Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC infected. Kaspersky won't recognize any malware [Solved]


  • This topic is locked This topic is locked

#1
insomniak21

insomniak21

    New Member

  • Member
  • Pip
  • 4 posts

Hello.

 

I recently noticed some problems in my computer. I should start by saying that I've been

downloading torrents. And about 2 weeks ago, a friend and I decided it would be fun to enter

the freenet, just to see what we could find there (nothing interesting). The next day, when I tried to

start my PC, it wouldn't start, not even the bios. After several times of trying to start, it went to Startup Repair, 

so it restored to an earlier point when everything worked fine. It went good, and it started as usual.

I deleted the freenet software, but I kept downloading torrents from thepiratebay.

 

Today, I noticed that Google Chrome wasn't working as it did. Lots of adds, and pop ups. several times, it came

out a sign telling that shockwave Flash has crashed, and everything became super slow. Then, I saw that my IP was being rerouted

to a server using Privoxy. I went to the internet and found a thread about this Kb70007 virus or something, tried to follow the steps

to eliminate the thing, but i never found the files with that name as I was supposed to. Of course, Kaspersky didn't help at all, I scanned

everything and did not find a thing. So I found this website, and decided to create an acount, so I could create this topic. 

 

Would you please help me? I don't know what else to do. 

 

I'll leave the logs, as instructed.

 

Thank you very much!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by FABIAN (administrator) on FABIAN-PC on 07-05-2015 01:52:24
Running from C:\Users\FABIAN\Desktop
Loaded Profiles: FABIAN (Available profiles: FABIAN & Invitado)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Megasoft Security\privoxy.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Spotify Ltd) C:\Users\FABIAN\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MPC-HC Team) C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\nacl64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\Run: [Spotify Web Helper] => C:\Users\FABIAN\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-29] (Spotify Ltd)
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\Run: [Spotify] => C:\Users\FABIAN\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-04-29] (Spotify Ltd)
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\RunOnce: [DeleteMarkAny] => C:\Windows\SysWOW64\MASetupCleaner.exe [24576 2013-12-30] ((주)마크애니)
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\MountPoints2: {a4fc8a32-e705-11e4-b88f-50e54952a74c} - F:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\MountPoints2: {a4fc8a4d-e705-11e4-b88f-50e54952a74c} - F:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\MountPoints2: {a4fc8ace-e705-11e4-b88f-50e54952a74c} - F:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2014-07-01]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe (D-Link Corp.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-2046910824-2420696095-1822221785-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2046910824-2420696095-1822221785-1000] => 127.0.0.1:8118
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://gosearch.me/...inst=1428357667
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1428357667
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1428357667
SearchScopes: HKU\S-1-5-21-2046910824-2420696095-1822221785-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1428357667
SearchScopes: HKU\S-1-5-21-2046910824-2420696095-1822221785-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1428357667
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-02] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-02] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-13] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-13] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 10.2.9.116 10.3.9.116
 
