Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Win7Sp1x64 Slow, Won't update, Keyboard entry lags. Kaspersky sai

Started by PericlesBadger , Mar 08 2017 01:41 PM

Will not update Win7Sp1x64

Please log in to reply

#1
PericlesBadger

Posted 08 March 2017 - 01:41 PM

New Member

Member
5 posts

I'm running windows 7. The OS won't find updates. And the system is quite slow.

Keyboard input is laggy. Specially in browsers

Ran Kaspersky and it found nothing.

Ran malwarebytes antimalware. No joy either

Ran avira emergency. Found something inside a zip file, didn't specify what it was. Renamed and deleted it.

Ran avira again. Came up clean.

Ran CCleaner once, rebooted and re ran.

Puter is still slow and windows update won't even find updates.

Please help.

Posting Logs

________Main________

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017

Ran by Dra Claudia Paz (administrator) on DRACLAUDIAPAZ (08-03-2017 13:33:11)

Running from C:\Users\Dra Claudia Paz\Desktop

Loaded Profiles: Dra Claudia Paz (Available Profiles: Dra Claudia Paz)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Cadwell\Cadwell TimeStamp Local Server\CadwellTimeStampLocalServerService.exe

() C:\Program Files (x86)\Cadwell\Clear Cache Service\ClearNetworkCacheService.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avpui.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

() C:\Cadwell\Easy III\EasyIIISynchronizationService.exe

(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe

() C:\Cadwell\Easy III\QMAssistant.exe

(HP) C:\Windows\System32\HPSIsvc.exe

() C:\Cadwell\Easy III\ProtectedFile.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

() C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe

(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-25] (Realtek Semiconductor)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [961184 2011-08-02] (Atheros Communications)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)

HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2011-12-11] (Windows ® Win 7 DDK provider)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-07] (Piriform Ltd)

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\RunOnce: [Uninstall C:\Users\Dra Claudia Paz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Dra Claudia Paz\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {0dbddd08-289a-11e2-a258-0008ca8643fc} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {0fdcf634-2818-11e2-911b-0008ca8643fc} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {120485e4-1090-11e6-b86b-9d618a382ad6} - F:\SISetup.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {30cdff7e-a4a2-11e2-abe1-95987c29d85c} - E:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {40f93e78-9410-11e2-9e73-0008ca8643fc} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {40f93e8a-9410-11e2-9e73-0008ca8643fc} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {818011fa-83a6-11e2-89ac-0008ca8643fc} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {88fe6799-11df-11e3-a209-e1676e137729} - E:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {964365fb-955e-11e2-924e-0008ca8643fc} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {b70fe333-f8ee-11e1-ad09-0008ca8643fc} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {bec3f88c-8661-11e2-83e8-0008ca8643fc} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {c7677924-c713-11e3-89d2-e8a68d038508} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {cd85708f-ef97-11e1-9b97-0008ca8643fc} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {cd8570a6-ef97-11e1-9b97-0008ca8643fc} - E:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {d5b9e068-80a3-11e3-91d8-0008ca8643fc} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {dc027bb6-a31f-11e2-92a3-0008ca8643fc} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {e2ff76ff-e04e-11e2-8219-0008ca8643fc} - D:\AutoRun.exe

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\MountPoints2: {fae42925-f054-11e1-9e22-0008ca86b329} - D:\AutoRun.exe

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2015-10-09]

ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe (D-Link Corp.)

Startup: C:\Users\Dra Claudia Paz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Supervisar alertas de tinta - HP Deskjet 1510 series.lnk [2015-10-09]

ShortcutTarget: Supervisar alertas de tinta - HP Deskjet 1510 series.lnk -> (No File)

Startup: C:\Users\Dra Claudia Paz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Supervisar alertas de tinta - HP Deskjet 2510 series.lnk [2015-10-09]

ShortcutTarget: Supervisar alertas de tinta - HP Deskjet 2510 series.lnk -> (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 207.248.224.71 207.248.224.72

Tcpip\..\Interfaces\{15B56455-047B-4CE3-AFFC-FDEBEDE07AE8}: [DhcpNameServer] 172.20.10.1

Tcpip\..\Interfaces\{1E09B630-A77B-46A3-A674-35F48FB48776}: [DhcpNameServer] 207.248.224.71 207.248.224.72

Tcpip\..\Interfaces\{A4FF59E5-5DC9-4853-A298-681B60B1BAEF}: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{C8161236-B0A1-487C-BE26-83AE1E293833}: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{F619AFB1-ACAF-4C48-8C21-EE6FCDB11802}: [DhcpNameServer] 201.130.193.35 200.53.250.1 8.8.8.8

Tcpip\..\Interfaces\{F79772F4-E39E-476C-A6D3-12E7A95DD66A}: [DhcpNameServer] 10.199.0.2 8.8.8.8 208.67.222.222

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\S-1-5-21-492045416-3271723845-1171117920-1000 -> DefaultScope {E38D7D4E-FF45-41C3-AAAE-2B39C04BDB47} URL = hxxps://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-492045416-3271723845-1171117920-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-492045416-3271723845-1171117920-1000 -> {37E6031D-2BCE-4E5F-858F-2196658A9003} URL = hxxps://mx.search.yahoo.com/search?p={searchTerms}&intl=mx&fr=yset_ie_syc_oracle&type=orcl_default

SearchScopes: HKU\S-1-5-21-492045416-3271723845-1171117920-1000 -> {E38D7D4E-FF45-41C3-AAAE-2B39C04BDB47} URL = hxxps://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-492045416-3271723845-1171117920-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?q={searchTerms}

BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-27] (Oracle Corporation)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-08-02] (Atheros Commnucations)

BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-27] (Oracle Corporation)

Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)

Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)

Toolbar: HKU\S-1-5-21-492045416-3271723845-1171117920-1000 -> Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)

DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1882

FireFox:

========

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension

FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi

FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-02]

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [No File]

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-27] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-27] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [No File]

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

FF Plugin-x32: hbgk.net/WebDvrCtrl -> C:\Program Files (x86)\WebControl\npWebCtrl.dll [2013-06-09] (TODO: <公司名>)

FF Plugin HKU\S-1-5-21-492045416-3271723845-1171117920-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Dra Claudia Paz\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-10-02] (Citrix Online)

Chrome:

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> hxxps://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File

CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File

CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File

CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll => No File

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File

CHR Profile: C:\Users\Dra Claudia Paz\AppData\Local\Google\Chrome\User Data\Default [2017-03-08]

CHR Extension: (YouTube) - C:\Users\Dra Claudia Paz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-11]

CHR Extension: (Búsqueda de Google) - C:\Users\Dra Claudia Paz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11]

CHR Extension: (Favoritos de iCloud) - C:\Users\Dra Claudia Paz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-07-31]

CHR Extension: (Kaspersky Protection) - C:\Users\Dra Claudia Paz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2017-02-10]

CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Dra Claudia Paz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]

CHR Extension: (Gmail) - C:\Users\Dra Claudia Paz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]

CHR Extension: (Chrome Media Router) - C:\Users\Dra Claudia Paz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]

CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-08-02] (Atheros) [File not signed]

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [103584 2011-08-02] (Atheros Commnucations) [File not signed]

R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)

R2 CadwellTimeStampLocalServerService; C:\Program Files (x86)\Cadwell\Cadwell TimeStamp Local Server\CadwellTimeStampLocalServerService.exe [9728 2012-07-19] () [File not signed]

R2 ClearCacheService; C:\Program Files (x86)\Cadwell\Clear Cache Service\ClearNetworkCacheService.exe [8704 2012-05-31] () [File not signed]

S2 DiinoService; C:\Users\Dra Claudia Paz\AppData\Roaming\Diino\DiinoService_win7_amd64.exe [57968 2012-10-05] ()

R2 EasyIIISynchronizationService; C:\Cadwell\Easy III\EasyIIISynchronizationService.exe [78848 2011-11-02] () [File not signed]

S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)

S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2011-12-05] (ASUSTek Computer Inc.)

