Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Malware] Can't access AV websites or update

Started by .Marce. , Jan 28 2016 10:48 PM

  • Please log in to reply

#1
.Marce.
Posted 28 January 2016 - 10:48 PM

.Marce.

    New Member

  • Member
  • Pip
  • 2 posts

Hello, today noticed my Avast! AV was not updating properly (connection to host interrupted), same with Malwarebytes. I though reinstalling could solve the problem but then I noticed I wasn't able to access any AV websites.

 

Tried browsing from my phone and avast website seemed just fine.

 

I'm affraid there's a risk of having more issues than I think because this is my brother's PC, and I use it occasionally to load and save my music and music videos (from clean sources).

 

 

I recently removed "atajitos.com" and "nav.brotlab.net" from taking control of my browser (couple days ago), but don't know is that's %100 fixed (just restarted chrome to deault).

 

 

My brother play all downloaded games, so it would be nice to keep them if possible.

 

-----------------------------------------------------------

-----------------------------------------------------------

 

Here is the FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Rodrigo Torres (administrator) on MARCELO-PC (29-01-2016 01:24:10)
Running from D:\FRST64
Loaded Profiles: Rodrigo Torres (Available Profiles: Rodrigo Torres)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
() C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe
(Microsoft Corporation) C:\Users\Rodrigo Torres\AppData\Roaming\winsecurity\winsecurity.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\XBox\XBLive.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Rodrigo Torres\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Rodrigo Torres\AppData\Local\Akamai\netsession_win.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(Google Inc.) C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Google Inc.) C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-16] (AVAST Software)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Rodrigo Torres\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\...\Run: [Google Update] => C:\Users\Rodrigo Torres\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\...\MountPoints2: G - G:\Setup.exe
HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\...\MountPoints2: {30186ba5-3338-11e2-93ac-b4749fd527c6} - G:\iStudio.exe
HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\...\MountPoints2: {309f1368-9896-11e2-adfe-b4749fd527c6} - G:\Setup.exe
HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\...\MountPoints2: {4e038764-261b-11e4-8285-b4749fd527c6} - G:\LGAutoRun.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-16] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-3232866778-1889148444-3693148987-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-3232866778-1889148444-3693148987-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
Winsock: Catalog5 10 C:\ProgramData\System32\SafeGuard32.dll No File 
Winsock: Catalog5-x64 10 C:\ProgramData\System32\SafeGuard64.dll [2316728 2016-01-26] ()
Tcpip\Parameters: [DhcpNameServer] 190.113.128.1 190.113.128.2
Tcpip\..\Interfaces\{948CC057-29C5-4256-9960-528797EFDA44}: [DhcpNameServer] 190.113.128.1 190.113.128.2
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://nav.brotlab.net?uid={668f90f19821404c9a21e5e19f162412}&r=eg
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.searchult.com/?bd=ds&oem=testsinstcr&uid=SAMSUNGXHM500JI_S20CJ9FB421105&version=2.2.0.7859&pid=414031160&tid=312&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={668f90f19821404c9a21e5e19f162412}&r=eg
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.searchult.com/?bd=ds&oem=testsinstcr&uid=SAMSUNGXHM500JI_S20CJ9FB421105&version=2.2.0.7859&pid=414031160&tid=312&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nav.brotlab.net?uid={668f90f19821404c9a21e5e19f162412}&r=eg
HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = 
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3232866778-1889148444-3693148987-1000 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = 
SearchScopes: HKU\S-1-5-21-3232866778-1889148444-3693148987-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-16] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-16] (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-05] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-03-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Rodrigo Torres\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-20] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3232866778-1889148444-3693148987-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Rodrigo Torres\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3232866778-1889148444-3693148987-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Rodrigo Torres\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3232866778-1889148444-3693148987-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Rodrigo Torres\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3232866778-1889148444-3693148987-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rodrigo Torres\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-16] (Unity Technologies ApS)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-04-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-16]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com.ar/"