FireFox:
========
FF ProfilePath: C:\Users\FABIAN\AppData\Roaming\Mozilla\Firefox\Profiles\uqfz075i.default
FF NetworkProxy: "type", 5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-13] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-02] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-01-02] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-02] ()
FF Plugin-x32: @meadco.com/neptune plugin,version=2.0.0.29 -> C:\PROGRA~2\MEADCO~1\npmeadax.dll [2007-09-05] (MeadCo Corp.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-21] (Google Inc.)
FF user.js: detected! => C:\Users\FABIAN\AppData\Roaming\Mozilla\Firefox\Profiles\uqfz075i.default\user.js [2015-04-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-04-29]
FF Extension: Firefox Helper Tool - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\cf7012b456f89a6c2b04f801efe6df9b [2015-04-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-02]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-02]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-01-02]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-01-02]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-01-02]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.facebook.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (A Quotation) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafpohheobbibbehfjogminpinjhlpmg [2015-03-21]
CHR Extension: (Google Slides) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-21]
CHR Extension: (Google Docs) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-21]
CHR Extension: (Google Drive) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-21]
CHR Extension: (Desmos Graphing Calculator) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2015-03-21]
CHR Extension: (Fish Matching) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllpaelopnfgfampngdhgolbpfdkpdem [2015-03-21]
CHR Extension: (YouTube) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-21]
CHR Extension: (Bubble Shooter Level Pack) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cclpcbfoiabkkbhlcdlkkjhledodjakp [2015-03-21]
CHR Extension: (Google Search) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-21]
CHR Extension: (Kaspersky Protection) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-21]
CHR Extension: (Google Sheets) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-21]
CHR Extension: (Bookmark Manager) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Plants vs Zombies) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-03-21]
CHR Extension: (Grass) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla [2015-03-23]
CHR Extension: (BeGone) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk [2015-03-21]
CHR Extension: (Google Wallet) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-21]
CHR Extension: (Current Moon Phase -N.Hemisphere) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oampnkjpomgmmphfoedhihefpbjhjamo [2015-03-21]
CHR Extension: (Khan Academy) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko [2015-03-21]
CHR Extension: (mySchoolNotebook.com) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pamfapbnciponedgddhhlaodehbfhaai [2015-03-21]
CHR Extension: (Click&Clean App) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-03-21]
CHR Extension: (Gmail) - C:\Users\FABIAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-21]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
R2 PrivoxyService; C:\Program Files (x86)\Megasoft Security\privoxy.exe [371200 2015-05-04] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2011-07-07] (Google Inc)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2733568 2012-09-27] (C-Media Inc)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-04] (Disc Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-01-02] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-01-02] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-07-07] (HandSet Incorporated)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation                           )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-07 01:52 - 2015-05-07 01:52 - 00024064 _____ () C:\Users\FABIAN\Desktop\FRST.txt
2015-05-07 01:51 - 2015-05-07 01:52 - 00000000 ____D () C:\FRST
2015-05-07 01:50 - 2015-05-07 01:50 - 02102272 _____ (Farbar) C:\Users\FABIAN\Desktop\FRST64.exe
2015-05-06 17:02 - 2015-05-06 17:02 - 00193239 _____ () C:\Users\FABIAN\Downloads\game-of-thrones-fourth-season_english-943475.zip
2015-05-05 14:21 - 2015-05-05 14:21 - 00221386 _____ () C:\Users\FABIAN\Downloads\game-of-thrones-third-season_english-886563.zip
2015-05-04 22:56 - 2015-05-04 22:57 - 00000000 ____D () C:\Program Files (x86)\Megasoft Security
2015-04-29 16:52 - 2015-04-29 16:52 - 00052430 _____ () C:\Users\FABIAN\Downloads\416319.rar
2015-04-29 14:40 - 2015-05-06 16:48 - 00000000 ____D () C:\Users\FABIAN\AppData\Local\Spotify
2015-04-29 14:40 - 2015-04-29 14:40 - 00001772 _____ () C:\Users\FABIAN\Desktop\Spotify.lnk
2015-04-29 14:40 - 2015-04-29 14:40 - 00001758 _____ () C:\Users\FABIAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-29 14:39 - 2015-05-06 16:48 - 00000000 ____D () C:\Users\FABIAN\AppData\Roaming\Spotify
2015-04-29 14:39 - 2015-04-29 14:39 - 00155296 _____ (Spotify Ltd) C:\Users\FABIAN\Downloads\SpotifySetup.exe
2015-04-28 18:00 - 2015-04-28 18:01 - 00294224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-27 22:57 - 2015-05-07 00:12 - 00002735 _____ () C:\Windows\setupact.log
2015-04-27 22:57 - 2015-04-27 22:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-27 22:55 - 2015-04-27 22:55 - 00022743 _____ () C:\Users\FABIAN\Downloads\345323.rar
2015-04-27 16:56 - 2015-04-27 16:56 - 00064024 _____ () C:\Users\FABIAN\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-27 00:43 - 2015-04-27 00:43 - 00000000 ____D () C:\Users\FABIAN\AppData\Local\Macromedia
2015-04-26 20:57 - 2015-04-27 09:58 - 00000000 ____D () C:\Users\FABIAN\AppData\Local\Freenet
2015-04-26 02:47 - 2015-04-26 02:47 - 00052428 _____ () C:\Users\FABIAN\Downloads\fear-and-loathing-in-las-vegas-spanish-yify-21310.zip
2015-04-20 18:28 - 2015-04-20 18:28 - 00063625 _____ () C:\Users\FABIAN\Downloads\Pulp_Fiction_1994.en(2).zip
2015-04-20 18:24 - 2015-04-27 19:48 - 00000000 ____D () C:\Users\FABIAN\AppData\Roaming\Media Player Classic
2015-04-20 17:32 - 2015-04-20 17:32 - 00726307 _____ () C:\Users\FABIAN\Downloads\LibroFrasesCelebres.rar
2015-04-20 17:03 - 2015-04-20 17:04 - 00000000 ____D () C:\Users\FABIAN\Documents\Escuela de Aviación México
2015-04-20 16:37 - 2015-04-20 16:37 - 00000834 _____ () C:\Users\FABIAN\Desktop\BitTorrent.lnk
2015-04-20 16:37 - 2015-04-20 16:37 - 00000814 _____ () C:\Users\FABIAN\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-04-20 16:35 - 2015-05-06 23:58 - 00000000 ____D () C:\Users\FABIAN\AppData\Roaming\BitTorrent
2015-04-20 16:35 - 2015-04-20 16:35 - 01746520 _____ (BitTorrent Inc.) C:\Users\FABIAN\Downloads\BitTorrent.exe
2015-04-19 23:12 - 2015-04-19 23:12 - 00000000 ____D () C:\Program Files\ZTE Handset USB Driver
2015-04-19 23:12 - 2011-08-22 17:21 - 00129432 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsvousb.sys
2015-04-19 23:12 - 2011-08-22 17:21 - 00129432 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghstrace.sys
2015-04-19 23:12 - 2011-08-22 17:21 - 00129432 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsnmea.sys
2015-04-19 23:12 - 2011-08-22 17:21 - 00129432 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsmdm.sys
2015-04-19 23:12 - 2011-08-22 17:21 - 00129432 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsdiagmdm.sys
2015-04-19 23:12 - 2011-08-22 17:21 - 00129432 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsdiag.sys
2015-04-19 23:12 - 2011-08-22 17:21 - 00129432 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsat.sys
2015-04-19 23:12 - 2011-08-15 16:43 - 00584584 _____ () C:\Windows\adb.exe
2015-04-19 23:12 - 2011-08-15 16:43 - 00102936 _____ (Google, inc) C:\Windows\AdbWinApi.dll
2015-04-19 23:12 - 2011-07-07 16:13 - 00018456 _____ (HandSet Incorporated) C:\Windows\system32\Drivers\massfilter_hs.sys
2015-04-19 23:12 - 2011-03-28 15:42 - 00129304 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ghsnmea.sys
2015-04-19 23:12 - 2011-03-28 15:42 - 00129304 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ghsmdm.sys
2015-04-19 23:12 - 2011-03-28 15:42 - 00129304 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ghsdiag.sys
2015-04-19 23:12 - 2010-10-18 14:24 - 00038424 _____ (Google Inc) C:\Windows\system32\Drivers\ghsandroid.sys
2015-04-19 22:52 - 2015-04-19 22:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_androidusb_01005.Wdf
2015-04-19 22:32 - 2015-04-19 22:32 - 00000011 _____ () C:\Users\FABIAN\Documents\hjgkfjhg.txt
2015-04-14 18:39 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 18:39 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 18:39 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 18:39 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 18:39 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 18:39 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 18:39 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 18:39 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 18:39 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 18:39 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 18:39 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 18:39 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 18:39 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 18:39 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 18:39 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 18:39 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 18:39 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 18:39 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 18:39 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 18:39 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 18:39 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 18:39 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 18:39 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 18:39 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 18:39 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 18:39 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 18:39 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 18:39 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 18:39 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 18:39 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 18:39 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 18:39 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 18:39 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 18:39 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 18:39 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 18:39 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 18:39 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 18:39 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 18:39 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 18:39 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 18:39 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 18:39 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 18:39 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 18:39 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 18:39 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 18:39 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 18:39 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 18:39 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 18:39 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 18:39 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 18:39 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 18:39 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 18:39 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 18:39 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 18:39 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 18:39 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 18:39 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 18:39 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 18:39 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 18:39 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 18:39 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 18:39 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 18:39 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 18:39 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 18:39 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 18:39 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 18:39 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 18:39 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 18:39 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 18:39 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 18:39 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 18:39 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 18:39 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 18:39 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 18:39 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 18:39 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 18:39 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 18:39 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 18:39 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 18:39 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 18:39 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 18:39 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 18:39 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 18:39 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 18:39 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 18:39 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 18:39 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 18:39 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 18:39 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 18:39 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 18:39 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 18:39 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 18:39 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 18:39 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 18:39 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 18:39 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 18:39 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 18:39 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 18:39 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 18:39 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 18:39 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 18:39 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 18:39 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 18:39 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 18:39 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 18:39 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 18:39 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 18:39 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 18:39 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 18:39 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 18:39 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 18:39 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 18:39 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 18:39 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 18:39 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 18:39 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 18:39 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 18:39 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 18:39 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 18:39 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 18:39 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 18:39 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 18:39 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 18:39 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 18:39 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 18:39 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 18:39 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 18:39 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 18:38 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 18:38 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 18:38 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-12 14:00 - 2015-04-20 16:47 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-04-12 13:56 - 2015-04-12 13:56 - 04182178 _____ (The Public) C:\Users\FABIAN\Downloads\Avisynth_258.exe
2015-04-11 12:09 - 2015-04-11 12:09 - 01510755 _____ ( ) C:\Users\Invitado\Downloads\AC07911_setup.exe
2015-04-11 11:38 - 2015-04-11 11:38 - 00064024 _____ () C:\Users\Invitado\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-11 11:28 - 2015-04-11 11:28 - 00000000 ____D () C:\Users\Invitado\AppData\Local\NVIDIA Corporation
2015-04-11 11:27 - 2015-04-11 11:27 - 00002330 _____ () C:\Users\Invitado\Desktop\Safe Money.lnk
2015-04-11 11:27 - 2015-04-11 11:27 - 00000000 ____D () C:\Users\Invitado\AppData\Roaming\Apple Computer
2015-04-11 11:27 - 2015-04-11 11:27 - 00000000 ____D () C:\Users\Invitado\AppData\Local\NVIDIA
2015-04-11 11:26 - 2015-04-27 09:58 - 00000000 ____D () C:\Users\Invitado
2015-04-11 11:26 - 2015-04-11 11:27 - 00000000 ____D () C:\Users\Invitado\AppData\Local\VirtualStore
2015-04-11 11:26 - 2015-04-11 11:26 - 00001397 _____ () C:\Users\Invitado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-11 11:26 - 2015-04-11 11:26 - 00000020 ___SH () C:\Users\Invitado\ntuser.ini
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\Reciente
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\Plantillas
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\Mis documentos
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\Menú Inicio
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\Impresoras
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\Entorno de red
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\Documents\Mis vídeos
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\Documents\Mis imágenes
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\Documents\Mi música
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\Datos de programa
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\AppData\Local\Historial
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\AppData\Local\Datos de programa
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 _SHDL () C:\Users\Invitado\AppData\Local\Archivos temporales de Internet
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 ____D () C:\Users\Invitado\AppData\Roaming\Adobe
2015-04-11 11:26 - 2015-04-11 11:26 - 00000000 ____D () C:\Users\Invitado\AppData\Local\Google
2015-04-11 11:26 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Invitado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-11 11:26 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Invitado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-08 01:51 - 2015-04-08 01:51 - 00000000 ____D () C:\Users\FABIAN\Documents\SelfMV
2015-04-07 22:56 - 2015-04-07 22:56 - 00003642 _____ () C:\Windows\System32\Tasks\Maintenance Security Viewer
2015-04-07 22:56 - 2015-04-07 22:56 - 00000000 ____D () C:\Program Files (x86)\Maintenance Security
2015-04-07 02:08 - 2015-04-27 09:58 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-07 02:08 - 2015-04-07 02:08 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-07 00:06 - 2015-04-07 00:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-07 01:46 - 2009-07-13 23:45 - 00035312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-07 01:46 - 2009-07-13 23:45 - 00035312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-07 01:26 - 2015-03-21 00:21 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-07 01:24 - 2014-05-26 22:57 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-07 00:50 - 2014-12-03 19:12 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-07 00:02 - 2015-04-06 23:59 - 00000000 ____D () C:\Users\FABIAN\AppData\Roaming\Samsung
2015-05-07 00:02 - 2015-04-06 23:55 - 00000000 ____D () C:\ProgramData\Samsung
2015-05-07 00:02 - 2015-04-06 23:55 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-05-07 00:02 - 2014-05-09 21:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-06 23:57 - 2015-03-06 03:37 - 00007603 _____ () C:\Users\FABIAN\AppData\Local\Resmon.ResmonCfg
2015-05-06 23:26 - 2015-03-21 00:21 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-06 22:54 - 2015-02-27 23:54 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2015-05-06 22:43 - 2014-05-09 21:16 - 01183006 _____ () C:\Windows\WindowsUpdate.log
2015-05-06 16:53 - 2011-04-12 04:10 - 00747394 _____ () C:\Windows\system32\perfh00A.dat
2015-05-06 16:53 - 2011-04-12 04:10 - 00158866 _____ () C:\Windows\system32\perfc00A.dat
2015-05-06 16:53 - 2009-07-14 00:13 - 01676878 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-06 16:47 - 2014-05-09 21:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-06 16:47 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-06 01:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-01 11:51 - 2014-08-28 03:03 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-01 11:51 - 2014-08-28 03:03 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-01 11:50 - 2014-08-28 03:03 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-01 11:50 - 2014-08-28 03:03 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-04-30 14:27 - 2015-03-21 00:22 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-27 16:15 - 2015-03-04 20:01 - 00000000 ____D () C:\Users\FABIAN\AppData\Roaming\DAEMON Tools Lite
2015-04-27 15:59 - 2014-05-09 21:18 - 00000000 ____D () C:\Users\FABIAN
2015-04-27 09:58 - 2014-05-26 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-27 09:58 - 2014-05-26 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-27 09:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-04-20 16:47 - 2015-03-26 00:44 - 00000000 ____D () C:\Users\FABIAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-17 00:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-17 00:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 23:24 - 2014-05-26 22:57 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 23:24 - 2014-05-26 22:57 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 23:24 - 2014-05-26 22:57 - 00003776 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 19:28 - 2014-12-10 13:54 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 19:28 - 2014-05-10 22:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-14 19:36 - 2014-05-11 01:42 - 01649848 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 19:35 - 2014-08-31 23:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 19:32 - 2014-08-31 23:17 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-13 22:56 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-12 13:46 - 2009-07-14 00:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2015-03-28 16:50 - 2015-03-28 16:50 - 0009662 _____ () C:\Users\FABIAN\AppData\Roaming\em_64x64.ico
2015-03-06 03:37 - 2015-05-06 23:57 - 0007603 _____ () C:\Users\FABIAN\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-04 18:43
 
==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by FABIAN at 2015-05-07 01:52:50
Running from C:\Users\FABIAN\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-2046910824-2420696095-1822221785-500 - Administrator - Disabled)
FABIAN (S-1-5-21-2046910824-2420696095-1822221785-1000 - Administrator - Enabled) => C:\Users\FABIAN
Invitado (S-1-5-21-2046910824-2420696095-1822221785-501 - Limited - Enabled) => C:\Users\Invitado
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Actualización de NVIDIA 2.4.3.22 (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (32 bits) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\BitTorrent) (Version: 7.9.3.40101 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2905 - CDBurnerXP)
Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Cuevana Storm versión 0.3b (HKLM-x32\...\{2AFB4518-E1D7-4D74-B4FC-C65AE00E531D}_is1) (Version: 0.3b - Cuevana)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32\...\{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)
Easy Drive Data Recovery (HKLM-x32\...\Easy Drive Data Recovery) (Version: 3.0 - MunSoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guía interactiva EXANI-II 2014 (HKLM-x32\...\{BE92E607-7556-41C4-A3D1-F65F42DB5F25}) (Version: 1.1.0 - MUV)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
K-Lite Mega Codec Pack 7.5.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.5.0 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotioninJoy DS3 driver version 0.6.0005 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.0005 - www.motioninjoy.com)
Mozilla Firefox 29.0.1 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 es-MX)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\MyFreeCodec) (Version:  - )
NVIDIA Controlador de 3D Vision 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{556A5D7B-54F4-4D0D-8114-742A60105CDC}) (Version: 4.10.9764 - Apache Software Foundation)
Panel de control de NVIDIA 341.44 (Version: 341.44 - NVIDIA Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stella 3.4.1 (HKLM-x32\...\Stella_is1) (Version:  - The Stella Team)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
ZTE Driver USB del dispositivo (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.A10B02 - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2046910824-2420696095-1822221785-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\FABIAN\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2046910824-2420696095-1822221785-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\FABIAN\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2046910824-2420696095-1822221785-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\FABIAN\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
17-03-2015 04:22:08 Windows Update
18-03-2015 23:41:53 Instalado Microsoft Visual C++ 2005 Redistributable (x64)
18-03-2015 23:42:52 Instalado Microsoft Visual C++ 2005 Redistributable
18-03-2015 23:43:36 Instalado League of Legends
18-03-2015 23:44:12 Se ha instalado DirectX
20-03-2015 04:00:10 Windows Update
24-03-2015 18:23:52 Windows Update
25-03-2015 04:00:11 Windows Update
26-03-2015 02:14:50 Se ha instalado DirectX
26-03-2015 02:16:14 Se ha instalado DirectX
31-03-2015 21:11:37 Windows Update
06-04-2015 16:53:45 Windows Update
06-04-2015 23:55:31 Installed Samsung Kies
07-04-2015 02:08:00 Windows Update
10-04-2015 14:16:56 Windows Update
14-04-2015 18:38:46 Windows Update
14-04-2015 19:30:28 Windows Update
17-04-2015 23:39:09 Windows Update
20-04-2015 16:48:53 Removed USB GamePad
21-04-2015 16:16:45 Windows Update
26-04-2015 01:17:21 Windows Update
27-04-2015 16:04:37 Windows Update
03-05-2015 22:58:08 Windows Update
07-05-2015 00:01:36 Removed Samsung Kies
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03A081D6-4658-469B-AA7E-FE023B90A23E} - System32\Tasks\Maintenance Security Viewer => C:\Program Files (x86)\Maintenance Security\MaintenanceSecurity.exe [2015-04-07] (Secure Updater)
Task: {2E1401B4-C4C3-4AEC-82D6-649C9A578E98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-21] (Google Inc.)
Task: {3D9A426E-38AD-4D5C-9C41-F63F2B6171CA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5259381D-C983-4DB3-B3A5-911838E37C96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {55880D3E-185E-4443-84D8-0343B17C3A4C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6C0955D5-93C2-420F-877E-E237E2C22285} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {887C97BC-5906-47FD-8B53-87C760E0072C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A7655034-F413-41DF-B9D0-8E8C8843FDA4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {B1BD5D97-0873-4166-8372-98B887E1B95B} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe [2015-02-26] () <==== ATTENTION
Task: {DA1433B7-6B66-4C6E-9C9F-DCDCC70415C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-21] (Google Inc.)
Task: {FA379972-4A51-44A4-95BF-2D27C69907D2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-08-28 03:03 - 2015-02-03 21:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-01 20:10 - 2008-06-26 19:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe
2014-05-09 21:33 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-05-09 21:21 - 2013-03-08 21:06 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-19 16:40 - 2015-02-19 16:40 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2014-03-06 16:00 - 2014-03-06 16:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-05-04 22:56 - 2015-05-04 22:56 - 00086528 _____ () C:\Program Files (x86)\Megasoft Security\mgwz.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-09 21:31 - 2011-03-03 05:40 - 00552960 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\splitter.ax
2014-05-09 21:31 - 2011-03-03 05:35 - 00080384 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mkzlib.dll
2014-05-09 21:31 - 2011-03-03 05:35 - 00024576 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
2014-05-09 21:31 - 2011-03-03 05:40 - 00150528 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mkx.dll
2014-05-09 21:31 - 2011-03-03 05:39 - 00141824 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\mp4.dll
2014-05-09 21:31 - 2011-07-22 03:00 - 03576320 _____ () C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax
2014-05-09 21:31 - 2011-07-22 03:00 - 00327680 _____ () C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ff_libfaad2.dll
2015-04-01 22:32 - 2015-05-01 11:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-30 14:27 - 2015-04-27 21:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 14:27 - 2015-04-27 21:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-30 14:27 - 2015-04-27 21:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\FABIAN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.2.9.116 - 10.3.9.116
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A717BBC2-223D-43BB-8F0A-9392A891D525}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{76FD8FC9-5663-4958-A7F3-A550AE6DC075}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9B87BC9E-0B34-402D-AF94-BE916F4E1682}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B55DA4ED-7010-43FE-BD05-D7691A987206}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2AB5D2A-20E6-4EFA-92A5-D06759B11DBF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A933AF4D-A276-46BF-AA34-29E6AA34A69C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B8848163-9F1B-46A1-AD2C-54BC64B7DD49}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3D4A26A9-CA61-4AF5-AB28-733D1BE55C4A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EC113C40-6D95-4A90-B650-7171328E06A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{67105470-6304-417E-AEB0-7EF578BA64AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{49E4FD23-ED5F-43A9-8DD3-C728716F0592}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{898F585A-E01A-4A26-AB58-75A937E6AA7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{4B60A57C-B1E0-44F7-A3AE-FF603648E293}C:\users\fabian\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\fabian\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{27F2E7E7-CC94-467C-B237-6CADE6807155}C:\users\fabian\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\fabian\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8E0C1645-7AA0-431C-8111-0E3C26FF6492}C:\program files (x86)\cuevana storm\cuevana storm.exe] => (Allow) C:\program files (x86)\cuevana storm\cuevana storm.exe
FirewallRules: [UDP Query User{80A6355F-43EF-49EB-B447-0A9EEABAE0EF}C:\program files (x86)\cuevana storm\cuevana storm.exe] => (Allow) C:\program files (x86)\cuevana storm\cuevana storm.exe
FirewallRules: [TCP Query User{1907F15C-E3ED-4D38-943C-173280B1E50F}C:\programdata\battle.net\agent\agent.3526\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3526\agent.exe
FirewallRules: [UDP Query User{F8718BF3-42B4-4FC0-96FA-05D90E1C5E2A}C:\programdata\battle.net\agent\agent.3526\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3526\agent.exe
FirewallRules: [{96FFF39D-0AB9-42F2-B900-A012AFDB5DE0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{574E891A-2710-455C-9C32-17F81C9D2162}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{F2F06B80-793E-4368-9615-F56EEF5CFDCC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{4991D16A-0000-4817-BB6D-9E5492B94306}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{AC14A95F-CAED-4375-87D9-93941F497EEA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1CCF637E-5A2F-4C3C-A857-B57283DC916F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0B73EF7C-F361-4B85-82D8-D5FC612BECF7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A36A30D4-AE30-4EC3-B322-371438CCB70F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CCBB15BA-79E1-4020-B0D4-C828D70CB7D7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{62D65B05-45C3-46C4-B795-C78F1D4A55C8}] => (Allow) C:\Users\FABIAN\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A54F09FA-0E0E-4A80-B6F4-BF6F0E246587}] => (Allow) C:\Users\FABIAN\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1E9E0548-E408-445B-90E5-46BA9629578F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C9CB6112-D9DC-475A-8F03-097C172A6BBD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{138A41FC-14A5-4412-8911-2B9A39463227}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/06/2015 04:49:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 11:39:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2015 10:57:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: GPUpd55483F770.exe, versión: 1.1.0.4, marca de tiempo: 0x554200b3
Nombre del módulo con errores: GPUpd55483F770.exe, versión: 1.1.0.4, marca de tiempo: 0x554200b3
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000046c3
Id. del proceso con errores: 0x1a40
Hora de inicio de la aplicación con errores: 0xGPUpd55483F770.exe0
Ruta de acceso de la aplicación con errores: GPUpd55483F770.exe1
Ruta de acceso del módulo con errores: GPUpd55483F770.exe2
Id. del informe: GPUpd55483F770.exe3
 