R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows ® Win 7 DDK provider)

R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-07] (Windows ® Win 7 DDK provider)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()

R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [71424 2011-12-12] (Fresco Logic)

S3 hwdatacard; no ImagePath

S3 hwusbdev; no ImagePath

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)

R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)

R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)

R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-01] (AO Kaspersky Lab)

R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)

R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236432 2016-12-02] (AO Kaspersky Lab)

R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2017-03-08] (AO Kaspersky Lab)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-16] (AO Kaspersky Lab)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)

R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-16] (AO Kaspersky Lab)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-02] (AO Kaspersky Lab)

S2 LMIInfo; no ImagePath

S4 LMIRfsClientNP; no ImagePath

R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-08] (Malwarebytes)

R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-08] (Malwarebytes)

R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-08] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-08] (Malwarebytes)

R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-08] (Malwarebytes)

S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-25] (Marvell Semiconductor, Inc.)

S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation )

S3 RTLU3E8023-W7-64; C:\Windows\System32\DRIVERS\rtu30x64w7.sys [90328 2013-11-28] (Realtek )

S3 ZTEusbmdm6k; no ImagePath

S3 ZTEusbnmea; no ImagePath

S3 ZTEusbser6k; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-08 13:33 - 2017-03-08 13:33 - 00028626 _____ C:\Users\Dra Claudia Paz\Desktop\FRST.txt

2017-03-08 13:32 - 2017-03-08 13:32 - 00000000 ____D C:\Users\Dra Claudia Paz\Desktop\FRST-OlderVersion

2017-03-08 12:57 - 2017-03-08 12:57 - 00033162 _____ C:\Users\Dra Claudia Paz\Documents\cc_20170308_125718.reg

2017-03-07 23:03 - 2017-03-07 23:05 - 00000000 ____D C:\f3b3e7b3f288d17a3ddc44b4

2017-03-07 23:01 - 2017-03-07 23:02 - 11313360 _____ (Microsoft Corporation) C:\Users\Dra Claudia Paz\Downloads\windowsupdateagent-7.6-x64.exe

2017-03-07 21:27 - 2017-03-07 21:37 - 00000000 ____D C:\AdwCleaner

2017-03-07 21:24 - 2017-03-07 21:24 - 01663736 _____ (Malwarebytes) C:\Users\Dra Claudia Paz\Desktop\JRT.exe

2017-03-07 21:21 - 2017-03-07 21:22 - 04031440 _____ C:\Users\Dra Claudia Paz\Desktop\AdwCleaner.exe

2017-03-07 19:12 - 2017-03-08 13:33 - 00000000 ____D C:\FRST

2017-03-07 19:11 - 2017-03-08 13:32 - 02423808 _____ (Farbar) C:\Users\Dra Claudia Paz\Desktop\FRST64.exe

2017-03-07 18:36 - 2017-03-07 18:38 - 00025666 _____ C:\Users\Dra Claudia Paz\Documents\cc_20170307_183646.reg

2017-03-07 18:25 - 2017-03-07 18:25 - 00002820 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2017-03-07 18:25 - 2017-03-07 18:25 - 00000837 _____ C:\Users\Public\Desktop\CCleaner.lnk

2017-03-07 18:25 - 2017-03-07 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2017-03-07 18:24 - 2017-03-07 18:25 - 00000000 ____D C:\Program Files\CCleaner

2017-03-07 18:14 - 2017-03-07 18:16 - 09261616 _____ (Piriform Ltd) C:\Users\Dra Claudia Paz\Downloads\ccsetup527.exe

2017-03-06 16:59 - 2017-03-08 12:50 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys

2017-03-06 16:58 - 2017-03-08 12:49 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2017-03-06 16:58 - 2017-03-08 12:49 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys

2017-03-06 16:58 - 2017-03-08 12:49 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys

2017-03-06 16:58 - 2017-03-08 12:49 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2017-03-06 16:56 - 2017-03-06 16:56 - 00001882 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2017-03-06 16:56 - 2017-03-06 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2017-03-06 16:56 - 2017-03-06 16:56 - 00000000 ____D C:\Program Files\Malwarebytes

2017-03-06 16:56 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys

2017-03-04 11:06 - 2017-03-04 11:06 - 00262144 _____ C:\Windows\system32\config\elam

2017-02-28 14:35 - 2017-02-28 14:36 - 10117120 _____ C:\Users\Dra Claudia Paz\Desktop\Garcia Hernandez , Ma Carmen 28-02-2017 14-06-14.EAS

2017-02-26 12:31 - 2017-02-26 12:31 - 04648819 _____ C:\Users\Dra Claudia Paz\Desktop\Proyecto consultorios 23_02_2017.pdf

2017-02-11 10:02 - 2017-02-11 10:03 - 00743667 _____ C:\Users\Dra Claudia Paz\Desktop\saenz-17-Ig-in-zoster.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-08 13:26 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-03-08 13:26 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-03-08 13:21 - 2012-08-26 10:17 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2017-03-08 13:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf

2017-03-08 12:46 - 2015-09-15 14:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2017-03-08 12:46 - 2012-08-26 10:05 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe

2017-03-08 12:45 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-03-07 23:10 - 2016-07-11 09:55 - 00000000 ____D C:\Users\Dra Claudia Paz\Documents\Bluetooth Folder

2017-03-07 21:07 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF

2017-03-07 18:26 - 2016-08-17 17:34 - 00000000 ____D C:\Users\Dra Claudia Paz\AppData\Roaming\TeamViewer

2017-03-07 18:26 - 2014-05-20 18:08 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2017-03-07 18:26 - 2012-09-10 06:03 - 00000000 ____D C:\Users\Dra Claudia Paz\AppData\Local\CrashDumps

2017-03-07 11:25 - 2011-02-19 01:10 - 00776818 _____ C:\Windows\system32\perfh00A.dat

2017-03-07 11:25 - 2011-02-19 01:10 - 00169904 _____ C:\Windows\system32\perfc00A.dat

2017-03-07 11:25 - 2009-07-13 23:13 - 01746334 _____ C:\Windows\system32\PerfStringBackup.INI

2017-03-06 19:55 - 2009-07-13 20:34 - 00000429 _____ C:\Windows\win.ini

2017-03-06 16:56 - 2015-10-09 15:31 - 00000000 ____D C:\ProgramData\Malwarebytes

2017-03-03 12:52 - 2015-06-25 20:43 - 00003450 _____ C:\Windows\System32\Tasks\Apple Diagnostics

2017-03-02 15:04 - 2015-12-20 10:13 - 00002165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk

2017-03-02 15:04 - 2015-12-20 10:13 - 00002153 _____ C:\Users\Public\Desktop\Adobe Digital Editions 4.5.lnk

2017-02-28 14:35 - 2013-06-20 16:37 - 00000000 ____D C:\QuickMed

2017-02-25 14:24 - 2016-07-14 16:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2017-02-16 17:31 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2017-02-16 11:49 - 2009-07-13 23:08 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2017-02-14 11:22 - 2012-08-26 10:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2017-02-14 11:22 - 2012-08-26 10:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-02-14 11:22 - 2012-08-26 10:17 - 00003776 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2017-02-14 11:21 - 2012-08-26 10:17 - 00000000 ____D C:\Windows\system32\Macromed

2017-02-14 11:21 - 2011-10-18 16:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2012-10-31 23:07 - 2016-11-21 10:29 - 0021504 _____ () C:\Users\Dra Claudia Paz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-02-15 14:31 - 2013-02-15 14:31 - 0024576 _____ () C:\Users\Dra Claudia Paz\AppData\Local\uninst.tmp

2016-02-02 09:25 - 2016-02-02 09:25 - 0000000 _____ () C:\Users\Dra Claudia Paz\AppData\Local\{15C1E684-BBA0-41D2-A43C-DFA3D4C775C6}

2013-10-28 07:23 - 2013-10-28 07:23 - 0000057 _____ () C:\ProgramData\Ament.ini

2011-10-18 16:31 - 2010-10-06 10:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Files to move or delete:

====================

C:\Users\Dra Claudia Paz\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-17 09:55

==================== End of FRST.txt ============================

Addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017

Ran by Dra Claudia Paz (08-03-2017 13:35:08)

Running from C:\Users\Dra Claudia Paz\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2012-08-26 16:05:21)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrador (S-1-5-21-492045416-3271723845-1171117920-500 - Administrator - Disabled)

Dra Claudia Paz (S-1-5-21-492045416-3271723845-1171117920-1000 - Administrator - Enabled) => C:\Users\Dra Claudia Paz

Invitado (S-1-5-21-492045416-3271723845-1171117920-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)

Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)

Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)

Apple Application Support (32 bits) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)

Apple Application Support (64 bits) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)

ASUS PowerWiz (HKLM-x32\...\{B2DB883F-1AF3-4BE6-BE04-710D9C556C44}) (Version: 1.0.6 - ASUS)

ASUS PWR Option (HKLM-x32\...\{B7B60C4F-0DB8-42EF-8EDC-5F21D4C2D73F}) (Version: 1.0.9 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)

ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.6 - ASUS)

ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.9 - ASUS)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)

AX88772B Windows 7 Drivers (HKLM-x32\...\InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}) (Version: 1.0.1.1 - ASIX Electronics Corporation)

AX88772B Windows 7 Drivers (x32 Version: 1.0.1.1 - ASIX Electronics Corporation) Hidden

Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.90 - Atheros Communications)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Cadwell TimeStamp Local Server (HKLM-x32\...\{5D250BAB-3AFC-486D-9796-980FF46E08CC}) (Version: 1.0.1 - Cadwell)

CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)

Clear Cache Service (HKLM-x32\...\{8F3738F0-032E-482D-AB81-6C37B950A089}) (Version: 1.0.1 - Cadwell)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32\...\{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)

doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)

Easy 2.1 (HKLM-x32\...\{D9A6FF1E-A2B3-45A1-AAAA-DEE71F6D66C4}) (Version: 2.1.0 - Cadwell)

Easy III 3.12.7 (HKLM-x32\...\{E8A51736-B6CE-4D28-8FC2-01209639EF98}) (Version: 3.12.7 - Cadwell)

Easy3QuickMedWSWin7Compatibility (HKLM\...\{8fbc5499-5526-47ef-b5e5-cfe312f3d174}.sdb) (Version: - )

Easy3Win7Compatibility (HKLM\...\{d3572190-cece-434f-aa8d-6a23948acbeb}.sdb) (Version: - )

Estudio para la mejora del producto HP Deskjet 1510 series (HKLM\...\{71000761-BD38-48D3-8041-A445E260797F}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

Fresco Logic USB3.0 Host Controller (HKLM\...\{6B006967-779B-49DB-BFCF-3DB3BDD2C7F7}) (Version: 3.5.24.0 - Fresco Logic Inc.)

Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden

HP Deskjet 1510 series Ayuda (HKLM-x32\...\{6E20FBAA-BCB2-4429-A9A9-C8EED1254BE4}) (Version: 30.0.0 - Hewlett Packard)

HP Deskjet 1510 series Software básico del dispositivo (HKLM\...\{B610C583-FDD7-41B6-8CED-C668E51114AC}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Deskjet 2510 series Ayuda (HKLM-x32\...\{72B5E26E-FE32-4E0E-BAD2-1546A2D9EAF6}) (Version: 27.0.0 - Hewlett Packard)

HP Deskjet 2510 series Estudio para la mejora del producto (HKLM\...\{D9C3A88D-5B0F-4FC3-8A7C-96B4E9AB1ADC}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)

HP Deskjet 2510 series Software básico del dispositivo (HKLM\...\{A8F738FC-F8E7-4581-8929-F22136401377}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard)

HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)

HP Support Solutions Framework (HKLM-x32\...\{8EF98706-3C4B-4C5B-B035-01187E17D0E6}) (Version: 12.5.32.203 - HP)

hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden

hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden

HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)

iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)

Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)

iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)

Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)

Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)

Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden

Linksys USB3GIGV1 (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.7.1128.2013 - Linksys)

Malwarebytes versión 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)

MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-492045416-3271723845-1171117920-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{E34002C7-8CE7-3F76-B36C-09FA973BC4F6}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{57660847-B1F7-35BD-9118-F62EB863A598}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)

Persyst EEGSuite 2010.01.19 (HKLM-x32\...\{881DD0CD-1C91-47BD-AD1B-BEF8B74D0E42}) (Version: 10.01.19 - Persyst Development Corporation)

Persyst System 2009.08.12 (HKLM-x32\...\{30831558-2DC8-4C16-B8E0-B245F6A9489B}) (Version: 09.08.12 - Persyst Development Corporation)

Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)

QuickMed (HKLM-x32\...\{0BCBD81D-7070-4DAF-9B4E-59B68851D0F9}) (Version: 2.1 - Cadwell)

QuickMed (HKLM-x32\...\{5221683D-E1C0-401C-A7A2-8B7AA5F41285}) (Version: 5.2.0.59 - QuickMedEMO)

QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Sharepod 4.0.11.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)

TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)

TechSmith Screen Codec 2 (x32 Version: 2.0.1.0 - TechSmith Corporation) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )

Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-492045416-3271723845-1171117920-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Dra Claudia Paz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-492045416-3271723845-1171117920-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Dra Claudia Paz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-492045416-3271723845-1171117920-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Dra Claudia Paz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-492045416-3271723845-1171117920-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Dra Claudia Paz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02C9A6D5-54DA-4F80-8741-5F3537AF105C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)

Task: {0B9FC3CB-0C35-45A4-8B09-24D4B536E8AE} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)

Task: {0E7255CD-EF6B-4E7D-8D93-6EE2D6CC7DAF} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)

Task: {1AB23888-0CAD-4373-B741-4C77017C2B00} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)

Task: {23C73C89-E558-4C4F-8819-EE1591D4F63B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)

Task: {2DFB06D1-7DCB-41CE-8FC9-783E8BC3D156} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2011-12-21] (ASUSTeK Computer Inc.)

Task: {3701F342-012A-4F2C-85A7-171333328B0F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)

Task: {39EF9DA5-030F-4659-BFDB-F67A1CBB1958} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-11-29] (HP Inc.)

Task: {3C99ACBB-CC1A-49E0-B380-FEDBFBB218A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)

Task: {4874DC90-E3D6-4A2A-B443-25F44B985A17} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2011-12-21] (ASUSTeK Computer Inc.)

Task: {545F6E0C-760D-4208-B868-1E2D28BFFEFD} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)

Task: {5ACBAC53-6F6D-4FFF-BFA8-444430703285} - System32\Tasks\{D6117C00-B52D-47F7-9A16-28AD0F0F4820} => pcalua.exe -a "C:\Users\Dra Claudia Paz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GMXTJFJ\JavaSetup8u31.com" -d "C:\Users\Dra Claudia Paz\Desktop"

Task: {62864D67-14C2-4BEA-8550-16DEAFC8EC61} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-31] (HP Inc.)

Task: {6341B047-F668-4A40-B3ED-E04348BAA3B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {78DFEA0F-022A-49FC-B717-E1D250E3FF3A} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)

Task: {822A6FE0-DCA9-4A83-B1D7-90B9615F9227} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-12-05] (ASUSTek Computer Inc.)

Task: {8B2BDCB5-6B12-439E-BE6B-CAB1D1B37297} - System32\Tasks\{641ABF04-1E7A-4B6A-B8B8-F9F7E98F859F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116.259/es/abandoninstall?source=lightinstaller&page=tsProgressBar

Task: {8F0E07CA-EAEE-4185-83BA-2F57579AFD64} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)

Task: {8F60FD25-FDCB-41D7-B73C-7730850824A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)

Task: {9FA5B70A-2D01-46C4-96D4-890D4B990BE7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)

Task: {A0D5EAC1-D8BA-4CD0-BC74-AFBDC68BBCA7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

Task: {B52031A6-EF04-471B-9BCC-0FF25E07875F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {BBBA8C84-AAAB-455D-8C9E-185FC09D4B15} - System32\Tasks\{AE4A5C14-ACAA-4FD5-8298-9805B48C30D1} => pcalua.exe -a "C:\Users\Dra Claudia Paz\Desktop\install_suite_20081022\install_suite.exe" -d "C:\Users\Dra Claudia Paz\Desktop\install_suite_20081022"

Task: {C735348B-9131-49F6-AB70-3DBBB6E44075} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe

Task: {D2217941-28F1-498B-8029-420737BC9960} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)

Task: {D40621FF-318C-4DD1-94FD-1E8200AE9B0C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks

Task: {D7A9F97B-C334-4F76-8045-864AD653F190} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {F32FA6E7-B377-4F7F-9B50-DFBCA92439A5} - System32\Tasks\{C29C22C6-765D-42BB-AE70-C3149F7EFA96} => pcalua.exe -a "C:\Users\Dra Claudia Paz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9NB0MB8\jre-8u25-windows-i586.com" -d "C:\Users\Dra Claudia Paz\Desktop"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-02 16:50 - 2012-08-31 14:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL

2015-04-20 20:21 - 2012-09-18 14:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll

2015-04-20 20:21 - 2012-09-18 14:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll

2016-05-02 16:56 - 2012-08-31 14:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL

2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2012-07-19 14:53 - 2012-07-19 14:53 - 00009728 _____ () C:\Program Files (x86)\Cadwell\Cadwell TimeStamp Local Server\CadwellTimeStampLocalServerService.exe

2012-05-31 16:33 - 2012-05-31 16:33 - 00008704 _____ () C:\Program Files (x86)\Cadwell\Clear Cache Service\ClearNetworkCacheService.exe

2010-07-14 18:11 - 2010-07-14 18:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll

2011-11-02 14:32 - 2011-11-02 14:32 - 00078848 ____R () C:\Cadwell\Easy III\EasyIIISynchronizationService.exe

2012-01-12 13:44 - 2012-01-12 13:44 - 00155648 _____ () c:\cadwell\easy iii\QMAssistant.exe

2012-01-12 13:43 - 2012-01-12 13:43 - 00049152 _____ () C:\Cadwell\Easy III\ProtectedFile.exe

2015-10-09 12:42 - 2008-06-26 18:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe

2017-03-06 16:56 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

2017-03-06 16:56 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

2015-12-22 01:47 - 2015-12-22 01:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\kpcengine.2.3.dll

2011-12-06 18:21 - 2011-12-06 18:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll

2016-03-18 21:56 - 2016-03-18 21:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2016-03-18 21:56 - 2016-03-18 21:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2016-03-18 21:56 - 2016-03-18 21:56 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

2015-10-09 12:42 - 2011-01-07 13:29 - 00413696 _____ () C:\Program Files (x86)\D-Link\DWA-131\WlanDll.dll

2012-07-19 15:22 - 2012-07-19 15:22 - 00069632 _____ () C:\Program Files (x86)\Cadwell\Cadwell TimeStamp Local Server\QMGlobalData.dll

2012-01-12 13:43 - 2012-01-12 13:43 - 00077824 _____ () C:\Cadwell\Easy III\RemotePipe.dll

2012-01-12 13:44 - 2012-01-12 13:44 - 00151552 _____ () C:\Cadwell\Easy III\QMNetworkDataComm.dll

2012-01-12 13:45 - 2012-01-12 13:45 - 00163840 _____ () C:\Cadwell\Easy III\JPEGWindow.ocx

2012-01-12 13:45 - 2012-01-12 13:45 - 00065536 _____ () C:\Cadwell\Easy III\JPEGFunctions.dll

2012-01-12 13:45 - 2012-01-12 13:45 - 00061440 _____ () C:\Cadwell\Easy III\QMUserSettings.dll

2009-07-13 15:03 - 2009-07-13 19:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

2007-07-12 13:11 - 2007-07-12 13:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll

2017-02-02 19:00 - 2017-02-01 03:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll

2017-02-02 19:00 - 2017-02-01 03:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

2017-03-02 09:47 - 2017-02-02 12:30 - 17840216 _____ () C:\Users\Dra Claudia Paz\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-492045416-3271723845-1171117920-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dra Claudia Paz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 207.248.224.71 - 207.248.224.72

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe

MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{53EFF49C-B92F-410D-9B7A-CB2FCD164130}] => (Allow) C:\Users\Dra Claudia Paz\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [TCP Query User{5A3A99D3-6C22-4175-9B6B-F986549A41B4}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [UDP Query User{6BA3C4F4-C4BE-4D26-A601-8BD72547FDF2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [TCP Query User{C49F1AC1-2556-43FC-8635-AA7F666043F1}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe

FirewallRules: [UDP Query User{48CA0BB4-9020-4184-87D6-0B04107D98D0}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe

FirewallRules: [{3C136625-5646-4045-B7DB-AA56BCAA7803}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{8F2F2AA0-A2A5-443B-8C3A-BEF78B65BF1B}] => (Allow) LPort=2869

FirewallRules: [{3A6913C2-4742-431B-9556-C4EED8E6512C}] => (Allow) LPort=1900

FirewallRules: [{2E8B4FCB-5403-410B-9631-A62316E28DA8}] => (Allow) C:\Cadwell\Easy III\EasyAnalyzerApp.exe

FirewallRules: [{56DCC10C-92C7-4B27-89AF-726E0D446F46}] => (Allow) C:\Cadwell\Easy III\EasyAnalyzerApp.exe

FirewallRules: [{9FE8EC86-2E14-4FB6-B95E-764527F590F9}] => (Allow) C:\Cadwell\Easy III\Amb2HardwareServer.exe

FirewallRules: [{7707CDF0-6CBD-4D81-B23F-46035D1CF526}] => (Allow) C:\Cadwell\Easy III\Amb2HardwareServer.exe

FirewallRules: [{477FEE92-7156-46FA-9115-20BAAA899490}] => (Allow) C:\Cadwell\Easy III\Amb2HardwareServer.exe

FirewallRules: [{868B92C8-3EEE-4975-973A-2D91A7C9302E}] => (Allow) C:\Cadwell\Easy III\Amb2HardwareServer.exe

FirewallRules: [{C453DCA9-1CD8-4EB8-A2F5-BB3AC26E4388}] => (Allow) C:\Cadwell\Easy III\AmbulatoryDownloaderApp.exe

FirewallRules: [{583C567E-5DD5-470A-80EA-F60EA1950BBB}] => (Allow) C:\Cadwell\Easy III\AmbulatoryDownloaderApp.exe

FirewallRules: [{156D72B3-84F0-4A99-B185-4ECA3CD78DF5}] => (Allow) C:\Cadwell\Easy III\AmbulatoryDownloaderApp.exe

FirewallRules: [{9650FB69-058C-4655-91C1-71FA4B0DC28B}] => (Allow) C:\Cadwell\Easy III\AmbulatoryDownloaderApp.exe

FirewallRules: [{7FA6F450-60BC-4AB3-95E1-EACFDDC0FD79}] => (Allow) C:\Cadwell\Easy III\Easy3DataServer.exe

FirewallRules: [{F4BA75E4-D2B0-411C-9E36-A68A3C6FD5C1}] => (Allow) C:\Cadwell\Easy III\Easy3DataServer.exe

FirewallRules: [{AE2D59E3-A470-4916-A833-899B2D52FAB7}] => (Allow) C:\Cadwell\Easy III\Easy3DataServer.exe

FirewallRules: [{5F5BC058-2925-4B3E-B318-3FE0F2A8C1E0}] => (Allow) C:\Cadwell\Easy III\Easy3DataServer.exe

FirewallRules: [{43D5A1C8-D91F-48D5-ADAE-11B9D9CDB3B7}] => (Allow) C:\Cadwell\Easy III\Easy3HardwareServer.exe

FirewallRules: [{B500B995-B557-4A71-8CE9-454100826238}] => (Allow) C:\Cadwell\Easy III\Easy3HardwareServer.exe

FirewallRules: [{58D6FFB5-54EA-4BD4-A0B7-07F65DCD7BBC}] => (Allow) C:\Cadwell\Easy III\Easy3HardwareServer.exe

FirewallRules: [{7C977646-0F70-44E8-9BE3-772430E485B8}] => (Allow) C:\Cadwell\Easy III\Easy3HardwareServer.exe

FirewallRules: [{CE2DF80F-FB3A-421F-92BD-6E208C8721B0}] => (Allow) C:\Cadwell\Easy III\Easy2HardwareServer.exe

FirewallRules: [{19AE6832-A7B9-4060-9B99-74D52921B4A3}] => (Allow) C:\Cadwell\Easy III\Easy2HardwareServer.exe

FirewallRules: [{EAA0B27A-8A5F-4A3F-8730-FFBA6C2EDDCE}] => (Allow) C:\Cadwell\Easy III\Easy2HardwareServer.exe

FirewallRules: [{42FEBA5C-703E-43BC-B1D6-B8FB11073360}] => (Allow) C:\Cadwell\Easy III\Easy2HardwareServer.exe

FirewallRules: [{359ECE86-CFB7-4BF3-B153-DE4E098FDC63}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe

FirewallRules: [TCP Query User{22AD186E-33F9-44BC-8D9E-FAF3E350D479}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [UDP Query User{2538FD4D-CC8B-4B9C-90D1-032D23AFF662}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [TCP Query User{C2477499-7290-4109-9CAB-ED8B1C1D07EE}C:\program files (x86)\microsoft office\office14\winword.exe] => (Allow) C:\program files (x86)\microsoft office\office14\winword.exe

FirewallRules: [UDP Query User{4C955142-3DD1-48F5-81A4-80E52EFD37E5}C:\program files (x86)\microsoft office\office14\winword.exe] => (Allow) C:\program files (x86)\microsoft office\office14\winword.exe

FirewallRules: [{C71686C9-7D85-40DF-8A07-E2E2C1AA34AF}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe

FirewallRules: [{84E9B90C-5DF2-4328-AB45-58D753AE005A}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{3E4C138E-A970-4526-9BA7-E55DCCF61B56}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{53AD78B6-8ECC-4324-8BA0-83E480C4916F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{BE94C0E1-6CD9-4610-9F98-088636C8E8C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{234F564E-933B-4A3E-B578-DFFDAAF068E2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{380E393E-3DD3-4531-8947-28434510A27C}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{8AB21A84-BA06-4F7A-8174-3B8159151D73}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{B60F3B7A-9F44-4334-8B58-616FC320FC39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{7A129524-1898-4A82-9C47-5274ADE95AF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{3F91A085-2223-4210-B512-E932D9DF798C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{78C39ABD-6610-46FA-9FFD-67761BBD76D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-05-2016 11:40:39 Eliminado Internet Telcel Banda Ancha Móvil

26-05-2016 09:14:19 Punto de control programado

09-06-2016 12:04:44 Punto de control programado

17-06-2016 10:02:36 Punto de control programado

31-10-2016 11:13:27 Installed TechSmith Screen Codec 2

28-11-2016 14:10:27 Windows Update

29-11-2016 12:10:27 Windows Update

04-12-2016 14:07:48 Windows Update

05-12-2016 14:28:02 Windows Update

16-12-2016 15:15:45 Windows Update

07-03-2017 21:40:34 JRT Pre-Junkware Removal

07-03-2017 23:03:43 Windows Update

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider

Description: LogMeIn Kernel Information Provider

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: LMIInfo

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:

==================

Error: (03/07/2017 11:03:42 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.

A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.

Operación:

Recopilando datos del escritor

Contexto:

Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}

Nombre del escritor: System Writer

Id. de instancia del escritor: {722739d6-78f2-4006-a43f-3caec8728fd2}

Error: (03/07/2017 06:41:21 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: No se puede inicializar el índice.

Detalles:

El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/07/2017 06:41:21 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:

El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/07/2017 06:41:21 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:

El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/07/2017 06:41:21 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:

No se ha encontrado el elemento. (HRESULT : 0x80070490) (0x80070490)

Error: (03/07/2017 06:41:21 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: No se puede inicializar el complemento <Search.JetPropStore>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:

El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/07/2017 06:41:21 PM) (Source: Windows Search Service) (EventID: 9002) (User: )

Description: El servicio Windows Search no puede cargar la información del almacén de propiedades.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:

La base de datos del índice de contenido está dañada. (HRESULT : 0xc0041800) (0xc0041800)

Error: (03/07/2017 06:41:21 PM) (Source: Windows Search Service) (EventID: 7042) (User: )

Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

Detalles:

El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/07/2017 06:41:21 PM) (Source: Windows Search Service) (EventID: 7040) (User: )

Description: El servicio de búsqueda detectó archivos de datos dañados en el índice {id=4700}. Este servicio intentará corregir este problema automáticamente mediante la nueva generación del índice.

Detalles:

El catálogo del índice de contenido está dañado. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/07/2017 06:41:21 PM) (Source: Windows Search Service) (EventID: 9000) (User: )

Description: El servicio Windows Search no puede abrir el almacén de propiedades de Jet.

Detalles:

0x%08x (0xc0041800 - La base de datos del índice de contenido está dañada. (HRESULT : 0xc0041800))

System errors:

=============

Error: (03/08/2017 12:46:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:

cdrom

Error: (03/08/2017 12:46:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio LogMeIn Kernel Information Provider no pudo iniciarse debido al siguiente error:

El sistema no puede encontrar el archivo especificado.

Error: (03/08/2017 12:46:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio DiinoService no pudo iniciarse debido al siguiente error:

El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (03/08/2017 12:46:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio DiinoService.

Error: (03/08/2017 12:45:32 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: El cierre anterior del sistema a las 11:27:10 del ‎08/‎03/‎2017 resultó inesperado.

Error: (03/08/2017 11:13:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:

cdrom

Error: (03/08/2017 11:13:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio LogMeIn Kernel Information Provider no pudo iniciarse debido al siguiente error:

El sistema no puede encontrar el archivo especificado.

Error: (03/08/2017 11:13:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio DiinoService no pudo iniciarse debido al siguiente error:

El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (03/08/2017 11:13:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio DiinoService.

Error: (03/07/2017 11:08:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente:

cdrom

CodeIntegrity:

===================================

Date: 2016-02-20 08:21:43.579

Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2016-02-20 08:21:43.501

Date: 2016-02-20 08:21:27.647

Date: 2016-02-20 08:21:27.585

Date: 2016-02-20 08:20:51.984

Date: 2016-02-20 08:20:51.875

==================== Memory info ===========================

Processor: Intel® Core™ i5-2557M CPU @ 1.70GHz

Percentage of memory in use: 77%

Total physical RAM: 3998.64 MB

Available physical RAM: 880.88 MB

Total Virtual: 9993.85 MB

Available Virtual: 5779.1 MB

==================== Drives ================================

Drive c: (Neurovie System) (Fixed) (Total:111.24 GB) (Free:27.65 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 13BA8FCF)

Partition 1: (Active) - (Size=111.2 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=8 GB) - (Type=1C)

==================== End of Addition.txt ============================

Thanks

#2
RKinner

Posted 09 March 2017 - 07:10 AM

Malware Expert

Expert
24,624 posts

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!)

Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options

Then scroll down to where you see

Choose File and click on it. Point it at the file and hit Open.

Now click on Attach this file.

#3
PericlesBadger

Posted 09 March 2017 - 02:09 PM

New Member

Topic Starter
Member
5 posts

Hey RKinner Tank you for replying.

Here's the output from procexp

---Start--

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

ACEngSvr.exe 30,716 K 14,608 K 732 ACEngSvr Module ASUSTeK (Verified) ASUSTeK Computer Inc.

AdminService.exe 2,540 K 6,880 K 1924 AdminService Application Atheros Commnucations (Certificate expired) Atheros Commnucations

APSDaemon.exe 2,972 K 9,920 K 5464 Apple Push Apple Inc. (Verified) Apple Inc.

armsvc.exe 1,216 K 4,120 K 1784 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

AsLdrSrv.exe 1,244 K 4,176 K 1124 ASLDR Service ASUS (Verified) ASUSTeK Computer Inc.

Ath_CoexAgent.exe 1,716 K 5,484 K 1880 Atheros Coex Service Application Atheros (Certificate expired) Atheros

ATKOSD.exe 960 K 6,004 K 3140 ATKOSD ASUS (Verified) ASUSTeK Computer Inc.

ATKOSD2.exe 1,460 K 696 K 2552 ATKOSD2 ASUS (Verified) ASUSTeK Computer Inc.

avshadow.exe 1,612 K 4,288 K 3004 AntiVir shadow copy service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG

BtvStack.exe 15,944 K 20,168 K 2828 Servidor de pilas Bluetooth Atheros Communications (Certificate expired) Atheros Communications

chrome.exe 1,484 K 5,740 K 5828 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 1,412 K 4,404 K 5800 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 22,524 K 28,724 K 5996 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 34,040 K 38,656 K 6028 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 66,700 K 64,912 K 5936 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 54,816 K 86,484 K 2944 Google Chrome Google Inc. (Verified) Google Inc

ClearNetworkCacheService.exe 7,852 K 10,856 K 1236 ClearNetworkCacheService (No hay ninguna firma presente en el sujeto)

cmd.exe 2,284 K 3,620 K 1484 Procesador de comandos de Windows Microsoft Corporation (Verified) Microsoft Windows

conhost.exe 1,096 K 2,944 K 1140 Host de ventana de consola Microsoft Corporation (Verified) Microsoft Windows

conhost.exe 1,756 K 4,860 K 5168 Host de ventana de consola Microsoft Corporation (Verified) Microsoft Windows

dllhost.exe 2,524 K 6,520 K 5520 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows

DMedia.exe 1,312 K 5,160 K 1436 ATK Media ASUS (Verified) ASUSTeK Computer Inc.

EasyIIISynchronizationService.exe 1,008 K 3,580 K 4068 (No hay ninguna firma presente en el sujeto)

FLxHCIm.exe 2,432 K 7,180 K 1672 Fresco Logic Windows ® Win 7 DDK provider (No hay ninguna firma presente en el sujeto) Windows ® Win 7 DDK provider

GFNEXSrv.exe 848 K 2,716 K 1184 GFNEXSrv ASUS (Verified) ASUSTeK Computer Inc.

HControlUser.exe 960 K 3,596 K 2516 HControlUser ASUS (Verified) ASUSTeK Computer Inc.

hppusg.exe 17,464 K 4,268 K 1244 HP UT LEDM Driver Hewlett-Packard Company (Verified) Hewlett-Packard Company

KBFiltr.exe 1,156 K 4,208 K 3184 KBFiltr ASUS (Verified) ASUSTeK Computer Inc.

lsm.exe 2,888 K 4,556 K 608 Servicio de administrador de sesión local Microsoft Corporation (Verified) Microsoft Windows

mDNSResponder.exe 4,380 K 8,084 K 1992 Bonjour Service Apple Inc. (Verified) Apple Inc.

procexp.exe 2,328 K 7,412 K 4988 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

RAVCpl64.exe 9,196 K 11,456 K 2812 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp

sched.exe 6,332 K 3,932 K 1412 Antivirus Host Framework Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG

SearchFilterHost.exe 2,236 K 5,616 K 3772 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows

smss.exe 576 K 1,268 K 320 Administrador de sesión de Windows Microsoft Corporation (Verified) Microsoft Windows

spoolsv.exe 11,740 K 19,620 K 1360 Aplicación de subsistema de cola Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 7,388 K 13,380 K 936 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 2,384 K 5,780 K 472 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 2,796 K 6,628 K 1528 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 1,276 K 3,772 K 3364 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 1,168 K 3,064 K 192 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 19,480 K 22,624 K 888 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 1,996 K 5,852 K 2972 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 5,684 K 9,652 K 4136 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 1,812 K 5,084 K 3692 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

taskeng.exe 2,024 K 5,572 K 5984 Motor de Programador de tareas Microsoft Corporation (Verified) Microsoft Windows

UNS.exe 3,204 K 7,576 K 1616 User Notification Service Intel Corporation (Verified) Intel Corporation

USBChargerPlus.exe 1,996 K 856 K 2748 USB Charger+ ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.

wcourier.exe 6,824 K 13,068 K 2244 Wireless Console 3 ASUS (Verified) ASUSTeK Computer Inc.

WDC.exe 1,448 K 5,480 K 3208 WDC ASUS (Verified) ASUSTeK Computer Inc.

wininit.exe 1,712 K 4,828 K 520 Aplicación de inicio de Windows Microsoft Corporation (Verified) Microsoft Windows

winlogon.exe 3,320 K 7,808 K 1092 Aplicación de inicio de sesión de Windows Microsoft Corporation (Verified) Microsoft Windows

wlanext.exe 2,752 K 7,032 K 1132 Marco de extensibilidad de LAN inalámbrica 802.11 de Windows Microsoft Corporation (Verified) Microsoft Windows

WLIDSVC.EXE 5,680 K 12,540 K 4248 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation

WLIDSVCM.EXE 1,492 K 3,684 K 4448 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation

WmiPrvSE.exe 4,280 K 9,496 K 4016 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

wmpnetwk.exe 6,352 K 2,532 K 5172 Servicio de uso compartido de red del Reproductor de Windows Media Microsoft Corporation (Verified) Microsoft Windows

HControl.exe < 0.01 6,100 K 6,472 K 3080 HControl ASUS (Verified) ASUSTeK Computer Inc.

HPSupportSolutionsFrameworkService.exe < 0.01 50,784 K 49,512 K 5012 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.

SearchProtocolHost.exe < 0.01 4,372 K 7,176 K 3996 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows

CadwellTimeStampLocalServerService.exe < 0.01 20,548 K 23,812 K 2012 CadwellTimeStampLocalServerService (No hay ninguna firma presente en el sujeto)

HPSIsvc.exe < 0.01 1,752 K 4,608 K 3280 HP Smart-Install Service HP (Verified) Hewlett-Packard Company

AppleChromeDAV.exe < 0.01 5,532 K 9,700 K 5480 Apple Chrome DAV Apple Inc. (Verified) Apple Inc.

ACMON.exe < 0.01 2,008 K 868 K 2736 ACMON ASUS (Verified) ASUSTeK Computer Inc.

svchost.exe < 0.01 9,416 K 17,588 K 964 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

update.exe < 0.01 10,564 K 18,896 K 5556 Product Updater Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG

BatteryLife.exe < 0.01 4,252 K 1,036 K 2536 Power4Gear Hybrid ASUS (Certificate expired) ASUS

TeamViewer_Service.exe 0.01 5,356 K 14,552 K 1284 TeamViewer 11 TeamViewer GmbH (Verified) TeamViewer

taskeng.exe 0.01 3,048 K 7,156 K 2416 Motor de Programador de tareas Microsoft Corporation (Verified) Microsoft Windows

CCleaner64.exe 0.01 8,948 K 15,784 K 2884 CCleaner Piriform Ltd (Verified) Piriform Ltd

svchost.exe 0.01 17,488 K 19,388 K 336 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

csrss.exe 0.01 2,308 K 5,616 K 460 Proceso en tiempo de ejecución del cliente-servidor Microsoft Corporation (Verified) Microsoft Windows

WlanWpsSvc.exe 0.01 3,516 K 7,776 K 1520 WlanSvc Application (No hay ninguna firma presente en el sujeto)

Avira.ServiceHost.exe 0.01 45,044 K 18,592 K 4300 Avira Service Host Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG

updrgui.exe 0.01 3,156 K 9,064 K 3332 Updater GUI Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG

AppleMobileDeviceService.exe 0.02 3,916 K 11,096 K 1848 MobileDeviceService Apple Inc. (Verified) Apple Inc.

chrome.exe 0.02 48,172 K 87,900 K 5776 Google Chrome Google Inc. (Verified) Google Inc

explorer.exe 0.02 43,000 K 61,592 K 2488 Explorador de Windows Microsoft Corporation (Verified) Microsoft Windows

taskhost.exe 0.03 5,288 K 11,608 K 2332 Proceso de host para tareas de Windows Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 0.03 25,904 K 41,332 K 996 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

SearchIndexer.exe 0.04 38,216 K 22,004 K 3752 Indizador de Microsoft Windows Search Microsoft Corporation (Verified) Microsoft Windows

Avira.Systray.exe 0.04 55,732 K 18,912 K 4980 Avira Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG

ProtectedFile.exe 0.04 10,992 K 16,684 K 1292 ProtectedFile Module (No hay ninguna firma presente en el sujeto)

LMS.exe 0.07 2,296 K 4,876 K 3116 Local Manageability Service Intel Corporation (Verified) Intel Corporation

iCloudServices.exe 0.08 70,772 K 71,008 K 2860 iCloud Services Apple Inc. (Verified) Apple Inc.

QMAssistant.exe 0.09 24,188 K 34,892 K 3196 QMAssistant MFC Application (No hay ninguna firma presente en el sujeto)

svchost.exe 0.09 5,172 K 9,344 K 820 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

QuickGesture64.exe 0.13 2,060 K 784 K 2648 ASUS Quick Gesture Exe ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.

services.exe 0.13 7,376 K 10,940 K 576 Aplicación de servicios y controlador Microsoft Corporation (Verified) Microsoft Windows

AdobeARM.exe 0.13 400 K 1,564 K 6048 Adobe Reader and Acrobat Manager Adobe Systems Incorporated (Verified) Adobe Systems

svchost.exe 0.15 11,844 K 15,428 K 1576 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

QuickGesture.exe 0.16 1,628 K 788 K 2608 ASUS Quick Gesture Exe ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.

lsass.exe 0.36 5,104 K 12,636 K 600 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows

csrss.exe 0.41 2,788 K 34,000 K 544 Proceso en tiempo de ejecución del cliente-servidor Microsoft Corporation (Verified) Microsoft Windows

wirelesscm.exe 0.41 6,016 K 12,180 K 3016 D-Link WLAN Application D-Link Corp. (El emisor revocó un certificado explícitamente) D-Link Corp.

svchost.exe 0.49 135,504 K 143,532 K 920 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

avgnt.exe 0.49 6,608 K 4,392 K 2764 Avira system tray application Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG

dwm.exe 0.55 109,936 K 69,124 K 2436 Administrador de ventanas del escritorio Microsoft Corporation (Verified) Microsoft Windows

Interrupts 0.71 0 K 0 K n/a Hardware Interrupts and DPCs

reader_sl.exe 0.74 1,272 K 4,464 K 840 Adobe Acrobat SpeedLauncher Adobe Systems Incorporated (Verified) Adobe Systems

avguard.exe 0.86 336,128 K 33,216 K 1816 Antivirus Host Framework Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG

System 1.47 184 K 1,428 K 4

svchost.exe 2.46 5,596 K 10,560 K 716 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows

procexp64.exe 6.47 33,236 K 53,840 K 4808 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

update.exe 25.01 341,572 K 337,052 K 3844 Product Updater Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG

System Idle Process 58.29 0 K 24 K 0

----end----

Here are the results from the commands pasted into the prompt

-----start----

Nombre de imagen PID Servicios

========================= ======== =============================================

System Idle Process 0 N/D

System 4 N/D

smss.exe 320 N/D

csrss.exe 460 N/D

wininit.exe 520 N/D

csrss.exe 544 N/D

services.exe 576 N/D

lsass.exe 600 EFS, KeyIso, SamSs

lsm.exe 608 N/D

svchost.exe 716 DcomLaunch, PlugPlay, Power

svchost.exe 820 RpcEptMapper, RpcSs

svchost.exe 888 AudioSrv, Dhcp, eventlog, HomeGroupProvider,

lmhosts, wscsvc

svchost.exe 920 AudioEndpointBuilder, hidserv, Netman,

PcaSvc, SysMain, UxSms, WdiSystemHost,

Wlansvc

svchost.exe 964 EventSystem, fdPHost, FontCache, netprofm,

nsi, SstpSvc, WdiServiceHost

svchost.exe 996 AeLookupSvc, BITS, EapHost, IKEEXT,

LanmanServer, ProfSvc, RasMan, Schedule,

SENS, ShellHWDetection, Themes, Winmgmt,

wuauserv

svchost.exe 472 gpsvc

svchost.exe 336 CryptSvc, Dnscache, LanmanWorkstation,

NlaSvc, TapiSrv

winlogon.exe 1092 N/D

AsLdrSrv.exe 1124 ASLDRService

wlanext.exe 1132 N/D

conhost.exe 1140 N/D

GFNEXSrv.exe 1184 ATKGFNEXSrv

spoolsv.exe 1360 Spooler

sched.exe 1412 AntiVirSchedulerService

svchost.exe 1576 BFE, DPS, MpsSvc

armsvc.exe 1784 AdobeARMservice

avguard.exe 1816 AntiVirService

AppleMobileDeviceService. 1848 Apple Mobile Device Service

Ath_CoexAgent.exe 1880 Atheros Bt&Wlan Coex Agent

AdminService.exe 1924 AtherosSvc

mDNSResponder.exe 1992 Bonjour Service

CadwellTimeStampLocalServ 2012 CadwellTimeStampLocalServerService

ClearNetworkCacheService. 1236 ClearCacheService

svchost.exe 936 DiagTrack

taskhost.exe 2332 N/D

taskeng.exe 2416 N/D

dwm.exe 2436 N/D

explorer.exe 2488 N/D

BatteryLife.exe 2536 N/D

ATKOSD2.exe 2552 N/D

QuickGesture.exe 2608 N/D

QuickGesture64.exe 2648 N/D

ACMON.exe 2736 N/D

USBChargerPlus.exe 2748 N/D

RAVCpl64.exe 2812 N/D

BtvStack.exe 2828 N/D

iCloudServices.exe 2860 N/D

CCleaner64.exe 2884 N/D

wirelesscm.exe 3016 N/D

ACEngSvr.exe 732 N/D

FLxHCIm.exe 1672 N/D

DMedia.exe 1436 N/D

wcourier.exe 2244 N/D

HControlUser.exe 2516 N/D

hppusg.exe 1244 N/D

avgnt.exe 2764 N/D

HControl.exe 3080 N/D

ATKOSD.exe 3140 N/D

KBFiltr.exe 3184 N/D

WDC.exe 3208 N/D

EasyIIISynchronizationSer 4068 EasyIIISynchronizationService

QMAssistant.exe 3196 N/D

HPSIsvc.exe 3280 HPSIService

svchost.exe 3364 Pml Driver HPZ12

svchost.exe 2972 stisvc

ProtectedFile.exe 1292 N/D

TeamViewer_Service.exe 1284 TeamViewer

WlanWpsSvc.exe 1520 WlanWpsSvc

WLIDSVC.EXE 4248 wlidsvc

Avira.ServiceHost.exe 4300 Avira.ServiceHost

WLIDSVCM.EXE 4448 N/D

Avira.Systray.exe 4980 N/D

avshadow.exe 3004 N/D

SearchIndexer.exe 3752 WSearch

svchost.exe 3692 bthserv

svchost.exe 4136 FDResPub, SSDPSRV

svchost.exe 1528 PolicyAgent

SearchProtocolHost.exe 3996 N/D

wmpnetwk.exe 5172 WMPNetworkSvc

chrome.exe 5776 N/D

chrome.exe 5800 N/D

chrome.exe 5828 N/D

chrome.exe 5936 N/D

chrome.exe 5996 N/D

chrome.exe 6028 N/D

cmd.exe 1484 N/D

conhost.exe 5168 N/D

AppleChromeDAV.exe 5480 N/D

APSDaemon.exe 5464 N/D

chrome.exe 2944 N/D

HPSupportSolutionsFramewo 5012 HPSupportSolutionsFrameworkService

LMS.exe 3116 LMS

UNS.exe 1616 UNS

WmiPrvSE.exe 4016 N/D

procexp.exe 4988 N/D

procexp64.exe 4808 N/D

notepad.exe 700 N/D

cmd.exe 5844 N/D

conhost.exe 2500 N/D

SearchFilterHost.exe 3796 N/D

tasklist.exe 744 N/D

------end-------

And the requested file is attached.

Tanks again.

Attached Files

DRACLAUDIAPAZ.txt 853.98KB 502 downloads

#4
RKinner

Posted 09 March 2017 - 03:05 PM

Malware Expert

Expert
24,624 posts

The current slowness seems to be caused by Avira:

procexp64.exe 6.47 33,236 K 53,840 K 4808 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

update.exe 25.01 341,572 K 337,052 K 3844 Product Updater Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG

System Idle Process 58.29 0 K 24 K 0

Unless we just caught it at a bad time its update process is using up 25% of your CPU.

Can you download a new copy of Avira and Save it, uninstall the old, reboot and install the new?

You can also have Windows check itself for errors:

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Run Process Explorer again and post the log.

Speccy actually says your Windows Update is working again after a long dry spell. Starting on the 8th of March of 2017 you have installed about 100 updates. Before that nothing since 16/12/2016

Win 7 is fond of being very slow searching for updates. You can sometimes speed it up:

Run the

System Update Readiness Tool for Windows 7

https://www.microsof...s.aspx?id=20858

(This can take many hours)

Once that runs then get

KB3083710 and KB3102810 (if you don't already have them)

https://support.micr...n-us/kb/3083710

https://support.micr...n-us/kb/3102810

Then try Windows Update again and see if you have better luck.

#5
PericlesBadger

Posted 12 March 2017 - 05:41 PM

New Member

Topic Starter
Member
5 posts

Solved!!!

Reinstalling avira did it.

System running full steam now.

Thanks a bunch RKinner

#6
RKinner

Posted 12 March 2017 - 07:32 PM

Malware Expert

Expert
24,624 posts

Time to clean up:

If we installed Speccy it needs to be uninstalled. Process Explorer, VEW, AdwCleaner, JRT and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash is now the most malware targeted program so it must be kept up to date. Be careful with Adobe. They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan. Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on. Go to adblockplus.org with each browser and get the add-on. (It's actually a program for IE)

If Chrome/Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.

http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize. You can run it any time that Chrome/Firefox seems slow starting..

If you are a Facebook user get the FB Purity extension for your browser:

http://www.fbpurity.com/

This will stop all of the suggested pages and ads so that Facebook loads much quicker.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent

http://www.foolishIT.../cryptoprevent/

The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...0637284.htmland http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:

http://www.java.com/...lugin_cache.xml

Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.

Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm

(The name means something like "clean place" in one of the local native-American dialects)

Ron