User Tag List

dds logs.

This is a discussion on dds logs. within the Resolved HJT Threads forums, part of the Tech Support Forum category. The log. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.10586.20 BrowserJavaVersion: 10.21.2 Run by Joaqu?n Jimenez at 16:55:36 on 2016-06-05 Microsoft


 
 
Thread Tools Search this Thread
Old 06-05-2016, 01:26 PM   #1
Registered Member
 
Join Date: Jun 2016
Posts: 30
OS: Windows 10



The log.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20 BrowserJavaVersion: 10.21.2
Run by Joaqu?n Jimenez at 16:55:36 on 2016-06-05
Microsoft Windows 10 Home 10.0.10586.0.1252.800.1033.18.8092.5846 [GMT -3:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\SysWOW64\svchost.exe -k kuaizipupdatesvc
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\WINDOWS\system32\sihost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\wscript.exe
C:\Windows\DAODx.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Joaqu?n Jimenez\AppData\Roaming\ContentPush\ContentPush.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\SysWOW64\DllHost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Users\Joaqu?n Jimenez\Desktop\dds.scr
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hao123.com/?tn=90820167_hao_pg
mStart Page = hxxp://www.hao123.com/?tn=90820167_hao_pg
uProxyOverride = <local>
mWinlogon: Userinit = wscript C:\WINDOWS\run.vbs,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Arc\plugins\ArcPluginIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [uTorrent] "C:\Users\Joaqu?n Jimenez\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Dxtory Update Checker 2.0] C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [EvolveClient] "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
uRun: [Akamai NetSession Interface] "C:\Users\Joaqu?n Jimenez\AppData\Local\Akamai\netsession_win.exe"
uRun: [OscarEditor] "C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe" Minimum
uRun: [OscarKeyboard] "C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe" Minimum
uRun: [OneDrive] "C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [MurGee.com Auto Clicker] C:\Users\Joaqu?n Jimenez\AppData\Roaming\Auto Clicker\AutoClicker.exe :silent
uRun: [Chromium] "c:\users\joaqu?n jimenez\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
uRun: [Installer] C:\WINDOWS\Temp\A070.tmp /autorun
uRun: [osmsg] C:\ProgramData\WindowsMsg\osmsg.exe /AUTORUN
uRun: [QGuan90132] C:\Users\Joaqu?n Jimenez\AppData\Roaming\service90132.exe /autorun
uRun: [msiql] C:\Users\Joaqu?n Jimenez\AppData\Roaming\msiql.exe /RUNNING
uRunOnce: [Uninstall C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
uRunOnce: [Uninstall C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
uRunOnce: [Uninstall C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
uRunOnce: [Uninstall C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
uRunOnce: [Uninstall C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
uRunOnce: [Uninstall C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
uRunOnce: [Uninstall C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
uRunOnce: [Uninstall C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
uRunOnce: [Uninstall C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
uRunOnce: [Uninstall C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] C:\WINDOWS\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
mRun: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SteelSeries World of Warcraft MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe"
mRun: [Arc] C:\Program Files (x86)\Arc\ArcLauncher.exe /autorun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
mRun: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe" /regrun
StartupFolder: C:\Users\JOAQUN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: EnableSmartScreen = dword:0
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
TCP: Interfaces\{652c6e00-a1db-451e-8d8b-684ae10deab9} : DHCPNameServer = 190.55.60.129 181.47.248.145 200.115.192.28
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = hxxps://ar.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_22&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dar%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzytCyB0EzzyBzytB0AtD0CtN0D0Tzu0StCyCtCyBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyDyC0CtCtC0AyC0BtGyEtBtAtBtGzztD0D0AtGtA0CyD0DtGtAtAyCtCyCyByCtDzzzz0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0EyD0AtC0D0FtCtG0BtC0F0AtGyEzyyC0EtGzzyEyB0AtGzzyDzzyBtA0ByDyB0D0B0FyB2QtN0A0LzuyE%26cr%3D1934756008%26a%3Dwbf_fs_16_22%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
x64-mWinlogon: Userinit = wscript C:\WINDOWS\run.vbs,
x64-BHO: ?????????: {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-mPolicies-Explorer: EnableShellExecuteHooks = dword:1
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: <No Name> - {98C066AB-D735-4339-9E52-A34875141B56} - C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft\Windows\INetCookies\kunecult.dll
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DERNPXGHHP;askProtect;C:\WINDOWS\System32\drivers\askProtect64.sys [2016-6-5 208776]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-5-10 87552]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\WINDOWS\System32\drivers\ndisrd.sys [2015-10-4 32840]
R1 QMUdisk;tencent QMUdisk;C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [2016-6-5 184952]
R1 softaal;softaal;C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\SoftAAL64.sys [2016-6-5 44664]
R1 TSSysKit;TSSysKit;C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys [2016-6-5 96888]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2015-10-4 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2015-10-4 951936]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-10-3 1165368]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2016-2-9 9728]
R2 KuaiZipDrive;KuaiZipDrive;C:\WINDOWS\System32\drivers\KuaiZipDrive.sys [2016-6-5 92872]
R2 KuaizipUpdateChecker;KuaizipUpdateChecker;C:\WINDOWS\System32\svchost.exe -k kuaizipupdatesvc [2015-10-30 43944]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2016-5-6 419248]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-10-3 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-10-3 2522680]
R2 QQPCRTP;QQPCMgr RTP Service;C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [2016-6-5 313936]
R2 QQSysMonX64;QQSysMonX64;C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys [2016-6-5 154744]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-5-25 426040]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 TAOKernelDriver;Tencent Auto Optimize Platform.;C:\WINDOWS\System32\drivers\TAOKernelEx64.sys [2016-6-5 143992]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 tsnethlpx64;TsNetHlpX64.sys;C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [2016-6-5 57976]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\WINDOWS\System32\drivers\evolve.sys [2015-10-11 21656]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\WINDOWS\System32\drivers\MijXfilt.sys [2015-9-12 121416]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-10-3 28216]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-10-3 3634232]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2015-10-3 56384]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2015-9-6 816344]
R3 ScpVBus;Scp Virtual Bus Driver;C:\WINDOWS\System32\drivers\ScpVBus.sys [2015-9-12 39168]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 TAOAccelerator;Tencent TAOAccelerator driver.;C:\WINDOWS\System32\drivers\TAOAccelerator64.sys [2016-6-5 99480]
R3 TFsFlt;TFsFlt;C:\WINDOWS\System32\drivers\TFsFltX64.sys [2016-6-5 97400]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
R4 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2015-9-6 283064]
S1 TSDefenseBt;TSDefenseBt;C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsDefenseBT64.sys [2016-6-5 28984]
S2 ADSkipSvc;ADSkip Host Service;C:\Program Files (x86)\ADSKIP\ADSkipSvc.exe --> C:\Program Files (x86)\ADSKIP\ADSkipSvc.exe [?]
S2 doroghtshejasmoduleservice;Doroghtshejas Module;"C:\Program Files (x86)\Doroghtshejas\doroghtshejasmoduleservice.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} --> C:\Program Files (x86)\Doroghtshejas\doroghtshejasmoduleservice.html5 [?]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 dowidoly;Renew Single Click;C:\Program Files (x86)\830E6920-1465117080-11DC-BF61-1C872C58655B\jnsp7CF5.tmp --> C:\Program Files (x86)\830E6920-1465117080-11DC-BF61-1C872C58655B\jnsp7CF5.tmp [?]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2016-5-6 2552840]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 ProntSpooler;Pront Spooler;C:\Users\Joaqu?n Jimenez\AppData\Local\Apps\2.0\abril.exe [2016-5-19 134656]
S2 rijufoze;Reservation Plastic;C:\Program Files (x86)\830E6920-1465117080-11DC-BF61-1C872C58655B\hnsp9793.tmp --> C:\Program Files (x86)\830E6920-1465117080-11DC-BF61-1C872C58655B\hnsp9793.tmp [?]
S2 Service KMSELDI;Service KMSELDI;C:\Program Files\KMSpico\Service_KMS.exe [2015-9-6 1050904]
S2 siqyhebuzbt;Power Spike Layer;C:\Program Files (x86)\830E6920-1465117080-11DC-BF61-1C872C58655B\knso6030.tmpfs --> C:\Program Files (x86)\830E6920-1465117080-11DC-BF61-1C872C58655B\knso6030.tmpfs [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-3-23 327808]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 ArcService;Arc Service;C:\Program Files (x86)\Arc\ArcService.exe [2015-9-15 88400]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2016-2-11 1345056]
S3 blNetFilter;blNetFilter;C:\WINDOWS\System32\drivers\blNetFilter.sys [2016-6-5 54664]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-12-3 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2015-10-11 1583488]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 Origin Client Service;Origin Client Service;"C:\Program Files (x86)\Origin\OriginClientService.exe" --> C:\Program Files (x86)\Origin\OriginClientService.exe [?]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2015-9-14 155520]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-10 63488]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-4-12 258912]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-5-10 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-12 694784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-1 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-12 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== Created Last 30 ================
.
2016-06-05 19:53:28 -------- d-----w- C:\Users\Joaqu?n Jimenez\AppData\Local\Microsoft
2016-06-05 09:17:45 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent
2016-06-05 0913 -------- d-----w- C:\Program Files\Common Files\Tencent
2016-06-05 0908 143992 ----a-w- C:\WINDOWS\System32\drivers\TAOKernelEx64.sys
2016-06-05 0907 99480 ----a-w- C:\WINDOWS\System32\drivers\TAOAccelerator64.sys
2016-06-05 0900 -------- d-----w- C:\ProgramData\TXQMPC
2016-06-05 09:05:25 97400 ----a-w- C:\WINDOWS\System32\drivers\TFsFltX64.sys
2016-06-05 09:04:54 -------- d-----w- C:\Program Files (x86)\Tencent
2016-06-05 09:04:50 -------- d-----w- C:\Users\Joaqu?n Jimenez\AppData\Roaming\Tencent
2016-06-05 09:04:48 -------- d-----w- C:\ProgramData\Tencent
2016-06-05 09:03:41 54664 ----a-w- C:\WINDOWS\System32\drivers\blNetFilter.sys
2016-06-05 09:03:41 208776 ----a-w- C:\WINDOWS\System32\drivers\askProtect64.sys
2016-06-05 09:02:59 1443152 ----a-w- C:\Users\Joaqu?n Jimenez\AppData\Roaming\AutoTime_51490.jpg
2016-06-05 09:02:36 92872 ----a-w- C:\WINDOWS\System32\drivers\KuaiZipDrive.sys
2016-06-05 09:02:36 -------- d-----w- C:\Users\Joaqu?n Jimenez\AppData\Roaming\Softlink
2016-06-05 09:02:31 -------- d-----w- C:\Users\Joaqu?n Jimenez\AppData\Roaming\Kuaizip
2016-06-05 09:02:31 -------- d-----w- C:\Program Files\???
2016-06-05 08:58:01 -------- d-----w- C:\Users\Joaqu?n Jimenez\AppData\Roaming\ContentPush
2016-06-05 08:56:30 -------- d-----w- C:\extensions
2016-06-05 08:43:53 -------- d-----w- C:\Users\Joaqu?n Jimenez\AppData\Roaming\Audacity
2016-06-05 08:43:33 -------- d-----w- C:\Program Files (x86)\Audacity
2016-06-05 07:45:20 -------- d-----w- C:\Users\Joaqu?n Jimenez\AppData\Roaming\Ableton
2016-06-05 07:43:13 -------- d-----w- C:\ProgramData\Ableton
2016-06-04 15:00:13 11895896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F4A8F714-939F-40AD-96DC-E24216B31CDC}\mpengine.dll
2016-06-03 17:03:00 11895896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-06-02 16:50:56 -------- d-----w- C:\Program Files (x86)\Overwatch
2016-06-01 16:43:27 -------- d---a-w- C:\Program Files (x86)\LogMeIn Hamachi
2016-05-29 23:41:21 -------- d-----w- C:\Program Files (x86)\Common Files\Freemake Shared
2016-05-29 23:41:20 -------- d-----w- C:\ProgramData\Freemake
2016-05-29 23:41:02 -------- d---a-w- C:\Program Files (x86)\Freemake
2016-05-28 03:19:32 -------- d---a-w- C:\Program Files\Defraggler
2016-05-27 05:10:18 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2016-05-26 08:31:32 -------- d-----w- C:\WINDOWS\en
2016-05-26 08:30:30 -------- d---a-w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-05-26 08:30:14 -------- d-----w- C:\WINDOWS\PCHEALTH
2016-05-26 08:27:15 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\671781bb1d1b72803\DXSETUP.exe
2016-05-26 08:27:15 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\671781bb1d1b72803\dsetup32.dll
2016-05-26 08:27:14 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\671781bb1d1b72803\DSETUP.dll
2016-05-26 08:27:11 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\64f666541d1b72802\DSETUP.dll
2016-05-26 08:27:11 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\64f666541d1b72802\DXSETUP.exe
2016-05-26 08:27:11 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\64f666541d1b72802\dsetup32.dll
2016-05-26 08:27:08 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\636a81b41d1b72801\DSETUP.dll
2016-05-26 08:27:08 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\636a81b41d1b72801\DXSETUP.exe
2016-05-26 08:27:08 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\636a81b41d1b72801\dsetup32.dll
2016-05-26 08:26:41 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2016-05-25 21:50:53 113208 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2016-05-25 21:50:26 45344 ----a-w- C:\WINDOWS\System32\vulkaninfo.exe
2016-05-25 21:50:26 130848 ----a-w- C:\WINDOWS\System32\vulkan-1.dll
2016-05-25 21:50:25 40224 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo.exe
2016-05-25 21:50:25 129824 ----a-w- C:\WINDOWS\SysWow64\vulkan-1.dll
2016-05-22 05:27:29 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{57C57192-06A0-479D-8A4D-D6BBBA840C9C}\gapaengine.dll
2016-05-22 00:23:18 -------- d-----w- C:\Program Files (x86)\Common Files\Enterbrain
2016-05-21 01:00:54 -------- d---a-w- C:\Program Files (x86)\Heroes of the Storm
2016-05-14 2308 1924152 ----a-w- C:\WINDOWS\System32\nvdispco6436519.dll
2016-05-14 2308 1573432 ----a-w- C:\WINDOWS\System32\nvdispgenco6436519.dll
2016-05-14 22:56:28 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2016-05-14 22:56:18 113216 ----a-w- C:\WINDOWS\System32\nvaudcap64v.dll
2016-05-14 22:56:18 102976 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
2016-05-10 23:27:02 87040 ----a-w- C:\WINDOWS\SysWow64\MapsBtSvc.dll
2016-05-10 23:27:02 800768 ----a-w- C:\WINDOWS\SysWow64\JpMapControl.dll
2016-05-10 23:27:02 59904 ----a-w- C:\WINDOWS\SysWow64\MosStorage.dll
2016-05-10 23:27:02 460800 ----a-w- C:\WINDOWS\System32\MapConfiguration.dll
2016-05-10 23:27:02 349696 ----a-w- C:\WINDOWS\SysWow64\MapConfiguration.dll
2016-05-10 23:27:01 853504 ----a-w- C:\WINDOWS\System32\MapsStore.dll
2016-05-10 23:27:01 7200256 ----a-w- C:\WINDOWS\System32\BingMaps.dll
2016-05-10 23:27:01 5205504 ----a-w- C:\WINDOWS\SysWow64\BingMaps.dll
2016-05-10 23:27:01 1056256 ----a-w- C:\WINDOWS\System32\JpMapControl.dll
2016-05-10 23:27:00 16984576 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2016-05-10 23:25:59 673280 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
.
==================== Find3M ====================
.
2016-06-05 19:21:03 1048576 ----a-w- C:\WINDOWS\PE_Rom.dll
2016-05-22 21:02:00 13509184 ----a-w- C:\WINDOWS\System32\drivers\nvlddmkm.sys
2016-05-21 21:09:16 46024 ----a-w- C:\WINDOWS\System32\nvhdap64.dll
2016-05-21 21:09:16 1581624 ----a-w- C:\WINDOWS\System32\nvhdagenco64.dll
2016-05-21 21:09:16 141256 ----a-w- C:\WINDOWS\System32\drivers\nvhda64v.sys
2016-05-20 02:08:45 6348344 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2016-05-20 02:08:45 2454976 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2016-05-20 02:08:43 81856 ----a-w- C:\WINDOWS\System32\nv3dappshextr.dll
2016-05-20 02:08:43 69568 ----a-w- C:\WINDOWS\System32\nvshext.dll
2016-05-20 02:08:43 533560 ----a-w- C:\WINDOWS\System32\nv3dappshext.dll
2016-05-20 02:08:43 392128 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2016-05-20 02:08:43 1762752 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2016-05-20 02:08:43 1352760 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2016-05-19 14:54:35 1443152 ----a-w- C:\Users\Joaqu?n Jimenez\AppData\Roaming\AutoTime_51490.jpg
2016-05-18 08:37:33 6448223 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2016-05-11 19:57:14 829944 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-05-11 19:57:14 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-05-06 04:53:48 95072 ----a-w- C:\WINDOWS\System32\drivers\sdport.sys
2016-05-06 04:05:35 241664 ----a-w- C:\WINDOWS\SysWow64\cryptngc.dll
2016-05-06 04:03:20 649216 ----a-w- C:\WINDOWS\System32\ngcsvc.dll
2016-05-06 03:53:21 351232 ----a-w- C:\WINDOWS\System32\NgcCtnr.dll
2016-05-06 03:49:14 289792 ----a-w- C:\WINDOWS\System32\NgcCtnrSvc.dll
2016-05-06 03:44:10 582656 ----a-w- C:\WINDOWS\System32\ngccredprov.dll
2016-05-06 03:43:46 320000 ----a-w- C:\WINDOWS\System32\cryptngc.dll
2016-05-06 03:23:53 76288 ----a-w- C:\WINDOWS\System32\ngcpopkeysrv.dll
2016-05-04 02:23:30 129824 ----a-w- C:\WINDOWS\SysWow64\vulkan-1-1-0-11-1.dll
2016-05-04 02:22:58 40224 ----a-w- C:\WINDOWS\SysWow64\vulkaninfo-1-1-0-11-1.exe
2016-05-04 02:22:42 130848 ----a-w- C:\WINDOWS\System32\vulkan-1-1-0-11-1.dll
2016-05-04 02:22:10 45344 ----a-w- C:\WINDOWS\System32\vulkaninfo-1-1-0-11-1.exe
2016-05-02 05:39:01 1377800 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2016-05-02 05:39:01 1316184 ----a-w- C:\WINDOWS\SysWow64\nvspbridge.dll
2016-05-02 05:38:42 1767944 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2016-05-02 05:38:42 1756608 ----a-w- C:\WINDOWS\System32\nvspbridge64.dll
2016-05-02 05:38:42 112032 ----a-w- C:\WINDOWS\System32\NvRtmpStreamer64.dll
2016-04-30 06:42:19 1387520 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2016-04-30 06:31:37 3591168 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2016-04-27 14:33:47 1922496 ----a-w- C:\WINDOWS\System32\nvdispco6436510.dll
2016-04-27 14:33:47 1573432 ----a-w- C:\WINDOWS\System32\nvdispgenco6436510.dll
2016-04-23 06:12:45 294592 ----a-w- C:\WINDOWS\System32\invagent.dll
2016-04-23 06:12:45 190144 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2016-04-23 06:12:45 1401024 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-04-23 06:12:45 1184960 ----a-w- C:\WINDOWS\System32\aeinv.dll
2016-04-23 06:12:44 92352 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-04-23 06:12:44 713920 ----a-w- C:\WINDOWS\System32\generaltel.dll
2016-04-23 06:12:44 514752 ----a-w- C:\WINDOWS\System32\devinv.dll
2016-04-23 06:12:44 46784 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2016-04-23 05:28:43 1542816 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2016-04-23 05:28:40 1557768 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2016-04-23 05:26:12 707608 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2016-04-23 05:24:45 7474528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-04-23 05:24:41 1997328 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2016-04-23 05:24:37 99680 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2016-04-23 05:24:37 638816 ----a-w- C:\WINDOWS\System32\drivers\fvevol.sys
2016-04-23 05:24:28 1819208 ----a-w- C:\WINDOWS\System32\ntdll.dll
2016-04-23 05:24:16 335712 ----a-w- C:\WINDOWS\System32\drivers\fastfat.sys
2016-04-23 05:24:13 754664 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2016-04-23 05:22:15 1161120 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2016-04-23 05:13:12 306832 ----a-w- C:\WINDOWS\SysWow64\wlanapi.dll
2016-04-23 05:13:01 84832 ----a-w- C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-04-23 05:13:01 502104 ----a-w- C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-04-23 05:12:48 413536 ----a-w- C:\WINDOWS\System32\wifitask.exe
2016-04-23 05:12:42 451928 ----a-w- C:\WINDOWS\SysWow64\MFCaptureEngine.dll
2016-04-23 05:12:33 925064 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2016-04-23 05:11:52 390496 ----a-w- C:\WINDOWS\System32\wlanapi.dll
2016-04-23 05:11:44 696672 ----a-w- C:\WINDOWS\System32\NetSetupEngine.dll
2016-04-23 05:11:43 115040 ----a-w- C:\WINDOWS\System32\NetSetupApi.dll
2016-04-23 05:11:30 1092464 ----a-w- C:\WINDOWS\System32\mfplat.dll
2016-04-23 05:11:27 498960 ----a-w- C:\WINDOWS\System32\MFCaptureEngine.dll
2016-04-23 05:11:14 131424 ----a-w- C:\WINDOWS\System32\drivers\ufxsynopsys.sys
2016-04-23 05:10:41 330072 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2016-04-23 05:09:39 255168 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2016-04-23 05:09:36 465760 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2016-04-23 05:09:27 5240960 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2016-04-23 05:09:18 569744 ----a-w- C:\WINDOWS\SysWow64\SHCore.dll
2016-04-23 05:09:18 4074160 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2016-04-23 05:09:00 565600 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2016-04-23 05:09:00 303216 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2016-04-23 05:08:45 6605504 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2016-04-23 05:08:41 725776 ----a-w- C:\WINDOWS\System32\SHCore.dll
2016-04-23 05:08:40 4515256 ----a-w- C:\WINDOWS\explorer.exe
2016-04-23 05:07:38 183904 ----a-w- C:\WINDOWS\SysWow64\rsaenh.dll
2016-04-23 05:07:34 1536088 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2016-04-23 05:07:26 204048 ----a-w- C:\WINDOWS\System32\rsaenh.dll
2016-04-23 05:07:19 1848072 ----a-w- C:\WINDOWS\System32\crypt32.dll
2016-04-23 0557 291360 ----a-w- C:\WINDOWS\System32\wininit.exe
2016-04-23 05:02:02 188256 ----a-w- C:\WINDOWS\SysWow64\AppxAllUserStore.dll
2016-04-23 05:01:54 217440 ----a-w- C:\WINDOWS\System32\AppxAllUserStore.dll
2016-04-23 05:01:25 619296 ----a-w- C:\WINDOWS\System32\d3d10level9.dll
2016-04-23 05:01:25 1996640 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-04-23 05:01:17 650304 ----a-w- C:\WINDOWS\System32\dxgi.dll
2016-04-23 05:01:15 393568 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-04-23 05:01:13 513368 ----a-w- C:\WINDOWS\SysWow64\d3d10level9.dll
2016-04-23 05:01:11 577368 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-04-23 05:01:10 522176 ----a-w- C:\WINDOWS\SysWow64\dxgi.dll
2016-04-23 05:00:52 1776768 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2016-04-23 05:00:45 550656 ----a-w- C:\WINDOWS\System32\directmanipulation.dll
2016-04-23 05:00:45 1399224 ----a-w- C:\WINDOWS\System32\user32.dll
2016-04-23 05:00:43 1594920 ----a-w- C:\WINDOWS\System32\gdi32.dll
2016-04-23 05:00:43 1522152 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2016-04-23 05:00:40 453472 ----a-w- C:\WINDOWS\SysWow64\directmanipulation.dll
.
============= FINISH: 16:55:52.83 ===============

First of all, i did ask for help on other forums, is will close those threads when i finish writing this, i was really desperate
Here's my current situation.
My computer is disconected (i know it's a typo, but i'm not a native speaker and i have no way to check with no internet, so sorry about that) from the internet, because the first program started downloading a lot of malware.
Once i disconected it (sorry) and deleted most of the malware, my computer is running normally, with just some malware i can't delete.
Here is what i know.

CMD opens and closes all the time, i can't see it, but the task manager shows so.

I can delete the contents of the folder "Tencent".
I can't uninstall any of the software it installed.
There's a "Product Updater" on the task manager.
The path is C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater
Pretty sure it's malware.
SysWow64 is present.
I came across this one before, i think, so i don't think is that bad.
I think it's malware, i just don't know how to completely remove it.
C:\Users\Joaqu?n Jimenez\AppData\Roaming\ContentPush
Content push is there too.
C:\Users\Joaqu?n Jimenez\AppData\Roaming\Kuaizip
Kuaizip was installed too, i think it was installed here: C:\Program Files\???
It might be anything else all together.
There's a process called Kuaizipupdatesvc that leads me to syswow64's svchost.
I keep deleting an archive named AutoTime and it keeps popping out.
There's also that "Microso.ft Photos" thing i mentioned on my first post.
I don't know what it was, but it looks like it's gone now.
When i firs encountered, i opened the file location, it told me i didn't have permision, it somehow removed all my permisions, i couldn't even access my own files at that point, and it turned off my computer.
Attached Files
File Type: txt attach_1465158381730.txt (12.3 KB, 27 views)
mp3774 is offline  
Sponsored Links
Advertisement
 
Old 06-05-2016, 05:21 PM   #2
Registered Member
 
Join Date: Jun 2016
Posts: 30
OS: Windows 10



Looking at the start up progams, i found that a P2P program is in there.
I know is against the site's rule, so i wanted to clarify, i don't have it on my computer anymore, but i deleted the folder instead of uninstalling it, that's why the progam appears there.
mp3774 is offline  
Old 06-05-2016, 10:32 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Did you use ? here on purpose > C:\Users\Joaqu?n Jimenez

and for other folder(s) names? If so, why?

------------------------------------------------------

It appears you used an illegal crack for MS Office recently, is that true? Why?

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 06-06-2016, 11:53 AM   #4
Registered Member
 
Join Date: Jun 2016
Posts: 30
OS: Windows 10



No, i didn't use the ? on purpose.
My name is Joaquín, with ´.
For some reason it showed a ?.
I don't distrust you if that what it looks like.

No, i don't think i've ever used a cracked Office version.
I might have downloaded it for my mother, but i doubt i installed it in this computer, let alone use it.
The reason being, i have no use for it, i don't need Powerpoint or Excel.
I could use Word, because i do write a lot, but i use Notepad for that, i can show you, i have over 300 text files.
Also, this computer passed hands 2 times already, but i got this computer more than a year ago.
I'm the one who installed Windows 10 (I'm sorry) a
Here is the AdwCleaner log.

# AdwCleaner v5.119 - Logfile created 06/06/2016 at 14:28:01
# Updated 30/05/2016 by Xplode
# Database : 2016-05-25.2 [Local]
# Operating system : Windows 10 Home (X64)
# Username : Joaquín Jimenez - BESTPCMUNDO
# Running from : C:\Users\Joaquín Jimenez\Desktop\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****

[-] Service Deleted : QQPCRTP
[-] Service Deleted : TAOAccelerator
[-] Service Deleted : TSDefenseBt
[-] Service Deleted : TSSysKit
[-] Service Deleted : QMUdisk
[-] Service Deleted : QQSysMonX64
[-] Service Deleted : TFsFlt
[-] Service Deleted : TAOKernelDriver
[-] Service Deleted : softaal
[-] Service Deleted : tsnethlpx64
[-] Service Deleted : ProntSpooler
[-] Service Deleted : dowidoly
[-] Service Deleted : rijufoze
[-] Service Deleted : siqyhebuzbt

***** [ Folders ] *****

[#] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[#] Folder Deleted : C:\ProgramData\Application Data\tencent
[#] Folder Deleted : C:\ProgramData\Application Data\TXQMPC
[-] Folder Deleted : C:\ProgramData\\Windows\Start Menu\Programs\ttwifi
[#] Folder Deleted : C:\Program Files (x86)\tencent
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[-] Folder Deleted : C:\Users\JOAQUN~1\AppData\Local\Temp\tencent
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\Joaquín Jimenez\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\ByteFence
[-] Folder Deleted : C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\腾讯软件
[#] Folder Deleted : C:\Program Files\Common Files\tencent
[-] Folder Deleted : C:\Users\Joaquín Jimenez\AppData\Local\VirtualStore\Program Files (x86)\tencent
[-] Folder Deleted : C:\extensions
[-] Folder Deleted : C:\Users\Joaquín Jimenez\AppData\Local\CrashRpt
[-] Folder Deleted : C:\Users\Joaquín Jimenez\AppData\Local\app

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\\Windows\Start Menu\Programs\HowToRemove.html.lnk
[-] File Deleted : C:\Users\Joaquín Jimenez\AppData\Roaming\webad.xml
[#] File Deleted : C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\腾讯软件\电脑管家\电脑管家.lnk
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TAOAccelerator64.sys
[#] File Deleted : C:\WINDOWS\SysNative\drivers\TFsFltX64.sys
[-] File Deleted : C:\WINDOWS\SysNative\drivers\TAOKernelEx64.sys

***** [ DLLs ] *****


***** [ WMI ] *****

[-] Key Deleted : \root\subscription\\ActiveScriptEventConsumer [ASEC]

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\Chromium.lnk
[-] Shortcut Disinfected : C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Joaquín Jimenez\AppData\Roaming\\Internet Explorer\Quick Launch\Chromium.lnk
[-] Shortcut Disinfected : C:\Users\Joaquín Jimenez\AppData\Roaming\\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Joaquín Jimenez\AppData\Roaming\\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Joaquín Jimenez\AppData\Roaming\\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : ttwifi
[-] Task Deleted : osTip
[-] Task Deleted : svchost
[-] Task Deleted : tasklist

***** [ Registry ] *****

[-] Key Deleted : HKLM\\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\\MozillaPlugins\@qq.com/QQPCMgr
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall
[-] Key Deleted : HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\QMContextUninstall
[-] Key Deleted : HKCU\\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key Deleted : HKLM\\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key Deleted : HKLM\\Classes\Folder\shellex\ContextMenuHandlers\QMContextScan
[-] Key Deleted : HKLM\\Classes\AppID\QMContextScan.DLL
[-] Key Deleted : HKLM\\Classes\AppID\QMContextUninstall.DLL
[-] Key Deleted : HKLM\\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextScan
[-] Key Deleted : HKLM\\14919ea49a8f3b4aa3cf1058d9a64cec
[-] Key Deleted : HKLM\\Classes\metnsd
[-] Key Deleted : HKLM\\Classes\qmbfile
[-] Key Deleted : HKLM\\Classes\QMContextScan.QMContextScanMenu
[-] Key Deleted : HKLM\\Classes\QMContextScan.QMContextScanMenu.1
[-] Key Deleted : HKLM\\Classes\QMContextUninstall.QMContextUninstallMenu
[-] Key Deleted : HKLM\\Classes\QMContextUninstall.QMContextUninstallMenu.1
[-] Key Deleted : HKLM\\Classes\qmgcfiles
[-] Key Deleted : HKLM\\Classes\qpakfile
[-] Key Deleted : HKLM\\Classes\QQPCMgr.qbox
[-] Key Deleted : HKLM\\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}
[-] Key Deleted : HKLM\\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
[-] Key Deleted : HKLM\\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
[-] Key Deleted : HKLM\\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key Deleted : HKLM\\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
[-] Key Deleted : HKLM\\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
[-] Key Deleted : HKLM\\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
[-] Key Deleted : HKLM\\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key Deleted : HKLM\\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF}
[-] Key Deleted : HKLM\\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}
[-] Key Deleted : HKLM\\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}
[-] Key Deleted : HKLM\\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}
[-] Key Deleted : HKCU\\\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key Deleted : HKCU\\\Windows\CurrentVersion\Ext\Settings\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
[-] Value Deleted : HKLM\\\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]
[-] Key Deleted : HKCU\\Installer
[-] Key Deleted : HKCU\\PRODUCTSETUP
[-] Key Deleted : HKCU\\osTip
[-] Key Deleted : HKCU\\ttwifi
[-] Key Deleted : HKCU\\\OTUT
[-] Key Deleted : HKCU\\csastats
[-] Key Deleted : HKCU\\delta
[-] Key Deleted : HKLM\\SimpleFiles
[-] Key Deleted : HKLM\\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Key Deleted : HKLM\\anote
[-] Key Deleted : HKLM\\\Windows\CurrentVersion\Uninstall\PopupProduct
[-] Key Deleted : HKLM\\\Windows\CurrentVersion\Uninstall\QQPCMgr
[-] Data Restored : HKCU\\\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\\\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\\\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-304593758-4089326632-167283939-1001\\\Internet Explorer\Main [Start Page]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{B34109DF-6B77-42D6-BE80-5F2B10B4AA13}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{5EDD94B1-0DDE-42C0-9AA2-822A70EE7A89}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C69537DE-A1BF-40F9-A7E3-5A71A00425B2}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{53150F49-1099-40DD-85C2-BF471E848149}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{D30EFBE5-8F20-4596-9902-CCF17E4C2E94}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{E9A305D0-D344-4694-BF74-296840EE782A}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{D506A784-F074-492F-80E2-273FDDE2D309}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{DE7BAA23-4F6E-4E03-AC80-B94731387F90}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{84483D37-9260-45CF-AB74-E306B4BEAF70}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{13FC3083-5D25-40C3-A4DD-5EDEB5E0622C}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{A5D7E1D1-AAF0-45B1-8C61-56F5234BE131}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{323B7EC8-CF42-4935-9387-6FFC74162958}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{87A2D816-54FB-44D8-B5F2-36A82028CF0A}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{9E05D7DD-E52D-4A6F-87C1-70DEEFF7346A}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{8AD0CC11-E0AC-4FAA-9225-28AFE46ECA67}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{36FB3C5B-33A6-4524-92ED-E4CF59B7443F}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{28BE5927-CDEF-4350-8767-E791C4C6EE34}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{43EDFB33-0F4C-46FE-A2C4-B580F7220366}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{09500DEF-9DC8-42CB-B0E5-0E185490AC43}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BFB840A3-1B1D-42EE-9FA4-8D48C665E5DD}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{3F78AF9E-6E4C-4484-8579-6CF1D65A5FE2}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{98A84D45-875F-4794-94B3-6E8D60456AA2}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{9E77840D-D5F2-45A1-BD28-74584753B6C1}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6BAC3B72-3117-4F86-A7F0-DBEFB30CEC3C}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4D38D877-0633-4F36-829D-FAB0BAE8A178}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{63343127-5618-4C25-AE04-80E2CC5E51E6}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{A72EF165-B59B-432D-A03D-BEE53FED18F3}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{41A0A447-968F-4597-BEA7-8BDC96CDC7DF}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2F23D5E4-A37A-4BA5-85FB-D7AEE29251A2}]
[-] Key Deleted : HKCU\\\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKCU\\\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\\\Internet Explorer\SearchScopes\{cf34d395-9ff1-49a0-98a5-8db1636431b1}
[-] Key Deleted : HKLM\\\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKLM\\\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : [x64] HKLM\\\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : [x64] HKLM\\\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-304593758-4089326632-167283939-1001\\\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\\\Windows NT\CurrentVersion\Winlogon [Userinit]
[-] Key Deleted : HKCU\\\Internet Explorer\LowRegistry\DOMStorage\plusnetwork.com
[-] Value Deleted : HKCU\\\Windows\CurrentVersion\Run [Installer]
[#] Value Deleted : HKU\S-1-5-21-304593758-4089326632-167283939-1001\\\Windows\CurrentVersion\Run [Installer]
[-] Value Deleted : HKU\S-1-5-21-304593758-4089326632-167283939-1001\\\Windows\CurrentVersion\Explorer\StartupApproved\Run [Installer]
[-] Value Deleted : HKCU\\\Windows\CurrentVersion\Run [osmsg]
[#] Value Deleted : HKU\S-1-5-21-304593758-4089326632-167283939-1001\\\Windows\CurrentVersion\Run [osmsg]
[-] Value Deleted : HKU\S-1-5-21-304593758-4089326632-167283939-1001\\\Windows\CurrentVersion\Explorer\StartupApproved\Run [osmsg]
[-] Value Deleted : HKCU\\\Windows\CurrentVersion\Run [msiql]
[#] Value Deleted : HKU\S-1-5-21-304593758-4089326632-167283939-1001\\\Windows\CurrentVersion\Run [msiql]
[-] Value Deleted : HKU\S-1-5-21-304593758-4089326632-167283939-1001\\\Windows\CurrentVersion\Explorer\StartupApproved\Run [msiql]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ProntSpooler

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [15942 bytes] - [06/06/2016 14:28:01]
C:\AdwCleaner\AdwCleaner[S1].txt - [16982 bytes] - [06/06/2016 14:25:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [16090 bytes] ##########

The text is 6000 characters too long, so i'll post the FRST log in my next reply.
Attached Files
File Type: txt Addition.txt (124.3 KB, 75 views)
mp3774 is offline  
Old 06-06-2016, 11:54 AM   #5
Registered Member
 
Join Date: Jun 2016
Posts: 30
OS: Windows 10



And here is the FRST one, sorry about that.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 02
Ran by Joaquín Jimenez (administrator) on BESTPCMUNDO (06-06-2016 14:31:51)
Running from C:\Users\Joaquín Jimenez\Desktop
Loaded Profiles: Joaquín Jimenez (Available Profiles: Joaquín Jimenez)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
( Corporation) C:\Windows\SysWOW64\svchost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
( Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
( Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
() C:\Windows\DAODx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Users\Joaquín Jimenez\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
( Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
( Corporation) C:\Program Files\WindowsApps\.windowscommunicationsapps_17.6868.41141.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\ Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] ( Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] => C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [1651200 2011-08-18] (SteelSeries)
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Arc\ArcLauncher.exe [416080 2015-09-15] (Perfect World Entertainment)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75264 2016-05-26] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-05-06] (LogMeIn Inc.)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe" /regrun
HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory )
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-07-24] (Sony)
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3334016 2015-10-11] (Echobit LLC)
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Joaquín Jimenez\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [OscarEditor] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe [3543040 2010-12-18] ()
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [OscarKeyboard] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe [3543040 2010-12-18] ()
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52142720 2016-04-29] (Skype Technologies S.A.)
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [MurGee.com Auto Clicker] => C:\Users\Joaquín Jimenez\AppData\Roaming\Auto Clicker\AutoClicker.exe [124072 2016-03-19] (MurGee.com)
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [Chromium] => "c:\users\joaquín jimenez\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [QGuan90132] => C:\Users\Joaquín Jimenez\AppData\Roaming\service90132.exe /autorun
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6201.1019] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6201.1019"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6302.0225"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [16182 2016-06-06] ()
ShellExecuteHooks: - {98C066AB-D735-4339-9E52-A34875141B56} - C:\Users\Joaquín Jimenez\AppData\Local\\Windows\INetCookies\kunecult.dll [425152 2016-06-03] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2016-06-05] ()
Startup: C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-09-20]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-304593758-4089326632-167283939-1001] => hxxp://unstopp.me/wpad.dat?fabe8b113da383ef0c4e24f2bbb39b8b2609644
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{652c6e00-a1db-451e-8d8b-684ae10deab9}: [DhcpNameServer] 200.115.192.89 181.47.248.145 190.55.60.129
ManualProxies: 0hxxp://unstopp.me/wpad.dat?fabe8b113da383ef0c4e24f2bbb39b8b2609644

Internet Explorer:
==================
HKLM\\\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\\Wow6432Node\\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-304593758-4089326632-167283939-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-09-06] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2015-09-15] (Perfect World Entertainment Inc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-09-06] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-09-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-09-06] (Oracle Corporation)
FF Plugin-x32: @.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] ( Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-19] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2015-09-15] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-304593758-4089326632-167283939-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joaquín Jimenez\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBH4lBn8tBU..&v=20160603&uid=62744D7A72726E6BE1491854ACB20A56&ptid=epf2&mode=loadm
CHR StartupUrls: ChromeDefaultData -> "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBH4lBn8tBU..&v=20160603&uid=62744D7A72726E6BE1491854ACB20A56&ptid=epf2&mode=loadm"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?q={searchTerms}&ts=AHEqBH4lBn8tBU..&v=20160603&uid=62744D7A72726E6BE1491854ACB20A56&ptid=epf2&mode=loadm
CHR DefaultSearchKeyword: ChromeDefaultData -> hohosearch
CHR Profile: C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Google Slides) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-12]
CHR Extension: (Google Docs) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-12]
CHR Extension: (Google Drive) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-12]
CHR Extension: (YouTube) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-01]
CHR Extension: (Google Search) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Search by Image (by Google)) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-09-06]
CHR Extension: (Tampermonkey) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-05-20]
CHR Extension: (Streamkeys) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ekpipjofdicppbepocohdlgenahaneen [2016-03-18]
CHR Extension: (AutocardAnywhere (MTG Hearthstone Netrunner)) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eobkhgkgoejnjaiofdmphhkemmomfabg [2016-06-01]
CHR Extension: (Google Sheets) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-12]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Showgoers for Netflix) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pcmaninppdeakmhaonacejmfcgeempfo [2016-03-12]
CHR Extension: (Evernote Web Clipper) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-05-12]
CHR Extension: (Gmail) - C:\Users\Joaquín Jimenez\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-06]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-304593758-4089326632-167283939-1001\\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88400 2015-09-15] (Perfect World Entertainment Inc)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2015-10-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2015-10-04] (ASUSTeK Computer Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-09] ()
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-10-11] (Echobit LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed]
R2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [219072 2016-06-05] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-05-06] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] ( Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] ( Corporation)
S2 ADSkipSvc; C:\Program Files (x86)\ADSKIP\ADSkipSvc.exe [X]
S2 doroghtshejasmoduleservice; "C:\Program Files (x86)\Doroghtshejas\doroghtshejasmoduleservice.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
S3 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
S3 blNetFilter; C:\WINDOWS\system32\drivers\blNetFilter.sys [54664 2016-05-11] ()
R0 DERNPXGHHP; C:\Windows\System32\Drivers\askProtect64.sys [208776 2016-05-11] ()
R3 EvolveVirtualAdapter; C:\Windows\System32\drivers\evolve.sys [21656 2015-10-11] (Echobit, LLC)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92872 2016-06-05] (WinMount International Inc)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] ( Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] ( Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] ( Corporation)
S5 WinDivert1.1; <===== ATTENTION: Locked Service

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-06 14:31 - 2016-06-06 14:32 - 00024816 _____ C:\Users\Joaquín Jimenez\Desktop\FRST.txt
2016-06-06 14:31 - 2016-06-06 14:31 - 00000000 ____D C:\FRST
2016-06-06 14:25 - 2016-06-06 14:28 - 00000000 ____D C:\AdwCleaner
2016-06-06 14:23 - 2016-06-06 14:23 - 03677248 _____ C:\Users\Joaquín Jimenez\Desktop\AdwCleaner.exe
2016-06-06 14:23 - 2016-06-06 14:23 - 02384896 _____ (Farbar) C:\Users\Joaquín Jimenez\Desktop\FRST64.exe
2016-06-05 20:57 - 2016-06-05 20:57 - 00012812 _____ C:\Users\Joaquín Jimenez\Desktop\vosabe.txt
2016-06-05 20:45 - 2016-06-05 20:46 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\Cool Record Edit Pro
2016-06-05 16:53 - 2016-06-05 16:53 - 00000000 ____D C:\Users\Joaquφn Jimenez
2016-06-05 16:53 - 2016-06-05 16:52 - 00688992 ____R (Swearware) C:\Users\Joaquín Jimenez\Desktop\dds.scr
2016-06-05 16:45 - 2016-06-05 16:45 - 00000000 ____D C:\Users\JoaquÃ*n Jimenez\AppData\Local\Steam
2016-06-05 06:06 - 2016-06-05 06:06 - 00000000 ____D C:\Users\Joaqu韓 Jimenez\AppData\Roaming\Tencent
2016-06-05 06:06 - 2016-06-05 06:06 - 00000000 ____D C:\Users\Joaqu韓 Jimenez
2016-06-05 06:05 - 2016-06-05 06:05 - 00097400 ____N (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2016-06-05 06:03 - 2016-06-05 06:03 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\AdSkip
2016-06-05 06:03 - 2016-06-05 06:03 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\¶à²Ê±ãÇ©
2016-06-05 06:03 - 2016-05-11 02:56 - 00054664 _____ () C:\WINDOWS\system32\Drivers\blNetFilter.sys
2016-06-05 06:03 - 2016-05-11 02:31 - 00208776 _____ C:\WINDOWS\system32\Drivers\askProtect64.sys
2016-06-05 06:02 - 2016-06-05 16:34 - 00000000 ____D C:\Program Files\¿ìѹ
2016-06-05 06:02 - 2016-06-05 06:16 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\Kuaizip
2016-06-05 06:02 - 2016-06-05 06:02 - 00092872 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
2016-06-05 06:02 - 2016-06-05 06:02 - 00003582 _____ C:\WINDOWS\System32\Tasks\KuaiZip_Update
2016-06-05 06:02 - 2016-06-05 06:02 - 00000882 _____ C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\¿ìѹ.lnk
2016-06-05 06:02 - 2016-06-05 06:02 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\Softlink
2016-06-05 06:00 - 2016-06-05 06:00 - 00011568 _____ C:\Users\Joaquín Jimenez\AppData\Roaming\InstallationConfiguration.xml
2016-06-05 05:58 - 2016-06-05 06:01 - 00009074 _____ C:\WINDOWS\System32\Tasks\Doroghtshejas Module
2016-06-05 05:58 - 2016-06-05 05:56 - 00001071 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-06-05 05:55 - 2016-06-05 05:59 - 39490204 _____ C:\Users\Joaquín Jimenez\Downloads\Unconfirmed 75560.crdownload
2016-06-05 05:47 - 2016-06-06 14:28 - 00001234 _____ C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\Chromium.lnk
2016-06-05 05:46 - 2016-06-05 20:46 - 00000320 _____ C:\WINDOWS\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}.job
2016-06-05 05:46 - 2016-06-05 05:46 - 00002860 _____ C:\WINDOWS\System32\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}
2016-06-05 05:45 - 2016-06-05 20:46 - 00000000 ____D C:\Users\Joaquín Jimenez\Documents\Free Sound Recorder
2016-06-05 05:45 - 2016-06-05 20:45 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\Free Sound Recorder
2016-06-05 05:45 - 2016-06-05 05:45 - 00001320 _____ C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Free Sound Recorder.lnk
2016-06-05 05:45 - 2016-06-05 05:45 - 00001296 _____ C:\Users\Joaquín Jimenez\Desktop\Free Sound Recorder.lnk
2016-06-05 05:45 - 2016-06-05 05:45 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-06-05 05:45 - 2016-06-05 05:45 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\New Version Available
2016-06-05 05:45 - 2016-06-05 05:45 - 00000000 ____D C:\ProgramData\\Windows\Start Menu\Programs\Free Sound Recorder
2016-06-05 05:45 - 2016-06-05 05:45 - 00000000 ____D C:\Program Files (x86)\Free Sound Recorder
2016-06-05 05:45 - 2006-03-23 12:56 - 00113486 _____ C:\WINDOWS\SysWOW64\NCTWMAProfiles.prx
2016-06-05 05:45 - 2005-05-18 11:52 - 01212416 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioInformation2.dll
2016-06-05 05:45 - 2005-05-17 12:37 - 01986560 _____ (NCT Company Ltd.) C:\WINDOWS\SysWOW64\NCTAudioFile2.dll
2016-06-05 05:45 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioRecord2.dll
2016-06-05 05:45 - 2005-04-25 13:01 - 00458752 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioPlayer2.dll
2016-06-05 05:45 - 2005-04-15 12:08 - 00880640 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioEditor2.dll
2016-06-05 05:45 - 2005-04-04 17:21 - 00602112 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioTransform2.dll
2016-06-05 05:45 - 2005-03-28 15:54 - 00479232 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioVisualization2.dll
2016-06-05 05:45 - 2005-03-28 15:52 - 00417792 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTTextToAudio2.dll
2016-06-05 05:45 - 2005-02-24 11:51 - 00348160 _____ (NCT Company Ltd.) C:\WINDOWS\SysWOW64\NCTWMAFile2.dll
2016-06-05 05:45 - 2004-11-04 13:31 - 00835584 _____ (NCT) C:\WINDOWS\SysWOW64\NCTAudioCDGrabber2.dll
2016-06-05 05:44 - 2016-06-05 05:44 - 12893528 _____ (Copyright© 2005-2015 FreeSoundRecorder Technologies, Inc. ) C:\Users\Joaquín Jimenez\Downloads\FreeSoundRecorder [1].exe
2016-06-05 05:43 - 2016-06-05 06:09 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\Audacity
2016-06-05 05:43 - 2016-06-05 05:43 - 00921088 _____ ( ) C:\Users\Joaquín Jimenez\Downloads\FreeSoundRecorder.exe
2016-06-05 05:43 - 2016-06-05 05:43 - 00001088 _____ C:\ProgramData\\Windows\Start Menu\Programs\Audacity.lnk
2016-06-05 05:43 - 2016-06-05 05:43 - 00001076 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-06-05 05:43 - 2016-06-05 05:43 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-06-05 05:41 - 2016-06-05 05:42 - 24210616 _____ (Audacity Team ) C:\Users\Joaquín Jimenez\Downloads\audacity-win-2.1.0.exe
2016-06-05 05:38 - 2016-06-05 05:38 - 00000861 _____ C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk
2016-06-05 05:33 - 2016-06-05 05:34 - 00000000 ___RD C:\Users\Joaquín Jimenez\Desktop\untitled Project
2016-06-05 05:06 - 2016-06-05 05:06 - 00492043 ____T C:\Users\Joaquín Jimenez\Downloads\New_Agenda_-_Janet_Jackson.mp3.asd
2016-06-05 04:51 - 2016-06-05 04:55 - 00000000 ____D C:\Users\Joaquín Jimenez\Desktop\EP 1 - Getting Started
2016-06-05 04:46 - 2016-06-05 05:01 - 00000000 ____D C:\Users\Joaquín Jimenez\Documents\Ableton
2016-06-05 04:45 - 2016-06-05 05:35 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\Ableton
2016-06-05 04:43 - 2016-06-05 05:38 - 00000000 ____D C:\ProgramData\Ableton
2016-06-05 04:28 - 2016-06-05 16:31 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\LocalLow\uTorrent
2016-06-04 19:22 - 2016-06-04 19:22 - 00000000 ____D C:\Users\Joaquín Jimenez\Documents\TowerFall Replays
2016-06-04 07:58 - 2016-06-04 07:58 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\LocalLow\SKS
2016-06-04 05:18 - 2016-06-04 05:18 - 01559090 _____ C:\Users\Joaquín Jimenez\Desktop\grasa.mp4
2016-06-04 02:20 - 2016-06-04 02:20 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\LocalLow\Pixelnest Studio
2016-06-04 02:16 - 2016-06-04 02:16 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\LocalLow\Steel Crate Games
2016-06-04 02:08 - 2016-06-04 02:08 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\Uber Entertainment
2016-06-04 01:48 - 2016-06-04 01:48 - 00000000 ____D C:\Users\Joaquín Jimenez\Documents\Dungeon of the Endless
2016-06-04 01:48 - 2016-06-04 01:48 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\LocalLow\AMPLITUDE Studios
2016-06-03 23:50 - 2016-06-03 23:50 - 00667628 _____ C:\Users\Joaquín Jimenez\Desktop\Que hora es.mp4
2016-06-03 04:46 - 2016-06-03 04:49 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\TurmoilSteam
2016-06-02 23:22 - 2016-06-02 23:22 - 00000000 ____D C:\Users\Joaquín Jimenez\Documents\Overwatch
2016-06-02 15:14 - 2016-06-02 15:14 - 00001163 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-06-02 15:14 - 2016-06-02 15:14 - 00000000 ____D C:\ProgramData\\Windows\Start Menu\Programs\Overwatch
2016-06-02 13:50 - 2016-06-02 19:50 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-06-02 05:50 - 2016-06-02 05:50 - 00000000 ____D C:\ProgramData\\Windows\Start Menu\Programs\Burnout Paradise Ultimate Box
2016-06-02 05:45 - 2016-06-02 05:46 - 07683387 _____ C:\Users\Joaquín Jimenez\Downloads\1464838385699.webm
2016-06-01 22:25 - 2016-06-01 22:25 - 00788902 _____ C:\Users\Joaquín Jimenez\Desktop\gorila.mp4
2016-06-01 20:49 - 2016-06-01 20:49 - 01220058 _____ C:\Users\Joaquín Jimenez\Desktop\por pelotudo.mp4
2016-06-01 16:05 - 2016-06-01 19:17 - 00000000 ____D C:\Users\Joaquín Jimenez\Documents\WWE2K16
2016-06-01 16:04 - 2016-06-01 16:04 - 00000000 ____D C:\ProgramData\\Windows\Start Menu\Programs\WWE 2K16
2016-06-01 15:31 - 2016-06-01 15:31 - 01229627 _____ C:\Users\Joaquín Jimenez\Downloads\1464805762997.mp4
2016-06-01 15:19 - 2016-06-01 15:19 - 04498862 _____ C:\Users\Joaquín Jimenez\Downloads\1464789168368.mp4
2016-06-01 15:18 - 2016-06-01 15:19 - 08255486 _____ C:\Users\Joaquín Jimenez\Downloads\1464788895441.webm
2016-06-01 15:13 - 2016-06-01 15:13 - 07417595 _____ C:\Users\Joaquín Jimenez\Downloads\1464787257804.webm
2016-06-01 15:11 - 2016-06-01 15:12 - 04561558 _____ C:\Users\Joaquín Jimenez\Downloads\1464786820946.webm
2016-06-01 15:09 - 2016-06-01 15:10 - 07862303 _____ C:\Users\Joaquín Jimenez\Downloads\1464786650733.webm
2016-06-01 15:09 - 2016-06-01 15:09 - 08153121 _____ C:\Users\Joaquín Jimenez\Downloads\1464786510469.webm
2016-06-01 15:08 - 2016-06-01 15:08 - 00136207 _____ C:\Users\Joaquín Jimenez\Downloads\1464786056140.webm
2016-06-01 15:07 - 2016-06-01 15:07 - 04840701 _____ C:\Users\Joaquín Jimenez\Downloads\1464785860626.webm
2016-06-01 15:05 - 2016-06-01 15:05 - 06092170 _____ C:\Users\Joaquín Jimenez\Downloads\1464785555274.webm
2016-06-01 15:05 - 2016-06-01 15:05 - 04135715 _____ C:\Users\Joaquín Jimenez\Downloads\1464785591338.webm
2016-06-01 15:04 - 2016-06-01 15:05 - 03235934 _____ C:\Users\Joaquín Jimenez\Downloads\1464785403678.webm
2016-06-01 15:04 - 2016-06-01 15:04 - 02108228 _____ C:\Users\Joaquín Jimenez\Downloads\1464785189220.webm
2016-06-01 15:03 - 2016-06-01 15:03 - 00326132 _____ C:\Users\Joaquín Jimenez\Desktop\Overjojo.mp4
2016-06-01 13:43 - 2016-06-01 13:43 - 00000000 ____D C:\ProgramData\\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-06-01 13:43 - 2016-06-01 13:43 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-05-29 20:41 - 2016-05-29 20:43 - 00000000 ____D C:\Users\Joaquín Jimenez\Documents\Freemake
2016-05-29 20:41 - 2016-05-29 20:43 - 00000000 ____D C:\ProgramData\Freemake
2016-05-29 20:41 - 2016-05-29 20:41 - 00001393 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2016-05-29 20:41 - 2016-05-29 20:41 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\Freemake
2016-05-29 20:41 - 2016-05-29 20:41 - 00000000 ____D C:\ProgramData\\Windows\Start Menu\Programs\Freemake
2016-05-29 20:41 - 2016-05-29 20:41 - 00000000 ____D C:\Program Files (x86)\Freemake
2016-05-29 20:35 - 2016-05-29 20:35 - 01866640 _____ (Ellora Assets Corporation ) C:\Users\Joaquín Jimenez\Downloads\FreemakeVideoConverterSetup.exe
2016-05-29 19:32 - 2016-05-29 20:05 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\SSDDXXL
2016-05-29 06:23 - 2016-05-29 06:24 - 15372677 _____ C:\Users\Joaquín Jimenez\Downloads\GVC2016_Win.zip
2016-05-28 22:24 - 2016-05-28 22:24 - 01264026 _____ C:\Users\Joaquín Jimenez\Desktop\Kamasi Washington.jpeg
2016-05-28 10:24 - 2016-05-28 10:24 - 00032614 _____ C:\Users\Joaquín Jimenez\Downloads\[rutracker.org].t5067836.torrent
2016-05-28 01:50 - 2016-05-28 01:51 - 07994011 _____ C:\Users\Joaquín Jimenez\Downloads\ese webm que tengo como 5 veces.mp4
2016-05-28 00:44 - 2016-05-28 00:44 - 05140154 _____ C:\Users\Joaquín Jimenez\Downloads\1464405151413.webm
2016-05-28 00:42 - 2016-05-28 00:42 - 02678556 _____ C:\Users\Joaquín Jimenez\Downloads\1464405111210-1.webm
2016-05-28 00:41 - 2016-05-28 00:41 - 00829698 _____ C:\Users\Joaquín Jimenez\Downloads\1464405111209-0.webm
2016-05-28 00:19 - 2016-05-28 00:19 - 00001765 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-05-28 00:19 - 2016-05-28 00:19 - 00000000 ____D C:\ProgramData\\Windows\Start Menu\Programs\Defraggler
2016-05-28 00:19 - 2016-05-28 00:19 - 00000000 ____D C:\Program Files\Defraggler
2016-05-28 00:18 - 2016-05-28 00:18 - 04529456 _____ (Piriform Ltd) C:\Users\Joaquín Jimenez\Downloads\dfsetup221.exe
2016-05-27 02:10 - 2016-05-27 02:10 - 00000000 ____D C:\Program Files (x86)\ ASP.NET
2016-05-26 05:58 - 2016-05-26 05:58 - 18106463 _____ C:\Users\Joaquín Jimenez\Desktop\MOVIE FINISHED **** THIS ****.mp4
2016-05-26 05:31 - 2016-05-26 05:31 - 00001378 _____ C:\ProgramData\\Windows\Start Menu\Programs\Movie Maker.lnk
2016-05-26 05:31 - 2016-05-26 05:31 - 00000000 ____D C:\WINDOWS\en
2016-05-26 05:30 - 2016-05-26 05:30 - 00001447 _____ C:\ProgramData\\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-05-26 05:30 - 2016-05-26 05:30 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-05-26 05:30 - 2016-05-26 05:30 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-05-26 05:30 - 2016-05-26 05:30 - 00000000 ____D C:\Program Files (x86)\ SQL Server Compact Edition
2016-05-26 05:27 - 2016-05-26 05:33 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\Windows Live
2016-05-26 05:26 - 2016-05-26 05:26 - 01239752 _____ ( Corporation) C:\Users\Joaquín Jimenez\Downloads\wlsetup-web (1).exe
2016-05-26 05:25 - 2016-05-26 05:26 - 01239752 _____ ( Corporation) C:\Users\Joaquín Jimenez\Downloads\wlsetup-web.exe
2016-05-26 05:25 - 2016-05-26 05:25 - 26076803 _____ C:\Users\Joaquín Jimenez\Downloads\CÓMO CONQUISTAR A UNA MUJER.mp4
2016-05-26 02:09 - 2016-05-26 02:09 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\LocalLow\4ilab
2016-05-26 01:15 - 2016-05-26 01:15 - 212507606 _____ C:\Users\Joaquín Jimenez\Downloads\20n1n.howtoarsenio.blogspot.com.rar
2016-05-25 20:51 - 2016-05-25 20:51 - 00802057 _____ C:\Users\Joaquín Jimenez\Downloads\1463953725349-0.mp4
2016-05-25 19:32 - 2016-05-25 19:32 - 00014135 _____ C:\Users\Joaquín Jimenez\Downloads\[rutracker.org].t5156240.torrent
2016-05-25 18:50 - 2016-05-19 22:57 - 00113208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-05-25 18:50 - 2016-05-03 23:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-05-25 18:50 - 2016-05-03 23:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-05-25 18:50 - 2016-05-03 23:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-05-25 18:50 - 2016-05-03 23:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-05-25 18:48 - 2016-05-25 18:50 - 00000000 ____D C:\WINDOWS\LastGood
2016-05-25 18:47 - 2016-05-21 18:09 - 01581624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco64.dll
2016-05-25 18:47 - 2016-05-21 18:09 - 00046024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 39977920 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 35117112 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 31639096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 25401280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 21802816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 21346520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 18145256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 17740664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 17379520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 10642912 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 08733280 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 02791360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 02419768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436822.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436822.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00985024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00786360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00772152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00708032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00669952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00632664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00631104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00601936 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00565208 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00549240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00452616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00379480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00315936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00178136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00155952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00153416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00131768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-05-25 18:47 - 2016-05-20 05:03 - 00000594 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-05-25 18:47 - 2016-05-20 05:03 - 00000594 _____ C:\WINDOWS\system32\nv-vk64.json
2016-05-22 03:25 - 2016-05-22 03:25 - 00053550 _____ C:\Users\Joaquín Jimenez\Downloads\[rutracker.org].t3845936.torrent
2016-05-22 03:20 - 2016-05-22 03:20 - 00021928 _____ C:\Users\Joaquín Jimenez\Downloads\[rutracker.org].t4473366.torrent
2016-05-22 02:41 - 2016-05-22 02:41 - 01424252 _____ C:\Users\Joaquín Jimenez\Desktop\analuisa.mp4
2016-05-21 22:45 - 2016-05-21 22:45 - 00241684 _____ C:\Users\Joaquín Jimenez\Desktop\guitarrita linda.wav
2016-05-21 22:32 - 2016-05-21 22:32 - 02646332 _____ C:\Users\Joaquín Jimenez\Downloads\guitarra blur.wav
2016-05-21 22:20 - 2016-05-21 22:26 - 01335564 _____ C:\Users\Joaquín Jimenez\Desktop\bajo solo.wav
2016-05-21 21:07 - 2016-05-21 21:14 - 194690591 _____ C:\Users\Joaquín Jimenez\Downloads\RPGVXAce_RTP.zip
2016-05-21 02:58 - 2016-05-21 02:58 - 00041766 _____ C:\Users\Joaquín Jimenez\Downloads\[rutracker.org].t1219180.torrent
2016-05-20 22:33 - 2016-05-20 22:33 - 00001258 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2016-05-20 22:33 - 2016-05-20 22:33 - 00000000 ____D C:\ProgramData\\Windows\Start Menu\Programs\Heroes of the Storm
2016-05-20 22:22 - 2016-05-20 22:22 - 00387502 _____ C:\Users\Joaquín Jimenez\Downloads\1463769743509.webm
2016-05-20 22:00 - 2016-06-02 15:23 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-05-20 01:00 - 2016-05-20 01:00 - 00015827 _____ C:\Users\Joaquín Jimenez\Downloads\[rutracker.org].t4674962.torrent
2016-05-19 21:01 - 2016-05-19 21:01 - 00061478 _____ C:\Users\Joaquín Jimenez\Downloads\[rutracker.org].t4578208.torrent
2016-05-18 22:04 - 2016-05-18 22:06 - 39197412 _____ C:\Users\Joaquín Jimenez\Downloads\Iglooghost - Chinese Nü Yr (2015).rar
2016-05-16 11:45 - 2016-05-16 11:46 - 06881742 _____ C:\Users\Joaquín Jimenez\Downloads\1463369066255.mp4
2016-05-14 20:06 - 2016-05-10 01:05 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436519.dll
2016-05-14 20:06 - 2016-05-10 01:05 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436519.dll
2016-05-14 19:56 - 2016-05-14 20:07 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-05-14 19:56 - 2016-04-14 02:38 - 00113216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-05-14 19:56 - 2016-04-14 02:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-05-14 18:33 - 2016-05-14 18:33 - 00020661 _____ C:\Users\Joaquín Jimenez\Downloads\[rutracker.org].t3204702.torrent
2016-05-11 22:50 - 2016-05-11 23:15 - 576320025 _____ C:\Users\Joaquín Jimenez\Downloads\Super_Cartography_Bros._(MP3_+_Art).zip
2016-05-10 21:54 - 2016-05-10 21:54 - 00276315 _____ C:\Users\Joaquín Jimenez\Downloads\1462908579507.mp4
2016-05-10 21:53 - 2016-05-10 21:54 - 01699048 _____ C:\Users\Joaquín Jimenez\Downloads\1462908313203.webm
2016-05-10 21:53 - 2016-05-10 21:53 - 00425552 _____ C:\Users\Joaquín Jimenez\Downloads\1462908299787.webm
2016-05-10 21:52 - 2016-05-10 21:52 - 03284633 _____ C:\Users\Joaquín Jimenez\Downloads\1462917221869.webm
2016-05-10 21:52 - 2016-05-10 21:52 - 00378544 _____ C:\Users\Joaquín Jimenez\Downloads\1462917066647.webm
2016-05-10 21:51 - 2016-05-10 21:52 - 03906071 _____ C:\Users\Joaquín Jimenez\Downloads\1462917590972.webm
2016-05-10 21:50 - 2016-05-10 21:51 - 07314516 _____ C:\Users\Joaquín Jimenez\Downloads\1462917683896.webm
2016-05-10 20:27 - 2016-04-23 01:28 - 16984576 _____ ( Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 20:27 - 2016-04-23 01:26 - 00059904 _____ ( Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 20:27 - 2016-04-23 01:25 - 00087040 _____ ( Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 20:27 - 2016-04-23 01:22 - 00460800 _____ ( Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 20:27 - 2016-04-23 01:19 - 01056256 _____ ( Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 20:27 - 2016-04-23 01:19 - 00853504 _____ ( Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 20:27 - 2016-04-23 01:18 - 00349696 _____ ( Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 20:27 - 2016-04-23 01:16 - 00800768 _____ ( Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 20:27 - 2016-04-23 01:13 - 07200256 _____ ( Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 20:27 - 2016-04-23 01:07 - 05205504 _____ ( Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 20:26 - 2016-05-06 01:53 - 00095072 _____ ( Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 20:26 - 2016-05-06 00:53 - 00351232 _____ ( Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 20:26 - 2016-05-06 00:44 - 00582656 _____ ( Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 20:26 - 2016-05-06 00:23 - 00076288 _____ ( Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 20:26 - 2016-04-30 03:31 - 03591168 _____ ( Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 20:26 - 2016-04-23 03:12 - 01401024 _____ ( Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 20:26 - 2016-04-23 03:12 - 01184960 _____ ( Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 20:26 - 2016-04-23 03:12 - 00713920 _____ ( Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 20:26 - 2016-04-23 03:12 - 00190144 _____ ( Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 20:26 - 2016-04-23 03:12 - 00046784 _____ ( Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 20:26 - 2016-04-23 02:28 - 01557768 _____ ( Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 20:26 - 2016-04-23 02:28 - 01542816 _____ ( Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 20:26 - 2016-04-23 02:26 - 00707608 _____ ( Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 20:26 - 2016-04-23 02:24 - 07474528 _____ ( Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 20:26 - 2016-04-23 02:24 - 01819208 _____ ( Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 20:26 - 2016-04-23 02:24 - 00754664 _____ ( Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 20:26 - 2016-04-23 02:24 - 00638816 _____ ( Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 20:26 - 2016-04-23 02:24 - 00335712 _____ ( Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 20:26 - 2016-04-23 02:24 - 00099680 _____ ( Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 20:26 - 2016-04-23 02:22 - 01161120 _____ ( Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 20:26 - 2016-04-23 02:13 - 00306832 _____ ( Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 20:26 - 2016-04-23 02:12 - 00925064 _____ ( Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 20:26 - 2016-04-23 02:11 - 01092464 _____ ( Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 20:26 - 2016-04-23 02:10 - 03673424 _____ ( Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 20:26 - 2016-04-23 02:10 - 02919832 _____ ( Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 20:26 - 2016-04-23 02:10 - 00330072 _____ ( Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 20:26 - 2016-04-23 02:09 - 22561256 _____ ( Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 20:26 - 2016-04-23 02:09 - 21123320 _____ ( Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 20:26 - 2016-04-23 02:09 - 05240960 _____ ( Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 20:26 - 2016-04-23 02:09 - 04074160 _____ ( Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 20:26 - 2016-04-23 02:09 - 00569744 _____ ( Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 20:26 - 2016-04-23 02:09 - 00565600 _____ ( Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 20:26 - 2016-04-23 02:09 - 00465760 _____ ( Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 20:26 - 2016-04-23 02:08 - 06605504 _____ ( Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 20:26 - 2016-04-23 02:08 - 04515256 _____ ( Corporation) C:\WINDOWS\explorer.exe
2016-05-10 20:26 - 2016-04-23 02:08 - 00725776 _____ ( Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 20:26 - 2016-04-23 02:07 - 01848072 _____ ( Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 20:26 - 2016-04-23 02:07 - 01536088 _____ ( Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 20:26 - 2016-04-23 02:07 - 00204048 _____ ( Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 20:26 - 2016-04-23 02:07 - 00183904 _____ ( Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 20:26 - 2016-04-23 02:06 - 00291360 _____ ( Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 20:26 - 2016-04-23 02:01 - 01996640 _____ ( Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 20:26 - 2016-04-23 02:01 - 00650304 _____ ( Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 20:26 - 2016-04-23 02:01 - 00619296 _____ ( Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 20:26 - 2016-04-23 02:01 - 00513368 _____ ( Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 20:26 - 2016-04-23 02:00 - 01776768 _____ ( Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 20:26 - 2016-04-23 02:00 - 01522152 _____ ( Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 20:26 - 2016-04-23 02:00 - 01399224 _____ ( Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 20:26 - 2016-04-23 02:00 - 01337240 _____ ( Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 20:26 - 2016-04-23 02:00 - 00550656 _____ ( Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 20:26 - 2016-04-23 02:00 - 00453472 _____ ( Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 20:26 - 2016-04-23 02:00 - 00058208 _____ ( Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 20:26 - 2016-04-23 01:39 - 00089088 _____ ( Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 20:26 - 2016-04-23 01:34 - 00059392 _____ ( Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 20:26 - 2016-04-23 01:33 - 00063488 _____ ( Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 20:26 - 2016-04-23 01:32 - 00028672 _____ ( Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 20:26 - 2016-04-23 01:31 - 13018112 _____ ( Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 20:26 - 2016-04-23 01:31 - 00074752 _____ ( Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 20:26 - 2016-04-23 01:30 - 22379008 _____ ( Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 20:26 - 2016-04-23 01:30 - 00120320 _____ ( Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 20:26 - 2016-04-23 01:29 - 00072704 _____ ( Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 20:26 - 2016-04-23 01:29 - 00047104 _____ ( Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 20:26 - 2016-04-23 01:28 - 00104448 _____ ( Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 20:26 - 2016-04-23 01:28 - 00051712 _____ ( Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 20:26 - 2016-04-23 01:27 - 00039424 _____ ( Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 20:26 - 2016-04-23 01:26 - 00269824 _____ ( Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 20:26 - 2016-04-23 01:26 - 00086528 _____ ( Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 20:26 - 2016-04-23 01:24 - 00292864 _____ ( Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 20:26 - 2016-04-23 01:24 - 00287232 _____ ( Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 20:26 - 2016-04-23 01:24 - 00181248 _____ ( Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 20:26 - 2016-04-23 01:24 - 00166400 _____ ( Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 20:26 - 2016-04-23 01:23 - 11545088 _____ ( Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 20:26 - 2016-04-23 01:23 - 00279040 _____ ( Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 20:26 - 2016-04-23 01:23 - 00080896 _____ ( Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 20:26 - 2016-04-23 01:22 - 09918976 _____ ( Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 20:26 - 2016-04-23 01:20 - 19344384 _____ ( Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 20:26 - 2016-04-23 01:20 - 18676224 _____ ( Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 20:26 - 2016-04-23 01:20 - 00606720 _____ ( Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 20:26 - 2016-04-23 01:20 - 00484352 _____ ( Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 20:26 - 2016-04-23 01:20 - 00356864 _____ ( Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 20:26 - 2016-04-23 01:20 - 00137728 _____ ( Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 20:26 - 2016-04-23 01:19 - 07977472 _____ ( Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 20:26 - 2016-04-23 01:19 - 00970752 _____ ( Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 20:26 - 2016-04-23 01:19 - 00440320 _____ ( Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 20:26 - 2016-04-23 01:19 - 00395264 _____ ( Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 20:26 - 2016-04-23 01:19 - 00140800 _____ ( Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 20:26 - 2016-04-23 01:18 - 24604672 _____ ( Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 20:26 - 2016-04-23 01:18 - 00988160 _____ ( Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 20:26 - 2016-04-23 01:18 - 00939520 _____ ( Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 20:26 - 2016-04-23 01:18 - 00870400 _____ ( Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 20:26 - 2016-04-23 01:18 - 00515072 _____ ( Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 20:26 - 2016-04-23 01:17 - 00529920 _____ ( Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 20:26 - 2016-04-23 01:17 - 00337920 _____ ( Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 20:26 - 2016-04-23 01:16 - 01319424 _____ ( Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 20:26 - 2016-04-23 01:15 - 00865792 _____ ( Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 20:26 - 2016-04-23 01:15 - 00792064 _____ ( Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 20:26 - 2016-04-23 01:15 - 00784896 _____ ( Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 20:26 - 2016-04-23 01:15 - 00400896 _____ ( Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 20:26 - 2016-04-23 01:15 - 00348672 _____ ( Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 20:26 - 2016-04-23 01:14 - 13383168 _____ ( Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 20:26 - 2016-04-23 01:14 - 00821760 _____ ( Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 20:26 - 2016-04-23 01:14 - 00711680 _____ ( Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 20:26 - 2016-04-23 01:13 - 06295552 _____ ( Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 20:26 - 2016-04-23 01:13 - 00434688 _____ ( Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 20:26 - 2016-04-23 01:12 - 00667648 _____ ( Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 20:26 - 2016-04-23 01:10 - 12125696 _____ ( Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 20:26 - 2016-04-23 01:10 - 00639488 _____ ( Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 20:26 - 2016-04-23 01:09 - 03666432 _____ ( Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 20:26 - 2016-04-23 01:09 - 02582016 _____ ( Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 20:26 - 2016-04-23 01:08 - 05324288 _____ ( Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 20:26 - 2016-04-23 01:08 - 02061824 _____ ( Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 20:26 - 2016-04-23 01:07 - 02598912 _____ ( Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 20:26 - 2016-04-23 01:06 - 06974464 _____ ( Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 20:26 - 2016-04-23 01:05 - 05502976 _____ ( Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 20:26 - 2016-04-23 01:05 - 02166784 _____ ( Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 20:26 - 2016-04-23 01:05 - 02066432 _____ ( Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 20:26 - 2016-04-23 01:05 - 01946112 _____ ( Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 20:26 - 2016-04-23 01:04 - 04759040 _____ ( Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 20:26 - 2016-04-23 01:03 - 05660160 _____ ( Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 20:26 - 2016-04-23 01:03 - 04894208 _____ ( Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 20:26 - 2016-04-23 01:03 - 02280960 _____ ( Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 20:26 - 2016-04-23 01:03 - 02000896 _____ ( Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 20:26 - 2016-04-23 01:03 - 00754176 _____ ( Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 20:26 - 2016-04-23 01:02 - 07832576 _____ ( Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 20:26 - 2016-04-23 01:02 - 02444288 _____ ( Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 20:26 - 2016-04-23 01:00 - 00984576 _____ ( Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 20:26 - 2016-04-23 00:45 - 00461824 _____ ( Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 20:25 - 2016-05-06 01:05 - 00241664 _____ ( Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 20:25 - 2016-05-06 01:03 - 00649216 _____ ( Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 20:25 - 2016-05-06 00:49 - 00289792 _____ ( Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 20:25 - 2016-05-06 00:43 - 00320000 _____ ( Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 20:25 - 2016-04-30 03:42 - 01387520 _____ ( Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 20:25 - 2016-04-23 03:12 - 00514752 _____ ( Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 20:25 - 2016-04-23 03:12 - 00294592 _____ ( Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 20:25 - 2016-04-23 03:12 - 00092352 _____ ( Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 20:25 - 2016-04-23 02:24 - 01997328 _____ ( Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 20:25 - 2016-04-23 02:18 - 00026408 _____ ( Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 20:25 - 2016-04-23 02:13 - 00502104 _____ ( Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 20:25 - 2016-04-23 02:13 - 00084832 _____ ( Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 20:25 - 2016-04-23 02:12 - 00451928 _____ ( Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 20:25 - 2016-04-23 02:12 - 00413536 _____ ( Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 20:25 - 2016-04-23 02:11 - 00696672 _____ ( Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 20:25 - 2016-04-23 02:11 - 00498960 _____ ( Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 20:25 - 2016-04-23 02:11 - 00390496 _____ ( Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 20:25 - 2016-04-23 02:11 - 00131424 _____ ( Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 20:25 - 2016-04-23 02:11 - 00115040 _____ ( Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 20:25 - 2016-04-23 02:09 - 00303216 _____ ( Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 20:25 - 2016-04-23 02:09 - 00255168 _____ ( Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 20:25 - 2016-04-23 02:02 - 00188256 _____ ( Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 20:25 - 2016-04-23 02:01 - 00577368 _____ ( Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 20:25 - 2016-04-23 02:01 - 00522176 _____ ( Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 20:25 - 2016-04-23 02:01 - 00393568 _____ ( Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 20:25 - 2016-04-23 02:01 - 00217440 _____ ( Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 20:25 - 2016-04-23 02:00 - 01594920 _____ ( Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 20:25 - 2016-04-23 02:00 - 01372304 _____ ( Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 20:25 - 2016-04-23 01:56 - 00534872 _____ ( Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 20:25 - 2016-04-23 01:35 - 00066560 _____ ( Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 20:25 - 2016-04-23 01:34 - 00067072 _____ ( Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 20:25 - 2016-04-23 01:34 - 00048128 _____ ( Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 20:25 - 2016-04-23 01:33 - 00089600 _____ ( Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 20:25 - 2016-04-23 01:33 - 00063488 _____ ( Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 20:25 - 2016-04-23 01:33 - 00038400 _____ ( Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 20:25 - 2016-04-23 01:32 - 00134656 _____ ( Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 20:25 - 2016-04-23 01:32 - 00069632 _____ ( Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 20:25 - 2016-04-23 01:30 - 00050176 _____ ( Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 20:25 - 2016-04-23 01:29 - 00192000 _____ ( Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-10 20:25 - 2016-04-23 01:29 - 00151040 _____ ( Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 20:25 - 2016-04-23 01:29 - 00087552 _____ ( Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 20:25 - 2016-04-23 01:29 - 00087040 _____ ( Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 20:25 - 2016-04-23 01:29 - 00031232 _____ ( Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 20:25 - 2016-04-23 01:29 - 00023552 _____ ( Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 20:25 - 2016-04-23 01:28 - 00130560 _____ ( Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 20:25 - 2016-04-23 01:28 - 00127488 _____ ( Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 20:25 - 2016-04-23 01:28 - 00086528 _____ ( Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 20:25 - 2016-04-23 01:27 - 00155136 _____ ( Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 20:25 - 2016-04-23 01:25 - 00630784 _____ ( Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 20:25 - 2016-04-23 01:25 - 00617984 _____ ( Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 20:25 - 2016-04-23 01:25 - 00210432 _____ ( Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 20:25 - 2016-04-23 01:25 - 00207360 _____ ( Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 20:25 - 2016-04-23 01:24 - 00764928 _____ ( Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-10 20:25 - 2016-04-23 01:24 - 00689152 _____ ( Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 20:25 - 2016-04-23 01:24 - 00084480 _____ ( Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 20:25 - 2016-04-23 01:23 - 00414720 _____ ( Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 20:25 - 2016-04-23 01:23 - 00179712 _____ ( Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 20:25 - 2016-04-23 01:22 - 00285696 _____ ( Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 20:25 - 2016-04-23 01:21 - 00479232 _____ ( Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 20:25 - 2016-04-23 01:21 - 00314880 _____ ( Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 20:25 - 2016-04-23 01:20 - 00497152 _____ ( Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 20:25 - 2016-04-23 01:20 - 00307200 _____ ( Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 20:25 - 2016-04-23 01:18 - 00988672 _____ ( Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 20:25 - 2016-04-23 01:18 - 00804352 _____ ( Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 20:25 - 2016-04-23 01:18 - 00605184 _____ ( Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 20:25 - 2016-04-23 01:18 - 00585728 _____ ( Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 20:25 - 2016-04-23 01:18 - 00471552 _____ ( Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 20:25 - 2016-04-23 01:18 - 00436736 _____ ( Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 20:25 - 2016-04-23 01:18 - 00219648 _____ ( Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 20:25 - 2016-04-23 01:17 - 01213440 _____ ( Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 20:25 - 2016-04-23 01:17 - 00388608 _____ ( Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 20:25 - 2016-04-23 01:16 - 00848896 _____ ( Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 20:25 - 2016-04-23 01:15 - 01073152 _____ ( Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 20:25 - 2016-04-23 01:15 - 00673280 _____ ( Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 20:25 - 2016-04-23 01:14 - 00870912 _____ ( Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 20:25 - 2016-04-23 01:14 - 00647680 _____ ( Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 20:25 - 2016-04-23 01:14 - 00503296 _____ ( Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 20:25 - 2016-04-23 01:14 - 00354304 _____ ( Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 20:25 - 2016-04-23 01:14 - 00342528 _____ ( Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 20:25 - 2016-04-23 01:13 - 00705536 _____ ( Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 20:25 - 2016-04-23 01:13 - 00489984 _____ ( Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 20:25 - 2016-04-23 01:07 - 01500160 _____ ( Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 20:25 - 2016-04-23 01:07 - 00848896 _____ ( Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 20:25 - 2016-04-23 01:05 - 01626624 _____ ( Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 20:25 - 2016-04-23 01:05 - 00613376 _____ ( Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 20:25 - 2016-04-23 01:05 - 00111616 _____ ( Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 20:25 - 2016-04-23 01:05 - 00103936 _____ ( Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 20:25 - 2016-04-23 01:04 - 01731072 _____ ( Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 20:25 - 2016-04-23 01:03 - 02193408 _____ ( Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 20:25 - 2016-04-23 01:03 - 00503296 _____ ( Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 20:25 - 2016-04-23 01:01 - 04775424 _____ ( Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 20:25 - 2016-04-23 01:00 - 01390080 _____ ( Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 20:25 - 2016-04-22 23:10 - 00215040 _____ ( Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 20:25 - 2016-04-22 23:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-10 20:25 - 2016-04-18 19:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-09 20:09 - 2016-05-09 20:09 - 00477817 _____ C:\Users\Joaquín Jimenez\Desktop\You're a *****.mp4
2016-05-09 19:37 - 2016-05-09 19:37 - 00020787 _____ C:\Users\Joaquín Jimenez\Downloads\[rutracker.org].t5222402.torrent
2016-05-09 17:06 - 2016-05-09 17:06 - 00015527 _____ C:\Users\Joaquín Jimenez\Downloads\[rutracker.org].t5220792.torrent
2016-05-09 17:05 - 2016-05-09 17:05 - 00015670 _____ C:\Users\Joaquín Jimenez\Downloads\[rutracker.org].t5220918.torrent
2016-05-09 16:56 - 2016-05-09 16:57 - 01484398 _____ C:\Users\Joaquín Jimenez\Desktop\my life farm tbh.webm
2016-05-08 18:28 - 2016-05-08 18:28 - 00753805 _____ C:\Users\Joaquín Jimenez\Desktop\chjoco en taladro.mp4
2016-05-08 17:28 - 2016-05-08 17:28 - 319941768 _____ C:\Users\Joaquín Jimenez\Downloads\RHAMSP.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-06 14:32 - 2015-09-09 15:10 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\StarTrekPC
2016-06-06 14:31 - 2015-10-11 01:04 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\LogMeIn Hamachi
2016-06-06 14:31 - 2015-09-07 22:14 - 01048576 _____ C:\WINDOWS\PE_Rom.dll
2016-06-06 14:29 - 2015-11-24 21:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-06 14:29 - 2015-11-24 21:32 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-06 14:28 - 2015-10-30 03:28 - 02097152 ___SH C:\WINDOWS\system32\config\BBI
2016-06-06 14:28 - 2015-09-06 01:37 - 00001373 _____ C:\ProgramData\\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-06 14:22 - 2015-09-06 12:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-06 14:21 - 2015-10-04 18:28 - 00000000 _____ C:\WINDOWS\Path.idx
2016-06-06 14:21 - 2015-09-06 01:59 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-05 21:44 - 2016-03-06 16:52 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\MusicBee
2016-06-05 21:44 - 2015-09-06 01:35 - 00004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5A8EF610-8DEE-4DAE-88CD-A15FF32895EC}
2016-06-05 20:55 - 2015-09-06 12:16 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\foobar2000
2016-06-05 20:50 - 2015-11-24 21:52 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-05 20:50 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-05 20:39 - 2016-01-08 04:17 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\osu!
2016-06-05 16:51 - 2015-09-20 00:12 - 00000359 _____ C:\Users\Joaquín Jimenez\Desktop\R79587.lnk
2016-06-05 16:50 - 2016-02-26 02:31 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\Sony
2016-06-05 16:50 - 2015-09-14 19:31 - 00000000 ____D C:\ProgramData\Sony
2016-06-05 16:49 - 2015-09-14 19:31 - 00000000 ____D C:\ProgramData\\Windows\Start Menu\Programs\Sony
2016-06-05 16:48 - 2015-09-06 22:01 - 00000000 ____D C:\Users\Joaquín Jimenez\Documents\My Games
2016-06-05 16:48 - 2015-09-06 20:02 - 00000000 ____D C:\ProgramData\\Windows\Start Menu\Programs\R.G. Mechanics
2016-06-05 16:47 - 2015-09-08 00:22 - 00000000 ____D C:\Fraps
2016-06-05 16:45 - 2015-09-06 23:39 - 00000000 ____D C:\Users\JoaquÃ*n Jimenez
2016-06-05 16:43 - 2016-02-08 00:22 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\Data Realms
2016-06-05 16:43 - 2016-02-08 00:21 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\Data Realms
2016-06-05 16:37 - 2015-12-12 00:32 - 00000000 ____D C:\Games
2016-06-05 16:20 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-05 16:20 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-05 16:15 - 2015-11-24 21:27 - 04827808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-05 06:28 - 2015-11-24 21:35 - 00000000 ____D C:\Users\Joaquín Jimenez
2016-06-05 06:27 - 2015-09-06 00:07 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\CrashDumps
2016-06-05 06:01 - 2015-12-02 09:21 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\Apps\2.0
2016-06-05 05:47 - 2015-09-06 12:43 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\Skype
2016-06-05 05:45 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-06-05 05:45 - 2013-08-22 12:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-06-05 04:45 - 2016-02-26 02:56 - 00000000 ____D C:\Program Files\Common Files\Propellerhead
2016-06-05 04:28 - 2016-02-26 02:55 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\Image-Line
2016-06-05 04:28 - 2015-11-09 15:23 - 00000000 ____D C:\Program Files (x86)\DSPRobotics
2016-06-05 04:27 - 2015-11-09 15:24 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2016-06-05 03:58 - 2015-10-18 23:37 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\Human Resource Machine
2016-06-05 03:43 - 2015-09-06 02:47 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\Battle.net
2016-06-05 03:43 - 2015-09-06 02:47 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-05 03:36 - 2016-04-02 06:13 - 00004341 _____ C:\Users\Joaquín Jimenez\Desktop\New Text Document (3).txt
2016-06-05 03:09 - 2015-12-02 03:41 - 00000000 ____D C:\Users\Joaquín Jimenez\BrawlhallaReplays
2016-06-04 21:37 - 2015-09-06 12:25 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-06-02 05:56 - 2015-11-25 20:26 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-06-02 05:50 - 2016-03-07 16:50 - 00000000 ____D C:\temp
2016-06-02 05:50 - 2015-09-10 16:47 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-06-01 22:35 - 2015-09-06 03:04 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-05-28 11:35 - 2016-02-20 03:16 - 00000000 ____D C:\Users\Joaquín Jimenez\Desktop\Writer
2016-05-28 01:18 - 2016-02-21 00:44 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\IronSnout
2016-05-26 05:30 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Common Files\ shared
2016-05-25 18:51 - 2015-11-24 21:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-25 18:51 - 2015-10-03 00:43 - 00000000 ____D C:\ProgramData\\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-22 19:22 - 2016-03-05 18:39 - 00000287 _____ C:\Users\Joaquín Jimenez\Desktop\Más samples.txt
2016-05-22 18:02 - 2015-08-29 00:31 - 13509184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-05-21 18:09 - 2015-11-20 18:11 - 00141256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-05-20 05:03 - 2016-03-29 01:19 - 17662432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-05-20 05:03 - 2015-08-29 00:31 - 20305768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-05-20 05:03 - 2015-08-29 00:31 - 14410024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-05-20 05:03 - 2015-08-29 00:31 - 03811440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-05-20 05:03 - 2015-08-29 00:31 - 03371648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-05-20 05:03 - 2015-08-07 08:10 - 00040084 _____ C:\WINDOWS\system32\nvinfo.pb
2016-05-20 03:13 - 2015-09-13 10:56 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\CSDSteamBuild
2016-05-19 23:08 - 2015-12-22 18:18 - 00533560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-05-19 23:08 - 2015-12-22 18:18 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-05-19 23:08 - 2015-11-24 21:32 - 06348344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-05-19 23:08 - 2015-11-24 21:32 - 02454976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-05-19 23:08 - 2015-11-24 21:32 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-05-19 23:08 - 2015-11-24 21:32 - 01352760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-05-19 23:08 - 2015-11-24 21:32 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-05-19 23:08 - 2015-11-24 21:32 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-05-18 20:20 - 2015-11-17 14:57 - 00002208 _____ C:\WINDOWS\MB.idx
2016-05-18 05:37 - 2015-11-24 21:32 - 06448223 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-05-14 20:11 - 2016-01-12 04:57 - 00006357 _____ C:\Users\Joaquín Jimenez\Desktop\New Text Document.txt
2016-05-14 19:57 - 2015-09-06 01:43 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\NVIDIA
2016-05-14 18:48 - 2015-11-24 22:04 - 00002393 _____ C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-14 18:48 - 2015-11-24 22:04 - 00000000 ___RD C:\Users\Joaquín Jimenez\OneDrive
2016-05-13 19:52 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 19:29 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-12 23:22 - 2015-09-06 12:25 - 00003994 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-05-12 15:46 - 2015-09-06 12:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-12 15:46 - 2015-09-06 12:43 - 00000000 ____D C:\ProgramData\Skype
2016-05-12 15:29 - 2015-11-24 21:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-12 15:17 - 2015-10-30 06:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 15:17 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-12 15:17 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 15:17 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-12 15:17 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-12 15:16 - 2015-10-30 04:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 16:57 - 2015-10-30 04:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 16:57 - 2015-10-30 04:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 00:53 - 2015-09-10 17:30 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Local\ElevatedDiagnostics
2016-05-10 20:56 - 2015-09-08 14:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-10 20:43 - 2015-09-08 14:42 - 139319312 _____ ( Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-10 20:03 - 2015-09-06 01:37 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 20:03 - 2015-09-06 01:37 - 00003756 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 20:03 - 2015-09-06 01:37 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-10 20:03 - 2015-09-06 01:37 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

==================== Files in the root of some directories =======

2015-11-11 17:28 - 2016-02-08 19:28 - 0000132 _____ () C:\Users\Joaquín Jimenez\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-10-27 00:04 - 2015-09-09 16:26 - 0012005 _____ () C:\Users\Joaquín Jimenez\AppData\Roaming\alsoft.ini
2016-06-05 06:02 - 2016-05-19 11:54 - 1443152 _____ ( ) C:\Users\Joaquín Jimenez\AppData\Roaming\AutoTime_51490.jpg
2015-09-26 01:34 - 2015-12-02 20:13 - 0189856 _____ () C:\Users\Joaquín Jimenez\AppData\Roaming\DarkNexusArena.torrent
2016-06-05 06:00 - 2016-06-05 06:00 - 0011568 _____ () C:\Users\Joaquín Jimenez\AppData\Roaming\InstallationConfiguration.xml
2016-02-19 02:45 - 2016-02-27 01:57 - 0002512 _____ () C:\Users\Joaquín Jimenez\AppData\Roaming\SpeedRunnersLog.txt
2015-09-26 01:34 - 2015-12-02 20:13 - 0000008 _____ () C:\Users\Joaquín Jimenez\AppData\Roaming\version.txt
2015-10-31 04:51 - 2015-10-31 17:25 - 0000042 _____ () C:\Users\Joaquín Jimenez\AppData\Local\Autosofted License.txt
2016-04-03 04:31 - 2016-04-03 04:31 - 0003584 _____ () C:\Users\Joaquín Jimenez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-06 02:54 - 2015-09-06 02:54 - 1065984 _____ () C:\Users\Joaquín Jimenez\AppData\Local\file__0.localstorage
2015-09-08 21:39 - 2015-09-08 21:39 - 0306176 _____ (Valve Corporation) C:\Users\Joaquín Jimenez\AppData\Local\steam_api64.dll
2015-11-24 21:32 - 2015-11-24 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-08 07:09 - 2016-02-08 07:09 - 0000141 _____ () C:\ProgramData\.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Windows\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}.job


Some files in TEMP:
====================
C:\Users\Joaquín Jimenez\AppData\Local\Temp\1989.tmp.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\39f0-a847-62a4-4b49.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\7za.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\a477-5a67-f4c0-40d9.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\Ableton Swapper.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\ccsetup512pro.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\CPCGRCLVCP.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\eauninstall.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\libeay32.dll
C:\Users\Joaquín Jimenez\AppData\Local\Temp\mesox.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\msvcr120.dll
C:\Users\Joaquín Jimenez\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Joaquín Jimenez\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Joaquín Jimenez\AppData\Local\Temp\nvStInst.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\QQPCMgr_Setup.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\SC4_uninst.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\setdd.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\setup.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Joaquín Jimenez\AppData\Local\Temp\sqlite3.dll
C:\Users\Joaquín Jimenez\AppData\Local\Temp\SWFXXLRT.DLL


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-01 21:05

==================== End of FRST.txt ============================

Again, thanks for your help.
Do you think i can connect the PC to the internet already? I'm scared of the malware that was downloading more malware.
mp3774 is offline  
Old 06-06-2016, 03:25 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello mp3774. You're welcome.

Quote:
Do you think i can connect the PC to the internet already? I'm scared of the malware that was downloading more malware
You can connect, but only to follow the instructions here, for now. Don't do any browsing just yet.

------------------------------------------------------

SysWOW64 is legit. Please don't mess with those. Thanks.

Wow. This machine is a mess. It will take several rounds to eradicate.

What happens when you try to uninstall those softwares, such as, ContentPush, Freemake Video Converter, hohosearch - Uninstall, KuaiZip(¿ìѹ), QQPCMgr(电脑管家11.5) etc., in Programs and Features?

Do you intentionally use unstopp.me?

------------------------------------------------------

It appears you are using a cracked version of Camtasia Studio 8:

Quote:
==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2016-06-05 05:56 - 00001071 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 65.52.240.48
127.0.0.1 activation.cloud.techsmith.com
You will have to uninstall Camtasia Studio 8, and KMSpico, in order for us to proceed.

Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-07-2016, 03:12 AM   #7
Registered Member
 
Join Date: Jun 2016
Posts: 30
OS: Windows 10



I was sure SysWow64 was some kind of malware, everytime i get directed to it is by these things.
Freemake videos is just a video converter,the solw reason i use it is toconvert wembs to MP4 so i can share them in Whatsapp, the rest i can't really uninstall from progams and apps because either ia in chinese and it has a weird layout or i don't have permission.
The permission thing might be gone after we deleted the Tencent folder, i'll try, but at least KuaiZip was in Chinese and i didn't want to unintentionally install something else.
No, i don't use unstop.me, i only use "Hola" and that's for watching other countries Netflix becausee mine's pretty bad.
Camstacia thing is probably my brothers, he makes Youtube videos and that stuff, never unistalled because it might come in handy sometime, i'll gladly uninstall when i get home.
I don't know what KMSpico is but i'll delete it too.
mp3774 is offline  
Old 06-07-2016, 03:30 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mp3774. KMSpico is a crack for MS Word.

The reason I mentioned Freemake Video Converter is that you mentioned ProductUpdater, which belongs to Freemake.

Let me know if you were successful in uninstalling KMSpico and Camtasia Studio 8.

Are you able to uninstall KuaiZip(¿ìѹ), QQPCMgr(电脑管家11.5) by using those Chinese characters for identification?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-07-2016, 03:40 PM   #9
Registered Member
 
Join Date: Jun 2016
Posts: 30
OS: Windows 10



Oh, sorry about that, didn't really check the root of ProductUpdater, and sorry about last message, again, i'm still on my cellphone and i was very sleepy.
I can't go home, so don't you don'thave to look out for a reply, i'll delete all those tomorrow.
Also, i'll delete Freemake Video Maker while i'm doing so, because it mighr have installed some adware.
Windows came with the PC and after that i installed the free Windows 10 update, so i really don't know who installed it or why.
And what i meant with the weird layout is, it isn't a typical uninstall layou, it's a custom one with something like 3 options, so i don't know what to click. I'll screenshot it tomorrow.
mp3774 is offline  
Old 06-08-2016, 09:50 AM   #10
Registered Member
 
Join Date: Jun 2016
Posts: 30
OS: Windows 10



Hello again.
I just uninstalled Camtasia.
I tried uninstalling KuaiZip and this is what popped out.
I have 3 hohosearch, with all three the same message pops up.
I deleted KMSpico and ContentPush.
QQPCMGr didn't appear in the list, pretty sure the malware cleaner removed everything Tencent.
I can use Internet with no real problem, there is no malware downloading, i checked if i was downloading anything and there is no sing of it, so i will try to use Steam and Skype for the rest of the day, to see if anything pops out.
The problem seems to be the browser.
Ads pop out of nowhere, i have AdBlock installed exactly for this reason, but sometimes i click somewhere in the page (nowhere in particular, even clicking text or some blank space causes this too.) and the ad pops in a new window.
Also, when i start the PC some weird error appears, i'll screenshot it next time i turn it on, it closes too fast, so i couldn't screenshot the last 2 times, i'll do it next time.
It's probably malware trying to access some file that does not exist anymore.
Aside from that, the computer is running pretty well, no more random CMD windows or things like that, thanks for all the help.
mp3774 is offline  
Old 06-08-2016, 07:57 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mp3774. You're very welcome.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up and restore your files - Windows Help

------------------------------------------------------

Quote:
QQPCMGr didn't appear in the list, pretty sure the malware cleaner removed everything Tencent
QQPCMgr still appeared in the Addition.txt log as installed, even after running AdwCleaner.

Did you successfully uninstall FreeMake?

------------------------------------------------------

CCleaner
AVG PC Tuneup


We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling AVG PC Tuneup via Programs and Features(right-click the Windows "logo" button > Programs and Features).

--------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {01197A1D-7249-47F0-834F-796197BE5934} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {0CC9A5EE-FE02-4970-8C50-783DD81FA1D5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {1B5E6D64-F8AE-4CE7-A0FA-2F0CBD047E6B} - System32\Tasks\Doroghtshejas Module => C:\Program Files (x86)\Doroghtshejas\doroghtshejasmoduletask.exe <==== ATTENTION
    Task: {29252A17-CA88-451B-99D3-CCEB155A4A24} - \AutoPico Daily Restart -> No File <==== ATTENTION
    Task: {363F94D3-4940-4A27-8CBA-4DFF7F586600} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {6A5B7499-5D43-472E-A57F-2DD76459EC8A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {7E2F19D2-467F-4687-B077-661AF87586D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {8F1DD2FF-C410-43EF-90A8-5BA7AC128001} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {AFB18B24-1DD6-45DD-8417-21EA6810F527} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {CFB1099C-9E67-41B4-8C5E-B09E0287C3CF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {DA3BC88F-3441-4D8E-AF5D-508D0019646D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {E9A96F04-33A6-4A96-9F81-8930F80FE408} - System32\Tasks\KuaiZip_Update => C:\Program Files\¿ìѹ\X86\Update.exe [2016-06-05] (Shanghai Guangle Network Technology Ltd) <==== ATTENTION
    Task: {F1852763-5307-435C-9DA3-19BBDC42344E} - System32\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86} => C:\Users\JOAQUN~1\AppData\Local\{74A64~1\UNINST~1.EXE
    Task: {FA5696DB-B442-4A6C-BADE-2F97C61437AF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {FC969ED3-B188-4613-8B28-C1B5E1F8CEC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}.job => C:\Users\JOAQUN~1\AppData\Local\{74A64~1\UNINST~1.EXE
    FirewallRules: [{98751361-1CC0-483A-B6D4-8147B63BC7D1}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{0F2314FA-A8B6-406B-BD38-0A4516B67BC1}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{4EF7AE16-BBF6-4A10-A4C5-45F8CFF5217A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{A4D66D5D-BE15-4C1E-B305-F9704E5CC9A2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{91C71D9D-90E7-4ED1-8E15-2359DF92E90C}] => (Allow) C:\Users\Joaquín Jimenez\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{3FFED497-8942-4436-BEDE-BEC0959AB5BB}] => (Allow) C:\Users\Joaquín Jimenez\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{78F0D947-A6AA-4D53-8D95-DCC8708B87E4}] => (Allow) C:\Users\Joaquín Jimenez\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{92DB82C9-CDAD-4659-8AC8-E6F286FC05BB}] => (Allow) C:\Users\Joaquín Jimenez\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{581A2A92-29F6-4F6F-9052-5F750ECB5E86}] => (Allow) C:\Users\Joaquín Jimenez\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{693EF2A1-8DE7-49DE-8725-85E67F064553}] => (Allow) C:\Users\Joaquín Jimenez\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{20688911-6E97-40C3-9104-BF6AEE553436}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{4A53A5D6-FB04-4EA5-9106-ED43C841331F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{8DC9E807-6A1B-4B47-95E7-AE9F9ADF5B8E}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{0CDE5BF8-836F-426F-8935-05366EFFCBA0}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{E0F40B0E-AD72-41D8-B4A8-672ECC1B1CF2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{BFEF1A54-7B39-432F-84AA-3223F033F0A3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{6EC3FABC-0ABA-43A5-84CF-0F8C6AE155D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{6EDB390D-9E63-4D31-B8CC-930558F39A97}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
    HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75264 2016-05-26] ()
    HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe" /regrun
    HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [QGuan90132] => C:\Users\Joaquín Jimenez\AppData\Roaming\service90132.exe /autorun
    HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.5892.0626\amd64"
    HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.5892.0626"
    HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6201.1019\amd64"
    HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6201.1019] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6201.1019"
    HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6281.1202\amd64"
    HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6281.1202"
    HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6301.0127\amd64"
    HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6301.0127"
    HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6302.0225\amd64"
    HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6302.0225"
    HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [16182 2016-06-06] ()
    ShellExecuteHooks: - {98C066AB-D735-4339-9E52-A34875141B56} - C:\Users\Joaquín Jimenez\AppData\Local\\Windows\INetCookies\kunecult.dll [425152 2016-06-03] ()
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt64.dll No File
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2016-06-05] ()
    AutoConfigURL: [S-1-5-21-304593758-4089326632-167283939-1001] => hxxp://unstopp.me/wpad.dat?fabe8b113da383ef0c4e24f2bbb39b8b2609644
    ManualProxies: 0hxxp://unstopp.me/wpad.dat?fabe8b113da383ef0c4e24f2bbb39b8b2609644
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-304593758-4089326632-167283939-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat => No File
    CHR HomePage: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBH4lBn8tBU..&v=20160603&uid=62744D7A72726E6BE1491854ACB20A56&ptid=epf2&mode=loadm
    CHR StartupUrls: ChromeDefaultData -> "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBH4lBn8tBU..&v=20160603&uid=62744D7A72726E6BE1491854ACB20A56&ptid=epf2&mode=loadm"
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?q={searchTerms}&ts=AHEqBH4lBn8tBU..&v=20160603&uid=62744D7A72726E6BE1491854ACB20A56&ptid=epf2&mode=loadm
    CHR DefaultSearchKeyword: ChromeDefaultData -> hohosearch
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-304593758-4089326632-167283939-1001\\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    R2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [219072 2016-06-05] ()
    S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
    S2 ADSkipSvc; C:\Program Files (x86)\ADSKIP\ADSkipSvc.exe [X]
    S2 doroghtshejasmoduleservice; "C:\Program Files (x86)\Doroghtshejas\doroghtshejasmoduleservice.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
    S3 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X]
    R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92872 2016-06-05] (WinMount International Inc)
    Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\WinDivert1.1
    S5 WinDivert1.1; <===== ATTENTION: Locked Service
    C:\Program Files\KMSpico
    C:\Program Files (x86)\ADSKIP
    C:\Program Files (x86)\Doroghtshejas
    C:\Program Files (x86)\Origin
    2016-06-05 06:06 - 2016-06-05 06:06 - 00000000 ____D C:\Users\Joaqu韓 Jimenez\AppData\Roaming\Tencent
    2016-06-05 06:05 - 2016-06-05 06:05 - 00097400 ____N (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
    2016-06-05 06:03 - 2016-06-05 06:03 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\AdSkip
    2016-06-05 06:03 - 2016-06-05 06:03 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\¶à²Ê±ãÇ©
    2016-06-05 06:03 - 2016-05-11 02:56 - 00054664 _____ () C:\WINDOWS\system32\Drivers\blNetFilter.sys
    2016-06-05 06:03 - 2016-05-11 02:31 - 00208776 _____ C:\WINDOWS\system32\Drivers\askProtect64.sys
    2016-06-05 06:02 - 2016-06-05 06:16 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\Kuaizip
    2016-06-05 06:02 - 2016-06-05 06:02 - 00092872 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
    2016-06-05 06:02 - 2016-06-05 06:02 - 00003582 _____ C:\WINDOWS\System32\Tasks\KuaiZip_Update
    2016-06-05 06:02 - 2016-06-05 06:02 - 00000882 _____ C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\¿ìѹ.lnk
    2016-06-05 05:46 - 2016-06-05 20:46 - 00000320 _____ C:\WINDOWS\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}.job
    2016-06-05 05:46 - 2016-06-05 05:46 - 00002860 _____ C:\WINDOWS\System32\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}
    2016-06-05 04:28 - 2016-06-05 16:31 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\LocalLow\uTorrent
    2016-05-29 20:35 - 2016-05-29 20:35 - 01866640 _____ (Ellora Assets Corporation ) C:\Users\Joaquín Jimenez\Downloads\FreemakeVideoConverterSetup.exe
    FindFolder: Decoing
    File: C:\Program Files (x86)\Decoing\dcnndf.dll
    Folder: C:\Program Files (x86)\Decoing
    Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "AvgUi" /f
    Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v " QQPCTray" /f
    Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "ProductUpdater" /f
    Hosts:
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-09-2016, 01:42 AM   #12
Registered Member
 
Join Date: Jun 2016
Posts: 30
OS: Windows 10



Yes, i deleted FreeMake Video Converter.
I don't use them to clean my registry, it's just a quick way of deleting caché, cleaning the recicle bin, etc.
Also, i'm pretty sure AVG is uninstalled.
And i swear to god, i deleted FreeMake Video, uTorrent and KMSpico, looking at the Fixlog, there are still files present, but i deleted all three of them from the Control Panel.

Fix result of Farbar Recovery Scan Tool (x64) Version:09-06-2016
Ran by Joaquín Jimenez (2016-06-09 05:24:39) Run:1
Running from C:\Users\Joaquín Jimenez\Desktop
Loaded Profiles: Joaquín Jimenez (Available Profiles: Joaquín Jimenez)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {01197A1D-7249-47F0-834F-796197BE5934} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0CC9A5EE-FE02-4970-8C50-783DD81FA1D5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1B5E6D64-F8AE-4CE7-A0FA-2F0CBD047E6B} - System32\Tasks\Doroghtshejas Module => C:\Program Files (x86)\Doroghtshejas\doroghtshejasmoduletask.exe <==== ATTENTION
Task: {29252A17-CA88-451B-99D3-CCEB155A4A24} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {363F94D3-4940-4A27-8CBA-4DFF7F586600} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6A5B7499-5D43-472E-A57F-2DD76459EC8A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7E2F19D2-467F-4687-B077-661AF87586D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8F1DD2FF-C410-43EF-90A8-5BA7AC128001} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AFB18B24-1DD6-45DD-8417-21EA6810F527} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CFB1099C-9E67-41B4-8C5E-B09E0287C3CF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DA3BC88F-3441-4D8E-AF5D-508D0019646D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E9A96F04-33A6-4A96-9F81-8930F80FE408} - System32\Tasks\KuaiZip_Update => C:\Program Files\¿ìѹ\X86\Update.exe [2016-06-05] (Shanghai Guangle Network Technology Ltd) <==== ATTENTION
Task: {F1852763-5307-435C-9DA3-19BBDC42344E} - System32\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86} => C:\Users\JOAQUN~1\AppData\Local\{74A64~1\UNINST~1.EXE
Task: {FA5696DB-B442-4A6C-BADE-2F97C61437AF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FC969ED3-B188-4613-8B28-C1B5E1F8CEC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}.job => C:\Users\JOAQUN~1\AppData\Local\{74A64~1\UNINST~1.EXE
FirewallRules: [{98751361-1CC0-483A-B6D4-8147B63BC7D1}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{0F2314FA-A8B6-406B-BD38-0A4516B67BC1}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{4EF7AE16-BBF6-4A10-A4C5-45F8CFF5217A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A4D66D5D-BE15-4C1E-B305-F9704E5CC9A2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{91C71D9D-90E7-4ED1-8E15-2359DF92E90C}] => (Allow) C:\Users\Joaquín Jimenez\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3FFED497-8942-4436-BEDE-BEC0959AB5BB}] => (Allow) C:\Users\Joaquín Jimenez\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{78F0D947-A6AA-4D53-8D95-DCC8708B87E4}] => (Allow) C:\Users\Joaquín Jimenez\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92DB82C9-CDAD-4659-8AC8-E6F286FC05BB}] => (Allow) C:\Users\Joaquín Jimenez\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{581A2A92-29F6-4F6F-9052-5F750ECB5E86}] => (Allow) C:\Users\Joaquín Jimenez\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{693EF2A1-8DE7-49DE-8725-85E67F064553}] => (Allow) C:\Users\Joaquín Jimenez\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{20688911-6E97-40C3-9104-BF6AEE553436}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{4A53A5D6-FB04-4EA5-9106-ED43C841331F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{8DC9E807-6A1B-4B47-95E7-AE9F9ADF5B8E}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{0CDE5BF8-836F-426F-8935-05366EFFCBA0}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E0F40B0E-AD72-41D8-B4A8-672ECC1B1CF2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{BFEF1A54-7B39-432F-84AA-3223F033F0A3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{6EC3FABC-0ABA-43A5-84CF-0F8C6AE155D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6EDB390D-9E63-4D31-B8CC-930558F39A97}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75264 2016-05-26] ()
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe" /regrun
HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\Run: [QGuan90132] => C:\Users\Joaquín Jimenez\AppData\Roaming\service90132.exe /autorun
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6201.1019] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6201.1019"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Joaquín Jimenez\AppData\Local\\OneDrive\17.3.6302.0225"
HKU\S-1-5-21-304593758-4089326632-167283939-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [16182 2016-06-06] ()
ShellExecuteHooks: - {98C066AB-D735-4339-9E52-A34875141B56} - C:\Users\Joaquín Jimenez\AppData\Local\\Windows\INetCookies\kunecult.dll [425152 2016-06-03] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2016-06-05] ()
AutoConfigURL: [S-1-5-21-304593758-4089326632-167283939-1001] => hxxp://unstopp.me/wpad.dat?fabe8b113da383ef0c4e24f2bbb39b8b2609644
ManualProxies: 0hxxp://unstopp.me/wpad.dat?fabe8b113da383ef0c4e24f2bbb39b8b2609644
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-304593758-4089326632-167283939-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat => No File
CHR HomePage: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBH4lBn8tBU..&v=20160603&uid=62744D7A72726E6BE1491854ACB20A56&ptid=epf2&mode=loadm
CHR StartupUrls: ChromeDefaultData -> "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBH4lBn8tBU..&v=20160603&uid=62744D7A72726E6BE1491854ACB20A56&ptid=epf2&mode=loadm"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?q={searchTerms}&ts=AHEqBH4lBn8tBU..&v=20160603&uid=62744D7A72726E6BE1491854ACB20A56&ptid=epf2&mode=loadm
CHR DefaultSearchKeyword: ChromeDefaultData -> hohosearch
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-304593758-4089326632-167283939-1001\\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
R2 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [219072 2016-06-05] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S2 ADSkipSvc; C:\Program Files (x86)\ADSKIP\ADSkipSvc.exe [X]
S2 doroghtshejasmoduleservice; "C:\Program Files (x86)\Doroghtshejas\doroghtshejasmoduleservice.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
S3 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X]
R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92872 2016-06-05] (WinMount International Inc)
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\WinDivert1.1
S5 WinDivert1.1; <===== ATTENTION: Locked Service
C:\Program Files\KMSpico
C:\Program Files (x86)\ADSKIP
C:\Program Files (x86)\Doroghtshejas
C:\Program Files (x86)\Origin
2016-06-05 06:06 - 2016-06-05 06:06 - 00000000 ____D C:\Users\Joaqu韓 Jimenez\AppData\Roaming\Tencent
2016-06-05 06:05 - 2016-06-05 06:05 - 00097400 ____N (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2016-06-05 06:03 - 2016-06-05 06:03 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\AdSkip
2016-06-05 06:03 - 2016-06-05 06:03 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\¶à²Ê±ãÇ©
2016-06-05 06:03 - 2016-05-11 02:56 - 00054664 _____ () C:\WINDOWS\system32\Drivers\blNetFilter.sys
2016-06-05 06:03 - 2016-05-11 02:31 - 00208776 _____ C:\WINDOWS\system32\Drivers\askProtect64.sys
2016-06-05 06:02 - 2016-06-05 06:16 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\Roaming\Kuaizip
2016-06-05 06:02 - 2016-06-05 06:02 - 00092872 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
2016-06-05 06:02 - 2016-06-05 06:02 - 00003582 _____ C:\WINDOWS\System32\Tasks\KuaiZip_Update
2016-06-05 06:02 - 2016-06-05 06:02 - 00000882 _____ C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\¿ìѹ.lnk
2016-06-05 05:46 - 2016-06-05 20:46 - 00000320 _____ C:\WINDOWS\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}.job
2016-06-05 05:46 - 2016-06-05 05:46 - 00002860 _____ C:\WINDOWS\System32\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}
2016-06-05 04:28 - 2016-06-05 16:31 - 00000000 ____D C:\Users\Joaquín Jimenez\AppData\LocalLow\uTorrent
2016-05-29 20:35 - 2016-05-29 20:35 - 01866640 _____ (Ellora Assets Corporation ) C:\Users\Joaquín Jimenez\Downloads\FreemakeVideoConverterSetup.exe
FindFolder: Decoing
File: C:\Program Files (x86)\Decoing\dcnndf.dll
Folder: C:\Program Files (x86)\Decoing
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "AvgUi" /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v " QQPCTray" /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "ProductUpdater" /f
Hosts:
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01197A1D-7249-47F0-834F-796197BE5934}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01197A1D-7249-47F0-834F-796197BE5934}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CC9A5EE-FE02-4970-8C50-783DD81FA1D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CC9A5EE-FE02-4970-8C50-783DD81FA1D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B5E6D64-F8AE-4CE7-A0FA-2F0CBD047E6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B5E6D64-F8AE-4CE7-A0FA-2F0CBD047E6B}" => key removed successfully
C:\WINDOWS\System32\Tasks\Doroghtshejas Module => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Doroghtshejas Module" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29252A17-CA88-451B-99D3-CCEB155A4A24} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{363F94D3-4940-4A27-8CBA-4DFF7F586600}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{363F94D3-4940-4A27-8CBA-4DFF7F586600}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A5B7499-5D43-472E-A57F-2DD76459EC8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A5B7499-5D43-472E-A57F-2DD76459EC8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E2F19D2-467F-4687-B077-661AF87586D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E2F19D2-467F-4687-B077-661AF87586D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F1DD2FF-C410-43EF-90A8-5BA7AC128001}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F1DD2FF-C410-43EF-90A8-5BA7AC128001}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AFB18B24-1DD6-45DD-8417-21EA6810F527}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFB18B24-1DD6-45DD-8417-21EA6810F527}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFB1099C-9E67-41B4-8C5E-B09E0287C3CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFB1099C-9E67-41B4-8C5E-B09E0287C3CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA3BC88F-3441-4D8E-AF5D-508D0019646D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA3BC88F-3441-4D8E-AF5D-508D0019646D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9A96F04-33A6-4A96-9F81-8930F80FE408}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9A96F04-33A6-4A96-9F81-8930F80FE408}" => key removed successfully
C:\WINDOWS\System32\Tasks\KuaiZip_Update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KuaiZip_Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1852763-5307-435C-9DA3-19BBDC42344E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1852763-5307-435C-9DA3-19BBDC42344E}" => key removed successfully
C:\WINDOWS\System32\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA5696DB-B442-4A6C-BADE-2F97C61437AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA5696DB-B442-4A6C-BADE-2F97C61437AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC969ED3-B188-4613-8B28-C1B5E1F8CEC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC969ED3-B188-4613-8B28-C1B5E1F8CEC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
C:\WINDOWS\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98751361-1CC0-483A-B6D4-8147B63BC7D1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F2314FA-A8B6-406B-BD38-0A4516B67BC1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4EF7AE16-BBF6-4A10-A4C5-45F8CFF5217A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4D66D5D-BE15-4C1E-B305-F9704E5CC9A2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91C71D9D-90E7-4ED1-8E15-2359DF92E90C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3FFED497-8942-4436-BEDE-BEC0959AB5BB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78F0D947-A6AA-4D53-8D95-DCC8708B87E4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92DB82C9-CDAD-4659-8AC8-E6F286FC05BB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{581A2A92-29F6-4F6F-9052-5F750ECB5E86} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{693EF2A1-8DE7-49DE-8725-85E67F064553} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20688911-6E97-40C3-9104-BF6AEE553436} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A53A5D6-FB04-4EA5-9106-ED43C841331F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DC9E807-6A1B-4B47-95E7-AE9F9ADF5B8E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CDE5BF8-836F-426F-8935-05366EFFCBA0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E0F40B0E-AD72-41D8-B4A8-672ECC1B1CF2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFEF1A54-7B39-432F-84AA-3223F033F0A3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6EC3FABC-0ABA-43A5-84CF-0F8C6AE155D8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6EDB390D-9E63-4D31-B8CC-930558F39A97} => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ProductUpdater => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => value removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\Run\\QGuan90132 => value removed successfully
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.5892.0626\amd64 => value not found.
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.5892.0626 => value not found.
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6201.1019\amd64 => value not found.
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6201.1019 => value not found.
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6281.1202\amd64 => value not found.
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6281.1202 => value not found.
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6301.0127\amd64 => value not found.
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6301.0127 => value not found.
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6302.0225\amd64 => value not found.
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Joaqu�n Jimenez\AppData\Local\\OneDrive\17.3.6302.0225 => value not found.
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{98C066AB-D735-4339-9E52-A34875141B56} => value removed successfully
HKCR\CLSID\{98C066AB-D735-4339-9E52-A34875141B56} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
"HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj" => key removed successfully
"HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}" => key removed successfully
HKU\S-1-5-21-304593758-4089326632-167283939-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-304593758-4089326632-167283939-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully
"HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => key removed successfully
"HKU\S-1-5-21-304593758-4089326632-167283939-1001\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej" => key removed successfully
KuaizipUpdateChecker => Unable to stop service.
KuaizipUpdateChecker => service removed successfully
Service KMSELDI => service not found.
ADSkipSvc => service removed successfully
doroghtshejasmoduleservice => service removed successfully
Origin Client Service => service removed successfully
KuaiZipDrive => Unable to stop service.
KuaiZipDrive => service removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\WinDivert1.1" => key could not be unlocked
WinDivert1.1 => service not found.
C:\Program Files\KMSpico => moved successfully
"C:\Program Files (x86)\ADSKIP" => not found.
"C:\Program Files (x86)\Doroghtshejas" => not found.
"C:\Program Files (x86)\Origin" => not found.
C:\Users\Joaqu韓 Jimenez\AppData\Roaming\Tencent => moved successfully
"C:\WINDOWS\system32\Drivers\TFsFltX64.sys" => not found.
"C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\AdSkip" => not found.
"C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\Programs\¶à²Ê±ãÇ©" => not found.
C:\WINDOWS\system32\Drivers\blNetFilter.sys => moved successfully
C:\WINDOWS\system32\Drivers\askProtect64.sys => moved successfully
C:\Users\Joaquín Jimenez\AppData\Roaming\Kuaizip => moved successfully
C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys => moved successfully
"C:\WINDOWS\System32\Tasks\KuaiZip_Update" => not found.
"C:\Users\Joaquín Jimenez\AppData\Roaming\\Windows\Start Menu\¿ìѹ.lnk" => not found.
"C:\WINDOWS\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}.job" => not found.
"C:\WINDOWS\System32\Tasks\{540E27B5-BCE0-A4D0-CC04-4476FFA39E86}" => not found.
C:\Users\Joaquín Jimenez\AppData\LocalLow\uTorrent => moved successfully
C:\Users\Joaquín Jimenez\Downloads\FreemakeVideoConverterSetup.exe => moved successfully
================== FindFolder: "Decoing" ===================

No File

=== End of FindFolder ===

========================= File: C:\Program Files (x86)\Decoing\dcnndf.dll ========================

"C:\Program Files (x86)\Decoing\dcnndf.dll" => not found.
====== End of File: ======


========================= Folder: C:\Program Files (x86)\Decoing ========================

not found.

====== End of Folder: ======


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "AvgUi" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v " QQPCTray" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "ProductUpdater" /f =========

The operation completed successfully.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 4.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 05:28:15 ====
mp3774 is offline  
Old 06-09-2016, 12:30 PM   #13
Registered Member
 
Join Date: Jun 2016
Posts: 30
OS: Windows 10



I started my PC and there was an script named "run" on the desktop.
The error i told you about before was that one, "Windows can't find run.vbs"
I don't really know what it is, i tried editing it with Notepad++ just out of curiosity and i could only see random symbols.
mp3774 is offline  
Old 06-09-2016, 12:48 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mp3774.

Quote:
Also, i'm pretty sure AVG is uninstalled
Are you sure you deleted AVG PC Tuneup? It's not the same as the antivirus.

AVG PC Tuneup was listed in your Addition.txt log as installed.

------------------------------------------------------

Quote:
And i swear to god, i deleted FreeMake Video, uTorrent and KMSpico, looking at the Fixlog, there are still files present, but i deleted all three of them from the Control Panel
When softwares are uninstalled via Programs and Features, not all files/folders of those softwares are deleted.

More often than not, some files/folders are left on the machine and have to be deleted.

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Run FRST64 again. Copy/paste the following bolded text into the Search window and click 'Search Registry':

dcnndf.dll;run.vbs

Once done, a log will pop open. Please copy/paste the contents of the log here in your next reply.

The log, Search.txt, will also be saved at the same location that FRST64.exe is located.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-09-2016, 02:22 PM   #15
Registered Member
 
Join Date: Jun 2016
Posts: 30
OS: Windows 10



I think i'm posting the wrong one, let me know if i did, but there isn't another one, it did put 24 items into quarantine.
Here is the log.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 09/06/16
Scan Time: 17:52
Logfile: RESULTS.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.09.05
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Joaquín Jimenez

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370280
Time Elapsed: 11 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

And here are the run.vbs search results.


Farbar Recovery Scan Tool (x64) Version:09-06-2016
Ran by Joaquín Jimenez (2016-06-09 18:18:00)
Running from C:\Users\Joaquín Jimenez\Desktop
Boot Mode: Normal

================== Search Registry: "dcnndf.dll;run.vbs" ===========


===================== Search result for "run.vbs" ==========

[HKEY_USERS\S-1-5-21-304593758-4089326632-167283939-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File4"="C:\Users\Joaquín Jimenez\Desktop\run.vbs"
====== End of Search ======
mp3774 is offline  
Old 06-09-2016, 03:31 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mp3774. Are you still getting browser ads/popups?

Not sure what happened with MBAM. If it detected and quarantined 24 items, it should be reflected in a log.

Open MBAM > History > Application Logs and see if there is a Scan log that reflects those 24 detections.

------------------------------------------------------

Uninstall the following via the Programs and Features Panel(right-click the Windows "logo" button > Programs and Features):

Java(TM) 7 Update 21

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > (View by: Small or Large icons)) and click the Java icon(looks like a coffee cup).
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-09-2016, 03:41 PM   #17
Registered Member
 
Join Date: Jun 2016
Posts: 30
OS: Windows 10



I'm going to do the Java thing now, but i wanted to tell you, there is no other scan log, only a protection log.
Should i scan again?
mp3774 is offline  
Old 06-09-2016, 06:52 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



No, it won't show anything if it already quarantined those items. No worries.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-09-2016, 07:08 PM   #19
Registered Member
 
Join Date: Jun 2016
Posts: 30
OS: Windows 10



I'm not finding the list of found threats, i'm sorry.
A list popped out after the scan was done but there wasn't any option to import it into text.
I chose "don't do anything" so if i scanned again that window should pop out exactly the same.
I don't know where to find the list, could you explain how to get to the list?

This is what pops up.
ESET is in Spanish for some reason, when everything in my computer is in English.
Where should i go to import it to text?
mp3774 is offline  
Old 06-10-2016, 03:43 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mp3774. It appears you downloaded and installed the free trial of ESET Smart Security 9, instead of downloading the ESET Online Scanner.

It's not your fault, though. Those instructions for the ESET Online Scanner have changed, and my posted ESET Online Scanner instructions are no longer correct. Sorry.

First, we need to get out of that current ESET window. Leave 'Sin accion'(no action) in the dropdown box, and click 'Aplicar'(apply).

To get a log, go Tools > More tools > Log files > Computer scan.

You should see a list of all completed scans. Double-click the entry that corresponds to the date/time you ran the scan.

The displayed information can be copied to the clipboard by selecting the entry and using the keyboard shortcut Ctrl + C. The Ctrl and Shift keys can be used to select multiple entries.

You should be able to copy/paste the results in your next reply. Let me know if you still have trouble.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:16 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts