Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015 Ran by Rocio at 2015-07-26 09:55:11 Running from C:\Users\Rocio\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-4221762962-3014482106-3654835003-500 - Administrator - Disabled) Invitado (S-1-5-21-4221762962-3014482106-3654835003-501 - Limited - Enabled) => C:\Users\Invitado Rocio (S-1-5-21-4221762962-3014482106-3654835003-1000 - Administrator - Enabled) => C:\Users\Rocio ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5} AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) AirDroid 3.0.3.1 (HKLM-x32\...\AirDroid) (Version: 3.0.3.1 - Sand Studio) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Audio Convert Merge Free 3.5.2 (HKLM-x32\...\Audio Convert Merge Free_is1) (Version: - CyberPower, Inc.) Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - ) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - ) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) Chromodo (HKLM-x32\...\Chromodo) (Version: 36.7.0.8 - Comodo) ClamWin Free Antivirus 0.98.7 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch) COMODO Internet Security Pro (HKLM\...\{4C5D0B6A-944A-47A6-A2F3-BCB58E05CA5D}) (Version: 8.2.0.4591 - COMODO Security Solutions Inc.) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-4221762962-3014482106-3654835003-1000\...\CopyTrans Suite) (Version: 3.01 - WindSolutions) CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2219 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.) Dell Stage (HKLM-x32\...\{BF3E8A13-7A99-447A-8396-2BF9D8B8E2C2}) (Version: 1.7.209.0 - Fingertapps) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell) Dell System Detect (HKU\S-1-5-21-4221762962-3014482106-3654835003-1000\...\73f463568823ebbe) (Version: 6.3.0.6 - Dell) Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.) Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden Desinstalador de impresoras EPSON TX120 Series (HKLM\...\EPSON TX120 Series) (Version: - SEIKO EPSON Corporation) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden DriverEasy 4.9.3 (HKLM\...\DriverEasy_is1) (Version: 4.9.3.0 - Easeware) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.6.9 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) E.M. PowerPoint Video Converter 3.10 (HKLM-x32\...\E.M. PowerPoint Video Converter_is1) (Version: - EffectMatrix, Inc.) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version: - SEIKO EPSON Corporation) Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GeekBuddy (HKLM-x32\...\{8402D61C-609B-4FA3-B86D-21868D850821}) (Version: 4.19.137 - Comodo Security Solutions Inc) herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.) InstallShield Express Visual FoxPro Limited Edition (HKLM-x32\...\{B96F1D26-E664-11D4-8BE8-006097C9A3ED}) (Version: 3.03.13 - InstallShield Software Corp.) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{1090DB8D-3818-470D-8467-B1062169CC45}) (Version: 1.5.0.133 - Kaspersky Lab) Kaspersky Software Updater Beta (x32 Version: 1.5.0.133 - Kaspersky Lab) Hidden KGB Archiver 1.2.1.24 (HKLM-x32\...\KGB Archiver_is1) (Version: - Tomasz Pawlak) K-Lite Codec Pack 10.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.0 - ) Malwarebytes Anti-Malware versión 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 365 ProPlus - es-es (HKLM\...\O365ProPlusRetail - es-es) (Version: 15.0.4737.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 es-MX)) (Version: 30.0 - Mozilla) Mozilla Firefox 39.0 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 es-MX)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nero Burning ROM 2014 (HKLM-x32\...\{28FCF48D-1BB2-4D6B-89F9-9499663122D6}) (Version: 15.0.02800 - Nero AG) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security) Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation) PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.843 - Raxco Software Inc.) PhotoShowExpress (x32 Version: 2.0.063 - ##COMPANY_NAME##) Hidden Polaris Office Sync (HKU\S-1-5-21-4221762962-3014482106-3654835003-1000\...\InstallShield_{A17C8EB9-24FE-402B-B979-345A7242F2B2}) (Version: 2.003.001 - Infraware) Polaris Office Sync (x32 Version: 2.003.001 - Infraware) Hidden Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.70 - Realtek Semiconductor Corp.) Registro de usuario de Canon MP280 series (HKLM-x32\...\Registro de usuario de Canon MP280 series) (Version: - ) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software) Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) Software para dispositivos de chipset Intel® (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.2.4 - Tweaking.com) Ulead Photo Explorer 6.0 (HKLM-x32\...\{D0194539-8118-4FD7-8ABA-912B2D479B48}) (Version: - ) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) USB Flash Drives Control (HKLM\...\USB Flash Drives Control) (Version: 4.0.0.0 - BiniSoft.org) VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden version3.0_patch final_Maximedia (HKLM-x32\...\version3.0_patch final_Maximedia) (Version: - ) VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - ) Vivaldi (HKU\S-1-5-21-4221762962-3014482106-3654835003-1000\...\Vivaldi) (Version: 1.0.118.19 - Vivaldi) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. ) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.16.633 - Zemana Ltd.) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 18-07-2015 02:47:55 Removed Java 8 Update 51 18-07-2015 02:49:01 Windows Update 18-07-2015 10:16:09 Windows Update 18-07-2015 16:56:42 Windows Update 20-07-2015 07:10:03 Windows Update 20-07-2015 07:30:13 Installing COMODO Internet Security Pro 20-07-2015 07:31:58 Instalación del paquete de controladores de dispositivo: COMODO Servicio de red 20-07-2015 07:37:27 Installed GeekBuddy. 20-07-2015 09:17:36 Windows Update 20-07-2015 21:43:16 Windows Update 21-07-2015 14:42:38 Windows Update 21-07-2015 21:59:26 Windows Update 22-07-2015 01:19:25 Windows Update 23-07-2015 10:11:21 JRT Pre-Junkware Removal 23-07-2015 11:17:12 JRT Pre-Junkware Removal 23-07-2015 14:39:14 Windows Update 24-07-2015 23:59:25 Windows Update 25-07-2015 23:48:06 Windows Update 26-07-2015 09:41:31 Removed Corel Graphics - Windows Shell Extension. 26-07-2015 09:43:05 Removed Corel Graphics - Windows Shell Extension 32 Bit. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-12-19 21:52 - 2015-07-25 23:47 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {09DB7D23-A876-4B78-96AD-A7D11610AF52} - System32\Tasks\Programa de actualización online de Adobe => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task: {0E06B155-FFB6-4CF0-B10D-4EFBD7608B0A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {11127CBE-26D8-459D-9658-3A34C24C26EF} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO) Task: {20C0DABD-07F3-4F08-8920-40B2EFD9D9A5} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO) Task: {2FDE0FE0-5A24-4557-8DFC-D07B5DEAB2C2} - System32\Tasks\{2252C50E-A028-4FDD-B04C-B1CF35F0FB69} => pcalua.exe -a C:\Users\Rocio\Downloads\win32_152822.exe -d C:\Users\Rocio\Downloads Task: {34AF84D5-0CFA-4EA4-9B6D-54FEB3CDD5F6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation) Task: {43C244A5-58C4-49EB-A372-6C7FE1FF38ED} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-21] (Microsoft Corporation) Task: {4CAB1196-7BAC-46DF-A234-3EF599D26B89} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4221762962-3014482106-3654835003-1000Core => C:\Users\Rocio\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-10] (Facebook Inc.) Task: {56D9763F-109B-4256-A8C9-6CBB69AF0C13} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.) Task: {5E9110EB-E66F-4DD9-84DF-64972DA6E6BF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-01] (Dropbox, Inc.) Task: {605454F5-DEFA-4FB3-ACE1-7F336C03B7A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-04] (Piriform Ltd) Task: {6BCFB051-C458-4C15-B323-3745EF7548A8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4221762962-3014482106-3654835003-1000UA => C:\Users\Rocio\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-10] (Facebook Inc.) Task: {70C4E018-9E23-4251-B75C-B44F2FE4A450} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-21] (Microsoft Corporation) Task: {74447C14-0588-4113-BA2B-F7A0DB487C2E} - System32\Tasks\{DB742C74-196D-4CDE-9C64-EBAD62ACA30A} => pcalua.exe -a "F:\AutoPlay\Docs\FEAR Gold Repack.exe" -d F:\ Task: {7F7A0887-B2B5-4EB3-B996-57D49F47EB7A} - System32\Tasks\{C9C2BFA0-7AAA-4BF6-808F-A8C9F4C5A8FA} => pcalua.exe -a "C:\Users\Rocio\Desktop\office 2007\setup.exe" -d "C:\Users\Rocio\Desktop\office 2007" Task: {8589BADB-8FC9-41E4-9815-2D5DD47FB273} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO) Task: {88FECCB1-AE93-47DD-98E1-3A38D5D54F49} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-06-08] (Oracle Corporation) Task: {A157AF5A-6352-432E-A4FA-608CD90D250C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-01] (Dropbox, Inc.) Task: {ACBE418E-14FB-4334-BFCB-41C0D22EF984} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4221762962-3014482106-3654835003-501Core1d09af2f0d1fa32 => C:\Users\Invitado\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {B4418532-6338-4A3B-9B24-1B6B254F8574} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO) Task: {D3528176-1F5C-4526-88EB-3511A07ABA27} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4221762962-3014482106-3654835003-501UA => C:\Users\Invitado\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {D765AC7B-3455-4EE1-9EB4-D0951D70B206} - System32\Tasks\{B627122B-5D07-44C3-AC88-15C87302DEDC} => Iexplore.exe http://ui.skype.com/ui/0/5.9.0.115/es/abandoninstall?page=tsProgressBar Task: {DD31328E-7AFD-4F59-853D-8E28107DEA78} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation) Task: {E36A0289-1C7F-43FB-B941-521BCAA086C7} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com) Task: {F4240432-BF4C-4703-8353-93471E6E882B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation) Task: {F45CFDA0-2216-4498-A412-9AB88C69ACDC} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-05] (COMODO) Task: {F5B6AFD9-45F0-4DC3-B385-4A89A765A0D4} - System32\Tasks\{0D73A0B9-B456-4DF8-B60B-9C1AD87A744B} => pcalua.exe -a "C:\Users\Rocio\Downloads\Napoleon Total War [PC-DVD][Multi8][Spanish][www.consolasatope.com]\Phoenix.exe" -d "C:\Users\Rocio\Downloads\Napoleon Total War [PC-DVD][Multi8][Spanish][www.consolasatope.com]" Task: {F5E69757-50BD-4562-B59D-FA799CA20BFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4221762962-3014482106-3654835003-1000Core.job => C:\Users\Rocio\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4221762962-3014482106-3654835003-1000UA.job => C:\Users\Rocio\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4221762962-3014482106-3654835003-501Core1d09af2f0d1fa32.job => C:\Users\Invitado\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4221762962-3014482106-3654835003-501UA.job => C:\Users\Invitado\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-11-07 16:24 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2010-07-14 22:44 - 2010-07-14 22:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2015-07-25 13:16 - 2015-07-25 13:16 - 00080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll 2015-07-11 19:30 - 2015-07-16 20:56 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\bdsandboxuh.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certsentry.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RtNicProp64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RTNUninst64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01011.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\RsCRIcon.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\athrx.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\clwvd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ICCWDT.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\PSKMAD.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Rt64win7.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\RtsBaStor.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\RtsP2Stor.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\RtsPer.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\RtsPStor.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\RtsUer.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\TeeDriverx64.sys:$CmdTcID AlternateDataStreams: C:\Users\Invitado\Downloads\herdProtectScan_Setup.exe:$CmdTcID AlternateDataStreams: C:\Users\Invitado\Downloads\herdProtectScan_Setup.exe:$CmdZnID AlternateDataStreams: C:\Users\Invitado\Downloads\HitmanPro_x64.exe:$CmdTcID AlternateDataStreams: C:\Users\Invitado\Downloads\HitmanPro_x64.exe:$CmdZnID AlternateDataStreams: C:\Users\Invitado\Downloads\RE Saludos.eml:OECustomProperty AlternateDataStreams: C:\Users\Invitado\Downloads\Zemana.AntiMalware.Setup.exe:$CmdTcID AlternateDataStreams: C:\Users\Invitado\Downloads\Zemana.AntiMalware.Setup.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Desktop\adwcleaner_4.208.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Desktop\adwcleaner_4.208.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Desktop\esetsmartinstaller_esn.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Desktop\esetsmartinstaller_esn.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Desktop\FRST64.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Desktop\FRST64.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Desktop\JRT.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Desktop\JRT.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Desktop\mbar-1.09.1.1004.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Desktop\mbar-1.09.1.1004.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Desktop\RogueKillerX64.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Desktop\RogueKillerX64.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Desktop\SecurityCheck.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Desktop\SecurityCheck.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Desktop\TDSSKiller.