Error: (05/04/2015 04:46:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2015 00:16:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2015 10:42:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2015 01:50:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2015 11:04:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2015 04:22:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2015 04:06:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/04/2015 10:56:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio Privoxy (PrivoxyService) ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.
 
Error: (04/22/2015 01:02:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
 
Error: (04/14/2015 04:43:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Steam Client Service no pudo iniciarse debido al siguiente error: 
%%1053
 
Error: (04/14/2015 04:43:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Steam Client Service.
 
Error: (04/12/2015 09:00:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (04/11/2015 00:09:57 PM) (Source: DCOM) (EventID: 10016) (User: FABIAN-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}FABIAN-PCInvitadoS-1-5-21-2046910824-2420696095-1822221785-501LocalHost (con LRPC)
 
Error: (04/11/2015 00:09:57 PM) (Source: DCOM) (EventID: 10016) (User: FABIAN-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}FABIAN-PCInvitadoS-1-5-21-2046910824-2420696095-1822221785-501LocalHost (con LRPC)
 
Error: (04/11/2015 00:09:57 PM) (Source: DCOM) (EventID: 10016) (User: FABIAN-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}FABIAN-PCInvitadoS-1-5-21-2046910824-2420696095-1822221785-501LocalHost (con LRPC)
 
Error: (04/11/2015 00:09:57 PM) (Source: DCOM) (EventID: 10016) (User: FABIAN-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}FABIAN-PCInvitadoS-1-5-21-2046910824-2420696095-1822221785-501LocalHost (con LRPC)
 
Error: (04/11/2015 00:09:57 PM) (Source: DCOM) (EventID: 10016) (User: FABIAN-PC)
Description: específico de la aplicaciónLocalActivación{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}FABIAN-PCInvitadoS-1-5-21-2046910824-2420696095-1822221785-501LocalHost (con LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (05/06/2015 04:49:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 11:39:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2015 10:57:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GPUpd55483F770.exe1.1.0.4554200b3GPUpd55483F770.exe1.1.0.4554200b3c0000409000046c31a4001d086e77ef5b059C:\Users\FABIAN\AppData\Local\Temp\GPUpd55483F770.exeC:\Users\FABIAN\AppData\Local\Temp\GPUpd55483F770.execa93d527-f2da-11e4-bd32-50e54952a74c
 
Error: (05/04/2015 04:46:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/04/2015 00:16:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/03/2015 10:42:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2015 01:50:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/02/2015 11:04:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2015 04:22:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/01/2015 04:06:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-14 17:32:52.231
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-10-14 17:32:52.229
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-10-14 17:32:52.226
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-10-14 17:32:52.212
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-10-14 17:32:52.210
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-10-14 17:32:52.208
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-10-11 00:18:23.647
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-10-11 00:18:23.645
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-10-11 00:18:23.643
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2014-10-11 00:18:23.633
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 50%
Total physical RAM: 8109.12 MB
Available physical RAM: 3988.98 MB
Total Pagefile: 16216.43 MB
Available Pagefile: 11293.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:247.82 GB) (Free:78.59 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:683.59 GB) (Free:360.83 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8A8A0700)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by insomniak21, 07 May 2015 - 01:37 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, I guess a little discussion about the pitfalls of using torrents and the like would be wasted

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\RunOnce: [DeleteMarkAny] => C:\Windows\SysWOW64\MASetupCleaner.exe [24576 2013-12-30] ((?)????)
ProxyEnable: [S-1-5-21-2046910824-2420696095-1822221785-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2046910824-2420696095-1822221785-1000] => 127.0.0.1:8118
FF user.js: detected! => C:\Users\FABIAN\AppData\Roaming\Mozilla\Firefox\Profiles\uqfz075i.default\user.js [2015-04-06]
R2 PrivoxyService; C:\Program Files (x86)\Megasoft Security\privoxy.exe [371200 2015-05-04] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
2015-05-04 22:56 - 2015-05-04 22:57 - 00000000 ____D () C:\Program Files (x86)\Megasoft Security
Task: {03A081D6-4658-469B-AA7E-FE023B90A23E} - System32\Tasks\Maintenance Security Viewer => C:\Program Files (x86)\Maintenance Security\MaintenanceSecurity.exe [2015-04-07] (Secure Updater)
Task: {B1BD5D97-0873-4166-8372-98B887E1B95B} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe [2015-02-26] () <==== ATTENTION
C:\Program Files (x86)\PrivateVPN
2015-04-07 22:56 - 2015-04-07 22:56 - 00003642 _____ () C:\Windows\System32\Tasks\Maintenance Security Viewer
2015-04-07 22:56 - 2015-04-07 22:56 - 00000000 ____D () C:\Program Files (x86)\Maintenance Security
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
insomniak21

insomniak21

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi! Thank you for answering. Yes i've been aware about the troubles that downloading torrents may cause, but

it was easy for me to ignore, so here are the consecuences now. I really appreciate your help, and thank you for taking the time

to do it. I'll leave the FRST fixlog, as well as the AdwCleaner logfile. I hope my spanish settings don't give you problems.

Thank you again.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by FABIAN at 2015-05-07 11:04:26 Run:1
Running from C:\Users\FABIAN\Desktop
Loaded Profiles: FABIAN (Available profiles: FABIAN & Invitado)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\...\RunOnce: [DeleteMarkAny] => C:\Windows\SysWOW64\MASetupCleaner.exe [24576 2013-12-30] ((?)????)
ProxyEnable: [S-1-5-21-2046910824-2420696095-1822221785-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2046910824-2420696095-1822221785-1000] => 127.0.0.1:8118
FF user.js: detected! => C:\Users\FABIAN\AppData\Roaming\Mozilla\Firefox\Profiles\uqfz075i.default\user.js [2015-04-06]
R2 PrivoxyService; C:\Program Files (x86)\Megasoft Security\privoxy.exe [371200 2015-05-04] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
2015-05-04 22:56 - 2015-05-04 22:57 - 00000000 ____D () C:\Program Files (x86)\Megasoft Security
Task: {03A081D6-4658-469B-AA7E-FE023B90A23E} - System32\Tasks\Maintenance Security Viewer => C:\Program Files (x86)\Maintenance Security\MaintenanceSecurity.exe [2015-04-07] (Secure Updater)
Task: {B1BD5D97-0873-4166-8372-98B887E1B95B} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe [2015-02-26] () <==== ATTENTION
C:\Program Files (x86)\PrivateVPN
2015-04-07 22:56 - 2015-04-07 22:56 - 00003642 _____ () C:\Windows\System32\Tasks\Maintenance Security Viewer
2015-04-07 22:56 - 2015-04-07 22:56 - 00000000 ____D () C:\Program Files (x86)\Maintenance Security
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteMarkAny => Value not found.
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\FABIAN\AppData\Roaming\Mozilla\Firefox\Profiles\uqfz075i.default\user.js => Moved successfully.
PrivoxyService => Service stopped successfully.
PrivoxyService => Service deleted successfully.
C:\Program Files (x86)\Megasoft Security => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03A081D6-4658-469B-AA7E-FE023B90A23E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03A081D6-4658-469B-AA7E-FE023B90A23E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Maintenance Security Viewer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Maintenance Security Viewer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1BD5D97-0873-4166-8372-98B887E1B95B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1BD5D97-0873-4166-8372-98B887E1B95B}" => Key deleted successfully.
C:\Windows\System32\Tasks\Great Performance Ultimate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Great Performance Ultimate" => Key deleted successfully.
C:\Program Files (x86)\PrivateVPN => Moved successfully.
"C:\Windows\System32\Tasks\Maintenance Security Viewer" => File/Directory not found.
C:\Program Files (x86)\Maintenance Security => Moved successfully.
 
