAT! 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2017
Ran by Carlos Mercado (administrator) on DESKTOP-42NFCV6 (12-08-2017 15:23:04)
Running from C:\Users\Carlos Mercado\Downloads
Loaded Profiles: Carlos Mercado (Available Profiles: Carlos Mercado)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d7080f4aa4390fde\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d7080f4aa4390fde\IntelCpHDCPSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d7080f4aa4390fde\IntelCpHeciSvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d7080f4aa4390fde\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-08-04] (AVAST Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\...\Run: [uTorrent] => C:\Users\Carlos Mercado\AppData\Roaming\uTorrent\uTorrent.exe [2150336 2017-08-04] (BitTorrent Inc.)
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{17573f26-c2ed-4ed7-b40c-c859e44cd832}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtAtCtGyEtA0AzztGzzzy0ByCtG0BtB0ByE0DzyzztCyBtDyEtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyEzy%26cr%3D1776980686%26a%3Dwncy_btrnt_17_31%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtAtCtGyEtA0AzztGzzzy0ByCtG0BtB0ByE0DzyzztCyBtDyEtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyEzy%26cr%3D1776980686%26a%3Dwncy_btrnt_17_31%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtAtCtGyEtA0AzztGzzzy0ByCtG0BtB0ByE0DzyzztCyBtDyEtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyEzy%26cr%3D1776980686%26a%3Dwncy_btrnt_17_31%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtAtCtGyEtA0AzztGzzzy0ByCtG0BtB0ByE0DzyzztCyBtDyEtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyEzy%26cr%3D1776980686%26a%3Dwncy_btrnt_17_31%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtAtCtGyEtA0AzztGzzzy0ByCtG0BtB0ByE0DzyzztCyBtDyEtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyEzy%26cr%3D1776980686%26a%3Dwncy_btrnt_17_31%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtAtCtGyEtA0AzztGzzzy0ByCtG0BtB0ByE0DzyzztCyBtDyEtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyEzy%26cr%3D1776980686%26a%3Dwncy_btrnt_17_31%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtAtCtGyEtA0AzztGzzzy0ByCtG0BtB0ByE0DzyzztCyBtDyEtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtAyCyEzy%26cr%3D1776980686%26a%3Dwncy_btrnt_17_31%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3414011529-3657276367-320515580-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-08-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-08-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-08-03] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-08-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-08-03] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default [2017-08-12]
CHR Extension: (Google Slides) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-03]
CHR Extension: (Google Docs) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-04]
CHR Extension: (Google Drive) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-04]
CHR Extension: (YouTube) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-04]
CHR Extension: (Google Sheets) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-04]
CHR Extension: (Avast Online Security) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-03]
CHR Extension: (Gmail) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-04]
CHR Extension: (Chrome Media Router) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-03]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3414011529-3657276367-320515580-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3414011529-3657276367-320515580-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [126648 2016-06-16] (ASUSTek Computer Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-08-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-08-04] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)
R3 cphs; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d7080f4aa4390fde\IntelCpHeciSvc.exe [301552 2016-11-01] (Intel Corporation)
R2 cplspcon; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d7080f4aa4390fde\IntelCpHDCPSvc.exe [480240 2016-11-01] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d7080f4aa4390fde\igfxCUIService.exe [342000 2016-11-01] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 RtkBtManServ; C:\Windows\RtkBtManServ.exe [250136 2016-09-13] (Realtek Semiconductor Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-19] (Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [99320 2016-10-24] (ASUS Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-08-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-08-04] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-08-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-08-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-08-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146704 2017-08-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-08-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015880 2017-08-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-08-04] (AVAST Software)
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [31112 2017-05-03] (ASUS)
R3 igfx; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d7080f4aa4390fde\igdkmd64.sys [11033584 2016-11-01] (Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_92fec793fc7cbb67\nvlddmkm.sys [14156744 2016-10-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56376 2016-08-04] (NVIDIA Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [337928 2016-10-17] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [943112 2016-10-18] (Realtek )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [710696 2016-09-13] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [6320640 2017-03-19] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-12 15:23 - 2017-08-12 15:23 - 000021033 _____ C:\Users\Carlos Mercado\Downloads\FRST.txt
2017-08-12 15:22 - 2017-08-12 15:23 - 000000000 ____D C:\FRST
2017-08-12 15:21 - 2017-08-12 15:22 - 002381824 _____ (Farbar) C:\Users\Carlos Mercado\Downloads\FRST64.exe
2017-08-11 14:59 - 2017-08-11 14:59 - 000000000 ____D C:\Users\Carlos Mercado\Documents\Custom Office Templates
2017-08-11 13:22 - 2017-08-11 13:22 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-08-11 09:52 - 2017-08-11 13:45 - 000001542 _____ C:\Users\Carlos Mercado\Documents\Proposal-rewrite.txt
2017-08-11 00:00 - 2017-08-11 00:00 - 002196431 _____ C:\Users\Carlos Mercado\Downloads\Adhesion Awareness Leaflet_Copy for Medical Writer.pdf
2017-08-10 23:09 - 2017-08-11 13:25 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-10 23:08 - 2017-08-11 13:24 - 000654960 _____ C:\Windows\ntbtlog.txt
2017-08-10 22:36 - 2017-08-10 22:36 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\PeerDistRepub
2017-08-10 22:17 - 2017-08-10 22:17 - 000000444 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-08-10 22:10 - 2017-08-10 22:10 - 000000000 ____D C:\Users\Carlos Mercado\AppData\LocalLow\Adobe
2017-08-10 18:31 - 2017-08-11 15:01 - 000001406 _____ C:\Users\Carlos Mercado\Documents\Proposal-medical writer.txt
2017-08-10 14:37 - 2017-08-10 23:26 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\CrashDumps
2017-08-10 14:37 - 2017-08-10 14:37 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\DBG
2017-08-10 14:36 - 2017-08-10 14:36 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-10 14:35 - 2017-08-10 14:35 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-10 14:35 - 2017-08-10 14:35 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-08-10 14:34 - 2017-08-10 22:11 - 000000000 ____D C:\ProgramData\Adobe
2017-08-10 14:33 - 2017-08-10 22:10 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\Adobe
2017-08-10 14:33 - 2017-08-10 14:33 - 001207288 _____ (Adobe Systems Incorporated) C:\Users\Carlos Mercado\Downloads\readerdc_en_xa_crd_install.exe
2017-08-10 14:32 - 2017-08-10 18:21 - 008984530 _____ C:\Users\Carlos Mercado\Downloads\2014_Healthy Life Style & BMI.pptx
2017-08-09 18:55 - 2017-08-09 18:55 - 000000000 ____D C:\Users\Carlos Mercado\Documents\My Games
2017-08-09 18:55 - 2017-08-09 18:55 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\My Games
