Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

new type of Troyan.ramson.gen???


  • This topic is locked This topic is locked
6 replies to this topic

#1 Andres Pedreno

Andres Pedreno

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canary Island. Spain
  • Local time:02:40 PM

Posted 05 February 2015 - 04:15 PM

Mod Edit:  Merged posted topics - Hamluis.
 
Hi all!
 
Sorry my poor english  :mellow:
 
Yesterday I recived an atacched file to a normal work´s email.
 
The name of the file is "derry_print_ltd.scr"............. so it rename all my files on C and external drives.
 
If I rename the file late I cannot open. I try to restore to previous version but don´t exists previous version.
 
I try to desinfect with Spy Hunter on safe mode.. I don´t know if the infection is solved now.
 
The problem is that this virus or malware, I don´t know, rename for example "propuesta hogar 147.PDF" to " propuesta hogar 147.PDF.jpjynhd" and I cannot find any solution any part to fix the affected files.
 
All the files in my computer is renamed to... name.ext.jpjynhd
 
Repit I´m sorry my poor English and it is not the correct place to post it
 
Thank you very much, Andrés 
Hi all!!! 
 
I received an email with a compressed file and then check it clean of virus, to be a virus that encrypts files on the hard disk.
 
The name of file ............terry_print-ltd.scr
 
Rename files for example  Amazon.pdf  to Amazon.PDF.jpjynhd
 
Following the steps in the post from Machiavelli to infectedvirus copy below the results.
 
Thank you very much and very careful with this virus seems to be removed but not retrieve the modified files.
 
Good luck and sorry for my basic english.!!!!!
 
 
_____________________________________________________________________________________
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by ESTUDIO A. PEDREÑO (administrator) on ESTUDIOAPEDREÑO on 06-02-2015 00:41:51
Running from C:\Users\ESTUDIO A. PEDREÑO\Desktop
Loaded Profiles: ESTUDIO A. PEDREÑO & UpdatusUser (Available profiles: ESTUDIO A. PEDREÑO & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\...\Run: [Spotify Web Helper] => C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1928626174-2780560462-2623644768-1001\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [1571088 2011-09-22] (Creative Technology Ltd)
HKU\S-1-5-21-1928626174-2780560462-2623644768-1001\...\RunOnce: [InetReg] => "C:\Program Files (x86)\Creative\Registro de productos\Spanish\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6
HKU\S-1-5-21-1928626174-2780560462-2623644768-1001\...\MountPoints2: {bb1d1d35-821c-11e4-b92b-806e6f6e6963} - E:\Audio\setup.exe
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.es/
HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/es-es/?ocid=iehp
HKU\S-1-5-21-1928626174-2780560462-2623644768-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/es-es/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Kaspersky Passsword Manager Toolbar -> {215BA832-75A3-426E-A4FC-7C5B58CE6A10} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
 
FireFox:
========
FF ProfilePath: C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Mozilla\Firefox\Profiles\1yxwrsq7.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-08]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2015-02-05]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2015-02-05]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.es/
CHR StartupUrls: Default -> "https://www.google.es/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-19]
CHR Extension: (YouTube) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-19]
CHR Extension: (Adblock Plus) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-20]
CHR Extension: (Búsqueda de Google) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-19]
CHR Extension: (Supervisor Kaspersky de vínculos URL) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-02-05]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-12-19]
CHR Extension: (Adobe Acrobat - Crear archivos PDF) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-12-20]
CHR Extension: (Pago seguro) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2015-02-05]
CHR Extension: (Content Blocker) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2015-02-05]
CHR Extension: (Dropbox) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-12-20]
CHR Extension: (Virtual Keyboard) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
CHR Extension: (Gmail) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-19]
CHR Extension: (Anti-Banner) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-02-05]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1507632 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-12-19] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-12-19] (Creative Labs) [File not signed]
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [114176 2014-11-26] (Creative Technology Ltd)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-05] (Enigma Software Group USA, LLC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)
R2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2014-12-20] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-20] (AVG Technologies)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 cthda; C:\Windows\System32\drivers\cthda.sys [1065728 2014-11-26] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [34048 2014-11-26] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-12-20] (DT Soft Ltd)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-02-05] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-05] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 00:41 - 2015-02-06 00:42 - 00026057 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\FRST.txt
2015-02-06 00:41 - 2015-02-06 00:41 - 00000000 ____D () C:\FRST
2015-02-06 00:39 - 2015-02-06 00:39 - 02131968 _____ (Farbar) C:\Users\ESTUDIO A. PEDREÑO\Desktop\FRST64.exe
2015-02-05 21:45 - 2015-02-05 21:45 - 00002798 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-05 21:45 - 2015-02-05 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-05 21:45 - 2015-02-05 21:45 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-05 20:44 - 2015-02-05 20:44 - 10868379 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\Anti-CryptorBitV2.zip
2015-02-05 20:26 - 2015-02-05 20:26 - 00001082 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\RegHunter.lnk
2015-02-05 20:19 - 2015-02-05 20:19 - 00003326 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-02-05 20:19 - 2015-02-05 20:19 - 00000000 _____ () C:\autoexec.bat
2015-02-05 20:15 - 2015-02-05 20:15 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\gnupg
2015-02-05 20:14 - 2015-02-05 20:14 - 01470858 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\ScatterDecryptor.zip
2015-02-05 20:09 - 2015-02-05 20:09 - 00045815 _____ () C:\sh4_service.log
2015-02-05 20:08 - 2015-02-05 20:08 - 00158378 _____ () C:\spyhunter.log
2015-02-05 20:06 - 2015-02-05 17:55 - 00285747 _____ () C:\shldr
2015-02-05 20:06 - 2015-02-05 17:55 - 00008192 _____ () C:\shldr.mbr
2015-02-05 19:04 - 2015-02-05 19:04 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-05 19:02 - 2015-02-05 19:02 - 00001197 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\spyhunter.txt
2015-02-05 17:55 - 2015-02-05 20:26 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Enigma Software Group
2015-02-05 17:55 - 2015-02-05 20:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-05 17:55 - 2015-02-05 19:04 - 00001087 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\SpyHunter.lnk
2015-02-05 17:55 - 2015-02-05 17:55 - 00000000 ____D () C:\sh4ldr
2015-02-05 17:54 - 2015-02-05 17:54 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\ESTUDIO A. PEDREÑO\Desktop\SpyHunter-installer.exe
2015-02-05 17:20 - 2015-02-05 17:20 - 00461000 _____ (Kaspersky Lab ZAO) C:\Users\ESTUDIO A. PEDREÑO\Desktop\rannohdecryptor.exe
2015-02-05 15:36 - 2015-02-05 15:36 - 00002220 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\Safe Money.lnk
2015-02-05 15:34 - 2015-02-05 15:34 - 00001078 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2015-02-05 15:34 - 2015-02-05 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0
2015-02-05 15:34 - 2013-11-11 22:55 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2015-02-05 15:34 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2015-02-05 15:34 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2015-02-05 15:33 - 2015-02-05 15:33 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-02-05 15:33 - 2015-02-05 15:33 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-02-05 15:33 - 2013-11-11 22:55 - 00626272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-02-05 15:33 - 2013-11-11 22:55 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-02-05 15:25 - 2015-02-05 15:26 - 196671712 _____ (Kaspersky Lab ZAO) C:\Users\ESTUDIO A. PEDREÑO\Desktop\pur13.0.2.558es-mx.exe
2015-02-05 15:09 - 2015-02-05 15:09 - 00000000 ____D () C:\Users\ESTUDIO A. PEDRE¥O\8126570934UxGcjDXBSudFazsMA
2015-02-05 15:09 - 2015-02-05 15:09 - 00000000 ____D () C:\Users\ESTUDIO A. PEDRE¥O
2015-02-05 09:15 - 2015-02-05 09:15 - 00056320 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\derry print ltd.msg
2015-02-04 19:44 - 2015-02-05 08:51 - 27911949 _____ () C:\ProgramData\umecqfh.html
2015-02-04 19:40 - 2015-02-04 19:40 - 00003094 _____ () C:\Windows\System32\Tasks\mllcjvk
2015-02-03 14:03 - 2015-02-03 14:03 - 00321760 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\propuesta hogar 147.PDF.jpjynhd
2015-02-03 14:03 - 2015-02-03 14:03 - 00321424 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\Vivienda Rambla de Santa Cruz 153-5º.PDF.jpjynhd
2015-02-03 11:51 - 2015-02-03 12:42 - 00042496 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\Sin título.msg
2015-01-30 12:29 - 2015-01-30 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-30 12:28 - 2015-01-30 12:28 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-30 12:28 - 2015-01-30 12:28 - 00000000 ____D () C:\Program Files\iTunes
2015-01-30 12:28 - 2015-01-30 12:28 - 00000000 ____D () C:\Program Files\iPod
2015-01-30 12:28 - 2015-01-30 12:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-29 21:54 - 2015-02-04 10:10 - 00016400 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\10926216_10206012611181530_8153987655694367159_n.JPG.jpjynhd
2015-01-29 21:54 - 2015-01-22 16:14 - 08980416 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\COMENTARIOS SARA FINAL PISCINA BAHIA GRANDE.PDF.jpjynhd
2015-01-29 21:54 - 2015-01-21 14:02 - 00076080 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\analisis.PDF.jpjynhd
2015-01-29 21:54 - 2015-01-20 19:21 - 00120832 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\Amazon.PDF.jpjynhd
2015-01-29 21:54 - 2015-01-13 17:11 - 00377232 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\2 CURSO DE INGLES LEGAL.PDF.jpjynhd
2015-01-29 21:54 - 2015-01-08 17:26 - 00222992 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\calendario_contribuyente_atc.PDF.jpjynhd
2015-01-29 18:38 - 2015-01-29 18:38 - 00000000 ____D () C:\Program Files\DIFX
2015-01-29 18:38 - 2015-01-29 18:38 - 00000000 ____D () C:\Program Files (x86)\DNIe
2015-01-29 09:57 - 2015-01-29 09:57 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Mozilla
2015-01-29 09:57 - 2015-01-29 09:57 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Mozilla
2015-01-29 09:57 - 2015-01-29 09:57 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-29 09:22 - 2015-01-29 09:22 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2015-01-28 14:08 - 2015-01-28 14:08 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\WebSigner
2015-01-28 13:51 - 2015-01-29 18:47 - 00464384 _____ (Dirección General de la Policía) C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\DNIeService.exe
2015-01-28 13:51 - 2015-01-28 13:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2015-01-28 09:04 - 2015-01-28 09:04 - 01070376 _____ (Dirección General de la Policía) C:\Windows\system32\DNIeCMx64.dll
2015-01-28 09:04 - 2015-01-28 09:04 - 00875304 _____ (Dirección General de la Policía) C:\Windows\SysWOW64\DNIeCMx86.dll
2015-01-26 14:32 - 2015-01-26 14:32 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\TeamViewer
2015-01-26 08:45 - 2015-02-05 14:00 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-01-26 08:45 - 2015-02-05 14:00 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-26 08:45 - 2015-02-04 19:51 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\TeamViewer
2015-01-25 17:26 - 2015-01-25 17:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-01-25 17:26 - 2015-01-25 17:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-01-22 18:48 - 2015-02-04 19:54 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\C6 2015
2015-01-21 18:54 - 2015-02-04 20:02 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\fotos varias
2015-01-21 17:11 - 2015-02-04 20:04 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Downloads\LS
2015-01-21 17:05 - 2015-02-04 20:03 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Downloads\W0rdMag1c SP7 BySarus
2015-01-19 20:11 - 2015-02-04 19:52 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\SAN VALENTIN
2015-01-19 18:16 - 2015-02-04 19:52 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\CUENTAS
2015-01-19 14:16 - 2015-01-19 14:16 - 00162816 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\VOLTIC CUENTAS.msg
2015-01-17 11:17 - 2015-01-17 11:17 - 00000882 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\Modelo 420.exe.lnk
2015-01-16 16:52 - 2015-02-04 19:59 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\C6
2015-01-16 10:11 - 2015-01-16 10:11 - 00000000 _____ () C:\Users\ESTUDIO A. PEDREÑO\Sti_Trace.log
2015-01-16 09:59 - 2015-01-16 10:09 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\ControlCenter4
2015-01-16 09:55 - 2015-01-16 09:55 - 00000260 _____ () C:\Windows\Brpfx04a.ini
2015-01-16 09:55 - 2015-01-16 09:55 - 00000064 _____ () C:\Windows\brpcfx.ini
2015-01-16 09:55 - 2015-01-16 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-01-16 09:54 - 2015-01-16 10:06 - 00000000 ____D () C:\ProgramData\ControlCenter4
2015-01-16 09:54 - 2015-01-16 09:54 - 00000066 _____ () C:\Windows\Brfaxrx.ini
2015-01-16 09:54 - 2015-01-16 09:54 - 00000000 ____D () C:\Program Files (x86)\Browny02
2015-01-16 09:54 - 2015-01-16 09:54 - 00000000 ____D () C:\Brother
2015-01-16 09:54 - 2015-01-16 09:54 - 00000000 _____ () C:\Windows\BRPARAM.INI
2015-01-16 09:54 - 2003-11-28 18:57 - 00000000 _____ () C:\Windows\brdfxspd.dat
2015-01-16 09:53 - 2015-01-16 09:54 - 00000000 ____D () C:\Program Files (x86)\Brother
2015-01-16 09:53 - 2015-01-16 09:53 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\InstallShield
2015-01-16 09:53 - 2012-09-10 16:31 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2015-01-16 09:53 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2015-01-16 09:53 - 2012-06-05 06:59 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2015-01-16 09:53 - 2010-05-20 05:33 - 00103792 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBI100.EXE
2015-01-16 09:53 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2015-01-16 09:53 - 2010-03-15 16:20 - 00050176 _____ (Brother Industries Ltd.) C:\Windows\SysWOW64\BRPRTINK.DLL
2015-01-16 09:53 - 2010-02-05 02:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2015-01-16 09:53 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2015-01-16 09:53 - 2005-01-17 07:10 - 00045056 _____ () C:\Windows\SysWOW64\BRTCPCON.DLL
2015-01-16 09:53 - 2004-08-09 07:00 - 00000114 _____ () C:\Windows\SysWOW64\BRLMW03A.INI
2015-01-16 09:53 - 2004-08-09 06:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2015-01-15 19:01 - 2015-01-16 10:09 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2015-01-15 19:01 - 2015-01-15 19:01 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx
2015-01-15 19:01 - 2009-12-08 16:19 - 00290304 ____N (Brother Industries, Ltd.) C:\Windows\system32\BrfxDA5c.dll
2015-01-15 18:59 - 2015-01-16 09:54 - 00000000 ____D () C:\ProgramData\Brother
2015-01-14 21:24 - 2015-01-14 21:24 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Wise Care 365
2015-01-14 21:24 - 2015-01-14 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer
2015-01-14 21:24 - 2015-01-14 21:24 - 00000000 ____D () C:\Program Files (x86)\Wise
2015-01-14 21:20 - 2015-01-14 21:20 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\SlimWare Utilities Inc
2015-01-14 21:19 - 2015-01-14 21:21 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2015-01-14 21:19 - 2015-01-14 21:19 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-01-14 16:53 - 2015-01-14 16:54 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\AdvertismentImages
2015-01-14 16:52 - 2015-01-14 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
2015-01-14 16:52 - 2015-01-14 16:52 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter
2015-01-14 14:42 - 2015-02-05 09:03 - 00000000 ___RD () C:\Users\ESTUDIO A. PEDREÑO\Desktop\ibiza
2015-01-13 21:49 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 21:49 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 21:49 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 21:49 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 21:49 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 21:49 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 21:49 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 21:49 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 21:49 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 21:49 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 21:49 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 21:49 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 21:49 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 13:38 - 2015-02-05 20:32 - 00005110 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ESTUDIOAPEDREÑO-ESTUDIO A. PEDREÑO ESTUDIOAPEDREÑO
2015-01-13 08:45 - 2015-01-13 08:45 - 00000000 ____D () C:\ProgramData\Steam
2015-01-12 12:40 - 2015-01-12 12:43 - 00000000 ____D () C:\Program Files (x86)\Gobierno de Canarias
2015-01-12 12:40 - 2015-01-12 12:40 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\GobCan
2015-01-12 12:40 - 2015-01-12 12:40 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gobierno de Canarias
2015-01-09 18:26 - 2015-02-04 19:53 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Downloads\The Song of the Butterfly [Hungary 2014] HD
2015-01-09 18:24 - 2015-02-04 19:51 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Downloads\Spacedrum by Yuki Koshimoto
2015-01-09 18:21 - 2015-02-04 19:51 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Downloads\beautiful tank hank (drum in gaz)
2015-01-09 16:42 - 2015-01-09 16:42 - 00000437 _____ () C:\Users\Public\Desktop\IGIC - Modelo 425 (2014).lnk
2015-01-09 16:42 - 2000-05-24 03:45 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-01-09 11:47 - 2015-01-09 11:48 - 00001711 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\ESTUDIO ANDRES.lnk
2015-01-08 20:18 - 2015-01-08 20:18 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2015-01-08 19:15 - 2015-01-09 21:00 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-01-08 19:15 - 2015-01-09 21:00 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-01-08 19:15 - 2015-01-09 21:00 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-01-08 18:54 - 2015-01-08 18:54 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\PDAppFlex
2015-01-08 17:24 - 2015-01-08 17:24 - 00000000 ____D () C:\Windows\pss
2015-01-08 16:36 - 2015-01-08 16:36 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-08 12:13 - 2015-02-05 21:54 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\BARCELONA 12 Y 1
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 00:34 - 2014-12-12 16:37 - 01283762 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 00:33 - 2014-12-20 13:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 00:23 - 2009-07-14 04:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 00:23 - 2009-07-14 04:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 00:16 - 2014-12-20 13:20 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-05 23:58 - 2014-12-19 18:26 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 23:49 - 2014-12-19 18:26 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 22:09 - 2014-12-20 11:26 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\DAEMON Tools Pro
2015-02-05 22:06 - 2014-12-12 16:33 - 00000000 ____D () C:\Windows\Panther
2015-02-05 21:40 - 2014-12-20 10:35 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Documents\Archivos de Outlook
2015-02-05 20:27 - 2014-12-19 18:48 - 00000469 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\2 TB WD.lnk
2015-02-05 20:12 - 2014-12-20 13:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-05 20:09 - 2014-12-19 18:26 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 20:09 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 17:55 - 2014-12-12 17:43 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO
2015-02-05 16:12 - 2005-11-26 23:34 - 00000000 _RSHD () C:\Windows\install
2015-02-05 09:44 - 2014-12-19 18:26 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 09:44 - 2014-12-19 18:26 - 00003844 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 09:24 - 2014-12-20 10:35 - 2011951408 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\andrespedreno@arrakis.es.PST.jpjynhd
2015-02-05 02:58 - 2014-12-19 18:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 02:58 - 2014-12-19 18:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 02:58 - 2014-12-19 18:26 - 00003776 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:03 - 2014-12-22 09:53 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\cc
2015-02-04 20:02 - 2015-01-01 18:40 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\FOTOS STELLA IPHONE
2015-02-04 20:02 - 2015-01-01 14:45 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\IPHONE 12 14
2015-02-04 19:51 - 2014-12-30 19:34 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox
2015-02-04 19:51 - 2014-12-21 16:01 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\JDownloader v2.0
2015-02-04 19:40 - 2014-12-20 13:28 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-02-01 17:08 - 2014-12-21 17:07 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Spotify
2015-02-01 17:04 - 2014-12-21 17:06 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Spotify
2015-01-30 12:28 - 2015-01-01 18:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-29 10:19 - 2014-12-20 01:05 - 01649848 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-29 10:19 - 2011-04-12 09:10 - 00747226 _____ () C:\Windows\system32\perfh00A.dat
2015-01-29 10:19 - 2011-04-12 09:10 - 00158698 _____ () C:\Windows\system32\perfc00A.dat
2015-01-29 10:19 - 2009-07-14 05:13 - 01649848 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 10:00 - 2014-12-20 18:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 16:04 - 2014-12-20 11:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 15:09 - 2014-12-20 11:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 15:09 - 2014-12-20 11:14 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 14:37 - 2009-07-14 04:45 - 09565528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-26 11:16 - 2014-12-12 17:57 - 00071808 _____ () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 17:26 - 2014-12-20 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-19 15:37 - 2014-12-20 00:26 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Microsoft Help
2015-01-16 09:53 - 2014-12-12 17:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 03:05 - 2014-12-20 00:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2014-12-20 00:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 22:29 - 2014-12-21 16:03 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-01-12 12:40 - 2014-12-31 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gobierno de Canarias
2015-01-09 21:00 - 2014-12-21 19:08 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-01-08 19:23 - 2014-12-19 18:32 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-08 19:14 - 2014-12-20 11:32 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-08 19:14 - 2014-12-20 11:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-08 19:08 - 2014-12-19 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2015-01-08 17:43 - 2014-12-20 11:34 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-08 17:20 - 2014-12-19 18:26 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Adobe
2015-01-08 16:25 - 2014-12-30 19:39 - 00000000 ___RD () C:\Users\ESTUDIO A. PEDREÑO\Dropbox
2015-01-08 12:47 - 2014-12-20 10:59 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\ACD Systems
 
==================== Files in the root of some directories =======
 
2015-01-28 13:51 - 2015-01-29 18:47 - 0464384 _____ (Dirección General de la Policía) C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\DNIeService.exe
2014-12-20 20:41 - 2014-12-20 20:41 - 0007601 _____ () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Resmon.ResmonCfg
2015-02-04 19:44 - 2015-02-05 08:51 - 27911949 _____ () C:\ProgramData\umecqfh.html
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 00:18
 
==================== End Of Log ============================
_____________________________________________________________________________________
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by ESTUDIO A. PEDREÑO at 2015-02-06 00:42:14
Running from C:\Users\ESTUDIO A. PEDREÑO\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky PURE 3.0 (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: AVG Internet Security 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Kaspersky PURE 3.0 (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
FW: Kaspersky PURE 3.0 (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACDSee Pro 7 (HKLM-x32\...\{FCDC1C23-C105-4DB0-9B7E-C88BED71491B}) (Version: 7.0.138 - ACD Systems International Inc.)
Actualización de NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4281 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Disk Speedup (HKLM-x32\...\{FC7E771F-8170-4573-825D-EDB6723C804F}_is1) (Version: 3.1.0.7584 - Systweak Software)
Dropbox (HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)
Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Free M4a to MP3 Converter 8.4 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grabador inteligente de Creative (HKLM-x32\...\Smart Recorder) (Version: 2.20 - Creative Technology Limited)
IGIC - Modelo 420 (2014) (HKLM-x32\...\{F4B11BF4-FFD5-460C-A3FA-CCE7A27C371E}) (Version:  - )
IGIC - Modelo 425 (2014) (HKLM-x32\...\{6312EC5F-34F6-40D4-A41E-2FFCFFA36645}) (Version:  - )
Instalable DNIe (HKLM\...\{FE707892-A9CB-4191-A4B2-0D3BE0CF5337}) (Version: 11.2.0 - Cuerpo Nacional de Policía)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware versión 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NVIDIA Controlador de 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
Paquete Dolby Digital Live (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
RegHunter (HKLM-x32\...\RegHunter) (Version: 1.3.3.1613 - Enigma Software Group, LLC)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sound Blaster Z-Series (HKLM-x32\...\{47954582-81A8-44D4-A631-E6AE58E80399}) (Version: 1.00.05 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Dirección General de la Policía (UMPass) SmartCard  (04/09/2014 1.0.2.2) (HKLM\...\FC8BFCC77C8FC0A819288C408E9B8AC4CC55AC5D) (Version: 04/09/2014 1.0.2.2 - Dirección General de la Policía)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wise Memory Optimizer 3.33 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 3.33 - WiseCleaner.com, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2015-01-08 17:01 - 00000854 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {06D20D8C-09CD-4BDC-809B-D7011011E75A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {265C71DB-F2AE-46D7-B6C1-906FA0F4C2D5} - System32\Tasks\{08966482-C257-4B80-A2F9-AB11C78922E8} => pcalua.exe -a "C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=tugs <==== ATTENTION
Task: {30CA60F4-1773-41C6-9FEB-B85BC2C9350A} - System32\Tasks\Open Chrome => Chrome.exe --new-window toolbar.avg.com/ch-uninstall?cid={0BE121A4-1D51-4670-A428-19A686A83035}&amp;mid=511c4ec4be5947cdb92ee1ccef6ab9eb-fbdb84c0e3b7139293f6a51890c98baa82a560a9&amp;lang=es&amp;ds=AVG&amp;coid=avgtbavg&amp;cmpid=&amp;pr=fr&amp;d=&amp;v=4.0.5.7&amp;pid=wtu&amp;sg=
Task: {3B6C5F3C-7C3A-42AA-9DC1-D177C024019E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {4E330B95-8D27-415B-96FB-D7215A4542EE} - System32\Tasks\mllcjvk => C:\Users\ESTUDI~1.PED\AppData\Local\Temp\qllkevi.exe <==== ATTENTION
Task: {4EF67F5C-D0DF-498A-8346-10779DF3F2EC} - \LaunchSignup No Task File <==== ATTENTION
Task: {7D3C4235-B8B7-4A98-88DF-1A41C5D96508} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7D8A5003-E821-46CC-B958-72497561F89B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {83EDCF42-78F3-4DA9-86F1-7729EBAAD534} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-02-05] (Enigma Software Group USA, LLC.)
Task: {8BB20468-442E-45EC-ACEE-41DA80982310} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B37645C8-9165-40C1-8BF0-1B9835D63B10} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C4C9E388-F9FE-479B-8CDD-26B447370CA1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D4C55B28-8AA9-46FE-9AA9-68D3BAA98308} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E7C60C66-7AB2-48D9-A915-62EEF1C67A65} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {F12E6FEE-AF9D-4435-BFD1-478041A46545} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ESTUDIOAPEDREÑO-ESTUDIO A. PEDREÑO ESTUDIOAPEDREÑO => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2014-12-20 13:28 - 2014-12-20 13:28 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
2014-12-20 13:28 - 2014-12-20 13:28 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
2014-12-20 13:28 - 2014-12-20 13:28 - 01686552 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2015-01-30 23:44 - 2015-01-27 03:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-30 23:44 - 2015-01-27 03:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-30 23:44 - 2015-01-27 03:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\Control Panel\Desktop\\Wallpaper -> 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: Creative Media Toolbox 6 Licensing Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^ESTUDIO A. PEDREÑO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: ACPW07EN => "C:\Program Files (x86)\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1928626174-2780560462-2623644768-500 - Administrator - Disabled)
ESTUDIO A. PEDREÑO (S-1-5-21-1928626174-2780560462-2623644768-1000 - Administrator - Enabled) => C:\Users\ESTUDIO A. PEDREÑO
Invitado (S-1-5-21-1928626174-2780560462-2623644768-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1928626174-2780560462-2623644768-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/05/2015 08:11:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 06:03:57 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: No se pudo crear el punto de restauración (proceso = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe" -Embedding; descripción = Configured Microsoft Office Professional Plus 2013; error = 0x8007043c).
 
Error: (02/05/2015 05:52:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 04:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 02:18:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 01:38:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 09:27:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/30/2015 00:57:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/29/2015 06:42:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/28/2015 02:04:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/05/2015 08:09:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Sound Blaster Audio Service depende del servicio Sound Blaster Audio Driver, el cual no pudo iniciarse debido al siguiente error: 
%%1058
 
Error: (02/05/2015 08:09:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Sound Blaster Audio Driver no pudo iniciarse debido al siguiente error: 
%%1058
 
Error: (02/05/2015 07:04:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (02/05/2015 07:04:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (02/05/2015 07:04:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (02/05/2015 07:04:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (02/05/2015 07:04:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (02/05/2015 07:04:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
%%1068
 
Error: (02/05/2015 07:01:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (02/05/2015 06:03:57 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}
 
 
Microsoft Office Sessions:
=========================
Error: (02/05/2015 08:11:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 06:03:57 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20130x8007043c
 
Error: (02/05/2015 05:52:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 04:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 02:18:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 01:38:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 09:27:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/30/2015 00:57:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/29/2015 06:42:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/28/2015 02:04:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 32%
Total physical RAM: 8139.91 MB
Available physical RAM: 5476.79 MB
Total Pagefile: 16278.01 MB
Available Pagefile: 13579.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:830.25 GB) NTFS
Drive d: (BACKUPS) (Fixed) (Total:465.76 GB) (Free:319.39 GB) NTFS
Drive h: (WESTERN DIGITAL) (Fixed) (Total:1862.98 GB) (Free:1260.19 GB) NTFS
Drive j: (DESCARGAS Y DEMAS) (Fixed) (Total:3726.02 GB) (Free:1087.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F7D5EE88)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 3E772DAB)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 777AAC87)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.
 
==================== End Of Log ============================
 
 
 
___________________________________________________________________________________
 
 

# AdwCleaner v4.110 - Logfile created 06/02/2015 at 01:16:17
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : ESTUDIO A. PEDREÑO - ESTUDIOAPEDREÑO
# Running from : C:\Users\ESTUDIO A. PEDREÑO\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater18.2.0
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Speedup
Folder Deleted : C:\Program Files (x86)\Disk Speedup
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Systweak
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC7E771F-8170-4573-825D-EDB6723C804F}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v40.0.2214.94
 
[C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3832 bytes] - [06/02/2015 01:14:26]
AdwCleaner[S0].txt - [3736 bytes] - [06/02/2015 01:16:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3795  bytes] ##########
_____________________________________________________________________________________________________________________
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Fecha del Análisis: 06/02/2015
Tiempo de Análisis: 1:25:57
Logfile: antimalware.txt
Administrador: Si
 
Versión: 2.00.4.1028
Base de datos de malware: v2015.02.05.11
Base de datos de rootkit: v2015.02.03.01
Licencia: Premium
Protección contra malware: Activado
Protección Web: Activado
Autoprotección: Desactivado
 
SO: Windows 7 Service Pack 1
CPU: x64
Archivos del Sistema: NTFS
Usuario: ESTUDIO A. PEDREÃ?O
 
Tipo de Análisis: Análisis Completo
Resultado: Completado
Objetos Analizados: 410601
Tiempo Transcurrido: 40 min, 28 seg
 
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Activado
PUM: Activado
 
Procesos: 0
(Sin elementos maliciosos detectados)
 
Modulos: 0
(Sin elementos maliciosos detectados)
 
Llaves del Registro: 0
(Sin elementos maliciosos detectados)
 
Valores del Registro: 0
(Sin elementos maliciosos detectados)
 
Datos del Registro: 0
(Sin elementos maliciosos detectados)
 
Carpetas: 0
(Sin elementos maliciosos detectados)
 
Archivo: 0
(Sin elementos maliciosos detectados)
 
Sectores físicos: 0
(Sin elementos maliciosos detectados)
 
 
(end)
_________________________________________________________________________________________________________
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by ESTUDIO A. PEDRE¥O on 06/02/2015 at  8:18:06,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/02/2015 at  8:20:44,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_________________________________________________________________________________
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by ESTUDIO A. PEDREÑO (administrator) on ESTUDIOAPEDREÑO on 06-02-2015 08:27:28
Running from C:\Users\ESTUDIO A. PEDREÑO\Desktop
Loaded Profiles: ESTUDIO A. PEDREÑO & UpdatusUser (Available profiles: ESTUDIO A. PEDREÑO & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\...\Run: [Spotify Web Helper] => C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1928626174-2780560462-2623644768-1001\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [1571088 2011-09-22] (Creative Technology Ltd)
HKU\S-1-5-21-1928626174-2780560462-2623644768-1001\...\RunOnce: [InetReg] => "C:\Program Files (x86)\Creative\Registro de productos\Spanish\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6
HKU\S-1-5-21-1928626174-2780560462-2623644768-1001\...\MountPoints2: {bb1d1d35-821c-11e4-b92b-806e6f6e6963} - E:\Audio\setup.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.es/
HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/es-es/?ocid=iehp
HKU\S-1-5-21-1928626174-2780560462-2623644768-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/es-es/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
 
FireFox:
========
FF ProfilePath: C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Mozilla\Firefox\Profiles\1yxwrsq7.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-08]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.es/
CHR StartupUrls: Default -> "https://www.google.es/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-19]
CHR Extension: (YouTube) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-19]
CHR Extension: (Adblock Plus) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-20]
CHR Extension: (Búsqueda de Google) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-19]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-12-19]
CHR Extension: (Adobe Acrobat - Crear archivos PDF) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-12-20]
CHR Extension: (Dropbox) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-12-20]
CHR Extension: (Google Wallet) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
CHR Extension: (Gmail) - C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1507632 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-12-19] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-12-19] (Creative Labs) [File not signed]
S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [114176 2014-11-26] (Creative Technology Ltd)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-05] (Enigma Software Group USA, LLC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-20] (AVG Technologies)
S3 cthda; C:\Windows\System32\drivers\cthda.sys [1065728 2014-11-26] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [34048 2014-11-26] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-12-20] (DT Soft Ltd)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-02-05] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-05] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R4 kl1; system32\DRIVERS\kl1.sys [X]
R4 KLIF; system32\DRIVERS\klif.sys [X]
R4 klkbdflt; system32\DRIVERS\klkbdflt.sys [X]
R4 klmouflt; system32\DRIVERS\klmouflt.sys [X]
R4 kltdi; system32\DRIVERS\kltdi.sys [X]
R4 kneps; system32\DRIVERS\kneps.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 08:27 - 2015-02-06 08:27 - 00019357 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\FRST.txt
2015-02-06 08:27 - 2015-02-06 00:39 - 02131968 _____ (Farbar) C:\Users\ESTUDIO A. PEDREÑO\Desktop\FRST64.exe
2015-02-06 01:33 - 2015-02-06 08:27 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\scan virus
2015-02-06 01:28 - 2015-02-06 01:28 - 00000000 ___SD () C:\Users\ESTUDIO A. PEDREÑO\Documents\Passwords Database
2015-02-06 01:18 - 2015-02-06 01:18 - 00000588 _____ () C:\Windows\PFRO.log
2015-02-06 01:18 - 2015-02-06 01:18 - 00000168 _____ () C:\Windows\setupact.log
2015-02-06 01:18 - 2015-02-06 01:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 01:13 - 2015-02-06 01:16 - 00000000 ____D () C:\AdwCleaner
2015-02-06 00:41 - 2015-02-06 08:27 - 00000000 ____D () C:\FRST
2015-02-05 21:45 - 2015-02-05 21:45 - 00002798 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-05 21:45 - 2015-02-05 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-05 21:45 - 2015-02-05 21:45 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-05 20:44 - 2015-02-05 20:44 - 10868379 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\Anti-CryptorBitV2.zip
2015-02-05 20:19 - 2015-02-05 20:19 - 00003326 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-02-05 20:19 - 2015-02-05 20:19 - 00000000 _____ () C:\autoexec.bat
2015-02-05 20:15 - 2015-02-05 20:15 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\gnupg
2015-02-05 20:09 - 2015-02-05 20:09 - 00045815 _____ () C:\sh4_service.log
2015-02-05 20:08 - 2015-02-05 20:08 - 00158378 _____ () C:\spyhunter.log
2015-02-05 20:06 - 2015-02-05 17:55 - 00285747 _____ () C:\shldr
2015-02-05 20:06 - 2015-02-05 17:55 - 00008192 _____ () C:\shldr.mbr
2015-02-05 19:04 - 2015-02-05 19:04 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-05 19:02 - 2015-02-05 19:02 - 00001197 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\spyhunter.txt
2015-02-05 17:55 - 2015-02-05 20:26 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Enigma Software Group
2015-02-05 17:55 - 2015-02-05 20:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-05 17:55 - 2015-02-05 17:55 - 00000000 ____D () C:\sh4ldr
2015-02-05 15:25 - 2015-02-05 15:26 - 196671712 _____ (Kaspersky Lab ZAO) C:\Users\ESTUDIO A. PEDREÑO\Desktop\pur13.0.2.558es-mx.exe
2015-02-05 15:09 - 2015-02-06 01:28 - 00000000 ____D () C:\Users\ESTUDIO A. PEDRE¥O
2015-02-05 15:09 - 2015-02-05 15:09 - 00000000 ____D () C:\Users\ESTUDIO A. PEDRE¥O\8126570934UxGcjDXBSudFazsMA
2015-02-04 19:44 - 2015-02-05 08:51 - 27911949 _____ () C:\ProgramData\umecqfh.html
2015-02-04 19:40 - 2015-02-04 19:40 - 00003094 _____ () C:\Windows\System32\Tasks\mllcjvk
2015-02-03 14:03 - 2015-02-03 14:03 - 00321760 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\propuesta hogar 147.PDF.jpjynhd
2015-02-03 14:03 - 2015-02-03 14:03 - 00321424 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\Vivienda Rambla de Santa Cruz 153-5º.PDF.jpjynhd
2015-02-03 11:51 - 2015-02-03 12:42 - 00042496 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\Sin título.msg
2015-01-30 12:29 - 2015-01-30 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-30 12:28 - 2015-01-30 12:28 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-30 12:28 - 2015-01-30 12:28 - 00000000 ____D () C:\Program Files\iTunes
2015-01-30 12:28 - 2015-01-30 12:28 - 00000000 ____D () C:\Program Files\iPod
2015-01-30 12:28 - 2015-01-30 12:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-29 21:54 - 2015-02-04 10:10 - 00016400 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\10926216_10206012611181530_8153987655694367159_n.JPG.jpjynhd
2015-01-29 21:54 - 2015-01-22 16:14 - 08980416 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\COMENTARIOS SARA FINAL PISCINA BAHIA GRANDE.PDF.jpjynhd
2015-01-29 21:54 - 2015-01-21 14:02 - 00076080 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\analisis.PDF.jpjynhd
2015-01-29 21:54 - 2015-01-20 19:21 - 00120832 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\Amazon.PDF.jpjynhd
2015-01-29 21:54 - 2015-01-13 17:11 - 00377232 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\2 CURSO DE INGLES LEGAL.PDF.jpjynhd
2015-01-29 21:54 - 2015-01-08 17:26 - 00222992 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\calendario_contribuyente_atc.PDF.jpjynhd
2015-01-29 18:38 - 2015-01-29 18:38 - 00000000 ____D () C:\Program Files\DIFX
2015-01-29 18:38 - 2015-01-29 18:38 - 00000000 ____D () C:\Program Files (x86)\DNIe
2015-01-29 09:57 - 2015-01-29 09:57 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Mozilla
2015-01-29 09:57 - 2015-01-29 09:57 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Mozilla
2015-01-29 09:57 - 2015-01-29 09:57 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-29 09:22 - 2015-01-29 09:22 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2015-01-28 14:08 - 2015-01-28 14:08 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\WebSigner
2015-01-28 13:51 - 2015-01-29 18:47 - 00464384 _____ (Dirección General de la Policía) C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\DNIeService.exe
2015-01-28 13:51 - 2015-01-28 13:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2015-01-28 09:04 - 2015-01-28 09:04 - 01070376 _____ (Dirección General de la Policía) C:\Windows\system32\DNIeCMx64.dll
2015-01-28 09:04 - 2015-01-28 09:04 - 00875304 _____ (Dirección General de la Policía) C:\Windows\SysWOW64\DNIeCMx86.dll
2015-01-26 14:32 - 2015-01-26 14:32 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\TeamViewer
2015-01-26 08:45 - 2015-02-06 07:40 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-26 08:45 - 2015-02-06 01:29 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\TeamViewer
2015-01-26 08:45 - 2015-02-05 14:00 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-01-25 17:26 - 2015-01-25 17:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-01-25 17:26 - 2015-01-25 17:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-01-22 18:48 - 2015-02-04 19:54 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\C6 2015
2015-01-21 18:54 - 2015-02-04 20:02 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\fotos varias
2015-01-21 17:11 - 2015-02-04 20:04 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Downloads\LS
2015-01-21 17:05 - 2015-02-04 20:03 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Downloads\W0rdMag1c SP7 BySarus
2015-01-19 20:11 - 2015-02-04 19:52 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\SAN VALENTIN
2015-01-19 18:16 - 2015-02-04 19:52 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\CUENTAS
2015-01-19 14:16 - 2015-01-19 14:16 - 00162816 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\VOLTIC CUENTAS.msg
2015-01-17 11:17 - 2015-01-17 11:17 - 00000882 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\Modelo 420.exe.lnk
2015-01-16 16:52 - 2015-02-04 19:59 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\C6
2015-01-16 10:11 - 2015-01-16 10:11 - 00000000 _____ () C:\Users\ESTUDIO A. PEDREÑO\Sti_Trace.log
2015-01-16 09:59 - 2015-01-16 10:09 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\ControlCenter4
2015-01-16 09:55 - 2015-01-16 09:55 - 00000260 _____ () C:\Windows\Brpfx04a.ini
2015-01-16 09:55 - 2015-01-16 09:55 - 00000064 _____ () C:\Windows\brpcfx.ini
2015-01-16 09:55 - 2015-01-16 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-01-16 09:54 - 2015-01-16 10:06 - 00000000 ____D () C:\ProgramData\ControlCenter4
2015-01-16 09:54 - 2015-01-16 09:54 - 00000066 _____ () C:\Windows\Brfaxrx.ini
2015-01-16 09:54 - 2015-01-16 09:54 - 00000000 ____D () C:\Program Files (x86)\Browny02
2015-01-16 09:54 - 2015-01-16 09:54 - 00000000 ____D () C:\Brother
2015-01-16 09:54 - 2015-01-16 09:54 - 00000000 _____ () C:\Windows\BRPARAM.INI
2015-01-16 09:54 - 2003-11-28 18:57 - 00000000 _____ () C:\Windows\brdfxspd.dat
2015-01-16 09:53 - 2015-01-16 09:54 - 00000000 ____D () C:\Program Files (x86)\Brother
2015-01-16 09:53 - 2015-01-16 09:53 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\InstallShield
2015-01-16 09:53 - 2012-09-10 16:31 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2015-01-16 09:53 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2015-01-16 09:53 - 2012-06-05 06:59 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2015-01-16 09:53 - 2010-05-20 05:33 - 00103792 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBI100.EXE
2015-01-16 09:53 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2015-01-16 09:53 - 2010-03-15 16:20 - 00050176 _____ (Brother Industries Ltd.) C:\Windows\SysWOW64\BRPRTINK.DLL
2015-01-16 09:53 - 2010-02-05 02:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2015-01-16 09:53 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2015-01-16 09:53 - 2005-01-17 07:10 - 00045056 _____ () C:\Windows\SysWOW64\BRTCPCON.DLL
2015-01-16 09:53 - 2004-08-09 07:00 - 00000114 _____ () C:\Windows\SysWOW64\BRLMW03A.INI
2015-01-16 09:53 - 2004-08-09 06:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2015-01-15 19:01 - 2015-01-16 10:09 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4
2015-01-15 19:01 - 2015-01-15 19:01 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx
2015-01-15 19:01 - 2009-12-08 16:19 - 00290304 ____N (Brother Industries, Ltd.) C:\Windows\system32\BrfxDA5c.dll
2015-01-15 18:59 - 2015-01-16 09:54 - 00000000 ____D () C:\ProgramData\Brother
2015-01-14 21:24 - 2015-01-14 21:24 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Wise Care 365
2015-01-14 21:20 - 2015-01-14 21:20 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\SlimWare Utilities Inc
2015-01-14 21:19 - 2015-01-14 21:21 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2015-01-14 21:19 - 2015-01-14 21:19 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-01-14 16:53 - 2015-01-14 16:54 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\AdvertismentImages
2015-01-14 16:52 - 2015-01-14 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
2015-01-14 16:52 - 2015-01-14 16:52 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter
2015-01-14 14:42 - 2015-02-05 09:03 - 00000000 ___RD () C:\Users\ESTUDIO A. PEDREÑO\Desktop\ibiza
2015-01-13 21:49 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 21:49 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 21:49 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 21:49 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 21:49 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 21:49 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 21:49 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 21:49 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 21:49 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 21:49 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 21:49 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 21:49 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 21:49 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 13:38 - 2015-02-06 07:27 - 00005112 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ESTUDIOAPEDREÑO-ESTUDIO A. PEDREÑO ESTUDIOAPEDREÑO
2015-01-13 08:45 - 2015-01-13 08:45 - 00000000 ____D () C:\ProgramData\Steam
2015-01-12 12:40 - 2015-01-12 12:43 - 00000000 ____D () C:\Program Files (x86)\Gobierno de Canarias
2015-01-12 12:40 - 2015-01-12 12:40 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\GobCan
2015-01-12 12:40 - 2015-01-12 12:40 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gobierno de Canarias
2015-01-09 18:26 - 2015-02-04 19:53 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Downloads\The Song of the Butterfly [Hungary 2014] HD
2015-01-09 18:24 - 2015-02-04 19:51 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Downloads\Spacedrum by Yuki Koshimoto
2015-01-09 18:21 - 2015-02-04 19:51 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Downloads\beautiful tank hank (drum in gaz)
2015-01-09 16:42 - 2015-01-09 16:42 - 00000437 _____ () C:\Users\Public\Desktop\IGIC - Modelo 425 (2014).lnk
2015-01-09 16:42 - 2000-05-24 03:45 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-01-09 11:47 - 2015-01-09 11:48 - 00001711 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\ESTUDIO ANDRES.lnk
2015-01-08 20:18 - 2015-01-08 20:18 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2015-01-08 19:15 - 2015-01-09 21:00 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-01-08 19:15 - 2015-01-09 21:00 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-01-08 19:15 - 2015-01-09 21:00 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-01-08 18:54 - 2015-01-08 18:54 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\PDAppFlex
2015-01-08 17:24 - 2015-01-08 17:24 - 00000000 ____D () C:\Windows\pss
2015-01-08 16:36 - 2015-01-08 16:36 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-08 12:13 - 2015-02-05 21:54 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\BARCELONA 12 Y 1
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 08:16 - 2014-12-12 16:37 - 01308017 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 07:58 - 2014-12-19 18:26 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 07:49 - 2014-12-19 18:26 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 07:34 - 2014-12-20 13:20 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-06 07:26 - 2014-12-20 10:35 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Documents\Archivos de Outlook
2015-02-06 05:19 - 2014-12-20 13:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 01:52 - 2014-12-20 13:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-06 01:52 - 2014-12-20 11:26 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\DAEMON Tools Pro
2015-02-06 01:25 - 2009-07-14 04:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 01:25 - 2009-07-14 04:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 01:18 - 2014-12-19 18:26 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 01:18 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 22:06 - 2014-12-12 16:33 - 00000000 ____D () C:\Windows\Panther
2015-02-05 20:27 - 2014-12-19 18:48 - 00000469 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\2 TB WD.lnk
2015-02-05 17:55 - 2014-12-12 17:43 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO
2015-02-05 16:12 - 2005-11-26 23:34 - 00000000 _RSHD () C:\Windows\install
2015-02-05 09:44 - 2014-12-19 18:26 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 09:44 - 2014-12-19 18:26 - 00003844 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 09:24 - 2014-12-20 10:35 - 2011951408 _____ () C:\Users\ESTUDIO A. PEDREÑO\Desktop\andrespedreno@arrakis.es.PST.jpjynhd
2015-02-05 02:58 - 2014-12-19 18:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 02:58 - 2014-12-19 18:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 02:58 - 2014-12-19 18:26 - 00003776 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:03 - 2014-12-22 09:53 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\cc
2015-02-04 20:02 - 2015-01-01 18:40 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\FOTOS STELLA IPHONE
2015-02-04 20:02 - 2015-01-01 14:45 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\Desktop\IPHONE 12 14
2015-02-04 19:51 - 2014-12-30 19:34 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox
2015-02-04 19:51 - 2014-12-21 16:01 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\JDownloader v2.0
2015-02-01 17:08 - 2014-12-21 17:07 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Spotify
2015-02-01 17:04 - 2014-12-21 17:06 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Spotify
2015-01-30 12:28 - 2015-01-01 18:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-29 10:19 - 2014-12-20 01:05 - 01649848 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-29 10:19 - 2011-04-12 09:10 - 00747226 _____ () C:\Windows\system32\perfh00A.dat
2015-01-29 10:19 - 2011-04-12 09:10 - 00158698 _____ () C:\Windows\system32\perfc00A.dat
2015-01-29 10:19 - 2009-07-14 05:13 - 01649848 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 10:00 - 2014-12-20 18:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 16:04 - 2014-12-20 11:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 15:09 - 2014-12-20 11:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 15:09 - 2014-12-20 11:14 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 14:37 - 2009-07-14 04:45 - 09565528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-26 11:16 - 2014-12-12 17:57 - 00071808 _____ () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 17:26 - 2014-12-20 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-19 15:37 - 2014-12-20 00:26 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Microsoft Help
2015-01-16 09:53 - 2014-12-12 17:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 03:05 - 2014-12-20 00:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2014-12-20 00:27 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 22:29 - 2014-12-21 16:03 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-01-12 12:40 - 2014-12-31 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gobierno de Canarias
2015-01-09 21:00 - 2014-12-21 19:08 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-01-08 19:23 - 2014-12-19 18:32 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-08 19:14 - 2014-12-20 11:32 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-08 19:14 - 2014-12-20 11:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-08 19:08 - 2014-12-19 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2015-01-08 17:43 - 2014-12-20 11:34 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-08 17:20 - 2014-12-19 18:26 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Adobe
2015-01-08 16:25 - 2014-12-30 19:39 - 00000000 ___RD () C:\Users\ESTUDIO A. PEDREÑO\Dropbox
2015-01-08 12:47 - 2014-12-20 10:59 - 00000000 ____D () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\ACD Systems
 
==================== Files in the root of some directories =======
 
2015-01-28 13:51 - 2015-01-29 18:47 - 0464384 _____ (Dirección General de la Policía) C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\DNIeService.exe
2014-12-20 20:41 - 2014-12-20 20:41 - 0007601 _____ () C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Resmon.ResmonCfg
2015-02-04 19:44 - 2015-02-05 08:51 - 27911949 _____ () C:\ProgramData\umecqfh.html
 
Some content of TEMP:
====================
C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Temp\Quarantine.exe
C:\Users\ESTUDIO A. PEDREÑO\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 00:18
 
==================== End Of Log ============================
 
_________________________________________________________________________________________________
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by ESTUDIO A. PEDREÑO at 2015-02-06 08:27:51
Running from C:\Users\ESTUDIO A. PEDREÑO\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACDSee Pro 7 (HKLM-x32\...\{FCDC1C23-C105-4DB0-9B7E-C88BED71491B}) (Version: 7.0.138 - ACD Systems International Inc.)
Actualización de NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Apple Application Support (32 bits) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4281 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J6510DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Dropbox (HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)
Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Free M4a to MP3 Converter 8.4 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grabador inteligente de Creative (HKLM-x32\...\Smart Recorder) (Version: 2.20 - Creative Technology Limited)
IGIC - Modelo 420 (2014) (HKLM-x32\...\{F4B11BF4-FFD5-460C-A3FA-CCE7A27C371E}) (Version:  - )
IGIC - Modelo 425 (2014) (HKLM-x32\...\{6312EC5F-34F6-40D4-A41E-2FFCFFA36645}) (Version:  - )
Instalable DNIe (HKLM\...\{FE707892-A9CB-4191-A4B2-0D3BE0CF5337}) (Version: 11.2.0 - Cuerpo Nacional de Policía)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware versión 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NVIDIA Controlador de 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
Paquete Dolby Digital Live (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
RegHunter (HKLM-x32\...\RegHunter) (Version: 1.3.3.1613 - Enigma Software Group, LLC)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sound Blaster Z-Series (HKLM-x32\...\{47954582-81A8-44D4-A631-E6AE58E80399}) (Version: 1.00.05 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Dirección General de la Policía (UMPass) SmartCard  (04/09/2014 1.0.2.2) (HKLM\...\FC8BFCC77C8FC0A819288C408E9B8AC4CC55AC5D) (Version: 04/09/2014 1.0.2.2 - Dirección General de la Policía)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1928626174-2780560462-2623644768-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
06-02-2015 02:56:05 Punto de control programado
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2015-01-08 17:01 - 00000854 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {06D20D8C-09CD-4BDC-809B-D7011011E75A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {265C71DB-F2AE-46D7-B6C1-906FA0F4C2D5} - System32\Tasks\{08966482-C257-4B80-A2F9-AB11C78922E8} => pcalua.exe -a "C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=tugs <==== ATTENTION
Task: {30CA60F4-1773-41C6-9FEB-B85BC2C9350A} - System32\Tasks\Open Chrome => Chrome.exe --new-window toolbar.avg.com/ch-uninstall?cid={0BE121A4-1D51-4670-A428-19A686A83035}&amp;mid=511c4ec4be5947cdb92ee1ccef6ab9eb-fbdb84c0e3b7139293f6a51890c98baa82a560a9&amp;lang=es&amp;ds=AVG&amp;coid=avgtbavg&amp;cmpid=&amp;pr=fr&amp;d=&amp;v=4.0.5.7&amp;pid=wtu&amp;sg=
Task: {3B6C5F3C-7C3A-42AA-9DC1-D177C024019E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {4E330B95-8D27-415B-96FB-D7215A4542EE} - System32\Tasks\mllcjvk => C:\Users\ESTUDI~1.PED\AppData\Local\Temp\qllkevi.exe <==== ATTENTION
Task: {4EF67F5C-D0DF-498A-8346-10779DF3F2EC} - \LaunchSignup No Task File <==== ATTENTION
Task: {7D3C4235-B8B7-4A98-88DF-1A41C5D96508} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7D8A5003-E821-46CC-B958-72497561F89B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {83EDCF42-78F3-4DA9-86F1-7729EBAAD534} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-02-05] (Enigma Software Group USA, LLC.)
Task: {8BB20468-442E-45EC-ACEE-41DA80982310} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B37645C8-9165-40C1-8BF0-1B9835D63B10} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C4C9E388-F9FE-479B-8CDD-26B447370CA1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D4C55B28-8AA9-46FE-9AA9-68D3BAA98308} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E7C60C66-7AB2-48D9-A915-62EEF1C67A65} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {F12E6FEE-AF9D-4435-BFD1-478041A46545} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ESTUDIOAPEDREÑO-ESTUDIO A. PEDREÑO ESTUDIOAPEDREÑO => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2014-12-20 13:28 - 2014-12-20 13:28 - 01686552 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2012-09-23 20:44 - 2012-09-23 20:44 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\es_es\acrotray.esp
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1928626174-2780560462-2623644768-1000\Control Panel\Desktop\\Wallpaper -> 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: Creative Media Toolbox 6 Licensing Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^ESTUDIO A. PEDREÑO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: ACPW07EN => "C:\Program Files (x86)\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\ESTUDIO A. PEDREÑO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1928626174-2780560462-2623644768-500 - Administrator - Disabled)
ESTUDIO A. PEDREÑO (S-1-5-21-1928626174-2780560462-2623644768-1000 - Administrator - Enabled) => C:\Users\ESTUDIO A. PEDREÑO
Invitado (S-1-5-21-1928626174-2780560462-2623644768-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1928626174-2780560462-2623644768-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 29%
Total physical RAM: 8139.91 MB
Available physical RAM: 5732.5 MB
Total Pagefile: 16278.01 MB
Available Pagefile: 13679.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:830.6 GB) NTFS
Drive d: (BACKUPS) (Fixed) (Total:465.76 GB) (Free:319.39 GB) NTFS
Drive h: (WESTERN DIGITAL) (Fixed) (Total:1862.98 GB) (Free:1260.19 GB) NTFS
Drive i: (CDROM) (CDROM) (Total:4.37 GB) (Free:0 GB) UDF
Drive j: (DESCARGAS Y DEMAS) (Fixed) (Total:3726.02 GB) (Free:1087.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F7D5EE88)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 3E772DAB)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 777AAC87)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.
 
==================== End Of Log ============================
 
_____________________________________________________________________
 
That's all .. I hope there any solution. From what I've read you can not decrypt the files if you do not pay.
 
Good Luck all people, Andrés 

Edited by hamluis, 07 February 2015 - 08:13 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,021 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:40 AM

Posted 10 February 2015 - 10:02 AM

Greetings Andres and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.
 

From what I've read you can not decrypt the files if you do not pay.

This is correct.

There is evidence of illegall software on your computer. I am going to request you uninstall Adobe before we clean your computer, which is still infected. If you are willing to do that please let me know when it has been done and we will start
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Andres Pedreno

Andres Pedreno
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canary Island. Spain
  • Local time:02:40 PM

Posted 10 February 2015 - 11:40 AM

Hi Gary.

 

Since I have wrote  this post I have  reading about how to recover my files and found one of the solutions is to restore the system, but it has not worked.

The advantage now is that I just installed office and little else.

Tell me please as I proceed to clean the virus or perhaps is better to format and start again.

Thank God,  I had a copy of my papers in dropbox and got them back,  but for example all my family photos and other documents remain encrypted.

What stops me to make the payment of the 3 bitcoins is I´m not sure to  receive the file to decrypt.

Have knowledge of someone who has paid and what you have achieved?

Thank you very much for your expert help.

A hug, Andrés



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,021 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:40 AM

Posted 10 February 2015 - 08:39 PM

Hi Andres,

If there is any information you want to save on the infected computer it is best to clean the computer then do a full reformat and reinstall of the operating system.

We don't recommend paying the ransom but I say that knowing they are not my files, they are yours. I don't know whether or not paying the ransom will result in you getting the files back.

Let me know what you would like to do.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Andres Pedreno

Andres Pedreno
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canary Island. Spain
  • Local time:02:40 PM

Posted 11 February 2015 - 11:28 AM

Hi Gary!

 

Finally I formated hd and installed programs. 

 

All encrypted files is saved in external hard drives, hoping anybody resolve the problem.

 

Thank you very very very much for your attention. 

 

This attention made me think there are good person in the world.  :gathering:

 

Best regards and all the best for you. 

 

You can close the post ...

 

Sincerely, Andrés 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,021 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:40 AM

Posted 11 February 2015 - 12:40 PM

Thank you Andres and thank you for your kind words. Allow me to leave you with some information to consider.

===================================================

Keeping Your Computer Safe

----------

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read: Simple and easy ways to keep your computer safe and secure on the Internet.

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif

Edited by Oh My!, 11 February 2015 - 12:41 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,021 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:40 AM

Posted 11 February 2015 - 12:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users