CHR Profile: C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Presentaciones de Google) - C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Búsqueda de Google) - C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (Video DownloadHelper) - C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-01-18]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-16]
StartMenuInternet: Google Chrome.QI3FFUVXGVDU6OFJFWATDZKFVE - C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-16] (AVAST Software)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5232840 2013-11-28] (INCA Internet Co., Ltd.)
R2 SkypeUpdateEx; C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe [193456 2015-12-10] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WindowsSecurity; C:\Users\Rodrigo Torres\AppData\Roaming\winsecurity\winsecurity.exe [4614608 2016-01-19] (Microsoft Corporation)
R2 XBox; C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\XBox\XBLive.exe [7142328 2015-12-08] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-16] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 SDGame; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [159160 2013-10-05] (TENCENT) [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\D:\Mauro\AERIA\AuraKingdom\avital\hxsy64.sys [X]
S3 slb; \??\D:\AeriaGames\ScarletBlade\avital\scarlb64.sys [X]
S3 wolf; \??\C:\Perfect World Entertainment\WolfTeamLS\avital\wolf64.sys [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X]
S3 X6va061; \??\C:\Windows\SysWOW64\Drivers\X6va061 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-29 01:23 - 2016-01-29 01:24 - 00000000 ____D C:\FRST
2016-01-29 00:14 - 2016-01-29 00:28 - 00193174 _____ C:\Windows\ntbtlog.txt
2016-01-27 20:52 - 2016-01-29 01:21 - 00000000 ____D C:\ProgramData\AdobeCatchTemp
2016-01-27 20:51 - 2016-01-29 00:29 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-01-27 20:51 - 2016-01-27 20:51 - 00000000 ____D C:\Windows\19
2016-01-27 20:51 - 2016-01-27 20:51 - 00000000 ____D C:\Users\Rodrigo Torres\AppData\Roaming\winsecurity
2016-01-26 05:17 - 2016-01-26 05:17 - 00000000 ____D C:\ProgramData\System32
2016-01-25 03:09 - 2016-01-25 03:09 - 00000000 ____D C:\Users\Rodrigo Torres\AppData\Local\Bluestacks
2016-01-23 02:27 - 2016-01-23 02:27 - 00000000 ____D C:\Users\Rodrigo Torres\AppData\Roaming\Mozilla
2015-12-30 12:20 - 2015-12-30 12:20 - 00029250 _____ C:\Users\Rodrigo Torres\Documents\cc_20151230_122020.reg
2015-12-30 12:14 - 2015-12-30 12:15 - 00897288 _____ C:\Windows\Minidump\123015-16598-01.dmp
2015-12-30 12:14 - 2015-12-30 12:14 - 318655725 _____ C:\Windows\MEMORY.DMP
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-29 01:21 - 2009-07-14 01:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-29 01:21 - 2009-07-14 01:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-29 01:06 - 2012-04-28 21:49 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-29 00:49 - 2012-05-04 00:40 - 00001082 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232866778-1889148444-3693148987-1000UA.job
2016-01-29 00:41 - 2012-04-27 22:56 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-29 00:41 - 2012-04-27 22:56 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-29 00:36 - 2012-04-27 22:56 - 00004032 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-29 00:36 - 2012-04-27 22:56 - 00003780 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-29 00:29 - 2015-09-29 06:09 - 00000000 ____D C:\Program Files (x86)\SkypeUpdateEx
2016-01-29 00:29 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-29 00:28 - 2015-07-05 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
2016-01-29 00:28 - 2013-07-13 23:27 - 00000000 ____D C:\ProgramData\APN
2016-01-29 00:28 - 2009-07-14 00:20 - 00000000 __RSD C:\Windows\Media
2016-01-29 00:15 - 2015-10-07 15:18 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-28 23:33 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-28 23:17 - 2012-07-23 14:08 - 00000964 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3232866778-1889148444-3693148987-1000UA.job
2016-01-28 22:53 - 2012-05-04 00:44 - 00002398 _____ C:\Users\Rodrigo Torres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-27 03:35 - 2015-06-10 21:29 - 00000000 ____D C:\Users\Rodrigo Torres\AppData\Roaming\MiniLyrics
2016-01-26 17:49 - 2012-05-04 00:40 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232866778-1889148444-3693148987-1000Core.job
2016-01-26 14:17 - 2012-07-23 14:08 - 00000942 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3232866778-1889148444-3693148987-1000Core.job
2016-01-26 09:36 - 2015-04-23 23:30 - 00000000 ____D C:\Users\Rodrigo Torres\AppData\Local\JDownloader v2.0
2016-01-26 01:36 - 2012-07-06 19:29 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-25 03:09 - 2009-07-14 00:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-01-24 15:42 - 2013-11-27 02:17 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-01-24 15:36 - 2009-07-14 02:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-20 12:23 - 2012-04-27 22:56 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-20 12:23 - 2012-04-27 22:56 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-13 11:36 - 2015-11-02 01:49 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 11:35 - 2015-11-02 01:48 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-06 01:14 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2015-12-30 12:14 - 2012-06-11 21:17 - 00000000 ____D C:\Windows\Minidump
 
==================== Files in the root of some directories =======
 
2013-10-08 01:59 - 2013-10-08 01:59 - 0004096 ____H () C:\Users\Rodrigo Torres\AppData\Local\keyfile3.drm
2014-09-15 10:40 - 2014-09-15 10:40 - 0000020 _____ () C:\ProgramData\bc.ini
2014-03-19 02:12 - 2014-01-18 02:12 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
C:\Users\Rodrigo Torres\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\Rodrigo Torres\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\Rodrigo Torres\AppData\Local\Temp\proxy_vole468620135477407861.dll
C:\Users\Rodrigo Torres\AppData\Local\Temp\uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-19 00:57
 
==================== End of FRST.txt ============================

Edited by .Marce., 28 January 2016 - 10:52 PM.

  • 0

Advertisements

#2
.Marce.
Posted 28 January 2016 - 10:50 PM

.Marce.

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Here's Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Rodrigo Torres (2016-01-29 01:24:55)
Running from D:\FRST64
Windows 7 Home Basic Service Pack 1 (X64) (2012-04-13 01:16:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-3232866778-1889148444-3693148987-500 - Administrator - Disabled)
Invitado (S-1-5-21-3232866778-1889148444-3693148987-501 - Limited - Disabled)
Rodrigo Torres (S-1-5-21-3232866778-1889148444-3693148987-1000 - Administrator - Enabled) => C:\Users\Rodrigo Torres
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Actualizador OFF PWCZ Descent 1.2 (HKLM-x32\...\Actualizador OFF PWCZ Descent) (Version: 1.2 - ComunidadZero)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Akamai NetSession Interface (HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2245 - AVAST Software)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Exact Audio Copy 1.0beta6 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta6 - Andre Wiethoff)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free FLV to MP4 Converter 1.0 (HKLM-x32\...\{EE698DD0-BA36-405C-8F34-B0C64C562344}_is1) (Version:  - PolySoft Solutions)
Google Chrome (HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Ayuda (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 11.4.4 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.4 - )
Malwarebytes Anti-Malware versión 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110C0A-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniLyrics (HKLM-x32\...\MiniLyrics) (Version: 7.6.39 - Crintsoft)
Motorola Mobile Drivers Installation 5.1.0 (HKLM\...\{581F6FB0-46E6-42DA-98CC-ABB001386520}) (Version: 5.1.0 - Motorola Inc.)
Mp3tag v2.72 (HKLM-x32\...\Mp3tag) (Version: v2.72 - Florian Heidenreich)
Operation7 (HKLM-x32\...\Operation7) (Version: 1506 - Axeso5)
Paquete de compatibilidad para 2007 Office system (HKLM-x32\...\{90120000-0020-0C0A-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.2.13009.198 - raidcall.com.ru)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Software básico del dispositivo HP Deskjet 2050 J510 series (HKLM\...\{851CF2C8-6666-46E0-9B52-EDF7283CEB40}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Switch, convertidor de audio (HKLM-x32\...\Switch) (Version: 4.69 - NCH Software)
SYLTEditor (HKLM-x32\...\SYLTEditor) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
XnView 1.98.8 (HKLM-x32\...\XnView_is1) (Version: 1.98.8 - Gougelet Pierre-e)
Youtube Downloader HD v. 2.9.9.11 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3232866778-1889148444-3693148987-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rodrigo Torres\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3232866778-1889148444-3693148987-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Rodrigo Torres\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3232866778-1889148444-3693148987-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rodrigo Torres\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {097D8173-9382-418F-8609-869CC04058C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {17A04067-51F7-4B38-8796-0F5CEE56F2D7} - System32\Tasks\{9556EABC-38BC-4D5D-9951-57293B067C16} => pcalua.exe -a D:\L2Latino_Instalador_H5.exe -d D:\
Task: {1EEB2122-C0E0-45B8-AC51-92700A4670F7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3232866778-1889148444-3693148987-1000UA => C:\Users\Rodrigo Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-23] (Facebook Inc.)
Task: {2AC5FCAD-0999-4E32-9480-07A1235021FD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {2FF18493-AB40-4EA5-8742-A9F6279925EE} - System32\Tasks\{D56A5949-2CE0-4BB8-AE5D-CEFAE54D6F43} => pcalua.exe -a "C:\Windows.old\Program Files (x86)\Samsung\BatteryLifeExtender\Drv\SABI2x86\KStartMem.exe" -d "C:\Windows.old\Program Files (x86)\Samsung\BatteryLifeExtender\Drv\SABI2x86"
Task: {334FF896-D8F4-4ED0-BEED-E59F405EF971} - System32\Tasks\{4FB70C69-D2F6-453A-B5E5-22AB78050ECD} => D:\Nueva carpeta\Dragon Nest\Dragon Nest Latino\dnlauncher.exe
Task: {3DEBE0FE-11F9-4B2C-97F4-BCD608F0B7BF} - System32\Tasks\{2DB087DA-A8A6-41CA-98FD-4E617BED8C5F} => G:\HideToolz\HideToolz.exe
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6BBBD8E8-B81A-474B-A50D-C4A398C34585} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-16] (AVAST Software)
Task: {752C1633-E006-4623-8751-4E9A58881A53} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] ()
Task: {87734F59-53B3-4009-8809-4DE88B7DBB5D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-19] (AVAST Software)
Task: {8D2C836E-BA36-47C7-8E2D-CEABC059A533} - System32\Tasks\{62CC9F40-18AF-457C-B487-B735191A4706} => G:\HideToolz\HideToolz.exe
Task: {974A0CC5-E4CA-4489-8312-19EFC7E2C4A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3232866778-1889148444-3693148987-1000UA => C:\Users\Rodrigo Torres\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A0BAAB47-26D0-4603-8D71-DDCBADD3D926} - System32\Tasks\{36DC3C7F-0AA4-4C3C-A4C4-CD8039C351EE} => G:\HideToolz\HideToolz.exe
Task: {B4306FE7-1726-4DA4-B406-B65C0D5D95D8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3232866778-1889148444-3693148987-1000Core => C:\Users\Rodrigo Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-23] (Facebook Inc.)
Task: {BF4BFD5A-A76B-4AE3-BDB2-E9D159599F9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-05] (Adobe Systems Incorporated)
Task: {CE736E5D-1F77-4036-A6F3-1F713F3F826A} - System32\Tasks\{AFF80C90-18F0-4BA8-B984-186DD97C31D8} => pcalua.exe -a D:\operation7_20121023.exe -d D:\
Task: {CF6C0EF3-EFD7-46D0-AAD1-C3F1AF3619A7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3232866778-1889148444-3693148987-1000Core => C:\Users\Rodrigo Torres\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DD30D7D7-F47C-4F09-894A-7531EF942556} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-29] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {ED7DA2AB-7FD1-4432-91CC-A6AF37C10006} - System32\Tasks\{60F2D6B8-95F5-4B23-8543-00865D99C4B8} => pcalua.exe -a "C:\Windows.old\Program Files (x86)\Samsung\BatteryLifeExtender\StartUpSetup.exe" -d "C:\Windows.old\Program Files (x86)\Samsung\BatteryLifeExtender"
Task: {F92F2025-052C-4E82-ACBE-BA80152D0612} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3232866778-1889148444-3693148987-1000Core.job => C:\Users\Rodrigo Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3232866778-1889148444-3693148987-1000UA.job => C:\Users\Rodrigo Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232866778-1889148444-3693148987-1000Core.job => C:\Users\Rodrigo Torres\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3232866778-1889148444-3693148987-1000UA.job => C:\Users\Rodrigo Torres\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Rodrigo Torres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://nav.brotlab.net?uid={668f90f19821404c9a21e5e19f162412}&r=eg
ShortcutWithArgument: C:\Users\Rodrigo Torres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://nav.brotlab.net?uid={668f90f19821404c9a21e5e19f162412}&r=eg
ShortcutWithArgument: C:\Users\Rodrigo Torres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nav.brotlab.net?uid={668f90f19821404c9a21e5e19f162412}&r=eg
ShortcutWithArgument: C:\Users\Rodrigo Torres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://nav.brotlab.net?uid={668f90f19821404c9a21e5e19f162412}&r=eg
ShortcutWithArgument: C:\Users\Rodrigo Torres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5bb99674507bea2b\Google Chrome.lnk -> C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://nav.brotlab.net?uid={668f90f19821404c9a21e5e19f162412}&r=eg
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-01-26 05:17 - 2016-01-26 05:17 - 02316728 _____ () C:\ProgramData\System32\SafeGuard64.dll
2012-04-28 16:35 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2015-09-24 10:09 - 2015-12-10 10:56 - 00193456 _____ () C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe
2016-01-26 04:41 - 2015-12-08 10:24 - 07142328 _____ () C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\XBox\XBLive.exe
2015-12-16 12:22 - 2015-12-16 12:22 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-16 12:22 - 2015-12-16 12:22 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-26 01:36 - 2016-01-26 01:36 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012501\algo.dll
2016-01-26 05:17 - 2016-01-26 05:17 - 01536952 _____ () C:\ProgramData\System32\SafeGuard32.dll