2017-08-09 18:54 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-08-09 18:54 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-08-09 18:54 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-08-09 18:54 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-08-09 18:54 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-08-09 18:54 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-08-09 18:54 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-08-09 18:54 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-08-09 18:54 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-08-09 18:54 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-08-09 18:54 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-08-09 18:54 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2017-08-09 18:54 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-08-09 18:54 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-08-09 18:53 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-08-09 18:53 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-08-09 18:53 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-08-09 18:53 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-08-09 18:53 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-08-09 18:53 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-08-09 18:53 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-08-09 18:53 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-08-09 18:53 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-08-09 18:53 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-08-09 18:53 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-08-09 18:53 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2017-08-09 18:53 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-08-09 18:53 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2017-08-09 18:53 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-08-09 18:53 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-08-09 18:53 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-08-09 18:53 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-08-09 18:53 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-08-09 18:53 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-08-09 18:53 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-08-09 18:53 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-08-09 18:53 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-08-09 18:53 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-08-09 18:53 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-08-09 18:53 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-08-09 18:53 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-08-09 18:53 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-08-09 18:53 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-08-09 18:53 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-08-09 18:53 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-08-09 18:53 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-08-09 18:53 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-08-09 18:53 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-08-09 18:53 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-08-09 18:53 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-08-09 18:53 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-08-09 18:53 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-08-09 18:53 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-08-09 18:53 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-08-09 18:53 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-08-09 18:53 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-08-09 18:53 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-08-09 18:53 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-08-09 18:53 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-08-09 18:53 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-08-09 18:53 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-08-09 18:53 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-08-09 18:53 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-08-09 18:53 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-08-09 18:53 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-08-09 18:53 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-08-09 18:53 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-08-09 18:53 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-08-09 18:53 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-08-09 18:53 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-08-09 18:53 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-08-09 18:53 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-08-09 18:53 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-08-09 18:53 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-08-09 18:53 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-08-09 18:53 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-08-09 18:53 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-08-09 18:53 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-08-09 18:53 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-08-09 18:53 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-08-09 18:53 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-08-09 18:53 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-08-09 18:53 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-08-09 18:53 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-08-09 18:53 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-08-09 18:53 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-08-09 18:53 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-08-09 18:53 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-08-09 18:53 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-08-09 18:53 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-08-09 18:53 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-08-09 18:53 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-08-09 18:53 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-08-09 18:53 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-08-09 18:53 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-08-09 18:53 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-08-09 18:53 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-08-09 18:53 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-08-09 18:53 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-08-09 18:53 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-08-09 18:53 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-08-09 18:53 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-08-09 18:53 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-08-09 18:53 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-08-09 18:53 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-08-09 18:53 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-08-09 18:53 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-08-09 18:53 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-08-09 18:53 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-08-09 18:53 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-08-09 18:53 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-08-09 18:53 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-08-09 18:53 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-08-09 18:53 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-08-09 18:53 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-08-09 18:53 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-08-09 18:53 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-08-09 18:53 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-08-09 18:53 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-08-09 18:53 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-08-09 18:53 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-08-09 18:53 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-08-09 18:53 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-08-09 18:53 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-08-09 18:53 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-08-09 18:53 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-08-09 18:53 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-08-09 18:53 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-08-09 18:53 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-08-09 18:53 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-08-09 18:53 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-08-09 18:53 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-08-09 18:53 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-08-09 18:53 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-08-09 18:53 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-08-09 18:53 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-08-09 18:53 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-08-09 18:53 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-08-09 18:53 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-08-09 18:53 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-08-09 18:53 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-08-09 18:53 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-08-09 18:53 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-08-09 18:53 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-08-09 18:53 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-08-09 18:53 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-08-09 18:53 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-08-09 18:53 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-08-09 18:53 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-08-09 18:53 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-08-09 18:53 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-08-09 18:53 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-08-09 18:53 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-08-09 18:53 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-08-09 18:53 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-08-09 18:53 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-08-09 18:53 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-08-09 18:53 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-08-09 18:51 - 2017-08-09 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2017-08-09 18:30 - 2017-08-09 18:30 - 000000000 ____D C:\ProgramData\Steam
2017-08-09 18:20 - 2017-08-09 18:20 - 000000000 ____D C:\Program Files (x86)\2K Games
2017-08-09 18:12 - 2017-08-09 18:12 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Roaming\WinRAR
2017-08-09 18:10 - 2017-08-09 18:10 - 000850067 _____ (www.isoopener.com ) C:\Users\Carlos Mercado\Downloads\isoopener_setup.exe
2017-08-09 18:10 - 2017-08-09 18:10 - 000001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2017-08-09 18:10 - 2017-08-09 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO Opener
2017-08-09 18:10 - 2017-08-09 18:10 - 000000000 ____D C:\Program Files\WinRAR
2017-08-09 18:10 - 2017-08-09 18:10 - 000000000 ____D C:\Program Files (x86)\ISO Opener
2017-08-09 18:08 - 2017-08-09 18:08 - 002179856 _____ C:\Users\Carlos Mercado\Downloads\winrar-x64-540.exe
2017-08-09 14:24 - 2017-08-09 14:26 - 000000000 ____D C:\Users\Carlos Mercado\Documents\PruLife
2017-08-04 18:30 - 2017-08-04 18:30 - 000003560 _____ C:\Users\Carlos Mercado\Documents\MsCtfMonitor.xml
2017-08-04 18:11 - 2017-08-04 18:11 - 000000000 ___HD C:\$AV_ASW
2017-08-04 09:02 - 2017-08-04 09:02 - 000002888 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-08-04 09:02 - 2017-08-04 09:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-04 09:02 - 2017-08-04 09:02 - 000000000 ____D C:\Program Files\CCleaner
2017-08-04 09:00 - 2017-08-04 09:02 - 009747512 _____ (Piriform Ltd) C:\Users\Carlos Mercado\Downloads\ccsetup532.exe
2017-08-04 03:17 - 2017-08-09 18:12 - 000000000 ____D C:\Users\Carlos Mercado\Downloads\Sid Meiers Civilization V Complete Edition [MULTI10][PCDVD][TODOS LOS DLC][PROPHET][WwW.GamesTorrents.CoM]
2017-08-04 03:16 - 2017-08-04 03:16 - 000018042 _____ C:\Users\Carlos Mercado\Downloads\sid-meiers-civilization-v-complete-edition-multi10pcdvdtodos-los-dlcprophet.torrent
2017-08-04 03:11 - 2017-08-04 03:12 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\{EB22DD7E-CF8A-B1C6-A212-942E867A68B6}
2017-08-04 03:11 - 2017-08-04 03:11 - 000000344 __RSH C:\ProgramData\ntuser.pol
2017-08-04 03:10 - 2017-08-09 18:07 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Roaming\uTorrent
2017-08-04 03:10 - 2017-08-04 03:10 - 000000885 _____ C:\Users\Carlos Mercado\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-08-04 03:07 - 2017-08-04 03:07 - 001733104 _____ (BitTorrent Inc.) C:\Users\Carlos Mercado\Downloads\uTorrent.exe
2017-08-04 02:50 - 2017-08-10 08:39 - 001015880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-08-04 02:50 - 2017-08-10 08:39 - 000146704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-08-04 02:50 - 2017-08-09 14:20 - 000004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-08-04 02:50 - 2017-08-04 02:50 - 000061304 _____ () C:\Windows\system32\Drivers\lpsport.sys
2017-08-04 02:50 - 2017-08-04 02:50 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-08-04 02:50 - 2017-08-04 02:50 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Roaming\AVAST Software
2017-08-04 02:50 - 2017-08-04 02:50 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\CEF
2017-08-04 02:50 - 2017-08-04 02:49 - 000585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-08-04 02:50 - 2017-08-04 02:49 - 000361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-08-04 02:50 - 2017-08-04 02:49 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-08-04 02:50 - 2017-08-04 02:49 - 000320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-08-04 02:50 - 2017-08-04 02:49 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-08-04 02:50 - 2017-08-04 02:49 - 000198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-08-04 02:50 - 2017-08-04 02:49 - 000110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-08-04 02:50 - 2017-08-04 02:49 - 000084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-08-04 02:50 - 2017-08-04 02:49 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-08-04 02:50 - 2017-08-04 02:49 - 000046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-08-04 02:49 - 2017-08-04 02:49 - 000400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-08-04 02:39 - 2017-08-04 02:39 - 000003394 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3414011529-3657276367-320515580-1001
2017-08-04 02:38 - 2017-08-04 02:39 - 006654960 _____ (AVAST Software) C:\Users\Carlos Mercado\Downloads\avast_free_antivirus_setup_online_cnet_1.exe
2017-08-04 02:38 - 2017-08-04 02:38 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Roaming\Skype
2017-08-04 01:50 - 2017-08-04 01:50 - 000003584 _____ C:\Windows\SECOH-QAD.dll
2017-08-04 01:50 - 2017-08-04 01:50 - 000003494 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2017-08-04 01:50 - 2017-08-04 01:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-08-04 01:49 - 2017-08-11 01:16 - 000000000 ____D C:\Program Files\KMSpico
2017-08-04 01:49 - 2017-08-04 01:49 - 000003916 _____ C:\Windows\System32\Tasks\Optimize Thumbnail Cache Files
2017-08-04 01:49 - 2017-08-04 01:49 - 000003464 _____ C:\Windows\System32\Tasks\InstallShield® Update Service Scheduler
2017-08-04 01:49 - 2010-12-06 10:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2017-08-04 01:48 - 2017-08-04 01:48 - 003864960 _____ (@ByELDI ) C:\Users\Carlos Mercado\Downloads\KMSpico_setup.exe
2017-08-04 01:45 - 2017-08-04 01:47 - 000306131 _____ (@ByELDI ) C:\Users\Carlos Mercado\Downloads\Unconfirmed 872304.crdownload
2017-08-04 01:25 - 2016-11-01 20:14 - 000112152 _____ C:\Windows\SysWOW64\libGLESv2.dll
2017-08-04 01:25 - 2016-11-01 20:14 - 000101400 _____ C:\Windows\SysWOW64\libGLESv1_CM.dll
2017-08-04 01:25 - 2016-11-01 20:12 - 000113696 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2017-08-04 01:25 - 2016-11-01 20:11 - 000271392 _____ C:\Windows\system32\igfxCPL.cpl
2017-08-04 01:25 - 2016-11-01 20:02 - 000104472 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2017-08-04 01:25 - 2016-11-01 19:28 - 000560260 _____ C:\Windows\system32\cp_resources.bin
2017-08-04 01:20 - 2016-11-01 15:59 - 000821224 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2017-08-04 01:19 - 2017-08-04 01:19 - 000000000 ____D C:\Windows\SysWOW64\sda
2017-08-04 01:19 - 2017-08-03 18:20 - 000000000 ____D C:\Intel
2017-08-04 01:16 - 2017-08-03 19:37 - 000000000 ____D C:\ProgramData\Realtek
2017-08-04 01:11 - 2017-08-04 01:11 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-04 01:11 - 2017-08-03 18:42 - 000000000 ____D C:\Program Files\Intel
2017-08-04 01:08 - 2017-08-03 18:36 - 000000000 ____D C:\Windows\Log
2017-08-04 01:02 - 2017-08-03 22:31 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\MicrosoftEdge
2017-08-04 01:00 - 2017-08-04 01:48 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\Comms
2017-08-04 00:08 - 2017-08-04 00:08 - 000000933 _____ C:\Users\Carlos Mercado\Documents\Proposal-trascribe.txt
2017-08-03 23:32 - 2017-08-04 01:24 - 000565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-08-03 23:27 - 2017-08-03 23:27 - 000001855 _____ C:\Users\Carlos Mercado\Documents\Proposal2.txt
2017-08-03 23:21 - 2017-08-03 23:21 - 000001410 _____ C:\Users\Carlos Mercado\Documents\Proposal.txt
2017-08-03 23:09 - 2017-08-04 08:58 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\Google
2017-08-03 23:00 - 2017-08-03 23:00 - 000002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-03 22:33 - 2017-08-03 23:00 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-03 20:43 - 2017-08-03 20:43 - 000000000 ____D C:\Program Files\AVAST Software
2017-08-03 20:30 - 2017-08-04 05:13 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-03 20:05 - 2017-08-03 19:10 - 000000000 ____D C:\Windows\Panther
2017-08-03 20:02 - 2017-08-03 20:02 - 000002534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-08-03 20:02 - 2017-08-03 20:02 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-08-03 20:02 - 2017-08-03 20:02 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-08-03 20:02 - 2017-08-03 20:02 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-08-03 20:02 - 2017-08-03 20:02 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-08-03 20:02 - 2017-08-03 20:02 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-08-03 20:02 - 2017-08-03 20:02 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-08-03 20:02 - 2017-08-03 20:02 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-08-03 20:02 - 2017-08-03 20:02 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-08-03 20:02 - 2017-08-03 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-08-03 19:59 - 2017-08-03 22:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-03 19:59 - 2017-08-03 19:59 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-08-03 19:52 - 2017-08-03 22:28 - 000000000 ____D C:\ProgramData\USBChargerPlus
2017-08-03 19:47 - 2017-08-03 19:47 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\Downloaded Installations
2017-08-03 19:47 - 2017-08-03 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2017-08-03 19:47 - 2017-08-03 19:47 - 000000000 ____D C:\Program Files (x86)\ICEpower
2017-08-03 19:46 - 2017-08-03 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-08-03 19:46 - 2017-08-03 19:46 - 000000000 ____D C:\eSupport
2017-08-03 19:41 - 2017-08-03 19:50 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-08-03 19:41 - 2016-09-13 09:50 - 000016916 _____ C:\Windows\rtl8821c_mp_chip_bt40_fw_asic_rom_patch_new.dll
2017-08-03 19:41 - 2016-09-13 09:50 - 000000952 _____ C:\Windows\PidVid_List.dll
2017-08-03 19:37 - 2016-01-19 15:18 - 000004216 _____ C:\Windows\PidVid_List.txt
2017-08-03 19:27 - 2016-10-18 20:46 - 000943112 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2017-08-03 19:27 - 2016-10-18 20:42 - 000082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-08-03 19:21 - 2017-08-03 19:21 - 000000000 ____D C:\ProgramData\USOShared
2017-08-03 19:19 - 2017-08-04 02:39 - 000002390 _____ C:\Users\Carlos Mercado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-08-03 19:19 - 2017-08-04 02:39 - 000000000 ___RD C:\Users\Carlos Mercado\OneDrive
2017-08-03 19:18 - 2017-08-03 19:18 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-08-03 19:17 - 2017-08-03 19:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-03 19:17 - 2017-08-03 19:17 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\Publishers
2017-08-03 19:16 - 2017-08-12 10:26 - 000000000 ____D C:\Users\Carlos Mercado
2017-08-03 19:16 - 2017-08-11 18:54 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\ConnectedDevicesPlatform
2017-08-03 19:16 - 2017-08-11 13:50 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\Packages
2017-08-03 19:16 - 2017-08-10 22:11 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Roaming\Adobe
2017-08-03 19:16 - 2017-08-03 19:16 - 000000020 ___SH C:\Users\Carlos Mercado\ntuser.ini
2017-08-03 19:16 - 2017-08-03 19:16 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\VirtualStore
2017-08-03 19:16 - 2017-08-03 19:16 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\TileDataLayer
2017-08-03 19:15 - 2017-08-12 13:31 - 001266906 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-03 19:13 - 2017-08-03 19:13 - 000000000 ____D C:\Windows\CSC
2017-08-03 19:13 - 2017-03-19 04:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-08-03 19:11 - 2017-08-03 19:11 - 000000000 _SHDL C:\Documents and Settings
2017-08-03 19:07 - 2017-08-03 19:07 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-08-03 19:06 - 2017-08-12 15:06 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-08-03 19:06 - 2017-08-11 13:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-03 19:06 - 2017-08-11 13:24 - 000383720 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-03 19:06 - 2017-08-03 19:06 - 000000000 ____D C:\Windows\ServiceProfiles
2017-08-03 18:54 - 2017-08-03 18:54 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-08-03 18:54 - 2017-08-03 18:54 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2017-08-03 18:54 - 2017-08-03 18:54 - 000000000 ____D C:\Windows\system32\DAX2
2017-08-03 18:54 - 2017-08-03 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2017-08-03 18:54 - 2017-08-03 18:54 - 000000000 ____D C:\Program Files\Realtek
2017-08-03 18:53 - 2016-09-02 14:13 - 007019638 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-08-03 18:53 - 2016-09-02 14:13 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2017-08-03 18:53 - 2016-09-02 14:13 - 005303304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2017-08-03 18:53 - 2016-09-02 14:13 - 003299824 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 003283248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 003203592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 003133848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 002895104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-08-03 18:53 - 2016-09-02 14:13 - 002775352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 002706864 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 002203752 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 002190992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 002110600 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 002071592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 001920820 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2017-08-03 18:53 - 2016-09-02 14:13 - 001435144 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 001382240 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 001360520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 001041744 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 001001800 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000965032 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000962136 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000873464 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000864352 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000858200 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000854032 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000725944 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000601152 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000498648 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000467160 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000447184 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000381416 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000341152 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000341152 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000258864 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000231920 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000221968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000209536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000192984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000158696 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000105312 _____ C:\Windows\system32\audioLibVc.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000090920 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000088328 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000083632 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000075544 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2017-08-03 18:53 - 2016-09-02 14:13 - 000023696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 072520720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2017-08-03 18:52 - 2016-09-02 14:13 - 014057256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 013122584 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 012988352 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 007172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 006374320 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 005793528 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 005593616 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 002825104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 002050184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 001422928 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 001334384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 001213664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 001186840 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 001166160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 001003864 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 000999856 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 000931624 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 000923744 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 000678184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 000677672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 000618192 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 000447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 000330560 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 000151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 000134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2017-08-03 18:52 - 2016-09-02 14:13 - 000084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 010534696 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 007096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 006264640 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 005341352 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 003291320 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 002439048 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 001780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 001591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 001508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 001115144 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000514528 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000500560 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000472312 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000445400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000428232 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000416512 _____ (Harman) C:\Windows\system32\HMUI.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000372744 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000366128 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000362056 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000360352 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000203848 _____ (Harman) C:\Windows\system32\HMHVS.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000190944 _____ (Harman) C:\Windows\system32\HMEQ.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000190936 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000179600 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2017-08-03 18:51 - 2016-09-02 14:13 - 000154368 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2017-08-03 18:50 - 2017-08-03 19:41 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-08-03 18:50 - 2017-08-03 19:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-03 18:50 - 2017-08-03 18:54 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-08-03 18:50 - 2016-09-02 14:13 - 001965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2017-08-03 18:50 - 2016-09-02 14:13 - 001959608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2017-08-03 18:50 - 2016-09-02 14:13 - 001618032 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2017-08-03 18:50 - 2016-09-02 14:13 - 001529144 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll
2017-08-03 18:50 - 2016-09-02 14:13 - 000574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2017-08-03 18:50 - 2016-09-02 14:13 - 000327464 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2017-08-03 18:50 - 2016-09-02 14:13 - 000310424 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2017-08-03 18:50 - 2016-09-02 14:13 - 000272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2017-08-03 18:50 - 2016-09-02 14:13 - 000122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-08-03 18:50 - 2016-09-02 14:13 - 000118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2017-08-03 18:50 - 2016-09-02 14:13 - 000118592 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2017-08-03 18:50 - 2016-04-11 13:38 - 002838232 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-08-03 18:42 - 2017-08-03 18:42 - 000000000 ____D C:\Users\Carlos Mercado\Intel
2017-08-03 18:42 - 2017-08-03 18:42 - 000000000 ____D C:\ProgramData\Intel
2017-08-03 18:36 - 2017-08-03 19:27 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\NVIDIA Corporation
2017-08-03 18:36 - 2016-04-06 09:18 - 001468416 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2017-08-03 18:31 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-08-03 18:31 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-08-03 18:31 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-08-03 18:31 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-08-03 18:31 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-08-03 18:31 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-08-03 18:30 - 2017-08-03 19:26 - 000000000 ____D C:\Users\Carlos Mercado\AppData\Local\NVIDIA
2017-08-03 18:30 - 2017-08-03 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-03 18:30 - 2016-08-04 03:25 - 000113208 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-08-03 18:30 - 2016-08-04 03:25 - 000102968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-08-03 18:30 - 2016-08-04 03:25 - 000056376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-08-03 18:30 - 2016-06-14 13:01 - 001767944 ____R (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-08-03 18:30 - 2016-06-14 13:01 - 001756424 ____R (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-08-03 18:30 - 2016-06-14 13:01 - 001377800 ____R (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-08-03 18:30 - 2016-06-14 13:01 - 001316184 ____R (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-08-03 18:30 - 2016-06-14 13:01 - 000112216 ____R C:\Windows\system32\NvRtmpStreamer64.dll
2017-08-03 18:29 - 2017-08-11 13:30 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-03 18:29 - 2017-08-03 19:26 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-03 18:29 - 2017-08-03 18:30 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-03 18:29 - 2017-08-03 18:29 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-03 18:29 - 2016-10-21 13:20 - 006385720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-08-03 18:29 - 2016-10-21 13:20 - 002475576 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-08-03 18:29 - 2016-10-21 13:20 - 001764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-08-03 18:29 - 2016-10-21 13:20 - 001362368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2017-08-03 18:29 - 2016-10-21 13:20 - 000548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-08-03 18:29 - 2016-10-21 13:20 - 000393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-08-03 18:29 - 2016-10-21 13:20 - 000081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-08-03 18:29 - 2016-10-21 13:20 - 000069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-08-03 18:29 - 2016-10-21 12:59 - 000133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-08-03 18:29 - 2016-10-21 00:22 - 001937464 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437319.dll
2017-08-03 18:29 - 2016-10-21 00:22 - 001585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437319.dll
2017-08-03 18:29 - 2016-10-21 00:22 - 000041033 _____ C:\Windows\system32\nvinfo.pb
2017-08-03 18:29 - 2016-10-21 00:22 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-08-03 18:29 - 2016-10-21 00:22 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2017-08-03 18:29 - 2016-10-20 08:47 - 007500035 _____ C:\Windows\system32\nvcoproc.bin
2017-08-03 18:29 - 2016-09-10 02:25 - 000269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-08-03 18:29 - 2016-09-10 02:25 - 000261920 _____ C:\Windows\system32\vulkan-1.dll
2017-08-03 18:29 - 2016-09-10 02:25 - 000110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-08-03 18:29 - 2016-09-10 02:24 - 000125216 _____ C:\Windows\system32\vulkaninfo.exe
2017-08-03 18:27 - 2016-10-21 00:22 - 040068544 _____ C:\Windows\system32\nvcompiler.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 035182648 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 034849848 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 028244416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 010868472 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 010755648 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 010295744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 009099192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 008877992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 008693568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 003914744 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 003457584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 002912704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 002549696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 001019328 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000957376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000942528 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000893376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000802584 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000801560 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000644112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000642576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000578240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000394704 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-08-03 18:27 - 2016-10-21 00:22 - 000327224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-08-03 18:25 - 2017-08-03 18:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-03 18:25 - 2016-11-01 20:02 - 000141344 _____ C:\Windows\SysWOW64\libEGL.dll
2017-08-03 18:24 - 2017-08-03 18:24 - 000018872 _____ C:\Windows\system32\results.xml
2017-08-03 18:20 - 2017-08-12 10:03 - 000000000 __SHD C:\Users\Carlos Mercado\IntelGraphicsProfiles
2017-08-03 18:20 - 2017-08-03 18:20 - 000000000 ____D C:\Program Files (x86)\Intel
2017-08-03 18:20 - 2017-08-03 18:20 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2017-08-03 18:20 - 2016-11-01 20:12 - 000113696 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-12 13:30 - 2017-03-19 05:01 - 000000000 ____D C:\Windows\INF
2017-08-11 13:29 - 2017-03-18 19:40 - 000524288 _____ C:\Windows\system32\config\BBI
2017-08-10 22:49 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\system32\NDF
2017-08-09 19:03 - 2017-03-19 04:51 - 000000000 ____D C:\Windows\CbsTemp
2017-08-04 18:14 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\AppReadiness
2017-08-04 09:03 - 2017-03-19 05:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-04 03:11 - 2017-03-19 05:03 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-08-04 03:11 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-08-03 20:10 - 2017-03-19 05:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-03 20:05 - 2017-03-19 05:03 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2017-08-03 19:59 - 2017-03-19 05:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-03 19:21 - 2017-03-19 05:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-08-03 19:13 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2017-08-03 19:13 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\system32\spool
2017-08-03 19:13 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-08-03 19:13 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\rescache
2017-08-03 19:09 - 2017-03-18 19:40 - 000000000 ____D C:\Windows\system32\Sysprep
2017-08-03 19:07 - 2017-03-19 10:31 - 000000000 ____D C:\Windows\HoloShell
2017-08-03 19:07 - 2017-03-19 05:03 - 000000000 ___RD C:\Windows\PrintDialog
2017-08-03 19:07 - 2017-03-19 05:03 - 000000000 ___RD C:\Windows\MiracastView
2017-08-03 19:07 - 2017-03-19 05:03 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2017-08-03 19:07 - 2017-03-18 19:40 - 000032768 _____ C:\Windows\system32\config\ELAM
2017-08-03 18:29 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\Help
 
==================== Files in the root of some directories =======
 
2017-08-03 18:54 - 2017-08-03 18:54 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-03 19:06
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 12 August 2017 - 08:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM-x32] => Proxy is enabled.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtAtCtGyEtA0Azz... (long line)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtA... (long line)
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2... (long line)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCy... (long line)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtAtC... (long line)
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzy... (long line)
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtA... (long line)
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (Avast Online Security) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-03]
CHR Extension: (Chrome Media Router) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-03]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3414011529-3657276367-320515580-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3414011529-3657276367-320515580-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please let me know what problem persists with this computer.

Please post the Fixlog.txt and include the Addition.txt log that was created by the Farbar tool for my review.

#3 cbfmercado

cbfmercado
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 17 August 2017 - 01:26 AM

Thank you and sorry for my late reply. here is the fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
Ran by Carlos Mercado (17-08-2017 14:16:07) Run:1
Running from C:\Users\Carlos Mercado\Downloads
Loaded Profiles: Carlos Mercado (Available Profiles: Carlos Mercado)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:
 
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM-x32] => Proxy is enabled.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtAtCtGyEtA0Azz... (long line)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtA... (long line)
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2... (long line)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCy... (long line)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtAtAtC... (long line)
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzy... (long line)
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_btrnt_17_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzzzz0DyB0FyCzy0CyCtCzytD0ByDzzzztN0D0Tzu0StBtDyEtCtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StD0CzzyD0FyC0DtDtGtCtD0EtAtGzzzyyCtDtGyDzztD0EtGyEyB0AtAyByCyD0CtAzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtDzzyEyCyDtAtG0EtA... (long line)
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (Avast Online Security) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-03]
CHR Extension: (Chrome Media Router) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-03]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3414011529-3657276367-320515580-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3414011529-3657276367-320515580-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Extension: (Avast Online Security) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-08-04] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-03] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Carlos Mercado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-03] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => key removed successfully
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => key removed successfully
HKLM\System\CurrentControlSet\Services\Service KMSELDI => key removed successfully
Service KMSELDI => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11643016 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 8713696 B
Edge => 51002131 B
Chrome => 496340948 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 13180 B
NetworkService => 7124 B
Carlos Mercado => 310410862 B
 
RecycleBin => 230658 B
EmptyTemp: => 845.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:17:00 ====
 
 
 
and here is the addition.txt
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
Ran by Carlos Mercado (17-08-2017 14:15:29)
Running from C:\Users\Carlos Mercado\Downloads
Windows 10 Pro Version 1703 (X64) (2017-08-03 11:12:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3414011529-3657276367-320515580-500 - Administrator - Disabled)
Carlos Mercado (S-1-5-21-3414011529-3657276367-320515580-1001 - Administrator - Enabled) => C:\Users\Carlos Mercado
DefaultAccount (S-1-5-21-3414011529-3657276367-320515580-503 - Limited - Disabled)
Guest (S-1-5-21-3414011529-3657276367-320515580-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3414011529-3657276367-320515580-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.14 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.8 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0049 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.2.9 - ICEpower a/s)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4541 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
ISO Opener (HKLM-x32\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version:  - www.isoopener.com)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3414011529-3657276367-320515580-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 373.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 373.19 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 373.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 373.19 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.4.887.091316 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.29093 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7926 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Sid Meier's Civilization V_is1) (Version:  - )
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-04] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-04] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-04] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d7080f4aa4390fde\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-10-21] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-04] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0384247F-2EF2-430F-8A3C-CEBFC6EF5399} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-08-04] (AVAST Software)
Task: {3E9A8599-2460-4BB1-B3A5-2F3744F25825} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-20] (Adobe Systems Incorporated)
Task: {3FF3A9E3-072B-4D44-93FB-A74EB72CF433} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {8ABDA0D6-F123-41DD-9BF4-E0BD01C0A06D} - System32\Tasks\Optimize Thumbnail Cache Files => wscript.exe //nologo //E:jscript //B "C:\ProgramData\InstallShield\Update\isuspm.ini" <==== ATTENTION
Task: {90682A27-545F-43C5-B096-3C4C04E551FB} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {933A69F2-E4E5-4BA7-A905-424A4B131721} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe [2017-02-16] (InstallShield®)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-08-03 19:59 - 2015-08-16 00:21 - 000162880 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2017-08-03 18:29 - 2016-10-21 13:20 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-19 04:58 - 2017-03-19 04:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-08-03 20:02 - 2017-08-03 20:02 - 008901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-19 04:59 - 2017-03-19 10:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-03 23:41 - 2017-08-04 00:01 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-03 23:41 - 2017-08-04 00:01 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-03 23:41 - 2017-08-04 00:02 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-03 23:41 - 2017-08-04 00:01 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-08-03 22:44 - 2017-08-03 22:46 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-08-04 00:42 - 2017-08-04 01:26 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-08-04 00:42 - 2017-08-04 00:45 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-08-04 00:04 - 2017-08-04 00:10 - 024054272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17062.12911.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-08-04 00:04 - 2017-08-04 00:10 - 009161728 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17062.12911.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-08-03 23:14 - 2017-08-03 23:16 - 003500456 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17062.12911.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-08-03 23:00 - 2017-08-02 15:39 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-03 23:00 - 2017-08-02 15:39 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
2017-03-19 04:59 - 2017-03-19 10:31 - 004124576 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-03-19 04:59 - 2017-03-19 10:31 - 002487712 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2017-08-03 18:30 - 2016-06-14 13:03 - 000018880 ____R () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-08-04 02:49 - 2017-08-04 02:49 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-08-04 02:49 - 2017-08-04 02:49 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-08-04 02:49 - 2017-08-04 02:49 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-08-04 02:49 - 2017-08-04 02:49 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-08-04 02:49 - 2017-08-04 02:49 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-08-04 02:49 - 2017-08-04 02:49 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-08-04 02:49 - 2017-08-04 02:49 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-19 05:03 - 2017-03-19 05:01 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1E99ED18-4C17-44AA-9505-D83E51A17338}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{81154E61-26EB-4B31-AB07-653484020A41}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{48B735E5-7CCD-47E3-9F7F-29CF2D34A591}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FE6C799A-6D23-4BB6-993C-AEFA1CA17E2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9323EFE7-E3FA-45E8-BCEF-979D7615A2C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{333D856E-78D7-4D74-B5E5-6A07D97B7E20}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{36B06503-A91A-47AC-B210-2A85DB03E298}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C6D06735-5646-48B4-A6FE-961F810B0F8D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{45C9EE58-A8CF-4A04-9117-0ACF008382B8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8B62F0A3-5950-400C-97FC-E118B1B47A1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9C9741BA-DB97-41EA-9DEF-21EA4FB41C6F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3E99D39D-7FC2-4BEF-A223-1BD4D0196BB5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1DBE4A2C-900C-4E06-A3DD-78B4C7AD28E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BAC73EC7-3D7A-4614-96CC-911AF640F7ED}] => (Allow) C:\Users\Carlos Mercado\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{85AA90CE-3281-4FD1-8CD4-1FA6E5732681}] => (Allow) C:\Users\Carlos Mercado\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4725B008-3169-4C30-874B-B9CD512C1D64}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
FirewallRules: [{8E01B224-3EDA-48BA-937E-012606B93DA4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
FirewallRules: [{39916401-ADAF-49F5-8144-21032F364F72}] => (Allow) LPort=1688
FirewallRules: [{2826CF4C-3648-49FE-AAA7-4B34018CCB24}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{E85766F9-1646-49DC-887C-5533EA5312BC}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{F09B0860-FD91-4D2A-B004-D30C997BF533}C:\nba 2k17\nba2k17.exe] => (Allow) C:\nba 2k17\nba2k17.exe
FirewallRules: [UDP Query User{F3A67C92-4277-48C0-88BF-10B84773E49F}C:\nba 2k17\nba2k17.exe] => (Allow) C:\nba 2k17\nba2k17.exe
FirewallRules: [TCP Query User{EEA21CDB-348A-47F2-99B5-88295C830B7C}C:\nba 2k17\nba2k17.exe] => (Allow) C:\nba 2k17\nba2k17.exe
FirewallRules: [UDP Query User{A5B224B5-FA2C-44AE-B353-451D8EAA8B77}C:\nba 2k17\nba2k17.exe] => (Allow) C:\nba 2k17\nba2k17.exe
 
==================== Restore Points =========================
 
03-08-2017 18:30:48 Installed DirectX
04-08-2017 01:09:19 Windows Update
09-08-2017 18:53:11 Windows Modules Installer
16-08-2017 16:54:49 Installed DirectX
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/17/2017 02:15:24 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-03T10:01:24Z. Error Code: 0x80070002.
 
Error: (08/17/2017 02:14:54 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-03T10:00:54Z. Error Code: 0x80070002.
 
Error: (08/17/2017 02:14:24 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-03T10:01:24Z. Error Code: 0x80070002.
 
Error: (08/17/2017 02:13:54 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-03T10:00:54Z. Error Code: 0x80070002.
 
Error: (08/17/2017 02:13:24 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-03T10:01:24Z. Error Code: 0x80070002.
 
Error: (08/17/2017 02:12:54 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-03T10:00:54Z. Error Code: 0x80070002.
 
Error: (08/17/2017 02:12:24 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-03T10:01:24Z. Error Code: 0x80070002.
 
Error: (08/17/2017 02:11:54 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-03T10:00:54Z. Error Code: 0x80070002.
 
Error: (08/17/2017 02:11:24 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-03T10:01:24Z. Error Code: 0x80070002.
 
Error: (08/17/2017 02:10:54 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2017-09-03T10:00:54Z. Error Code: 0x80070002.
 
 
System errors:
=============
Error: (08/17/2017 01:45:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/17/2017 09:11:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/17/2017 09:11:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/17/2017 08:51:24 AM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
 
Error: (08/16/2017 06:01:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/16/2017 06:01:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/16/2017 05:51:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NvStreamSvc service to connect.
 
Error: (08/16/2017 05:51:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service KMSELDI service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (08/16/2017 05:51:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (08/16/2017 05:50:55 PM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-03 19:07:05.540
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_92fec793fc7cbb67\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 60%
Total physical RAM: 3977.26 MB
Available physical RAM: 1575.18 MB
Total Virtual: 7836.23 MB
Available Virtual: 4392.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.02 GB) (Free:815.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C0277865)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 17 August 2017 - 07:19 AM

Hi,
===
Remove these programs in bold via the Control Panel > Programs > Programs and Features.

KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {90682A27-545F-43C5-B096-3C4C04E551FB} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {933A69F2-E4E5-4BA7-A905-424A4B131721} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe [2017-02-16] (InstallShield®)
C:\Windows\System32\Tasks\AutoPico Daily Restart
C:\Program Files\KMSpico
C:\Windows\System32\Tasks\InstallShield® Update Service Scheduler
 C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer runnng now?

#5 cbfmercado

cbfmercado
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 17 August 2017 - 09:56 AM

Here's the result. I still couldnt access the internet :(

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
Ran by Carlos Mercado (17-08-2017 22:49:21) Run:2
Running from C:\Users\Carlos Mercado\Downloads
Loaded Profiles: Carlos Mercado (Available Profiles: Carlos Mercado)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {90682A27-545F-43C5-B096-3C4C04E551FB} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {933A69F2-E4E5-4BA7-A905-424A4B131721} - System32\Tasks\InstallShield� Update Service Scheduler => C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe [2017-02-16] (InstallShield�)
C:\Windows\System32\Tasks\AutoPico Daily Restart
C:\Program Files\KMSpico
C:\Windows\System32\Tasks\InstallShield� Update Service Scheduler
C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90682A27-545F-43C5-B096-3C4C04E551FB} => key not found.
C:\Windows\System32\Tasks\AutoPico Daily Restart => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{933A69F2-E4E5-4BA7-A905-424A4B131721} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{933A69F2-E4E5-4BA7-A905-424A4B131721} => key removed successfully
C:\Windows\System32\Tasks\InstallShield® Update Service Scheduler => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\InstallShield® Update Service Scheduler => key removed successfully
"C:\Windows\System32\Tasks\AutoPico Daily Restart" => not found.
C:\Program Files\KMSpico => moved successfully
"C:\Windows\System32\Tasks\InstallShield® Update Service Scheduler" => not found.
C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5311626 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 14904 B
Edge => 0 B
Chrome => 332075706 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 822 B
NetworkService => 0 B
Carlos Mercado => 73498574 B

RecycleBin => 0 B
EmptyTemp: => 399.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:50:01 ====

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 17 August 2017 - 12:32 PM

Hi,
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
RemoveProxy:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is it now?

#7 cbfmercado

cbfmercado
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 18 August 2017 - 12:16 AM

THAT DID IT! Finally! Replying via my laptop now :)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-08-2017
Ran by Carlos Mercado (18-08-2017 09:21:25) Run:3
Running from C:\Users\Carlos Mercado\Downloads
Loaded Profiles: Carlos Mercado (Available Profiles: Carlos Mercado)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
RemoveProxy:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 1 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 1:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::3c9f:2eeb:cfd:bd32%3
   Default Gateway . . . . . . . . . : fe80::1%3
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 11:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:382e:5be6:4b40:a448
   Link-local IPv6 Address . . . . . : fe80::382e:5be6:4b40:a448%7
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 1 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 1:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::3c9f:2eeb:cfd:bd32%3
   IPv4 Address. . . . . . . . . . . : 192.168.254.102
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::1%3
                                       192.168.254.254
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 11:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:382e:5be6:4b40:a448
   Link-local IPv6 Address . . . . . : fe80::382e:5be6:4b40:a448%7
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset c:\resetlog.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{158CEDB2-2D5F-4654-A346-6CB64FCEF527} canceled.
{8385BD86-02DA-4889-B3F4-D97195CBF301} canceled.
{988EBC2C-3681-400B-B0F4-BEDB995CC1BD} canceled.
{FD7BBAF1-0232-4ED6-82EF-CF53B2C59F7B} canceled.
{E8ABE437-B3AA-4A87-9309-A7B8116F9B41} canceled.
5 out of 5 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3414011529-3657276367-320515580-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 09:22:00 ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 18 August 2017 - 06:54 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users