Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016 Ran by J-PC (administrator) on J-PC-PC (26-01-2016 17:13:49) Running from C:\Users\J-PC\Downloads Loaded Profiles: J-PC (Available Profiles: J-PC) Platform: Windows 10 Home Version 1511 (X64) Language: Español (España, internacional) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Akamai Technologies, Inc.) C:\Users\J-PC\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\J-PC\AppData\Local\Akamai\netsession_win.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynAsusAcpi] => %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\ppt\Uninst.exe HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION HKLM Group Policy restriction on software: ** <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION HKU\S-1-5-21-3088415727-1519323197-3262068295-1000\...\Run: [Akamai NetSession Interface] => C:\Users\J-PC\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-3088415727-1519323197-3262068295-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\J-PC\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\J-PC\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\J-PC\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\J-PC\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\J-PC\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\J-PC\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\J-PC\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) Startup: C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-26] ShortcutTarget: MEGAsync.lnk -> C:\Users\J-PC\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{261d4722-4a03-4a9e-9186-a86555572ea9}: [DhcpNameServer] 213.60.205.175 213.60.205.173 212.51.32.254 Tcpip\..\Interfaces\{aabf40d5-b68e-4b77-b6f0-e12d12e85143}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{aabf40d5-b68e-4b77-b6f0-e12d12e85143}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{bccbfd75-77c7-4be6-97ae-c3b7a3ae542c}: [DhcpNameServer] 213.60.205.175 213.60.205.173 212.51.32.254 Internet Explorer: ================== HKU\S-1-5-21-3088415727-1519323197-3262068295-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-3088415727-1519323197-3262068295-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3088415727-1519323197-3262068295-1000 -> {82B1BA66-266B-4977-B51E-25A3E2AA33DC} URL = hxxp://www.bing.com/search?q={searchTerms}&r=252 BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-13] (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-04-13] (Google Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-23] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-13] (Google Inc.) BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-04-13] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-23] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-13] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-13] (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\J-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kqlp2lf0.default-1442571416963 FF DefaultSearchEngine: Google FF SelectedSearchEngine: Google FF Homepage: op.gg FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-23] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-14] (NVIDIA Corporation) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\J-PC\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall) FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\J-PC\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation) FF Plugin HKU\S-1-5-21-3088415727-1519323197-3262068295-1000: @my.com/Games -> C:\Users\J-PC\AppData\Local\MyComGames\NPMyComDetector.dll [2015-09-15] (My.com, Inc) FF Plugin HKU\S-1-5-21-3088415727-1519323197-3262068295-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\J-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS) FF Extension: DownThemAll! - C:\Users\J-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kqlp2lf0.default-1442571416963\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-06] FF Extension: MEGA - C:\Users\J-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kqlp2lf0.default-1442571416963\Extensions\firefox@mega.co.nz.xpi [2015-11-04] [not signed] FF Extension: uBlock Origin - C:\Users\J-PC\AppData\Roaming\Mozilla\Firefox\Profiles\kqlp2lf0.default-1442571416963\Extensions\uBlock0@raymondhill.net.xpi [2016-01-12] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2016-01-07] [not signed] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Profile: C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-11] CHR Extension: (Google Drive) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24] CHR Extension: (YouTube) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-24] CHR Extension: (Adblock Plus) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-26] CHR Extension: (Búsqueda de Google) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24] CHR Extension: (Documentos de Google sin conexión) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-24] CHR Extension: (Gmail) - C:\Users\J-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed] S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-07-16] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-07-16] (BlueStack Systems, Inc.) S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-16] (BlueStack Systems, Inc.) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-27] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-27] (Creative Labs) [File not signed] S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [236832 2015-12-28] (EasyAntiCheat Ltd) S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-11-05] (NVIDIA Corporation) S3 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed] S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] () S3 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] () R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-02] (IObit) S2 MBAMService; G:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-11-05] (NVIDIA Corporation) S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-11-05] (NVIDIA Corporation) S3 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] () S3 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-09-11] (Razer Inc.) S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [809424 2015-10-27] (Tunngle.net GmbH) [File not signed] R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [243448 2016-01-26] (RaMMicHaeL) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\System32\drivers\athw10x.sys [4322440 2015-11-21] (Qualcomm Atheros Communications, Inc.) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-07-16] (BlueStack Systems) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-04-15] (Disc Soft Ltd) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2014-04-07] (EldoS Corporation) R3 FLxHCIh; C:\Windows\System32\drivers\FLxHCIh.sys [76592 2015-08-10] (Fresco Logic) R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-10] (REALiX(tm)) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-11-05] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-11-05] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [889584 2015-11-19] (Realtek ) R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-08-17] (Realsil Semiconductor Corporation) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit) R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net) R3 taphss6; C:\Windows\System32\drivers\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U4 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-26 17:13 - 2016-01-26 17:14 - 00047903 _____ C:\Users\J-PC\Downloads\FRST.txt 2016-01-26 16:54 - 2016-01-26 16:54 - 02618336 _____ (Foolish IT LLC ) C:\Users\J-PC\Downloads\CryptoPreventSetup.exe 2016-01-26 16:54 - 2016-01-26 16:54 - 00053248 _____ C:\WINDOWS\SysWOW64\zlib.dll 2016-01-26 16:54 - 2016-01-26 16:54 - 00001301 _____ C:\Users\Public\Desktop\CryptoPrevent.lnk 2016-01-26 16:54 - 2016-01-26 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT 2016-01-26 16:54 - 2016-01-26 16:54 - 00000000 ____D C:\ProgramData\Foolish IT 2016-01-26 16:54 - 2016-01-26 16:54 - 00000000 ____D C:\Program Files (x86)\Foolish IT 2016-01-26 16:53 - 2016-01-26 16:53 - 01201784 _____ (RaMMicHaeL) C:\Users\J-PC\Downloads\unchecky_setup.exe 2016-01-26 16:53 - 2016-01-26 16:53 - 00001094 _____ C:\Users\Public\Desktop\Unchecky.lnk 2016-01-26 16:53 - 2016-01-26 16:53 - 00000000 ____D C:\ProgramData\Unchecky 2016-01-26 16:53 - 2016-01-26 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky 2016-01-26 16:53 - 2016-01-26 16:53 - 00000000 ____D C:\Program Files (x86)\Unchecky 2016-01-26 16:50 - 2016-01-26 16:50 - 02870984 _____ (ESET) C:\Users\J-PC\Downloads\esetsmartinstaller_enu.exe 2016-01-26 16:50 - 2016-01-26 16:50 - 00000000 ____D C:\Program Files (x86)\ESET 2016-01-26 16:28 - 2016-01-26 16:28 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\ProductData 2016-01-26 16:27 - 2016-01-26 16:27 - 00000000 ____D C:\ProgramData\ProductData 2016-01-26 15:58 - 2016-01-26 16:27 - 00000659 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-01-26 15:58 - 2016-01-26 15:58 - 22908888 _____ (Malwarebytes ) C:\Users\J-PC\Downloads\mbam-setup-2.2.0.1024.exe 2016-01-26 15:58 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-01-26 15:58 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-01-26 15:58 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-01-26 15:45 - 2016-01-26 15:45 - 05652316 _____ (Swearware) C:\Users\J-PC\Downloads\ComboFix(1).exe 2016-01-26 15:42 - 2016-01-26 15:43 - 05652316 _____ (Swearware) C:\Users\J-PC\Downloads\ComboFix.exe 2016-01-26 15:35 - 2016-01-26 16:36 - 00072137 _____ C:\Users\J-PC\Downloads\Addition.txt 2016-01-26 15:35 - 2016-01-26 15:35 - 01600184 _____ (Malwarebytes) C:\Users\J-PC\Downloads\JRT.exe 2016-01-26 15:32 - 2016-01-26 17:13 - 00000000 ____D C:\FRST 2016-01-26 15:31 - 2016-01-26 15:32 - 02370560 _____ (Farbar) C:\Users\J-PC\Downloads\FRST64.exe 2016-01-26 15:29 - 2016-01-26 15:30 - 01721856 _____ (Farbar) C:\Users\J-PC\Downloads\FRST.exe 2016-01-26 15:21 - 2016-01-26 15:21 - 01507840 _____ C:\Users\J-PC\Downloads\AdwCleaner(1).exe 2016-01-26 15:13 - 2016-01-26 15:13 - 00000000 ____D C:\_OTL 2016-01-26 15:10 - 2016-01-26 15:10 - 00602112 _____ (OldTimer Tools) C:\Users\J-PC\Downloads\OTL.exe 2016-01-26 15:05 - 2016-01-26 15:05 - 01507840 _____ C:\Users\J-PC\Downloads\AdwCleaner.exe 2016-01-26 15:02 - 2016-01-26 15:02 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\J-PC\Downloads\SpyHunter-Installer.exe 2016-01-26 03:44 - 2016-01-26 03:44 - 00000000 _____ C:\autoexec.bat 2016-01-26 03:43 - 2016-01-26 03:43 - 00000000 ____D C:\sh4ldr 2016-01-26 03:42 - 2016-01-26 03:42 - 00000000 ____D C:\Program Files\Enigma Software Group 2016-01-22 16:13 - 2016-01-26 15:37 - 00001890 _____ C:\Users\J-PC\Desktop\JRT.txt 2016-01-20 15:04 - 2016-01-26 16:28 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-01-20 15:02 - 2016-01-26 15:25 - 00000000 ____D C:\AdwCleaner 2016-01-20 15:01 - 2016-01-20 15:02 - 01505280 _____ C:\Users\J-PC\Downloads\adwcleaner_5.030.exe 2016-01-20 14:58 - 2016-01-20 14:58 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\kingsoft 2016-01-20 14:52 - 2016-01-20 15:10 - 00000000 ____D C:\Users\J-PC\AppData\Local\PPTAssist 2016-01-20 14:52 - 2016-01-20 14:58 - 00000000 ____D C:\ProgramData\kingsoft 2016-01-20 14:43 - 2016-01-20 15:23 - 00000000 ____D C:\Users\J-PC\Documents\Darkest 2016-01-20 14:26 - 2016-01-20 14:27 - 00000984 _____ C:\WINDOWS\SysWOW64\${LOGFILE} 2016-01-20 14:21 - 2014-07-17 19:53 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hp.bak 2016-01-17 01:26 - 2016-01-15 23:26 - 148879304 _____ C:\Users\J-PC\Desktop\D&D - Manual del Jugador 3.5.pdf 2016-01-13 01:43 - 2016-01-05 03:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-01-13 01:43 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-01-13 01:43 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-01-13 01:43 - 2016-01-05 03:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-01-13 01:43 - 2016-01-05 03:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-01-13 01:43 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2016-01-13 01:43 - 2016-01-05 03:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-01-13 01:43 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2016-01-13 01:43 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2016-01-13 01:43 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2016-01-13 01:43 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-01-13 01:43 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-01-13 01:43 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-01-13 01:43 - 2016-01-05 03:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-01-13 01:43 - 2016-01-05 03:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-01-13 01:43 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-01-13 01:43 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll 2016-01-13 01:43 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-01-13 01:43 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-01-13 01:43 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-01-13 01:43 - 2016-01-05 03:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-01-13 01:43 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-01-13 01:43 - 2016-01-05 03:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-01-13 01:43 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll 2016-01-13 01:43 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-01-13 01:43 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-01-13 01:43 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-01-13 01:43 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-01-13 01:43 - 2016-01-05 03:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll 2016-01-13 01:43 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-01-13 01:43 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL 2016-01-13 01:43 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL 2016-01-13 01:43 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-01-13 01:43 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL 2016-01-13 01:43 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL 2016-01-13 01:43 - 2016-01-05 02:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-01-13 01:43 - 2016-01-05 02:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-01-13 01:43 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll 2016-01-13 01:43 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll 2016-01-13 01:43 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2016-01-13 01:43 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-01-13 01:43 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx 2016-01-13 01:43 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-01-13 01:43 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-01-13 01:43 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2016-01-13 01:43 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-01-13 01:43 - 2016-01-05 02:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-01-13 01:43 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2016-01-13 01:43 - 2016-01-05 02:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-01-13 01:43 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2016-01-13 01:43 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL 2016-01-13 01:43 - 2016-01-05 02:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-01-13 01:43 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2016-01-13 01:43 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll 2016-01-13 01:43 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL 2016-01-13 01:43 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll 2016-01-13 01:43 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll 2016-01-13 01:43 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2016-01-13 01:43 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-01-13 01:43 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2016-01-13 01:43 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2016-01-13 01:43 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-01-13 01:43 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx 2016-01-13 01:43 - 2016-01-05 02:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2016-01-13 01:43 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2016-01-13 01:43 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-01-13 01:43 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-01-13 01:43 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2016-01-13 01:43 - 2016-01-05 02:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-01-13 01:43 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL 2016-01-13 01:43 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-01-13 01:43 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL 2016-01-13 01:43 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll 2016-01-13 01:43 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-01-13 01:43 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll 2016-01-13 01:43 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-01-13 01:43 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2016-01-13 01:43 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-01-13 01:43 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2016-01-13 01:43 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-01-13 01:43 - 2016-01-05 02:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2016-01-13 01:43 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-01-13 01:43 - 2016-01-05 02:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-01-13 01:43 - 2016-01-05 02:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-01-13 01:43 - 2016-01-05 02:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-01-13 01:43 - 2016-01-05 02:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-01-13 01:43 - 2016-01-05 02:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2016-01-13 01:43 - 2016-01-05 02:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-01-10 02:52 - 2016-01-10 02:52 - 00000000 ____D C:\Users\J-PC\AppData\LocalLow\Dragon Foundry 2016-01-10 02:51 - 2015-09-30 23:11 - 00000000 ____D C:\Users\J-PC\Desktop\NovaBlitzAlpha-PC 2016-01-10 02:50 - 2016-01-10 02:50 - 160169051 _____ C:\Users\J-PC\Downloads\NovaBlitzAlpha-PC.zip 2016-01-08 02:50 - 2016-01-08 02:50 - 00034412 _____ C:\Users\J-PC\Desktop\e5bf7785d90c4f269b4c1660522a2af7_A.jpeg 2016-01-07 04:12 - 2016-01-12 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-07 02:43 - 2016-01-03 02:40 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-01-07 02:43 - 2016-01-03 02:40 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-30 02:07 - 2016-01-26 16:27 - 00002630 _____ C:\Users\Public\Desktop\Skype.lnk 2015-12-30 02:07 - 2016-01-26 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-30 02:07 - 2015-12-30 02:07 - 00000000 ____D C:\Program Files (x86)\Skype 2015-12-28 20:35 - 2016-01-20 18:56 - 00238328 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys 2015-12-28 20:35 - 2015-12-28 20:34 - 00236832 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-26 16:47 - 2015-12-05 03:42 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-26 16:35 - 2015-10-30 07:28 - 00000000 ____D C:\Windows 2016-01-26 16:33 - 2015-12-09 18:06 - 02138816 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-01-26 16:33 - 2015-10-30 19:59 - 00931508 _____ C:\WINDOWS\system32\perfh00A.dat 2016-01-26 16:33 - 2015-10-30 19:59 - 00207924 _____ C:\WINDOWS\system32\perfc00A.dat 2016-01-26 16:33 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-01-26 16:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-01-26 16:33 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2016-01-26 16:29 - 2015-04-25 01:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-01-26 16:28 - 2015-11-26 02:27 - 00001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk 2016-01-26 16:28 - 2015-07-18 20:22 - 00001750 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk 2016-01-26 16:28 - 2015-04-24 17:00 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism, convertidor de vídeos.lnk 2016-01-26 16:28 - 2011-04-13 03:43 - 00001376 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2016-01-26 16:28 - 2011-04-13 03:43 - 00001307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2016-01-26 16:28 - 2011-04-13 03:41 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2016-01-26 16:28 - 2011-04-13 03:39 - 00002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2016-01-26 16:28 - 2011-04-13 03:25 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk 2016-01-26 16:27 - 2015-12-05 03:42 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-26 16:27 - 2015-11-26 02:27 - 00001367 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk 2016-01-26 16:27 - 2015-11-23 21:25 - 00001043 _____ C:\Users\Public\Desktop\Mumble.lnk 2016-01-26 16:27 - 2015-11-21 19:45 - 00002212 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk 2016-01-26 16:27 - 2015-11-21 10:53 - 00000671 _____ C:\Users\Public\Desktop\Overwatch.lnk 2016-01-26 16:27 - 2015-11-19 18:02 - 00002241 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk 2016-01-26 16:27 - 2015-11-14 18:56 - 00000561 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk 2016-01-26 16:27 - 2015-11-13 02:40 - 00001456 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2016-01-26 16:27 - 2015-11-04 07:12 - 00001066 _____ C:\Users\Public\Desktop\Tunngle.lnk 2016-01-26 16:27 - 2015-11-04 06:47 - 00000800 _____ C:\Users\Public\Desktop\Risk of Rain.lnk 2016-01-26 16:27 - 2015-11-04 06:42 - 00001167 _____ C:\Users\J-PC\Desktop\MEGAsync.lnk 2016-01-26 16:27 - 2015-10-31 05:06 - 00000563 _____ C:\Users\Public\Desktop\online.exe.lnk 2016-01-26 16:27 - 2015-10-29 07:11 - 00001128 _____ C:\Users\Public\Desktop\Monitor de la tecnología Intel® Turbo Boost 2.6.lnk 2016-01-26 16:27 - 2015-10-29 06:36 - 00001380 _____ C:\Users\Public\Desktop\Intel(R) Processor Identification Utility.lnk 2016-01-26 16:27 - 2015-10-29 06:35 - 00001018 _____ C:\Users\J-PC\Desktop\Life Is Strange Episode 5.lnk 2016-01-26 16:27 - 2015-10-28 17:12 - 00000898 _____ C:\Users\J-PC\Desktop\Life Is Strange.lnk 2016-01-26 16:27 - 2015-10-27 15:12 - 00001031 _____ C:\Users\Public\Desktop\Life Is Strange.lnk 2016-01-26 16:27 - 2015-09-26 02:24 - 00000746 _____ C:\Users\Public\Desktop\Dragon Age Inquisition.lnk 2016-01-26 16:27 - 2015-09-10 04:20 - 00002425 _____ C:\Users\Public\Desktop\Intel Processor Diagnostic Tool 64bit.lnk 2016-01-26 16:27 - 2015-08-18 18:44 - 00001938 _____ C:\Users\Public\Desktop\Apps.lnk 2016-01-26 16:27 - 2015-08-18 18:44 - 00001888 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk 2016-01-26 16:27 - 2015-08-16 21:07 - 00002408 _____ C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-01-26 16:27 - 2015-08-16 21:05 - 00001053 _____ C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Funciones opcionales.lnk 2016-01-26 16:27 - 2015-08-16 20:57 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-01-26 16:27 - 2015-08-10 13:42 - 00001176 _____ C:\Users\Public\Desktop\Smart Defrag 4.lnk 2016-01-26 16:27 - 2015-07-31 12:16 - 00002014 _____ C:\Users\J-PC\Desktop\My.com Game Center.lnk 2016-01-26 16:27 - 2015-07-18 20:22 - 00001720 _____ C:\Users\Public\Desktop\LOL Recorder.lnk 2016-01-26 16:27 - 2015-05-23 16:35 - 00002707 _____ C:\Users\J-PC\Desktop\Pathuku.lnk 2016-01-26 16:27 - 2015-05-23 16:35 - 00002693 _____ C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pathuku.lnk 2016-01-26 16:27 - 2015-04-24 17:00 - 00001118 _____ C:\Users\Public\Desktop\Prism, convertidor de vídeos.lnk 2016-01-26 16:27 - 2015-03-05 03:56 - 00000606 _____ C:\Users\J-PC\Desktop\HearthstoneTracker.lnk 2016-01-26 16:27 - 2015-02-24 18:01 - 00000744 _____ C:\Users\Public\Desktop\World of Warcraft.lnk 2016-01-26 16:27 - 2015-02-24 09:14 - 00000697 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk 2016-01-26 16:27 - 2014-12-24 15:32 - 00001109 _____ C:\Users\J-PC\Desktop\Emma.lnk 2016-01-26 16:27 - 2014-12-13 19:05 - 00001003 _____ C:\Users\J-PC\Desktop\Glyph.lnk 2016-01-26 16:27 - 2014-12-01 20:34 - 00001258 _____ C:\Users\Public\Desktop\Razer Cortex.lnk 2016-01-26 16:27 - 2014-10-25 16:06 - 00001032 _____ C:\Users\J-PC\Desktop\Curse.lnk 2016-01-26 16:27 - 2014-10-25 16:06 - 00001018 _____ C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk 2016-01-26 16:27 - 2014-10-09 01:00 - 00002112 _____ C:\Users\J-PC\Desktop\JDownloader 2.lnk 2016-01-26 16:27 - 2014-09-25 19:17 - 00001129 _____ C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk 2016-01-26 16:27 - 2014-09-25 19:17 - 00001105 _____ C:\Users\J-PC\Desktop\RaidCall.lnk 2016-01-26 16:27 - 2014-08-12 17:14 - 00000588 _____ C:\Users\Public\Desktop\Gameforge Live.lnk 2016-01-26 16:27 - 2014-07-27 20:02 - 00001392 _____ C:\Users\J-PC\Desktop\main - Acceso directo.lnk 2016-01-26 16:27 - 2014-07-19 21:28 - 00001907 _____ C:\Users\J-PC\Desktop\Clownfish.lnk 2016-01-26 16:27 - 2014-06-05 06:54 - 00000997 _____ C:\Users\Public\Desktop\McPixel.lnk 2016-01-26 16:27 - 2014-05-20 17:27 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-01-26 16:27 - 2014-05-20 16:49 - 00000941 _____ C:\Users\J-PC\Desktop\Open Broadcaster Software.lnk 2016-01-26 16:27 - 2014-04-22 05:43 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-01-26 16:27 - 2014-04-15 01:50 - 00001956 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2016-01-26 16:27 - 2014-01-09 19:04 - 00000833 _____ C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2016-01-26 16:27 - 2013-12-27 02:42 - 00000565 _____ C:\Users\J-PC\Desktop\LOL.lnk 2016-01-26 16:27 - 2013-12-26 10:21 - 00000516 _____ C:\Users\Public\Desktop\Steam.lnk 2016-01-26 16:27 - 2011-04-13 03:49 - 00002030 _____ C:\Users\Public\Desktop\ASUS Vibe Fun Center.lnk 2016-01-26 16:27 - 2011-04-13 03:33 - 00001868 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk 2016-01-26 16:26 - 2015-12-09 18:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-01-26 16:26 - 2015-12-09 18:04 - 00000000 ____D C:\ProgramData\NVIDIA 2016-01-26 16:26 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-01-26 16:23 - 2014-04-15 02:03 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-01-26 16:23 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-01-26 15:58 - 2015-04-25 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-01-26 15:56 - 2014-01-29 01:47 - 00000000 ____D C:\Users\J-PC\AppData\Local\Battle.net 2016-01-26 15:56 - 2014-01-09 15:47 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\TS3Client 2016-01-26 15:36 - 2015-08-07 14:51 - 00000000 ____D C:\ProgramData\IObit 2016-01-26 15:36 - 2015-08-07 14:51 - 00000000 ____D C:\Program Files (x86)\IObit 2016-01-26 15:36 - 2015-08-07 14:49 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\IObit 2016-01-26 14:45 - 2015-12-24 20:39 - 00000000 ____D C:\WINDOWS\Minidump 2016-01-26 14:41 - 2015-12-09 18:07 - 00000000 ____D C:\Users\J-PC 2016-01-26 14:39 - 2015-12-09 17:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 2016-01-26 14:39 - 2015-11-26 02:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2016-01-26 14:39 - 2015-11-23 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble 2016-01-26 14:39 - 2015-11-21 10:08 - 00000000 ____D C:\ProgramData\P4G 2016-01-26 14:39 - 2015-11-19 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3 2016-01-26 14:39 - 2015-11-14 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 2016-01-26 14:39 - 2015-11-04 07:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle 2016-01-26 14:39 - 2015-11-04 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Risk of Rain [GOG.com] 2016-01-26 14:39 - 2015-11-04 06:42 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync 2016-01-26 14:39 - 2015-10-31 05:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phantasy Star Online Blue Burst 2016-01-26 14:39 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Defender 2016-01-26 14:39 - 2015-10-29 07:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2016-01-26 14:39 - 2015-10-29 06:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Processor Identification Utility 2016-01-26 14:39 - 2015-10-29 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange Episode 5 2016-01-26 14:39 - 2015-10-27 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange 2016-01-26 14:39 - 2015-09-26 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition 2016-01-26 14:39 - 2015-09-25 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO 2016-01-26 14:39 - 2015-09-01 14:10 - 00000000 ____D C:\Users\J-PC\AppData\Local\Akamai 2016-01-26 14:39 - 2015-08-18 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 2016-01-26 14:39 - 2015-08-10 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4 2016-01-26 14:39 - 2015-07-31 12:16 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games 2016-01-26 14:39 - 2015-07-27 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-01-26 14:39 - 2015-04-24 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas para vídeo 2016-01-26 14:39 - 2015-04-24 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conjunto de programas de NCH 2016-01-26 14:39 - 2015-03-28 15:06 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-01-26 14:39 - 2015-03-05 03:56 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthstoneTracker 2016-01-26 14:39 - 2015-02-24 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft 2016-01-26 14:39 - 2015-02-24 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm 2016-01-26 14:39 - 2014-12-02 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Note Block Studio 2016-01-26 14:39 - 2014-11-12 02:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2016-01-26 14:39 - 2014-10-09 01:00 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2016-01-26 14:39 - 2014-09-25 19:17 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall 2016-01-26 14:39 - 2014-09-25 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall 2016-01-26 14:39 - 2014-09-21 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby Axon 2016-01-26 14:39 - 2014-09-10 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield 2016-01-26 14:39 - 2014-09-07 20:19 - 00000000 ____D C:\Users\J-PC\Desktop\Nueva carpeta (6) 2016-01-26 14:39 - 2014-08-12 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live 2016-01-26 14:39 - 2014-08-09 00:45 - 00000000 ____D C:\Users\J-PC\Desktop\Nueva carpeta (4) 2016-01-26 14:39 - 2014-07-19 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish 2016-01-26 14:39 - 2014-06-05 06:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McPixel 2016-01-26 14:39 - 2014-05-29 00:18 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN Movie Creator 2016-01-26 14:39 - 2014-05-20 16:49 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2016-01-26 14:39 - 2014-05-16 19:39 - 00000000 ____D C:\Users\J-PC\Desktop\Nueva carpeta (2) 2016-01-26 14:39 - 2014-04-21 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-01-26 14:39 - 2014-04-15 01:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2016-01-26 14:39 - 2014-04-11 16:14 - 00000000 ____D C:\Users\J-PC\Desktop\Nueva carpeta 2016-01-26 14:39 - 2014-04-05 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2016-01-26 14:39 - 2014-03-17 20:51 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2016-01-26 14:39 - 2014-02-15 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2016-01-26 14:39 - 2014-01-29 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone 2016-01-26 14:39 - 2014-01-29 01:47 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Battle.net 2016-01-26 14:39 - 2014-01-29 01:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2016-01-26 14:39 - 2014-01-23 02:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-26 14:39 - 2014-01-10 20:34 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-01-26 14:39 - 2014-01-10 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-01-26 14:39 - 2014-01-09 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2016-01-26 14:39 - 2013-12-29 18:50 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-01-26 14:39 - 2013-12-29 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-01-26 14:39 - 2013-12-27 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2016-01-26 14:39 - 2013-12-26 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-01-26 14:39 - 2011-04-13 03:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2016-01-26 14:39 - 2011-04-13 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance 2016-01-26 14:39 - 2011-04-13 03:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-01-26 14:32 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\registration 2016-01-26 14:31 - 2013-12-27 02:33 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\Skype 2016-01-24 15:22 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-01-21 14:26 - 2014-09-12 04:07 - 00000838 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-01-20 15:19 - 2014-01-10 16:51 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\vlc 2016-01-20 15:11 - 2015-08-16 21:03 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-01-20 15:08 - 2015-08-16 21:03 - 00000000 ____D C:\Users\J-PC\AppData\Local\Packages 2016-01-20 14:22 - 2014-12-23 00:27 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-01-20 14:18 - 2014-04-15 01:49 - 00000000 ____D C:\Users\J-PC\AppData\Roaming\DAEMON Tools Lite 2016-01-20 02:24 - 2014-10-06 20:13 - 00000045 _____ C:\Users\J-PC\Desktop\cuenta.txt 2016-01-20 01:01 - 2015-11-04 06:42 - 00000000 ____D C:\Users\J-PC\AppData\Local\MEGAsync 2016-01-19 20:11 - 2013-12-26 04:51 - 00000000 ____D C:\Users\J-PC\AppData\Local\VirtualStore 2016-01-19 17:09 - 2014-04-18 06:26 - 00000000 ____D C:\Users\J-PC\AppData\Local\ElevatedDiagnostics 2016-01-18 03:13 - 2015-02-21 03:38 - 00000000 ____D C:\Users\J-PC\AppData\Local\Steam 2016-01-13 14:45 - 2013-12-30 10:13 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-01-13 14:39 - 2013-12-30 10:13 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-01-13 12:46 - 2014-01-23 02:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-13 12:46 - 2014-01-23 02:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-13 12:45 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-01-13 04:02 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-01-12 18:52 - 2014-04-22 05:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-06 21:34 - 2014-01-29 08:58 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2015-12-30 02:07 - 2014-03-30 19:43 - 00000000 ____D C:\Users\J-PC\AppData\Local\Skype 2015-12-30 02:07 - 2013-12-27 02:33 - 00000000 ____D C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2014-07-01 17:01 - 2015-11-21 08:48 - 0007601 _____ () C:\Users\J-PC\AppData\Local\Resmon.ResmonCfg 2015-08-02 04:45 - 2015-08-02 04:45 - 0000000 _____ () C:\Users\J-PC\AppData\Local\{C7B31831-34EE-4740-BF15-52DEF65AE9E6} 2011-04-13 03:48 - 2010-07-07 00:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe 2015-03-05 03:56 - 2015-03-05 03:56 - 0000078 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2013-12-27 05:34 - 2013-12-27 05:34 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2013-12-27 05:33 - 2013-12-27 05:34 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP: ==================== C:\Users\J-PC\AppData\Local\Temp\6978.tmp.exe C:\Users\J-PC\AppData\Local\Temp\atdl.exe C:\Users\J-PC\AppData\Local\Temp\fsd3A55.exe C:\Users\J-PC\AppData\Local\Temp\GaQ1vgUZXs.exe C:\Users\J-PC\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe C:\Users\J-PC\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71821_Silence.exe C:\Users\J-PC\AppData\Local\Temp\sqlite3.dll C:\Users\J-PC\AppData\Local\Temp\Uninstall.exe C:\Users\J-PC\AppData\Local\Temp\xbZBn84dPN.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-24 19:00 ==================== End of FRST.txt ============================