2015-12-16 12:22 - 2015-12-16 12:22 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-10 11:29 - 2015-12-08 11:12 - 00126896 _____ () C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdate.dll
2016-01-26 04:41 - 2015-11-30 10:08 - 00256440 _____ () C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\XBox\Xbox.Live.dll
2015-12-16 12:22 - 2015-12-16 12:22 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-28 22:53 - 2016-01-27 14:39 - 01632584 _____ () C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-28 22:53 - 2016-01-27 14:39 - 00087880 _____ () C:\Users\Rodrigo Torres\AppData\Local\Google\Chrome\Application\48.0.2564.97\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\...\aeriagames.com -> hxxp://aeriagames.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3232866778-1889148444-3693148987-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rodrigo Torres\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 190.113.128.1 - 190.113.128.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^Users^Rodrigo Torres^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Facebook Update => "C:\Users\Rodrigo Torres\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5A84FB37-3CB9-4717-A53C-AFD8E3B2E26D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FD81AD1A-841E-4E75-BD35-CAB66F542921}] => (Allow) LPort=2869
FirewallRules: [{294B23C8-04C6-4459-ADA0-EFEED8AA6BD3}] => (Allow) LPort=1900
FirewallRules: [{4710E939-0D82-4CBD-9A56-7245E15FF4BF}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{33A471E1-808B-4C93-A027-B9FBD6BD6D96}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{92FC20ED-E39D-4E3A-AFCE-F1090D555608}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{37FDAF23-C38F-4937-BC4B-E42D6B126A49}E:\easysetupassistant\wr741n\easysetupassistant.exe] => (Allow) E:\easysetupassistant\wr741n\easysetupassistant.exe
FirewallRules: [UDP Query User{DC1DFC51-2063-4E03-B704-436F8E9B49C9}E:\easysetupassistant\wr741n\easysetupassistant.exe] => (Allow) E:\easysetupassistant\wr741n\easysetupassistant.exe
FirewallRules: [TCP Query User{97CC9649-8E5B-4F51-AD68-115E9CECC325}C:\users\rodrigo torres\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\rodrigo torres\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{55DEFBFB-0C96-4F3D-A9C1-DECC95970D8F}C:\users\rodrigo torres\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\rodrigo torres\appdata\local\akamai\netsession_win.exe
FirewallRules: [{7348FE00-3C6E-4CBD-BF20-C0C88FE84CC4}] => (Block) C:\users\rodrigo torres\appdata\local\akamai\netsession_win.exe
FirewallRules: [{EDC02562-89F9-4FA2-8853-09E80FFA50FB}] => (Block) C:\users\rodrigo torres\appdata\local\akamai\netsession_win.exe
FirewallRules: [{BF6F9690-3F72-4A8A-B207-28C4C58DEA69}] => (Allow) c:\users\rodrigo torres\appdata\roaming\tencent\assault fire\020b3de4ffa17b9353032c6d7239312b\teniodl\teniodl.exe
FirewallRules: [{7894D15F-04A3-4727-A781-943C99F0C393}] => (Allow) c:\users\rodrigo torres\appdata\roaming\tencent\assault fire\020b3de4ffa17b9353032c6d7239312b\teniodl\teniodl.exe
FirewallRules: [{39F16B91-20A3-4C74-AC0B-A69103C1F726}] => (Allow) C:\Users\Rodrigo Torres\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{AAD8860E-871D-401B-87B9-F7E7F0B5B9EE}] => (Allow) D:\Mauro\Dragon Nest\Dragon Nest Latino\DragonNest.exe
FirewallRules: [{998D2C86-27DC-4B4C-BDDA-AB4C6C42C6D9}] => (Allow) D:\Mauro\Dragon Nest\Dragon Nest Latino\DragonNest.exe
FirewallRules: [{77B4A822-4457-4017-B23E-3C7035B35690}] => (Allow) D:\Mauro\Dragon Nest\Dragon Nest Latino\DragonNest.exe
FirewallRules: [{B1E6D60E-B50E-46F9-867E-B474C08D559C}] => (Allow) D:\Mauro\Dragon Nest\Dragon Nest Latino\DragonNest.exe
FirewallRules: [TCP Query User{85DBB7D8-50C6-42DF-B268-B2B400037152}D:\mauro\cosas varias\raidcall\raidcall.exe] => (Allow) D:\mauro\cosas varias\raidcall\raidcall.exe
FirewallRules: [UDP Query User{0D5F1C97-4A38-41DE-A84B-4DAE17C01CAA}D:\mauro\cosas varias\raidcall\raidcall.exe] => (Allow) D:\mauro\cosas varias\raidcall\raidcall.exe
FirewallRules: [TCP Query User{46588B1C-3B04-4FAD-9C74-36CDC036978D}C:\users\rodrigo torres\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Block) C:\users\rodrigo torres\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{BF217127-D44D-455A-869D-A36C3C573F49}C:\users\rodrigo torres\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Block) C:\users\rodrigo torres\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [TCP Query User{99E855FC-C6E4-4DA4-BBB3-4198FED0C5B5}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [UDP Query User{FA087AAE-6979-4DF4-B3D4-3EA80B6B9969}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
 
==================== Restore Points =========================
 
10-01-2016 03:06:06 Windows Update
16-01-2016 03:26:18 Windows Update
22-01-2016 03:54:24 Windows Update
25-01-2016 02:47:07 Installed Aurora 2.
25-01-2016 03:06:45 Removed Aurora 2.
25-01-2016 03:07:29 Removed BlueStacks App Player
26-01-2016 04:14:44 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Adaptador de red Broadcom 802.11n
Description: Adaptador de red Broadcom 802.11n
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Controladora simple de comunicaciones PCI
Description: Controladora simple de comunicaciones PCI
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/29/2016 12:29:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/29/2016 12:15:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/29/2016 12:12:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/29/2016 12:05:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/28/2016 11:38:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/28/2016 11:11:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/28/2016 10:46:48 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.
 
Detalles:
El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/28/2016 10:46:48 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.
 
Detalles:
El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/28/2016 10:46:48 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.
 
Contexto: aplicación Windows
 
Detalles:
El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/28/2016 10:46:48 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.
 
Contexto: aplicación Windows, catálogo SystemIndex
 
Detalles:
El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (01/29/2016 12:14:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (01/29/2016 12:14:30 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (01/29/2016 12:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (01/29/2016 12:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (01/29/2016 12:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (01/29/2016 12:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (01/29/2016 12:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (01/29/2016 12:14:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (01/29/2016 12:14:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (01/29/2016 12:14:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
 
CodeIntegrity:
===================================
  Date: 2012-07-06 11:05:38.582
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\7B0AC5346137940C.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2012-07-06 11:05:38.567
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\7B0AC5346137940C.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2012-07-06 09:46:49.316
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\3C8EC8F6122F22F.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2012-07-06 09:46:49.303
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\3C8EC8F6122F22F.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2012-07-06 09:46:48.285
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\3C8EC8F6122F22F.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2012-07-06 09:46:48.275
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\3C8EC8F6122F22F.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2012-07-06 09:46:36.604
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\2734FC61E07727.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2012-07-06 09:46:36.593
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\2734FC61E07727.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2012-07-06 09:46:35.491
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\2734FC61E07727.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2012-07-06 09:46:35.481
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\Temp\2734FC61E07727.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 49%
Total physical RAM: 2932.56 MB
Available physical RAM: 1468.69 MB
Total Virtual: 5863.32 MB
Available Virtual: 4107.49 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:178 GB) (Free:91.32 GB) NTFS
Drive d: () (Fixed) (Total:265.89 GB) (Free:226.44 GB) NTFS
Drive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0C4E138D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=21.8 GB) - (Type=27)
 
==================== End of Addition.txt ============================

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP