Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016 ([color=red]ATTENTION: ====> FRSTversion is 45 days old and could be outdated[/color]) Ran by cukorka (administrator) on ANYJAKRISCH (11-01-2017 08:32:32) Running from C:\Users\cukorka\Desktop Loaded Profiles: cukorka (Available Profiles: cukorka) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Chicony) C:\Program Files (x86)\ChiconyCam\CECAPLF.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe () C:\Program Files (x86)\Hotkey\Hotkey.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-02-10] (Synaptics Incorporated) HKLM\...\Run: [CECAPLF] => C:\Program Files (x86)\ChiconyCam\CECAPLF.exe [121456 2010-04-14] (Chicony) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-07] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-15] (AVAST Software) HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKU\S-1-5-21-1097386006-4210925472-4225999219-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [691656 2009-04-23] (DT Soft Ltd) HKU\S-1-5-21-1097386006-4210925472-4225999219-1001\...\MountPoints2: K - K:\LaunchU3.exe -a HKU\S-1-5-21-1097386006-4210925472-4225999219-1001\...\MountPoints2: {0d0642cb-2973-11e5-bde1-74e5439ee5e2} - F:\autorun.exe HKU\S-1-5-21-1097386006-4210925472-4225999219-1001\...\MountPoints2: {0d0642d8-2973-11e5-bde1-74e5439ee5e2} - G:\autorun.exe HKU\S-1-5-21-1097386006-4210925472-4225999219-1001\...\MountPoints2: {8a8085e0-f810-11e2-952f-74e5439ee5e2} - L:\LaunchU3.exe -a HKU\S-1-5-21-1097386006-4210925472-4225999219-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-09] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2012-06-19] ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe () BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-1097386006-4210925472-4225999219-1001] => localhost:8080 Tcpip\..\Interfaces\{5DFCC751-0F1E-4821-B38B-7C6381A1CFC9}: [DhcpNameServer] 192.168.160.1 Internet Explorer: ================== HKU\S-1-5-21-1097386006-4210925472-4225999219-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 HKU\S-1-5-21-1097386006-4210925472-4225999219-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.siragon.com URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) URLSearchHook: HKU\S-1-5-21-1097386006-4210925472-4225999219-1001 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKU\S-1-5-21-1097386006-4210925472-4225999219-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1097386006-4210925472-4225999219-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1097386006-4210925472-4225999219-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-09-09] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll [2010-04-27] (Conduit Ltd.) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-09] (AVAST Software) BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.) Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll [2010-04-27] (Conduit Ltd.) FireFox: ======== FF DefaultProfile: 5dvhdjr6.default FF ProfilePath: C:\Users\cukorka\AppData\Roaming\Mozilla\Firefox\Profiles\5dvhdjr6.default [2016-10-16] FF Extension: (Firefox Hotfix) - C:\Users\cukorka\AppData\Roaming\Mozilla\Firefox\Profiles\5dvhdjr6.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-09] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-09] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.google.co.ve/" CHR Profile: C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default [2016-12-24] CHR Extension: (Presentaciones de Google) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-18] CHR Extension: (Book) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\allijadobmepmekdhmocmefbeeppcjbk [2016-10-23] CHR Extension: (Google Docs) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-18] CHR Extension: (Google Drive) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-18] CHR Extension: (YouTube) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-18] CHR Extension: (Avast SafePrice) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-09] CHR Extension: (Hojas de cálculo de Google) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-18] CHR Extension: (Documentos de Google sin conexión) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-18] CHR Extension: (Avast Online Security) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-19] CHR Extension: (Botón \) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-10-20] CHR Extension: (Invite All Friends on Facebook) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2016-10-15] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-18] CHR Extension: (Motitags) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofajcflnlmkjofjckaajjbkkifmnmkjf [2016-10-04] CHR Extension: (Simple EPUB Reader) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2016-06-23] CHR Extension: (Gmail) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-18] CHR Profile: C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-29] CHR Extension: (Docs) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-29] CHR Extension: (Google Drive) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-29] CHR Extension: (YouTube) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-29] CHR Extension: (Gmail) - C:\Users\cukorka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-29] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-07] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software) S4 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-19] () S4 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink) S4 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink) R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [384512 2016-06-10] (Digital Wave Ltd.) [File not signed] R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [33280 2011-01-17] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40232 2014-07-17] (Google Inc) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-09] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-09] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-15] (AVAST Software) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) S3 MpFilter; C:\Windows\system32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) R3 ReallusionVirtualAudio; C:\Windows\System32\DRIVERS\RLVrtAuCbl.sys [55120 2009-09-14] () S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2015-07-13] () [File not signed] R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-04-12] (CyberLink Corp.) U3 a16ympu7; C:\Windows\System32\Drivers\a16ympu7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-11 08:32 - 2017-01-11 08:33 - 00020090 _____ C:\Users\cukorka\Desktop\FRST.txt 2017-01-09 12:24 - 2017-01-10 15:02 - 00000000 ___RD C:\Users\cukorka\Desktop\Job Psicologia Infantil 2016-12-31 16:24 - 2016-12-31 16:24 - 00000034 _____ C:\Users\cukorka\AppData\Roaming\AdobeWLCMCache.dat 2016-12-31 10:51 - 2016-12-31 10:51 - 00001487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk 2016-12-31 10:51 - 2016-12-31 10:51 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2016-12-31 10:50 - 2016-12-31 10:50 - 00000000 ____D C:\ProgramData\ALM 2016-12-31 10:50 - 2016-12-31 10:50 - 00000000 ____D C:\Program Files\Adobe 2016-12-31 10:43 - 2016-12-31 10:47 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-31 10:41 - 2017-01-01 13:17 - 00000000 __SHD C:\Config.Msi 2016-12-31 10:41 - 2016-12-31 10:41 - 00001538 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk 2016-12-31 10:40 - 2016-12-31 10:51 - 00000000 ____D C:\Program Files\Common Files\Adobe 2016-12-30 12:00 - 2016-12-31 10:24 - 00000000 ____D C:\Users\cukorka\Downloads\illustrator 2016-12-24 11:04 - 2011-04-11 15:18 - 00135696 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\JME.sys 2016-12-23 10:37 - 2016-12-23 10:37 - 00005571 _____ C:\Report.txt 2016-12-23 10:19 - 2016-12-23 10:19 - 00000085 _____ C:\Windows\wininit.ini ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-11 08:32 - 2016-11-28 06:05 - 00000000 ____D C:\FRST 2017-01-11 08:30 - 2011-04-12 04:40 - 05824224 _____ C:\Windows\system32\perfh00A.dat 2017-01-11 08:30 - 2011-04-12 04:40 - 01872106 _____ C:\Windows\system32\perfc00A.dat 2017-01-11 08:30 - 2009-07-14 00:43 - 00006428 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-11 08:14 - 2016-06-18 20:26 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2017-01-11 08:07 - 2015-12-19 12:14 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2017-01-11 08:06 - 2009-07-14 00:15 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-11 08:06 - 2009-07-14 00:15 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-11 08:03 - 2016-06-18 22:10 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-01-11 07:59 - 2013-07-28 04:30 - 00145368 _____ C:\Users\cukorka\AppData\Local\GDIPFONTCACHEV1.DAT 2017-01-11 07:58 - 2016-06-18 20:26 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2017-01-11 07:58 - 2009-07-14 00:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-11 01:40 - 2013-07-28 04:38 - 00000000 ____D C:\Users\cukorka\AppData\Roaming\SoftGrid Client 2017-01-10 19:30 - 2015-01-15 17:39 - 00000402 _____ C:\Windows\Tasks\WebReg 20150115173920.job 2017-01-10 11:49 - 2015-10-09 09:16 - 00000000 ___RD C:\Users\cukorka\Documents\Diplomado Alteraciones Desarrollo 2017-01-10 11:41 - 2014-11-12 22:17 - 00000000 ___RD C:\Users\cukorka\Documents\Diplomado Edad Temprana 2017-01-10 11:38 - 2016-04-14 12:08 - 00000000 ____D C:\Users\cukorka\Documents\Infancia y Empleo 2017-01-07 22:27 - 2016-07-10 13:31 - 00000918 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-12-31 16:41 - 2013-07-28 04:42 - 00000000 ____D C:\Users\cukorka\AppData\Roaming\Adobe 2016-12-31 16:24 - 2013-07-28 04:28 - 00000000 ____D C:\Users\cukorka\AppData\Roaming 2016-12-31 11:34 - 2013-07-28 04:42 - 00000000 ____D C:\Users\cukorka\AppData\Local\Adobe 2016-12-31 10:54 - 2009-07-13 22:50 - 00000000 __RHD C:\Users\Public\Desktop 2016-12-31 10:51 - 2012-06-19 02:02 - 00000000 ____D C:\ProgramData\Adobe 2016-12-31 10:51 - 2009-07-14 00:24 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms 2016-12-31 10:51 - 2009-07-14 00:24 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf 2016-12-31 10:51 - 2009-07-13 22:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs 2016-12-31 10:51 - 2009-07-13 22:50 - 00000000 ____D C:\Windows\winsxs 2016-12-31 10:50 - 2009-07-13 22:50 - 00000000 ___RD C:\Program Files 2016-12-31 10:47 - 2012-06-19 01:43 - 00000000 __SHD C:\Windows\Installer 2016-12-31 10:47 - 2009-07-13 22:50 - 00000000 ____D C:\Windows\SysWOW64 2016-12-31 10:41 - 2009-07-13 22:50 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-12-31 10:40 - 2009-07-13 22:50 - 00000000 ____D C:\Program Files\Common Files 2016-12-30 17:53 - 2016-05-20 12:27 - 00000000 ____D C:\Users\cukorka\Documents\Tesis UCV Psicologia 2016 2016-12-30 12:00 - 2013-07-28 04:28 - 00000000 ___RD C:\Users\cukorka\Downloads 2016-12-30 11:39 - 2013-07-28 22:22 - 00000000 ____D C:\Users\cukorka\AppData\Local\Diagnostics 2016-12-28 16:32 - 2009-07-13 22:50 - 00000000 ____D C:\Windows\system32\catroot2 2016-12-27 12:42 - 2009-07-13 22:50 - 00000000 ____D C:\Windows\system32\NDF 2016-12-24 18:57 - 2009-07-13 22:50 - 00000000 ____D C:\Windows\inf 2016-12-24 11:09 - 2009-07-13 22:50 - 00000000 ____D C:\Windows\system32\catroot 2016-12-24 11:05 - 2009-07-13 22:50 - 00000000 ____D C:\Windows\system32\DriverStore 2016-12-24 11:04 - 2016-10-21 09:38 - 00000000 ____D C:\Users\cukorka\Documents\driver red 2016-12-24 10:36 - 2012-06-19 02:37 - 00002127 _____ C:\Windows\epplauncher.mif 2016-12-23 10:21 - 2015-12-17 11:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-12-23 10:21 - 2010-11-20 23:17 - 00643116 _____ C:\Windows\PFRO.log 2016-12-23 10:19 - 2015-12-17 11:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-12-23 10:19 - 2009-07-13 22:50 - 00000000 ___SD C:\ProgramData\Microsoft 2016-12-16 14:16 - 2013-12-25 15:09 - 00000000 ____D C:\Users\cukorka\AppData\Local\ElevatedDiagnostics 2016-12-16 12:28 - 2009-07-14 00:38 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2016-12-31 16:24 - 2016-12-31 16:24 - 0000034 _____ () C:\Users\cukorka\AppData\Roaming\AdobeWLCMCache.dat 2015-08-18 17:18 - 2016-11-16 20:52 - 0000450 _____ () C:\Users\cukorka\AppData\Roaming\ceccam11.ini 2014-12-14 17:31 - 2014-12-14 17:31 - 0000235 _____ () C:\Users\cukorka\AppData\Roaming\devices.xml 2014-04-06 08:58 - 2014-04-06 08:58 - 0099384 _____ () C:\Users\cukorka\AppData\Roaming\ezpinst.exe 2014-04-06 08:58 - 2014-04-06 08:58 - 0007796 _____ () C:\Users\cukorka\AppData\Roaming\pcouffin.cat 2014-04-06 08:58 - 2014-04-06 08:58 - 0001167 _____ () C:\Users\cukorka\AppData\Roaming\pcouffin.inf 2014-04-06 08:59 - 2014-04-06 08:59 - 0000034 _____ () C:\Users\cukorka\AppData\Roaming\pcouffin.log 2014-04-06 08:58 - 2014-04-06 08:58 - 0082816 _____ (VSO Software) C:\Users\cukorka\AppData\Roaming\pcouffin.sys 2014-12-14 17:31 - 2014-12-14 17:31 - 0000012 _____ () C:\Users\cukorka\AppData\Roaming\settings.xml 2016-11-18 08:28 - 2016-11-18 08:28 - 0000000 ____H () C:\Users\cukorka\AppData\Local\BITBF1A.tmp 2014-06-24 21:55 - 2016-01-23 19:52 - 0013824 _____ () C:\Users\cukorka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-01-06 00:16 - 2016-01-06 00:16 - 0007605 _____ () C:\Users\cukorka\AppData\Local\Resmon.ResmonCfg 2016-11-18 08:28 - 2016-11-18 08:28 - 0000000 _____ () C:\Users\cukorka\AppData\Local\{0747E1E2-C0F5-4E7A-A5E0-678780B97E77} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-07 01:18 ==================== End of FRST.txt ============================