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Desktop\TDSSKiller.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Desktop\usbc4setup.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Desktop\usbc4setup.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Desktop\VIPRERescue42284.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Desktop\VIPRERescue42284.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\avc_fdt_201503_en.pdf:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\avira_es_av_55515448849d4__ws.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\avira_es_av_55515448849d4__ws.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\BDPUARLauncher.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\BDPUARLauncher.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\bitdefender_tsecurity.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\CDGSX7U4HF1.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\CDGSX7U4HF1.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\chromeinstall-8u45.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\chromeinstall-8u45.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\Combo-Fix.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\Combo-Fix.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\ComboFix(1).exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\ComboFix(1).exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\CorelDRAWGraphicsSuiteX7Installer_ES64Bit.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\DropboxInstaller.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\DropboxInstaller.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\EmsisoftEmergencyKit (1).exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\EmsisoftEmergencyKit.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\FixTDSS.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\FixTDSS.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\HitmanPro_x64.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\HitmanPro_x64.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\iExplore.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\iExplore.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\installeddriverslist-x64.zip:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\kts15.0.1.415en_7061 (1).exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\kts15.0.1.415en_7061 (1).exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\kts15.0.1.415en_7061.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\kts15.0.1.415en_7061.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\PANDAFREEAV.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\PANDAFREEAV.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\pd13.0_pro_be.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\PD_musical.pdf:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\PolarisOfficeSyncInstall.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\PolarisOfficeSyncInstall.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\RegSeeker2.57 (1).zip:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\RegSeeker2.57.rar:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\Setup (1).exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\Setup (1).exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\setup.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\setup.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\tdsskiller.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\tdsskiller.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\tdsskiller.zip:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\tweaking.com_windows_repair_aio_setup.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\tweaking.com_windows_repair_aio_setup.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\VB-AVC-AVT-press-release (1).pdf:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\VB-AVC-AVT-press-release (2).pdf:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\VB-AVC-AVT-press-release (3).pdf:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\VB-AVC-AVT-press-release.pdf:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\VN760129.WMA:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\vy5gb233.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\vy5gb233.exe:$CmdZnID AlternateDataStreams: C:\Users\Rocio\Downloads\whocrashedSetup.exe:$CmdTcID AlternateDataStreams: C:\Users\Rocio\Downloads\whocrashedSetup.exe:$CmdZnID ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4221762962-3014482106-3654835003-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rocio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 156.154.70.25 - 156.154.71.25 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaspersky Software Updater Beta.lnk => C:\Windows\pss\Kaspersky Software Updater Beta.lnk.CommonStartup MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start MSCONFIG\startupreg: Browser Infrastructure Helper => MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: DAEMON Tools Lite => MSCONFIG\startupreg: DATAMNGR => MSCONFIG\startupreg: Dell Registration => C:\Program Files (x86)\System Registration\prodreg.exe /boot MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup MSCONFIG\startupreg: EADM => MSCONFIG\startupreg: Google Update => MSCONFIG\startupreg: GUDelayStartup => MSCONFIG\startupreg: iTunesHelper => MSCONFIG\startupreg: msnmsgr => MSCONFIG\startupreg: PDVD9LanguageShortcut => MSCONFIG\startupreg: RemoteControl9 => MSCONFIG\startupreg: Samsung Link => MSCONFIG\startupreg: SkyMonk => MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup MSCONFIG\startupreg: uTorrent => MSCONFIG\startupreg: YouCam Service => "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s MSCONFIG\startupreg: ZAM => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{3BC401D6-557D-4409-A81A-9BC0D839BEB4}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe FirewallRules: [{7EC5CB19-F4F9-4FA1-B272-44AF299A98CD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{53088948-9D93-49F4-8A56-A6DEC6041BB9}] => (Allow) LPort=2869 FirewallRules: [{2097262A-48ED-4D89-870A-9AD4459D9040}] => (Allow) LPort=1900 FirewallRules: [{DF451FFF-BC6A-470B-A462-B5E02C0D5EB2}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [TCP Query User{08E79890-1435-4BFC-B736-1A71611CF540}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{44D198F9-F7B9-432B-A164-95DC72B8EB73}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{60888A15-1844-4244-9DFF-3E99790374B4}] => (Allow) LPort=8317 FirewallRules: [{02CC21EE-9E88-45F1-BCBE-3C4527972CE2}] => (Allow) LPort=8743 FirewallRules: [{C4DF1510-9EEB-4464-A481-33911B86DF33}] => (Allow) LPort=8643 FirewallRules: [{40715A00-DED6-4351-BBE9-BAC72C5A24B8}] => (Allow) LPort=7676 FirewallRules: [{70E24A96-0D69-4D2C-9E4D-A704C139C74F}] => (Allow) LPort=7679 FirewallRules: [{B5656881-646E-4FCF-8785-9A455A97EBC2}] => (Allow) LPort=24234 FirewallRules: [{42F4B915-EFD9-4877-A5A2-CD5AEDBC4767}] => (Allow) LPort=7900 FirewallRules: [{9522B0CB-37D5-4D56-B3F1-2C5A4FDCF30D}] => (Allow) LPort=1900 FirewallRules: [{3AD6EBA0-606A-44FE-83B8-5448ADD11C08}] => (Allow) C:\Users\Rocio\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{1D0D96D0-32E7-48A7-8130-BFB1BB65F8C6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{59E8FBD1-AB6A-43E3-B6D1-ABCDD851B241}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{3D0E9A98-8FC7-4727-B9D7-19B928E56A6D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [TCP Query User{125DDFF8-7EA6-4274-8C80-2813D4FAE699}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe FirewallRules: [UDP Query User{14AC5A15-F3D0-48DF-AA4A-1B20DB2D8ECD}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe FirewallRules: [{22991D82-9DAD-42FE-B7FE-F3A7E461B238}] => (Allow) C:\Users\Rocio\AppData\Local\Vivaldi\Application\vivaldi.exe FirewallRules: [{EEE34DFC-3E46-4BD5-9469-97D9F8CDCF58}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{3E19AA72-8AE8-43F4-8067-031AA61ABFC7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{A27B7D62-70F3-4B42-A1C6-2F5476400588}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8DC17694-CCE9-407D-A24C-02B45A5F665B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5FDA3E9F-5793-4C30-927B-999530F0EA51}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Could not start eventlog service, could not read events. El servicio de Registro de eventos de Windows est inicindose. El servicio de Registro de eventos de Windows no ha podido iniciarse. Error de sistema. El sistema no puede encontrar el texto del mensaje para el mensaje nmero 0x1069 en el archivo de mensajes para (null). Puede obtener ms ayuda con el comando NET HELPMSG 4201. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G630 @ 2.70GHz Percentage of memory in use: 44% Total physical RAM: 2978.64 MB Available physical RAM: 1662.25 MB Total Virtual: 5955.5 MB Available Virtual: 4145.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:452.96 GB) (Free:322.14 GB) NTFS Drive e: (RECOVERY) (Fixed) (Total:12.76 GB) (Free:4.99 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AFB203AD) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=12.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS) ==================== End of log ============================