=========  netsh advfirewall reset =========
 
Aceptar
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Aceptar
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Configuraci�n IP de Windows
 
Se vaci� correctamente la cach� de resoluci�n de DNS.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
El cat�logo Winsock se restableci� correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Global se restableci� correctamente.
Interfaz se restableci� correctamente.
Reinicie el equipo para completar esta acci�n.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Configuraci�n IP de Windows
 
 
Adaptador de Ethernet Conexi�n de �rea local:
 
   Sufijo DNS espec�fico para la conexi�n. . : 
   V�nculo: direcci�n IPv6 local. . . : fe80::ace0:a8cf:6598:bee1%11
   Puerta de enlace predeterminada . . . . . : 
 
Adaptador de t�nel isatap.{6BA9B687-9DB8-4B66-8449-DD1DDB838741}:
 
   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec�fico para la conexi�n. . : 
 
Adaptador de t�nel Teredo Tunneling Pseudo-Interface:
 
   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec�fico para la conexi�n. . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Configuraci�n IP de Windows
 
 
Adaptador de Ethernet Conexi�n de �rea local:
 
   Sufijo DNS espec�fico para la conexi�n. . : 
   V�nculo: direcci�n IPv6 local. . . : fe80::ace0:a8cf:6598:bee1%11
   Direcci�n IPv4. . . . . . . . . . . . . . : 192.168.0.2
   M�scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1
 
Adaptador de t�nel isatap.{6BA9B687-9DB8-4B66-8449-DD1DDB838741}:
 
   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec�fico para la conexi�n. . : 
 
Adaptador de t�nel Teredo Tunneling Pseudo-Interface:
 
   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec�fico para la conexi�n. . : 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Interfaz se restableci� correctamente.
Reinicie el equipo para completar esta acci�n.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Interfaz se restableci� correctamente.
Reinicie el equipo para completar esta acci�n.
 
 
========= End of CMD: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
La operaci¢n se complet¢ correctamente.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
La operaci¢n se complet¢ correctamente.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {47350CDC-09BD-4764-8FFA-3321549893D2}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 698.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 11:05:21 ====
 
 
 
 
 
 
 
# AdwCleaner v4.203 - Registro generado 07/05/2015 en 11:14:50
# Actualizado 30/04/2015 por Xplode
# Base de datos : 2015-05-05.1 [Servidor]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x64)
# Nombre de usuario : FABIAN - FABIAN-PC
# Ejecutado desde : C:\Users\FABIAN\Desktop\adwcleaner_4.203.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
 
***** [ Archivos / Carpetas ] *****
 
Archivo Eliminar : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\GoSearch.xml
 
***** [ Tareas programadas... ] *****
 
 
***** [ Accesos directos ] *****
 
 
***** [ Registro ] *****
 
Llave Eliminar : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Llave Eliminar : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Llave Eliminar : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Llave Eliminar : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Llave Eliminar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
Llave Eliminar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
Llave Eliminar : HKCU\Software\Myfree Codec
Llave Eliminar : HKCU\Software\SpeedTray
Llave Eliminar : HKLM\SOFTWARE\Myfree Codec
 
***** [ Navegadores Web ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
Configuración Restauró : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configuración Restauró : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Mozilla Firefox v29.0.1 (es-MX)
 
[uqfz075i.default\prefs.js] - Línea Eliminar : user_pref("browser.newtab.url", "hxxps://gosearch.me/?u=a244e58627c869dae04ab9bf94e0dc9b&c=up1&src=hp&inst=1428357667");
[uqfz075i.default\prefs.js] - Línea Eliminar : user_pref("browser.startup.homepage", "hxxps://gosearch.me/?u=a244e58627c869dae04ab9bf94e0dc9b&c=up1&src=hp&inst=1428357667");
 
-\\ Google Chrome v42.0.2311.135
 
 
*************************
 
AdwCleaner[R1].txt - [2937 bytes] - [07/05/2015 11:13:38]
AdwCleaner[S0].txt - [2437 bytes] - [07/05/2015 11:14:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2496  bytes] ##########
 

Edited by insomniak21, 07 May 2015 - 10:34 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#5
insomniak21

insomniak21

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

As far as I can tell, the machine is doing pretty much better now. Chrome is working just fine, no proxies, no adware.

Here's the MBAM log.

thanks for your help

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 07/05/2015
Scan Time: 12:20:10 p.m.
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.07.03
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: FABIAN
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394520
Time Elapsed: 16 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUP.Optional.GoSearchMe.C, HKU\S-1-5-21-2046910824-2420696095-1822221785-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, https://gosearch.me/...inst=1428357667, Quarantined, [13bc95fba4e6c472836ef371ec19827e]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#7
insomniak21

insomniak21

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

My good sir, you've been of great help. Thank you very much!  :thumbsup:


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure, and thank you :)
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP