Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

securityhelper.dll and other trojans


  • This topic is locked This topic is locked
17 replies to this topic

#1 taekwondo2015

taekwondo2015

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 07 March 2015 - 04:17 PM

Hi!

 

I have a problem, I cannot remove securityhelper.dll and other trojans from my computer. Everytime I restart the computer it appears again and I don't know what to do. I am desperate please.

 

My malware is giving me the following info:

 

Trojan.LVBP.ED ...\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ARPworks

 

Trojan.LVBP.ED    C:\ProgramData\Microsoft\Security\Client\temp\tmp81C6.exe

 

Trojan.LVBP.ED    C:\Users\Rocío\AppData\Local\ARPworks\tmp81C6.exe

 

Exploit.Drop.70     C:\ProgramData\Microsoft\Security\Client\temp\tmpF7E9.exe

 

Trojan win64/Sathurbot.A   C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll

 

 

Could you please tell me how to remove these forever from my computer and don't appear ever again when I restart.

 

Thanks

 

 



BC AdBot (Login to Remove)

 


#2 taekwondo2015

taekwondo2015
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 07 March 2015 - 04:52 PM

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Rocío (administrator) on ROCÍOANDRÉS on 07-03-2015 22:45:57
Running from C:\Users\Rocío\Downloads
Loaded Profiles: Rocío (Available profiles: Rocío)
Platform: Windows 8.1 (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\Run: [Ujvvmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Rocío\AppData\Local\ARPworks\New.dll
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\MountPoints2: G - "G:\BS4Launcher.exe" 
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\MountPoints2: H - "H:\setup.exe" 
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\MountPoints2: {fa445a89-8e8a-11e3-be84-a0481c224d87} - "G:\BS4Launcher.exe" 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/1185-154363-12092-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/1185-154363-12092-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> DefaultScope {95244034-FC75-4E9B-9D89-E7D0250AF8A3} URL = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {95244034-FC75-4E9B-9D89-E7D0250AF8A3} URL = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {9C23CF23-F3C2-4BCA-ACCB-3985C9893262} URL = 
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @fxinteractive.com/fxplanet -> C:\ProgramData\FXWebPlayer\npfxplanet.dll [2014-02-09] (FX Interactive)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1576284644-675206908-386992093-1002: @acestream.net/acestreamplugin,version=2.2.4-next -> \player\npace_plugin.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\Firefox\Extensions: [magicplayer@torrentstream.org] - \extensions\firefox\magicplayer@torrentstream.org
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.es/"
CHR Profile: C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09]
CHR Extension: (Google Drive) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09]
CHR Extension: (YouTube) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09]
CHR Extension: (Google Search) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09]
CHR Extension: (Blossom) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\idjmedbobeakbopimfiicbonioiahhnd [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR Extension: (Gmail) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
S3 KAUpdateService; C:\Program Files (x86)\The Book of Unwritten Tales 2\service\KAUpdateService.exe [36864 2015-01-27] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-27] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [735648 2011-05-17] (Enigma Software Group USA, LLC.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-02-08] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-10-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-10-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-10-10] (ESET)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-02-08] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2013-03-26] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-07 22:29 - 2015-03-07 22:43 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Broken Sword 2.5
2015-03-07 22:26 - 2015-03-07 22:26 - 00001214 _____ () C:\Users\Public\Desktop\Broken Sword 2.5 - El Regreso de los Templarios.lnk
2015-03-07 22:25 - 2015-03-07 22:25 - 00001174 _____ () C:\Users\Public\Desktop\Broken Sword III - El sueño del dragon.lnk
2015-03-07 22:24 - 2015-03-07 22:24 - 00001352 _____ () C:\Users\Public\Desktop\Broken Sword - La Leyenda de los Templarios - El Montaje del Director.lnk
2015-03-07 21:56 - 2015-03-07 21:56 - 00036618 _____ () C:\Users\Rocío\Downloads\Addition.txt
2015-03-07 21:55 - 2015-03-07 22:46 - 00021998 _____ () C:\Users\Rocío\Downloads\FRST.txt
2015-03-07 21:55 - 2015-03-07 22:45 - 00000000 ____D () C:\FRST
2015-03-07 21:54 - 2015-03-07 21:54 - 02094592 _____ (Farbar) C:\Users\Rocío\Downloads\FRST64.exe
2015-03-07 21:52 - 2015-03-07 21:56 - 11386853 _____ () C:\Users\Rocío\Downloads\Reg_Rev_301.152.rar
2015-03-07 21:28 - 2015-03-07 21:30 - 10514955 _____ () C:\Users\Rocío\Downloads\Registry Reviver 3.0.1.152.rar
2015-03-07 21:19 - 2015-03-07 21:19 - 00000000 ____D () C:\Users\Rocío\Desktop\mbar
2015-03-07 21:18 - 2015-03-07 21:18 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Rocío\Downloads\rkill.exe
2015-03-07 21:18 - 2015-03-07 21:18 - 00002598 _____ () C:\WINDOWS\System32\Tasks\Start Registry Reviver for RocíoAndrés@Rocío(logon)
2015-03-07 21:17 - 2015-03-07 21:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Rocío\Downloads\mbar-1.09.1.1004.exe
2015-03-07 21:17 - 2015-03-07 21:17 - 00402432 _____ (Farbar) C:\Users\Rocío\Downloads\MiniToolBox.exe
2015-03-07 21:15 - 2015-03-07 21:16 - 00003098 _____ () C:\Users\Rocío\Downloads\FSS.txt
2015-03-07 21:13 - 2015-03-07 21:13 - 00415232 _____ (Farbar) C:\Users\Rocío\Downloads\FSS.exe
2015-03-07 21:12 - 2015-03-07 21:12 - 00852604 _____ () C:\Users\Rocío\Downloads\SecurityCheck.exe
2015-03-07 21:09 - 2015-03-07 21:09 - 04159880 _____ (ReviverSoft LLC) C:\Users\Rocío\Downloads\RegistryReviverInstaller.exe
2015-03-07 21:02 - 2015-03-07 21:02 - 00853824 _____ (Raymond.cc) C:\Users\Rocío\Downloads\Defender_Uninstaller.exe
2015-03-07 20:57 - 2015-03-05 23:18 - 00001172 _____ () C:\Users\Rocío\Desktop\The Book of Unwritten Tales 2.lnk
2015-03-06 00:01 - 2015-03-06 00:05 - 00000000 ____D () C:\Users\Rocío\Documents\Broken Sword II - Remastered
2015-03-05 23:58 - 2015-03-05 23:58 - 00001276 _____ () C:\Users\Public\Desktop\Broken Sword II - Las fuerzas del mal - Remasterizado.lnk
2015-03-05 23:41 - 2015-03-05 23:41 - 00000000 ____D () C:\Users\Rocío\Documents\Broken Sword - The Angel of Death
2015-03-05 23:22 - 2015-03-07 22:26 - 00000000 ____D () C:\Program Files (x86)\Revolution
2015-03-05 23:18 - 2015-03-07 20:57 - 00000000 ____D () C:\Users\Rocío\Documents\bout2
2015-03-05 23:18 - 2015-03-05 23:19 - 00000000 ____D () C:\Program Files (x86)\The Book of Unwritten Tales 2
2015-03-05 23:18 - 2015-03-05 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Unwritten Tales 2
2015-03-05 22:57 - 2015-03-05 23:02 - 00000000 ____D () C:\Users\Rocío\Desktop\broken sword tributo
2015-03-05 22:53 - 2015-03-05 22:56 - 00000000 ____D () C:\Users\Rocío\Desktop\unwritten tales2
2015-03-05 22:03 - 2015-03-05 22:03 - 00001287 _____ () C:\Users\Rocío\Desktop\Revo Uninstaller.lnk
2015-03-05 22:03 - 2015-03-05 22:03 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-05 22:00 - 2015-03-05 22:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rocío\Desktop\revosetup.exe
2015-03-05 20:29 - 2015-03-05 20:29 - 00011573 _____ () C:\Users\Rocío\Downloads\El_unico_superviviente_HDRip.torrent
2015-03-04 23:51 - 2015-03-04 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-03-04 23:42 - 2015-03-04 23:43 - 11231944 _____ (ESET) C:\Users\Rocío\Downloads\avremover_nt64_enu.exe
2015-03-04 23:14 - 2015-03-04 23:14 - 00810280 _____ () C:\Users\Rocío\Downloads\eset_nod32_antivirus.exe
2015-03-04 00:10 - 2015-03-04 23:51 - 00000000 ____D () C:\ProgramData\ESET
2015-03-04 00:10 - 2015-03-04 23:51 - 00000000 ____D () C:\Program Files\ESET
2015-03-04 00:06 - 2015-03-03 14:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-03 23:48 - 2015-03-03 23:48 - 01388333 _____ (Thisisu) C:\Users\Rocío\Downloads\JRT.exe
2015-03-03 23:47 - 2015-03-03 23:47 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Rocío\Downloads\rkill.com
2015-03-03 23:45 - 2015-03-03 23:46 - 01132704 _____ (ESET spol. s r.o.) C:\Users\Rocío\Downloads\eset_av_remover.exe
2015-03-03 23:44 - 2015-03-03 23:44 - 10995632 _____ (SurfRight B.V.) C:\Users\Rocío\Downloads\HitmanPro_x64.exe
2015-03-03 23:42 - 2015-03-03 23:43 - 11553080 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MSEInstall (1).exe
2015-03-03 23:42 - 2015-03-03 23:42 - 14178464 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MSEInstall.exe
2015-03-03 23:27 - 2015-03-03 23:27 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.19934884866517.2.1.Run.exe
2015-03-03 23:26 - 2015-03-03 23:26 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.19934884866517.1.2.Run (1).exe
2015-03-03 23:25 - 2015-03-03 23:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.19934884866517.1.2.Run.exe
2015-03-03 23:25 - 2015-03-03 23:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.19934884866517.1.1.Run.exe
2015-03-03 21:33 - 2015-03-03 21:33 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.12234887054320517.2.3.Run.exe
2015-03-03 21:32 - 2015-03-05 22:01 - 00000000 ____D () C:\MATS
2015-03-03 21:32 - 2015-03-03 21:32 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.12234887054320517.2.2.Run.exe
2015-03-03 21:29 - 2015-03-03 21:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.12234887054320517.2.1.Run.exe
2015-03-02 23:44 - 2015-03-04 23:46 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2015-03-02 23:44 - 2015-03-02 23:44 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Rocío\Downloads\SpyHunter-Installer.exe
2015-03-02 23:43 - 2015-03-02 23:43 - 06993464 _____ (Security Stronghold ) C:\Users\Rocío\Downloads\StrongholdAntiMalware.exe
2015-03-02 23:38 - 2015-03-02 23:40 - 133643504 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\msert.exe
2015-03-02 23:21 - 2015-03-03 23:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-02 20:16 - 2015-03-02 20:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-03-02 20:13 - 2015-03-03 21:11 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-03-02 20:13 - 2015-03-02 20:13 - 00002307 _____ () C:\Users\Rocío\Desktop\SpyHunter.lnk
2015-03-02 20:12 - 2015-03-02 20:13 - 00000000 ____D () C:\sh4ldr
2015-03-02 20:12 - 2015-03-02 20:12 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-03-02 20:11 - 2015-03-03 21:11 - 00000000 ____D () C:\WINDOWS\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2015-03-02 00:05 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-02 00:05 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-03-02 00:05 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-02 00:05 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-02 00:05 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-03-02 00:05 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-02 00:05 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-03-02 00:05 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-03-02 00:05 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-03-02 00:05 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-02 00:05 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-02 00:05 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-02 00:05 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-02 00:05 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-02 00:05 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-02 00:05 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-03-02 00:05 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-03-02 00:05 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-03-02 00:05 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-03-02 00:05 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-03-02 00:05 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-02 00:05 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-03-02 00:05 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-01 23:51 - 2015-03-01 23:51 - 00000000 __SHD () C:\Users\Rocío\AppData\Local\EmieBrowserModeList
2015-03-01 22:36 - 2015-03-05 22:33 - 00002259 _____ () C:\WINDOWS\epplauncher.mif
2015-03-01 22:22 - 2015-03-05 22:36 - 00000000 ____D () C:\AdwCleaner
2015-03-01 22:21 - 2015-03-01 22:21 - 02126848 _____ () C:\Users\Rocío\Desktop\AdwCleaner.exe
2015-03-01 22:21 - 2015-03-01 22:21 - 00000000 _____ () C:\autoexec.bat
2015-03-01 21:31 - 2015-03-07 20:42 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-01 21:30 - 2015-03-01 21:31 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-01 21:30 - 2015-03-01 21:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-03-01 21:29 - 2015-03-01 21:29 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-01 21:26 - 2015-03-01 21:27 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Rocío\Downloads\tdsskiller.exe
2015-03-01 19:32 - 2015-03-02 16:31 - 00000000 ____D () C:\Users\Rocío\Desktop\pájaros y perros móvil
2015-03-01 19:13 - 2015-03-02 16:55 - 00000000 ____D () C:\Users\Rocío\Desktop\movil cosas
2015-03-01 18:59 - 2015-03-01 19:00 - 00000000 ____D () C:\Users\Rocío\Desktop\andrea
2015-03-01 18:58 - 2015-03-01 18:58 - 00000000 ____D () C:\Users\Rocío\Desktop\médico y cole
2015-03-01 18:57 - 2015-03-01 18:57 - 00000000 ____D () C:\Users\Rocío\Desktop\empleo
2015-03-01 18:37 - 2015-03-01 18:37 - 00020342 _____ () C:\Users\Rocío\Downloads\broken-sword-tributo-multi2pcdvdp2pwwwgamestorrentsco..torrent
2015-02-27 23:45 - 2015-03-03 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange
2015-02-27 23:43 - 2015-03-03 21:11 - 00000000 ____D () C:\Program Files (x86)\Life Is Strange
2015-02-27 23:33 - 2015-02-27 23:33 - 00332768 _____ () C:\WINDOWS\Minidump\022715-36328-01.dmp
2015-02-27 22:48 - 2015-02-27 22:48 - 00014214 _____ () C:\Users\Rocío\Downloads\thebookofunwrittentales2-fl..torrent
2015-02-25 23:45 - 2015-02-25 23:45 - 02893824 _____ () C:\Users\Rocío\Downloads\fpdfedit20.msi
2015-02-25 23:43 - 2015-02-25 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-02-25 23:41 - 2015-02-25 23:42 - 16342352 _____ (Geek Software GmbH ) C:\Users\Rocío\Downloads\pdf24-creator-6.9.2.exe
2015-02-25 18:53 - 2015-02-25 18:53 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Ice-Pick Lodge
2015-02-25 18:52 - 2015-02-25 18:52 - 00000000 ____D () C:\Program Files (x86)\Ice-pick Lodge
2015-02-25 18:51 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 18:51 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 18:51 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 18:51 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 18:51 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 18:51 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 21:25 - 2015-02-26 20:01 - 00014054 _____ () C:\Users\Rocío\Desktop\reducción jornada.xlsx
2015-02-18 23:57 - 2015-02-18 23:57 - 00000000 ____D () C:\Users\Rocío\AppData\Local\BigFinishGames
2015-02-18 23:45 - 2015-02-18 23:45 - 00001016 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tesla Effect A Tex Murphy Adventure.lnk
2015-02-18 23:30 - 2015-02-18 23:45 - 00000000 ____D () C:\Program Files (x86)\Tesla Effect A Tex Murphy Adventure
2015-02-17 20:14 - 2015-02-17 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Friendware
2015-02-17 20:14 - 2015-02-17 20:14 - 00000000 ____D () C:\Program Files (x86)\Friendware
2015-02-17 19:06 - 2015-02-17 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Never Alone (Kisima Ingitchuna)
2015-02-17 18:51 - 2015-03-02 23:27 - 00000000 ____D () C:\Program Files (x86)\Never Alone
2015-02-17 18:20 - 2015-02-17 19:12 - 00000000 ____D () C:\Program Files (x86)\The Vanishing of Ethan Carter
2015-02-15 20:36 - 2015-02-15 20:36 - 00000000 ____D () C:\Users\Rocío\Desktop\Recetas thermomix
2015-02-15 20:32 - 2015-02-15 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Fandango Remastered
2015-02-15 20:21 - 2015-02-15 20:34 - 00000000 ____D () C:\Program Files (x86)\Grim Fandango Remastered
2015-02-15 19:46 - 2015-03-05 22:43 - 00000000 ____D () C:\Users\Rocío\Desktop\pasar ordenador
2015-02-15 16:19 - 2015-02-15 16:19 - 00024899 _____ () C:\Users\Rocío\Downloads\la_isla_minima_dvd_xvid.torrent
2015-02-15 16:19 - 2015-02-15 16:19 - 00020370 _____ () C:\Users\Rocío\Downloads\La_teoria_del_todo_BR_Screener.torrent
2015-02-15 16:19 - 2015-02-15 16:19 - 00018383 _____ () C:\Users\Rocío\Downloads\Torrente_5_HDRip.torrent
2015-02-15 16:01 - 2015-02-17 18:22 - 00000000 ____D () C:\Users\Rocío\Downloads\Imagina y Crea con Pipo
2015-02-15 15:46 - 2015-02-15 15:46 - 00014450 _____ () C:\Users\Rocío\Downloads\[kickass.to]aprende.a.leer.con.pipo.1.pc.torrent
2015-02-15 15:46 - 2015-02-15 15:46 - 00011040 _____ () C:\Users\Rocío\Downloads\[kickass.to]imagina.y.crea.con.pipo.torrent
2015-02-11 22:58 - 2015-02-11 22:58 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-02-11 22:58 - 2015-02-11 22:58 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-02-11 22:23 - 2015-02-11 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cateia Games
2015-02-11 22:23 - 2015-02-11 22:23 - 00000000 ____D () C:\Program Files (x86)\Cateia Games
2015-02-11 22:23 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-02-11 22:23 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 03299512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-02-11 22:23 - 2015-02-05 22:01 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-02-10 22:29 - 2015-02-10 22:29 - 00000638 _____ () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pedido.lnk
2015-02-10 22:03 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 22:03 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 22:03 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 22:03 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 19:50 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 19:50 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 19:50 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 19:50 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 19:50 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 19:50 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 19:50 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 19:50 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 19:50 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 19:50 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 19:50 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 19:50 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 19:50 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 19:50 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-10 19:50 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-10 19:50 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-10 19:50 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-10 19:50 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 19:50 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 19:50 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 19:50 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 19:50 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 19:50 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 19:50 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 19:50 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 19:50 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 19:49 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 19:49 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-10 19:49 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 19:49 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 19:49 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 19:49 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 19:49 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 19:49 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 19:49 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 19:49 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 19:49 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 19:49 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 19:49 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 19:49 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-10 19:49 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 19:49 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 19:49 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 19:49 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 19:49 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 19:49 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 19:49 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 19:49 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 19:49 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 19:49 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 19:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-02-10 19:49 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-02-10 19:49 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-02-10 19:49 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-02-10 19:49 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-02-10 19:49 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-02-10 19:49 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:49 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-02-10 19:49 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-02-10 19:49 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-02-10 19:49 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-02-10 19:49 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-02-10 19:49 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2015-02-10 19:49 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-02-10 19:48 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 19:48 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 19:48 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 19:48 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 19:48 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 19:48 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 19:48 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 19:48 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 19:48 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 19:48 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 19:48 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 19:48 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 19:48 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 19:48 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-02-10 19:48 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-02-10 19:48 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-02-10 19:48 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-02-10 19:48 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-02-10 19:48 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-02-10 19:48 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-02-10 19:48 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-02-10 19:48 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-02-10 19:48 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-02-10 19:48 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-02-10 19:48 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-02-10 19:48 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-02-10 19:48 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-02-10 19:48 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-02-10 19:48 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-02-10 19:48 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-02-10 19:48 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-02-10 19:48 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-02-10 19:48 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-02-10 19:48 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-02-10 19:48 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-02-10 19:48 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-02-10 19:48 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2015-02-10 19:48 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2015-02-10 19:48 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2015-02-10 19:48 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2015-02-10 19:48 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2015-02-10 19:48 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2015-02-10 19:48 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2015-02-10 19:48 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-02-10 19:48 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2015-02-10 19:48 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-02-10 19:48 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2015-02-10 19:48 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2015-02-10 19:48 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2015-02-10 19:48 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 19:48 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2015-02-10 19:48 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2015-02-10 19:48 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-02-10 19:48 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2015-02-10 19:48 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2015-02-08 22:52 - 2015-02-08 22:52 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Mozilla
2015-02-08 22:50 - 2015-02-08 22:50 - 00314016 _____ () C:\WINDOWS\system32\Drivers\atksgt.sys
2015-02-08 22:50 - 2015-02-08 22:50 - 00043680 _____ () C:\WINDOWS\system32\Drivers\lirsgt.sys
2015-02-08 22:50 - 2015-02-08 22:50 - 00000000 ____D () C:\ProgramData\Tages
2015-02-08 22:13 - 2015-02-08 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Puppeteer
2015-02-08 22:12 - 2015-02-08 22:12 - 00000000 ____D () C:\Program Files (x86)\Shadow Puppeteer
2015-02-08 20:53 - 2015-02-08 20:53 - 00081920 ___SH () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thumbs.db
2015-02-08 20:52 - 2015-02-08 20:52 - 00000000 ____D () C:\Users\Rocío\Documents\Korra
2015-02-08 19:19 - 2015-02-08 19:19 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box
2015-02-08 19:11 - 2015-02-08 19:26 - 00000000 ____D () C:\Program Files (x86)\Fable Anniversary
2015-02-08 11:38 - 2015-02-08 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
2015-02-08 11:31 - 2015-02-08 11:31 - 00000000 ____D () C:\Program Files (x86)\Focus Home Interactive
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-07 22:26 - 2013-07-22 10:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-07 22:16 - 2014-10-30 19:46 - 01875779 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-07 22:10 - 2014-03-26 10:03 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf48d24d4b450b.job
2015-03-07 22:08 - 2014-11-10 22:55 - 00393216 ___SH () C:\Users\Rocío\Desktop\Thumbs.db
2015-03-07 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-07 21:53 - 2014-01-08 21:24 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1576284644-675206908-386992093-1002
2015-03-07 20:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-05 23:44 - 2014-02-06 20:17 - 00000000 ____D () C:\Users\Rocío\Torrents
2015-03-05 22:44 - 2014-02-04 20:55 - 00000000 ____D () C:\Users\Rocío\Desktop\pelis
2015-03-05 22:40 - 2013-08-22 15:46 - 00316351 _____ () C:\WINDOWS\setupact.log
2015-03-05 22:40 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-05 22:39 - 2014-01-12 21:33 - 00000000 ____D () C:\Users\Rocío\CV
2015-03-05 22:35 - 2014-04-12 10:43 - 00000000 ____D () C:\Users\Rocío\Desktop\Peppa pig
2015-03-05 22:29 - 2014-09-24 07:11 - 00024318 _____ () C:\WINDOWS\PFRO.log
2015-03-05 22:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Performance
2015-03-05 21:56 - 2014-01-31 22:53 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\uTorrent
2015-03-05 21:38 - 2014-01-09 19:54 - 00000000 ____D () C:\Users\Rocío\AppData\Local\Adobe
2015-03-05 21:06 - 2014-01-10 22:57 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForRocío
2015-03-05 21:06 - 2014-01-10 22:57 - 00000356 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForRocío.job
2015-03-05 20:32 - 2014-08-03 20:01 - 00000000 ____D () C:\Program Files (x86)\3DM-brokenage
2015-03-04 23:37 - 2014-12-06 13:37 - 00092672 ___SH () C:\Users\Rocío\Downloads\Thumbs.db
2015-03-04 00:17 - 2014-01-09 19:43 - 00002208 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-04 00:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-03 22:06 - 2014-01-11 16:06 - 00000000 ____D () C:\Users\Rocío\Desktop\programas
2015-03-03 22:05 - 2014-02-12 00:05 - 00000000 ____D () C:\Users\Rocío\Desktop\juegos
2015-03-03 21:54 - 2014-10-30 19:56 - 00000000 ____D () C:\Users\Rocío
2015-03-03 21:11 - 2014-10-30 19:43 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-03 21:11 - 2014-06-24 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-03 21:11 - 2014-06-24 22:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-03 21:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinMetadata
2015-03-03 21:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-03-03 21:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-03 21:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-03 21:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-03 21:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-03 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2015-03-03 20:19 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-03 08:37 - 2014-01-30 21:14 - 00000000 ____D () C:\Users\Rocío\Desktop\mp3s
2015-03-02 20:16 - 2014-01-11 16:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-02 19:53 - 2014-12-19 17:51 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Nero
2015-03-02 00:01 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-03-01 23:47 - 2013-08-22 15:44 - 05160016 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-01 22:56 - 2014-01-11 21:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-01 22:29 - 2014-01-08 21:17 - 00000992 _____ () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 21:48 - 2013-09-30 22:58 - 00000000 ____D () C:\ProgramData\Temp
2015-03-01 21:31 - 2014-01-09 19:09 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Malwarebytes
2015-03-01 21:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-01 19:00 - 2015-01-16 19:50 - 00000000 ____D () C:\Users\Rocío\Desktop\varios fotos ordenar
2015-03-01 18:59 - 2014-06-20 14:08 - 00000000 ____D () C:\Users\Rocío\Desktop\Trabajo
2015-03-01 17:12 - 2014-11-23 17:57 - 00018944 ___SH () C:\Users\Rocío\Thumbs.db
2015-02-27 23:48 - 2014-02-20 23:27 - 00000000 ____D () C:\Users\Rocío\Documents\My Games
2015-02-27 23:47 - 2013-07-22 10:22 - 00542097 _____ () C:\WINDOWS\DirectX.log
2015-02-27 23:46 - 2013-09-30 22:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-27 23:33 - 2014-10-30 19:42 - 631743103 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-27 23:24 - 2015-01-16 19:51 - 00000000 ____D () C:\Users\Rocío\Desktop\pedido
2015-02-26 23:03 - 2014-02-01 23:57 - 00000000 ____D () C:\Users\Rocío\Documents\Broken Sword 5
2015-02-25 23:43 - 2014-01-17 16:32 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-02-25 23:42 - 2014-09-20 19:08 - 00000895 _____ () C:\Users\Rocío\Downloads\Descargas - Acceso directo.lnk
2015-02-25 18:48 - 2014-11-29 22:00 - 00000000 ____D () C:\Program Files (x86)\Memoria
2015-02-24 22:48 - 2014-02-03 22:07 - 00000000 ____D () C:\Users\Rocío\documental ovejero
2015-02-24 22:48 - 2014-01-12 18:47 - 00000000 ____D () C:\Users\Rocío\cds pajaros
2015-02-24 22:37 - 2015-01-29 23:35 - 00000000 ____D () C:\Users\Rocío\Desktop\libro jilgueros
2015-02-24 21:27 - 2015-01-16 19:52 - 00000000 ____D () C:\Users\Rocío\Desktop\varios
2015-02-22 22:46 - 2015-01-16 19:51 - 00000000 ____D () C:\Users\Rocío\Desktop\pájaros
2015-02-18 23:59 - 2014-10-13 16:34 - 00000000 ____D () C:\Program Files\Adobe
2015-02-18 23:56 - 2014-10-13 16:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-15 23:51 - 2014-02-19 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
2015-02-15 23:51 - 2014-02-19 23:39 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2015-02-15 23:43 - 2014-03-15 23:23 - 00000000 ____D () C:\Users\Rocío\Documents\Art of Murder  -  The Hunt for the Puppeteer
2015-02-15 20:27 - 2014-05-31 13:42 - 00000000 ____D () C:\Users\Rocío\Documents\Electronic Arts
2015-02-11 22:26 - 2014-10-30 19:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-10 23:41 - 2014-12-07 23:11 - 00000000 ____D () C:\Program Files (x86)\The Night of the Rabbit
2015-02-10 23:40 - 2014-10-11 16:23 - 00000000 ____D () C:\Games
2015-02-08 20:53 - 2014-12-01 22:43 - 00000924 _____ () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\cumple Rocío 2 añitos.lnk
2015-02-08 19:21 - 2014-12-14 11:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-02-08 19:20 - 2015-01-20 23:48 - 00000000 ____D () C:\Program Files (x86)\Gabriel Knight Sins of the Fathers
2015-02-08 19:20 - 2014-02-20 22:29 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-02-05 22:01 - 2015-01-24 16:31 - 02902784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-02-05 22:01 - 2014-10-23 22:21 - 14119744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-02-05 22:01 - 2014-10-23 22:21 - 00995248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-02-05 22:01 - 2014-10-23 22:21 - 00877816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-02-05 22:01 - 2014-10-23 22:21 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-02-05 22:01 - 2014-10-23 22:21 - 00164752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-02-05 20:07 - 2014-10-30 19:46 - 06861128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-02-05 20:07 - 2014-10-30 19:46 - 03517584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-10-30 19:46 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-10-30 19:46 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-10-30 19:46 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-02-05 20:06 - 2014-10-30 19:46 - 01098384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-02-05 20:06 - 2014-10-30 19:46 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-02-05 20:06 - 2014-10-30 19:46 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-02-05 13:50 - 2014-10-30 19:46 - 04236870 _____ () C:\WINDOWS\system32\nvcoproc.bin
 
==================== Files in the root of some directories =======
 
2014-06-29 20:27 - 2014-06-29 20:27 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Rocío\Actualizacion_Renta2013_windows_1_20.exe
C:\Users\Rocío\Actualizacion_Renta2013_windows_1_21.exe
C:\Users\Rocío\dstwoupdate.dat
C:\Users\Rocío\ESRDiscPatcher.exe
 
 
Some content of TEMP:
====================
C:\Users\Rocío\AppData\Local\Temp\InstHelper.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-05 23:51
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Rocío (administrator) on ROCÍOANDRÉS on 07-03-2015 22:45:57
Running from C:\Users\Rocío\Downloads
Loaded Profiles: Rocío (Available profiles: Rocío)
Platform: Windows 8.1 (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\Run: [Ujvvmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Rocío\AppData\Local\ARPworks\New.dll
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\MountPoints2: G - "G:\BS4Launcher.exe" 
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\MountPoints2: H - "H:\setup.exe" 
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\MountPoints2: {fa445a89-8e8a-11e3-be84-a0481c224d87} - "G:\BS4Launcher.exe" 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/1185-154363-12092-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/1185-154363-12092-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> DefaultScope {95244034-FC75-4E9B-9D89-E7D0250AF8A3} URL = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {95244034-FC75-4E9B-9D89-E7D0250AF8A3} URL = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {9C23CF23-F3C2-4BCA-ACCB-3985C9893262} URL = 
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @fxinteractive.com/fxplanet -> C:\ProgramData\FXWebPlayer\npfxplanet.dll [2014-02-09] (FX Interactive)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1576284644-675206908-386992093-1002: @acestream.net/acestreamplugin,version=2.2.4-next -> \player\npace_plugin.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\Firefox\Extensions: [magicplayer@torrentstream.org] - \extensions\firefox\magicplayer@torrentstream.org
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.es/"
CHR Profile: C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09]
CHR Extension: (Google Drive) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09]
CHR Extension: (YouTube) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09]
CHR Extension: (Google Search) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09]
CHR Extension: (Blossom) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\idjmedbobeakbopimfiicbonioiahhnd [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR Extension: (Gmail) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
S3 KAUpdateService; C:\Program Files (x86)\The Book of Unwritten Tales 2\service\KAUpdateService.exe [36864 2015-01-27] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-27] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [735648 2011-05-17] (Enigma Software Group USA, LLC.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-02-08] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-10-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-10-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-10-10] (ESET)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-02-08] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2013-03-26] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-07 22:29 - 2015-03-07 22:43 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Broken Sword 2.5
2015-03-07 22:26 - 2015-03-07 22:26 - 00001214 _____ () C:\Users\Public\Desktop\Broken Sword 2.5 - El Regreso de los Templarios.lnk
2015-03-07 22:25 - 2015-03-07 22:25 - 00001174 _____ () C:\Users\Public\Desktop\Broken Sword III - El sueño del dragon.lnk
2015-03-07 22:24 - 2015-03-07 22:24 - 00001352 _____ () C:\Users\Public\Desktop\Broken Sword - La Leyenda de los Templarios - El Montaje del Director.lnk
2015-03-07 21:56 - 2015-03-07 21:56 - 00036618 _____ () C:\Users\Rocío\Downloads\Addition.txt
2015-03-07 21:55 - 2015-03-07 22:46 - 00021998 _____ () C:\Users\Rocío\Downloads\FRST.txt
2015-03-07 21:55 - 2015-03-07 22:45 - 00000000 ____D () C:\FRST
2015-03-07 21:54 - 2015-03-07 21:54 - 02094592 _____ (Farbar) C:\Users\Rocío\Downloads\FRST64.exe
2015-03-07 21:52 - 2015-03-07 21:56 - 11386853 _____ () C:\Users\Rocío\Downloads\Reg_Rev_301.152.rar
2015-03-07 21:28 - 2015-03-07 21:30 - 10514955 _____ () C:\Users\Rocío\Downloads\Registry Reviver 3.0.1.152.rar
2015-03-07 21:19 - 2015-03-07 21:19 - 00000000 ____D () C:\Users\Rocío\Desktop\mbar
2015-03-07 21:18 - 2015-03-07 21:18 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Rocío\Downloads\rkill.exe
2015-03-07 21:18 - 2015-03-07 21:18 - 00002598 _____ () C:\WINDOWS\System32\Tasks\Start Registry Reviver for RocíoAndrés@Rocío(logon)
2015-03-07 21:17 - 2015-03-07 21:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Rocío\Downloads\mbar-1.09.1.1004.exe
2015-03-07 21:17 - 2015-03-07 21:17 - 00402432 _____ (Farbar) C:\Users\Rocío\Downloads\MiniToolBox.exe
2015-03-07 21:15 - 2015-03-07 21:16 - 00003098 _____ () C:\Users\Rocío\Downloads\FSS.txt
2015-03-07 21:13 - 2015-03-07 21:13 - 00415232 _____ (Farbar) C:\Users\Rocío\Downloads\FSS.exe
2015-03-07 21:12 - 2015-03-07 21:12 - 00852604 _____ () C:\Users\Rocío\Downloads\SecurityCheck.exe
2015-03-07 21:09 - 2015-03-07 21:09 - 04159880 _____ (ReviverSoft LLC) C:\Users\Rocío\Downloads\RegistryReviverInstaller.exe
2015-03-07 21:02 - 2015-03-07 21:02 - 00853824 _____ (Raymond.cc) C:\Users\Rocío\Downloads\Defender_Uninstaller.exe
2015-03-07 20:57 - 2015-03-05 23:18 - 00001172 _____ () C:\Users\Rocío\Desktop\The Book of Unwritten Tales 2.lnk
2015-03-06 00:01 - 2015-03-06 00:05 - 00000000 ____D () C:\Users\Rocío\Documents\Broken Sword II - Remastered
2015-03-05 23:58 - 2015-03-05 23:58 - 00001276 _____ () C:\Users\Public\Desktop\Broken Sword II - Las fuerzas del mal - Remasterizado.lnk
2015-03-05 23:41 - 2015-03-05 23:41 - 00000000 ____D () C:\Users\Rocío\Documents\Broken Sword - The Angel of Death
2015-03-05 23:22 - 2015-03-07 22:26 - 00000000 ____D () C:\Program Files (x86)\Revolution
2015-03-05 23:18 - 2015-03-07 20:57 - 00000000 ____D () C:\Users\Rocío\Documents\bout2
2015-03-05 23:18 - 2015-03-05 23:19 - 00000000 ____D () C:\Program Files (x86)\The Book of Unwritten Tales 2
2015-03-05 23:18 - 2015-03-05 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Unwritten Tales 2
2015-03-05 22:57 - 2015-03-05 23:02 - 00000000 ____D () C:\Users\Rocío\Desktop\broken sword tributo
2015-03-05 22:53 - 2015-03-05 22:56 - 00000000 ____D () C:\Users\Rocío\Desktop\unwritten tales2
2015-03-05 22:03 - 2015-03-05 22:03 - 00001287 _____ () C:\Users\Rocío\Desktop\Revo Uninstaller.lnk
2015-03-05 22:03 - 2015-03-05 22:03 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-05 22:00 - 2015-03-05 22:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Rocío\Desktop\revosetup.exe
2015-03-05 20:29 - 2015-03-05 20:29 - 00011573 _____ () C:\Users\Rocío\Downloads\El_unico_superviviente_HDRip.torrent
2015-03-04 23:51 - 2015-03-04 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-03-04 23:42 - 2015-03-04 23:43 - 11231944 _____ (ESET) C:\Users\Rocío\Downloads\avremover_nt64_enu.exe
2015-03-04 23:14 - 2015-03-04 23:14 - 00810280 _____ () C:\Users\Rocío\Downloads\eset_nod32_antivirus.exe
2015-03-04 00:10 - 2015-03-04 23:51 - 00000000 ____D () C:\ProgramData\ESET
2015-03-04 00:10 - 2015-03-04 23:51 - 00000000 ____D () C:\Program Files\ESET
2015-03-04 00:06 - 2015-03-03 14:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-03 23:48 - 2015-03-03 23:48 - 01388333 _____ (Thisisu) C:\Users\Rocío\Downloads\JRT.exe
2015-03-03 23:47 - 2015-03-03 23:47 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Rocío\Downloads\rkill.com
2015-03-03 23:45 - 2015-03-03 23:46 - 01132704 _____ (ESET spol. s r.o.) C:\Users\Rocío\Downloads\eset_av_remover.exe
2015-03-03 23:44 - 2015-03-03 23:44 - 10995632 _____ (SurfRight B.V.) C:\Users\Rocío\Downloads\HitmanPro_x64.exe
2015-03-03 23:42 - 2015-03-03 23:43 - 11553080 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MSEInstall (1).exe
2015-03-03 23:42 - 2015-03-03 23:42 - 14178464 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MSEInstall.exe
2015-03-03 23:27 - 2015-03-03 23:27 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.19934884866517.2.1.Run.exe
2015-03-03 23:26 - 2015-03-03 23:26 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.19934884866517.1.2.Run (1).exe
2015-03-03 23:25 - 2015-03-03 23:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.19934884866517.1.2.Run.exe
2015-03-03 23:25 - 2015-03-03 23:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.19934884866517.1.1.Run.exe
2015-03-03 21:33 - 2015-03-03 21:33 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.12234887054320517.2.3.Run.exe
2015-03-03 21:32 - 2015-03-05 22:01 - 00000000 ____D () C:\MATS
2015-03-03 21:32 - 2015-03-03 21:32 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.12234887054320517.2.2.Run.exe
2015-03-03 21:29 - 2015-03-03 21:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.12234887054320517.2.1.Run.exe
2015-03-02 23:44 - 2015-03-04 23:46 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2015-03-02 23:44 - 2015-03-02 23:44 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Rocío\Downloads\SpyHunter-Installer.exe
2015-03-02 23:43 - 2015-03-02 23:43 - 06993464 _____ (Security Stronghold ) C:\Users\Rocío\Downloads\StrongholdAntiMalware.exe
2015-03-02 23:38 - 2015-03-02 23:40 - 133643504 _____ (Microsoft Corporation) C:\Users\Rocío\Downloads\msert.exe
2015-03-02 23:21 - 2015-03-03 23:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-02 20:16 - 2015-03-02 20:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-03-02 20:13 - 2015-03-03 21:11 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-03-02 20:13 - 2015-03-02 20:13 - 00002307 _____ () C:\Users\Rocío\Desktop\SpyHunter.lnk
2015-03-02 20:12 - 2015-03-02 20:13 - 00000000 ____D () C:\sh4ldr
2015-03-02 20:12 - 2015-03-02 20:12 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-03-02 20:11 - 2015-03-03 21:11 - 00000000 ____D () C:\WINDOWS\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2015-03-02 00:05 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-02 00:05 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-03-02 00:05 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-02 00:05 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-02 00:05 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-03-02 00:05 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-02 00:05 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-03-02 00:05 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-03-02 00:05 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-03-02 00:05 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-02 00:05 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-02 00:05 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-02 00:05 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-02 00:05 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-02 00:05 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-02 00:05 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-03-02 00:05 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-03-02 00:05 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-03-02 00:05 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-03-02 00:05 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-03-02 00:05 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-02 00:05 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-03-02 00:05 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-01 23:51 - 2015-03-01 23:51 - 00000000 __SHD () C:\Users\Rocío\AppData\Local\EmieBrowserModeList
2015-03-01 22:36 - 2015-03-05 22:33 - 00002259 _____ () C:\WINDOWS\epplauncher.mif
2015-03-01 22:22 - 2015-03-05 22:36 - 00000000 ____D () C:\AdwCleaner
2015-03-01 22:21 - 2015-03-01 22:21 - 02126848 _____ () C:\Users\Rocío\Desktop\AdwCleaner.exe
2015-03-01 22:21 - 2015-03-01 22:21 - 00000000 _____ () C:\autoexec.bat
2015-03-01 21:31 - 2015-03-07 20:42 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-01 21:30 - 2015-03-01 21:31 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-01 21:30 - 2015-03-01 21:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-03-01 21:29 - 2015-03-01 21:29 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-01 21:26 - 2015-03-01 21:27 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Rocío\Downloads\tdsskiller.exe
2015-03-01 19:32 - 2015-03-02 16:31 - 00000000 ____D () C:\Users\Rocío\Desktop\pájaros y perros móvil
2015-03-01 19:13 - 2015-03-02 16:55 - 00000000 ____D () C:\Users\Rocío\Desktop\movil cosas
2015-03-01 18:59 - 2015-03-01 19:00 - 00000000 ____D () C:\Users\Rocío\Desktop\andrea
2015-03-01 18:58 - 2015-03-01 18:58 - 00000000 ____D () C:\Users\Rocío\Desktop\médico y cole
2015-03-01 18:57 - 2015-03-01 18:57 - 00000000 ____D () C:\Users\Rocío\Desktop\empleo
2015-03-01 18:37 - 2015-03-01 18:37 - 00020342 _____ () C:\Users\Rocío\Downloads\broken-sword-tributo-multi2pcdvdp2pwwwgamestorrentsco..torrent
2015-02-27 23:45 - 2015-03-03 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange
2015-02-27 23:43 - 2015-03-03 21:11 - 00000000 ____D () C:\Program Files (x86)\Life Is Strange
2015-02-27 23:33 - 2015-02-27 23:33 - 00332768 _____ () C:\WINDOWS\Minidump\022715-36328-01.dmp
2015-02-27 22:48 - 2015-02-27 22:48 - 00014214 _____ () C:\Users\Rocío\Downloads\thebookofunwrittentales2-fl..torrent
2015-02-25 23:45 - 2015-02-25 23:45 - 02893824 _____ () C:\Users\Rocío\Downloads\fpdfedit20.msi
2015-02-25 23:43 - 2015-02-25 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-02-25 23:41 - 2015-02-25 23:42 - 16342352 _____ (Geek Software GmbH ) C:\Users\Rocío\Downloads\pdf24-creator-6.9.2.exe
2015-02-25 18:53 - 2015-02-25 18:53 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Ice-Pick Lodge
2015-02-25 18:52 - 2015-02-25 18:52 - 00000000 ____D () C:\Program Files (x86)\Ice-pick Lodge
2015-02-25 18:51 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 18:51 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 18:51 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 18:51 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 18:51 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 18:51 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 21:25 - 2015-02-26 20:01 - 00014054 _____ () C:\Users\Rocío\Desktop\reducción jornada.xlsx
2015-02-18 23:57 - 2015-02-18 23:57 - 00000000 ____D () C:\Users\Rocío\AppData\Local\BigFinishGames
2015-02-18 23:45 - 2015-02-18 23:45 - 00001016 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tesla Effect A Tex Murphy Adventure.lnk
2015-02-18 23:30 - 2015-02-18 23:45 - 00000000 ____D () C:\Program Files (x86)\Tesla Effect A Tex Murphy Adventure
2015-02-17 20:14 - 2015-02-17 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Friendware
2015-02-17 20:14 - 2015-02-17 20:14 - 00000000 ____D () C:\Program Files (x86)\Friendware
2015-02-17 19:06 - 2015-02-17 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Never Alone (Kisima Ingitchuna)
2015-02-17 18:51 - 2015-03-02 23:27 - 00000000 ____D () C:\Program Files (x86)\Never Alone
2015-02-17 18:20 - 2015-02-17 19:12 - 00000000 ____D () C:\Program Files (x86)\The Vanishing of Ethan Carter
2015-02-15 20:36 - 2015-02-15 20:36 - 00000000 ____D () C:\Users\Rocío\Desktop\Recetas thermomix
2015-02-15 20:32 - 2015-02-15 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Fandango Remastered
2015-02-15 20:21 - 2015-02-15 20:34 - 00000000 ____D () C:\Program Files (x86)\Grim Fandango Remastered
2015-02-15 19:46 - 2015-03-05 22:43 - 00000000 ____D () C:\Users\Rocío\Desktop\pasar ordenador
2015-02-15 16:19 - 2015-02-15 16:19 - 00024899 _____ () C:\Users\Rocío\Downloads\la_isla_minima_dvd_xvid.torrent
2015-02-15 16:19 - 2015-02-15 16:19 - 00020370 _____ () C:\Users\Rocío\Downloads\La_teoria_del_todo_BR_Screener.torrent
2015-02-15 16:19 - 2015-02-15 16:19 - 00018383 _____ () C:\Users\Rocío\Downloads\Torrente_5_HDRip.torrent
2015-02-15 16:01 - 2015-02-17 18:22 - 00000000 ____D () C:\Users\Rocío\Downloads\Imagina y Crea con Pipo
2015-02-15 15:46 - 2015-02-15 15:46 - 00014450 _____ () C:\Users\Rocío\Downloads\[kickass.to]aprende.a.leer.con.pipo.1.pc.torrent
2015-02-15 15:46 - 2015-02-15 15:46 - 00011040 _____ () C:\Users\Rocío\Downloads\[kickass.to]imagina.y.crea.con.pipo.torrent
2015-02-11 22:58 - 2015-02-11 22:58 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-02-11 22:58 - 2015-02-11 22:58 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-02-11 22:23 - 2015-02-11 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cateia Games
2015-02-11 22:23 - 2015-02-11 22:23 - 00000000 ____D () C:\Program Files (x86)\Cateia Games
2015-02-11 22:23 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-02-11 22:23 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 03299512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-02-11 22:23 - 2015-02-05 22:01 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-02-10 22:29 - 2015-02-10 22:29 - 00000638 _____ () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pedido.lnk
2015-02-10 22:03 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 22:03 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 22:03 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 22:03 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 19:50 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 19:50 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 19:50 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 19:50 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 19:50 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 19:50 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 19:50 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 19:50 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 19:50 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 19:50 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 19:50 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 19:50 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 19:50 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 19:50 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-10 19:50 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-10 19:50 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-10 19:50 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-10 19:50 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 19:50 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 19:50 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 19:50 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 19:50 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 19:50 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 19:50 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 19:50 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 19:50 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 19:49 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 19:49 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-10 19:49 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 19:49 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 19:49 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 19:49 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 19:49 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 19:49 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 19:49 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 19:49 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 19:49 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 19:49 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 19:49 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 19:49 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-10 19:49 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 19:49 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 19:49 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 19:49 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 19:49 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 19:49 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 19:49 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 19:49 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 19:49 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 19:49 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 19:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-02-10 19:49 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-02-10 19:49 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-02-10 19:49 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-02-10 19:49 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-02-10 19:49 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-02-10 19:49 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:49 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-02-10 19:49 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-02-10 19:49 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-02-10 19:49 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-02-10 19:49 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-02-10 19:49 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2015-02-10 19:49 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-02-10 19:48 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 19:48 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 19:48 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 19:48 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 19:48 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 19:48 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 19:48 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 19:48 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 19:48 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 19:48 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 19:48 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 19:48 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 19:48 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 19:48 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-02-10 19:48 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-02-10 19:48 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-02-10 19:48 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-02-10 19:48 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-02-10 19:48 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-02-10 19:48 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-02-10 19:48 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-02-10 19:48 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-02-10 19:48 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-02-10 19:48 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-02-10 19:48 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-02-10 19:48 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-02-10 19:48 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-02-10 19:48 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-02-10 19:48 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-02-10 19:48 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-02-10 19:48 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-02-10 19:48 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-02-10 19:48 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-02-10 19:48 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-02-10 19:48 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-02-10 19:48 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-02-10 19:48 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2015-02-10 19:48 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2015-02-10 19:48 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2015-02-10 19:48 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2015-02-10 19:48 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2015-02-10 19:48 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2015-02-10 19:48 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2015-02-10 19:48 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-02-10 19:48 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2015-02-10 19:48 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-02-10 19:48 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2015-02-10 19:48 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2015-02-10 19:48 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2015-02-10 19:48 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 19:48 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2015-02-10 19:48 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2015-02-10 19:48 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-02-10 19:48 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2015-02-10 19:48 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2015-02-08 22:52 - 2015-02-08 22:52 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Mozilla
2015-02-08 22:50 - 2015-02-08 22:50 - 00314016 _____ () C:\WINDOWS\system32\Drivers\atksgt.sys
2015-02-08 22:50 - 2015-02-08 22:50 - 00043680 _____ () C:\WINDOWS\system32\Drivers\lirsgt.sys
2015-02-08 22:50 - 2015-02-08 22:50 - 00000000 ____D () C:\ProgramData\Tages
2015-02-08 22:13 - 2015-02-08 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Puppeteer
2015-02-08 22:12 - 2015-02-08 22:12 - 00000000 ____D () C:\Program Files (x86)\Shadow Puppeteer
2015-02-08 20:53 - 2015-02-08 20:53 - 00081920 ___SH () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thumbs.db
2015-02-08 20:52 - 2015-02-08 20:52 - 00000000 ____D () C:\Users\Rocío\Documents\Korra
2015-02-08 19:19 - 2015-02-08 19:19 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box
2015-02-08 19:11 - 2015-02-08 19:26 - 00000000 ____D () C:\Program Files (x86)\Fable Anniversary
2015-02-08 11:38 - 2015-02-08 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
2015-02-08 11:31 - 2015-02-08 11:31 - 00000000 ____D () C:\Program Files (x86)\Focus Home Interactive
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-07 22:26 - 2013-07-22 10:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-07 22:16 - 2014-10-30 19:46 - 01875779 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-07 22:10 - 2014-03-26 10:03 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf48d24d4b450b.job
2015-03-07 22:08 - 2014-11-10 22:55 - 00393216 ___SH () C:\Users\Rocío\Desktop\Thumbs.db
2015-03-07 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-07 21:53 - 2014-01-08 21:24 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1576284644-675206908-386992093-1002
2015-03-07 20:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-05 23:44 - 2014-02-06 20:17 - 00000000 ____D () C:\Users\Rocío\Torrents
2015-03-05 22:44 - 2014-02-04 20:55 - 00000000 ____D () C:\Users\Rocío\Desktop\pelis
2015-03-05 22:40 - 2013-08-22 15:46 - 00316351 _____ () C:\WINDOWS\setupact.log
2015-03-05 22:40 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-05 22:39 - 2014-01-12 21:33 - 00000000 ____D () C:\Users\Rocío\CV
2015-03-05 22:35 - 2014-04-12 10:43 - 00000000 ____D () C:\Users\Rocío\Desktop\Peppa pig
2015-03-05 22:29 - 2014-09-24 07:11 - 00024318 _____ () C:\WINDOWS\PFRO.log
2015-03-05 22:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Performance
2015-03-05 21:56 - 2014-01-31 22:53 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\uTorrent
2015-03-05 21:38 - 2014-01-09 19:54 - 00000000 ____D () C:\Users\Rocío\AppData\Local\Adobe
2015-03-05 21:06 - 2014-01-10 22:57 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForRocío
2015-03-05 21:06 - 2014-01-10 22:57 - 00000356 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForRocío.job
2015-03-05 20:32 - 2014-08-03 20:01 - 00000000 ____D () C:\Program Files (x86)\3DM-brokenage
2015-03-04 23:37 - 2014-12-06 13:37 - 00092672 ___SH () C:\Users\Rocío\Downloads\Thumbs.db
2015-03-04 00:17 - 2014-01-09 19:43 - 00002208 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-04 00:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-03 22:06 - 2014-01-11 16:06 - 00000000 ____D () C:\Users\Rocío\Desktop\programas
2015-03-03 22:05 - 2014-02-12 00:05 - 00000000 ____D () C:\Users\Rocío\Desktop\juegos
2015-03-03 21:54 - 2014-10-30 19:56 - 00000000 ____D () C:\Users\Rocío
2015-03-03 21:11 - 2014-10-30 19:43 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-03 21:11 - 2014-06-24 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-03 21:11 - 2014-06-24 22:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-03 21:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinMetadata
2015-03-03 21:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-03-03 21:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-03 21:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-03 21:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-03 21:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-03 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2015-03-03 20:19 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-03 08:37 - 2014-01-30 21:14 - 00000000 ____D () C:\Users\Rocío\Desktop\mp3s
2015-03-02 20:16 - 2014-01-11 16:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-02 19:53 - 2014-12-19 17:51 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Nero
2015-03-02 00:01 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-03-01 23:47 - 2013-08-22 15:44 - 05160016 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-01 22:56 - 2014-01-11 21:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-01 22:29 - 2014-01-08 21:17 - 00000992 _____ () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 21:48 - 2013-09-30 22:58 - 00000000 ____D () C:\ProgramData\Temp
2015-03-01 21:31 - 2014-01-09 19:09 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Malwarebytes
2015-03-01 21:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-01 19:00 - 2015-01-16 19:50 - 00000000 ____D () C:\Users\Rocío\Desktop\varios fotos ordenar
2015-03-01 18:59 - 2014-06-20 14:08 - 00000000 ____D () C:\Users\Rocío\Desktop\Trabajo
2015-03-01 17:12 - 2014-11-23 17:57 - 00018944 ___SH () C:\Users\Rocío\Thumbs.db
2015-02-27 23:48 - 2014-02-20 23:27 - 00000000 ____D () C:\Users\Rocío\Documents\My Games
2015-02-27 23:47 - 2013-07-22 10:22 - 00542097 _____ () C:\WINDOWS\DirectX.log
2015-02-27 23:46 - 2013-09-30 22:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-27 23:33 - 2014-10-30 19:42 - 631743103 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-27 23:24 - 2015-01-16 19:51 - 00000000 ____D () C:\Users\Rocío\Desktop\pedido
2015-02-26 23:03 - 2014-02-01 23:57 - 00000000 ____D () C:\Users\Rocío\Documents\Broken Sword 5
2015-02-25 23:43 - 2014-01-17 16:32 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-02-25 23:42 - 2014-09-20 19:08 - 00000895 _____ () C:\Users\Rocío\Downloads\Descargas - Acceso directo.lnk
2015-02-25 18:48 - 2014-11-29 22:00 - 00000000 ____D () C:\Program Files (x86)\Memoria
2015-02-24 22:48 - 2014-02-03 22:07 - 00000000 ____D () C:\Users\Rocío\documental ovejero
2015-02-24 22:48 - 2014-01-12 18:47 - 00000000 ____D () C:\Users\Rocío\cds pajaros
2015-02-24 22:37 - 2015-01-29 23:35 - 00000000 ____D () C:\Users\Rocío\Desktop\libro jilgueros
2015-02-24 21:27 - 2015-01-16 19:52 - 00000000 ____D () C:\Users\Rocío\Desktop\varios
2015-02-22 22:46 - 2015-01-16 19:51 - 00000000 ____D () C:\Users\Rocío\Desktop\pájaros
2015-02-18 23:59 - 2014-10-13 16:34 - 00000000 ____D () C:\Program Files\Adobe
2015-02-18 23:56 - 2014-10-13 16:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-15 23:51 - 2014-02-19 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
2015-02-15 23:51 - 2014-02-19 23:39 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2015-02-15 23:43 - 2014-03-15 23:23 - 00000000 ____D () C:\Users\Rocío\Documents\Art of Murder  -  The Hunt for the Puppeteer
2015-02-15 20:27 - 2014-05-31 13:42 - 00000000 ____D () C:\Users\Rocío\Documents\Electronic Arts
2015-02-11 22:26 - 2014-10-30 19:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-10 23:41 - 2014-12-07 23:11 - 00000000 ____D () C:\Program Files (x86)\The Night of the Rabbit
2015-02-10 23:40 - 2014-10-11 16:23 - 00000000 ____D () C:\Games
2015-02-08 20:53 - 2014-12-01 22:43 - 00000924 _____ () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\cumple Rocío 2 añitos.lnk
2015-02-08 19:21 - 2014-12-14 11:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-02-08 19:20 - 2015-01-20 23:48 - 00000000 ____D () C:\Program Files (x86)\Gabriel Knight Sins of the Fathers
2015-02-08 19:20 - 2014-02-20 22:29 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-02-05 22:01 - 2015-01-24 16:31 - 02902784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-02-05 22:01 - 2014-10-23 22:21 - 14119744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-02-05 22:01 - 2014-10-23 22:21 - 00995248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-02-05 22:01 - 2014-10-23 22:21 - 00877816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-02-05 22:01 - 2014-10-23 22:21 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-02-05 22:01 - 2014-10-23 22:21 - 00164752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-02-05 20:07 - 2014-10-30 19:46 - 06861128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-02-05 20:07 - 2014-10-30 19:46 - 03517584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-10-30 19:46 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-10-30 19:46 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-10-30 19:46 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-02-05 20:06 - 2014-10-30 19:46 - 01098384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-02-05 20:06 - 2014-10-30 19:46 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-02-05 20:06 - 2014-10-30 19:46 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-02-05 13:50 - 2014-10-30 19:46 - 04236870 _____ () C:\WINDOWS\system32\nvcoproc.bin
 
==================== Files in the root of some directories =======
 
2014-06-29 20:27 - 2014-06-29 20:27 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Rocío\Actualizacion_Renta2013_windows_1_20.exe
C:\Users\Rocío\Actualizacion_Renta2013_windows_1_21.exe
C:\Users\Rocío\dstwoupdate.dat
C:\Users\Rocío\ESRDiscPatcher.exe
 
 
Some content of TEMP:
====================
C:\Users\Rocío\AppData\Local\Temp\InstHelper.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-05 23:51
 
==================== End Of Log ============================

ADDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
Ran by Rocío at 2015-03-07 22:47:04
Running from C:\Users\Rocío\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: Firewall personal de ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\uTorrent) (Version: 3.4.2.33290 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ace Stream Media 2.2.4-next (HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\AceStream) (Version: 2.2.4-next - Ace Stream Media)
Actualización de NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
Adam's Venture 3 version 1.0 (HKLM-x32\...\{9887E914-5CDE-4AA9-81A8-D56B573FCBFF}_is1) (Version: 1.0 - Iceberg Interactive)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM-x32\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AR-K (HKLM-x32\...\AR-K_is1) (Version:  - Gato Salvaje S.L.)
Big Fish Games Client (HKLM-x32\...\BFGC) (Version: 1.3.0.11 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borgia - Faith and Fear (HKLM-x32\...\Borgia - Faith and Fear_is1) (Version:  - )
Broken Sword - La Leyenda de los Templarios - El Montaje del Director (HKLM-x32\...\{8864DCE2-C0E8-41C4-9B0E-F2106FD3E529}) (Version: 1.00.0000 - Revolution)
Broken Sword 2.5 - El regreso de los Templarios (HKLM-x32\...\{E41CA9F7-860A-4DB9-AF23-8DC7AA6A2FA6}) (Version: 1.00.0000 - Revolution)
Broken Sword II - Las Fuerzas del mal - Remasterizado (HKLM-x32\...\{72076A05-8B24-4835-B88B-5231EBE0A6BF}) (Version: 1.00.0000 - Revolution)
Broken Sword III - El Sueño del Dragon (HKLM-x32\...\{223C7F6F-9B06-4A64-A909-39470F4754E1}) (Version: 1.00.0000 - Revolution)
Brothers - A Tale of Two Sons (HKLM-x32\...\Brothers - A Tale of Two Sons_is1) (Version:  - 505 Games)
calibre 64bit (HKLM\...\{EA927D74-9D01-4436-89AE-ACF7C893C845}) (Version: 2.3.0 - Kovid Goyal)
Cat Girl Alliance 1.0 (HKLM-x32\...\{4DCD596A-3C70-4175-8241-5947E1CCE312}_is1) (Version:  - G-Collections.com)
Chronicles of Mystery: The Tree of Life (HKLM-x32\...\Chronicles of Mystery: The Tree of Life/EN-English_is1) (Version:  - City Interactive)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.03103 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103 - Cisco Systems, Inc.) Hidden
Contrast (HKLM-x32\...\Contrast_is1) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deponia (HKLM-x32\...\Deponia) (Version: 1.1 - Lace Mamba Global Ltd)
Dreamfall Chapters (HKLM-x32\...\Dreamfall Chapters_is1) (Version: 1.0 - )
eMule (HKLM-x32\...\eMule) (Version:  - )
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Smart Security (HKLM\...\{413E5248-BDE5-47D0-917B-D509AAF3F16A}) (Version: 8.0.304.1 - ESET, spol s r. o.)
Fable Anniversary (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0012}) (Version: 6.0 - Black Box)
FXWebPlayer (HKLM-x32\...\FXWebPlayer) (Version:  - FX Interactive) <==== ATTENTION
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\Grim Fandango Remastered_is1) (Version:  - )
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Deskjet 3050 J610 series Ayuda (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Estudio para la mejora del producto (HKLM\...\{1806B0A9-08B2-4044-9898-7B6E5E3F233D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Software básico del dispositivo (HKLM\...\{954F6D3C-A24F-4231-8885-24C1E55AF064}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Start (HKLM-x32\...\{4F189491-DD1A-418A-AE58-99B4CC692FDE}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Life Is Strange (HKLM-x32\...\Life Is Strange_is1) (Version:  - SQUARE ENIX)
Malwarebytes Anti-Malware versión 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Monkey Island™ Edición Especial Colección (HKLM-x32\...\MISEC) (Version: 1.0.0.0 - LucasArts)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
NVIDIA Controlador de gráficos 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Panel de control de NVIDIA 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.0 - Power Software Ltd)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Remember Me Repack (HKLM-x32\...\Remember Me Repack) (Version: 9.99 - VictorVal)
Renegade Ops Collection (HKLM-x32\...\Renegade Ops Collection_is1) (Version:  - )
Renta 2013 1.20 (HKLM-x32\...\2285-3920-8902-9260) (Version: 1.20 - AEAT)
Reprobates ES 1.2.19 (HKLM-x32\...\Reprobates ES_is1) (Version:  - Friendware)
Return to Mysterious Island 2 (HKLM-x32\...\Return to Mysterious Island 21.05) (Version: 1.05 - Kheops Studios)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shadow Puppeteer (HKLM-x32\...\Shadow Puppeteer_is1) (Version:  - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.206 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
SpyHunter (HKLM-x32\...\{820C0EEB-9B12-4AD5-B39D-D15ED1DBDD06}) (Version: 4.5.11.3608 - Enigma Software Group USA, LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tales from the Borderlands (HKLM-x32\...\Tales from the Borderlands_is1) (Version:  - Telltale Games)
Tesla Effect: A Tex Murphy Adventure (HKLM-x32\...\VGVzbGFFZmZlY3RBVGV4TXVycGh5QWR2ZW50dXJl_is1) (Version: 1 - )
The Book of Unwritten Tales 2 version 1.0.0 DISC (HKLM-x32\...\The Book of Unwritten Tales 2_is1) (Version: 1.0.0 DISC - Nordic Games GmbH)
The Legend of Crystal Valley 1.001 (HKLM-x32\...\The Legend of Crystal Valley_is1) (Version:  - )
The Lost Cases of 221B Baker St (HKLM-x32\...\The Lost Cases of 221B Baker St_is1) (Version:  - Focus Multimedia Ltd)
The Wolf Among Us Episode 5 (HKLM-x32\...\The Wolf Among Us Episode 5_is1) (Version:  - )
UltraISO Premium V9.62 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
WinISO 5.3 (HKLM-x32\...\WinISO_is1) (Version:  - WinISO Computing Inc.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid 1.1.3 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1576284644-675206908-386992093-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
04-03-2015 00:07:14 Instalado ESET NOD32 Antivirus
05-03-2015 23:19:52 Instalado Broken Sword IV - El Angel de la Muerte
07-03-2015 21:47:12 Registry Reviver Restore Point (03/07/15)
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2DC982D7-6EEA-4C54-B102-AD7D7EA0212F} - System32\Tasks\GoogleUpdateTaskMachineUA1cf48d24d4b450b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {2EEDD284-FAB4-402E-9327-8BEC9BBC0721} - System32\Tasks\Start Registry Reviver for RocíoAndrés@Rocío(logon) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
Task: {42508FD5-816E-49DE-AADF-86525A1C1B6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {448FFDA0-8E97-47D9-AAB5-A3502491D6F1} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4816F666-8C87-45F8-963B-61AC48D2C1F2} - System32\Tasks\{15A375E1-C428-4FED-A19D-1A086301C4F9} => pcalua.exe -a C:\Users\Rocío\AppData\Local\Temp\nro.tmp\SetupX.exe
Task: {4FFE7C95-82C4-4703-8FA2-88124D3ED7EA} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {55A49CEE-2EEB-476E-BF4B-48E2145668E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {653EC7A3-2547-42B9-8F32-44952997035A} - System32\Tasks\GoogleUpdateTaskMachineCore1d03ffe7abea77 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {6AEA0FAA-2F96-4016-AB3D-7270B341C9AF} - System32\Tasks\GoogleUpdateTaskMachineCore1cf696f54c42309 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {77565B82-082A-48AC-946E-496BF947C364} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8a35a1a53a70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {858C0322-9217-4490-9AB1-40BC73A5DCB8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
Task: {93D9BA5C-DCF1-4AE4-8901-3D19D000E6AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {B2573B80-821E-4251-8E97-5F06E0B1BF7D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {B4C43C50-AAAC-4816-9555-74EE6C10650D} - System32\Tasks\GoogleUpdateTaskMachineUA1cf2dacb6cf952 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {BA20E842-6343-4FC7-90D0-B56D138BC417} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {BAF122E2-82FF-4BB5-9C21-9A64D103A102} - System32\Tasks\HPCeeScheduleForRocío => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {CE44E194-3319-4FBD-ADCD-464E869E29DF} - System32\Tasks\{7404D850-0771-4171-92D3-0D5137569069} => Chrome.exe http://ui.skype.com/ui/0/6.20.0.104/es/go/help.faq.installer?LastError=1618
Task: {D21FBEB9-587D-4F74-A058-4BCA6AD2DAFF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {D2560E95-4B6C-4463-90C9-06C43B24E81C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {E9345990-9133-4976-BF73-FC2A02FE0588} - System32\Tasks\AdobeAAMUpdater-1.0-RocíoAndrés-Rocío => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8a35a1a53a70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d03ffe7abea77.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf48d24d4b450b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRocío.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-10-23 22:21 - 2015-02-05 22:01 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-30 19:46 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-03 17:36 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2014-09-26 13:41 - 2014-09-26 13:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-01 17:14 - 2015-03-01 17:14 - 02623488 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
2013-03-26 16:44 - 2013-03-26 16:44 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-30 22:39 - 2013-05-08 22:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-01-28 22:18 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-04 00:16 - 2015-02-28 02:56 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libglesv2.dll
2015-03-04 00:16 - 2015-02-28 02:56 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libegl.dll
2014-10-23 22:21 - 2015-02-05 22:01 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-04 00:16 - 2015-02-28 02:56 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:2DAD076E
AlternateDataStreams: C:\ProgramData\Temp:61A065F2
AlternateDataStreams: C:\ProgramData\Temp:D3A8AA31
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01812566.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20732711.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01812566.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20732711.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
DNS Servers: 62.81.16.148 - 62.81.16.213
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\StartupApproved\Run: => "HP Deskjet 3050 J610 series (NET)"
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1576284644-675206908-386992093-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1576284644-675206908-386992093-1006 - Limited - Enabled)
Invitado (S-1-5-21-1576284644-675206908-386992093-501 - Limited - Enabled)
Rocío (S-1-5-21-1576284644-675206908-386992093-1002 - Administrator - Enabled) => C:\Users\Rocío
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/06/2015 00:11:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15063
 
Error: (03/06/2015 00:11:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15063
 
Error: (03/06/2015 00:11:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2015 10:33:56 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: RocíoAndrés)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements.  <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.
 
Error: (03/05/2015 10:15:23 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: RocíoAndrés)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements.  <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.
 
Error: (03/05/2015 09:58:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IEXPLORE.EXE, versión: 11.0.9600.17416, marca de tiempo: 0x5452eed9
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17630, marca de tiempo: 0x54b0d74f
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000e581f
Identificador del proceso con errores: 0x710
Hora de inicio de la aplicación con errores: 0xIEXPLORE.EXE0
Ruta de acceso de la aplicación con errores: IEXPLORE.EXE1
Ruta de acceso del módulo con errores: IEXPLORE.EXE2
Identificador del informe: IEXPLORE.EXE3
Nombre completo del paquete con errores: IEXPLORE.EXE4
Identificador de aplicación relativa del paquete con errores: IEXPLORE.EXE5
 
Error: (03/05/2015 09:47:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IEXPLORE.EXE, versión: 11.0.9600.17416, marca de tiempo: 0x5452eed9
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17630, marca de tiempo: 0x54b0d74f
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000e581f
Identificador del proceso con errores: 0x6c4
Hora de inicio de la aplicación con errores: 0xIEXPLORE.EXE0
Ruta de acceso de la aplicación con errores: IEXPLORE.EXE1
Ruta de acceso del módulo con errores: IEXPLORE.EXE2
Identificador del informe: IEXPLORE.EXE3
Nombre completo del paquete con errores: IEXPLORE.EXE4
Identificador de aplicación relativa del paquete con errores: IEXPLORE.EXE5
 
Error: (03/05/2015 09:47:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IEXPLORE.EXE, versión: 11.0.9600.17416, marca de tiempo: 0x5452eed9
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17630, marca de tiempo: 0x54b0d74f
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000e581f
Identificador del proceso con errores: 0x17f0
Hora de inicio de la aplicación con errores: 0xIEXPLORE.EXE0
Ruta de acceso de la aplicación con errores: IEXPLORE.EXE1
Ruta de acceso del módulo con errores: IEXPLORE.EXE2
Identificador del informe: IEXPLORE.EXE3
Nombre completo del paquete con errores: IEXPLORE.EXE4
Identificador de aplicación relativa del paquete con errores: IEXPLORE.EXE5
 
Error: (03/05/2015 09:46:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: chrome.exe, versión: 41.0.2272.76, marca de tiempo: 0x54f10bed
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.3.9600.17278, marca de tiempo: 0x53eeb460
Código de excepción: 0x0eedfade
Desplazamiento de errores: 0x00012f71
Identificador del proceso con errores: 0xd64
Hora de inicio de la aplicación con errores: 0xchrome.exe0
Ruta de acceso de la aplicación con errores: chrome.exe1
Ruta de acceso del módulo con errores: chrome.exe2
Identificador del informe: chrome.exe3
Nombre completo del paquete con errores: chrome.exe4
Identificador de aplicación relativa del paquete con errores: chrome.exe5
 
Error: (03/05/2015 09:46:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: chrome.exe, versión: 41.0.2272.76, marca de tiempo: 0x54f10bed
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc00001a5
Desplazamiento de errores: 0x00407669
Identificador del proceso con errores: 0xd64
Hora de inicio de la aplicación con errores: 0xchrome.exe0
Ruta de acceso de la aplicación con errores: chrome.exe1
Ruta de acceso del módulo con errores: chrome.exe2
Identificador del informe: chrome.exe3
Nombre completo del paquete con errores: chrome.exe4
Identificador de aplicación relativa del paquete con errores: chrome.exe5
 
 
System errors:
=============
Error: (03/07/2015 08:42:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80073d0a: AD2F1837.GettingStartedwithWindows8.
 
Error: (03/07/2015 08:42:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80073d0a: Microsoft.BingTravel.
 
Error: (03/07/2015 08:42:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80073d0a: Microsoft.BingHealthAndFitness.
 
Error: (03/06/2015 00:11:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio CyberLink PowerDVD 12 Media Server Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (03/05/2015 11:53:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80073d0a: AD2F1837.GettingStartedwithWindows8.
 
Error: (03/05/2015 11:53:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80073d0a: Microsoft.BingTravel.
 
Error: (03/05/2015 11:52:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80073d0a: Microsoft.BingHealthAndFitness.
 
Error: (03/05/2015 11:52:20 PM) (Source: DCOM) (EventID: 10010) (User: RocíoAndrés)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (03/05/2015 11:51:49 PM) (Source: DCOM) (EventID: 10010) (User: RocíoAndrés)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (03/05/2015 10:40:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Firewall de Windows se cerró con el error específico de servicio 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (01/17/2014 05:06:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 28%
Total physical RAM: 7962.15 MB
Available physical RAM: 5728.4 MB
Total Pagefile: 16154.15 MB
Available Pagefile: 13833.14 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:910.17 GB) (Free:153.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.57 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FBDFD923)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 PM

Posted 07 March 2015 - 05:34 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you.

If you wish to keep it, please do not use it until your computer is cleaned.


Step 1

Please uninstall some programs:
  • Windows 8 w8.png: Hold down the Windows logo key and press X to open a menu at the lower-left area of the screen.
  • Select Programs and Features from the menu.
  • Search and select the following programs one by one and click on Uninstall: FXWebPlayer, Spyhunter
  • Reboot your computer.
warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

Step 2

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {9C23CF23-F3C2-4BCA-ACCB-3985C9893262} URL = 
    SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
    Toolbar: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    C:\ProgramData\Microsoft\Security\
    2015-03-02 23:44 - 2015-03-02 23:44 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Rocío\Downloads\SpyHunter-Installer.exe
    2015-03-02 20:13 - 2015-03-03 21:11 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2015-03-02 20:13 - 2015-03-02 20:13 - 00002307 _____ () C:\Users\Rocío\Desktop\SpyHunter.lnk
    2015-03-02 20:12 - 2015-03-02 20:13 - 00000000 ____D () C:\sh4ldr
    2015-03-02 20:12 - 2015-03-02 20:12 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
    2015-03-02 20:11 - 2015-03-03 21:11 - 00000000 ____D () C:\WINDOWS\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
    AlternateDataStreams: C:\ProgramData\Temp:2DAD076E
    AlternateDataStreams: C:\ProgramData\Temp:61A065F2
    AlternateDataStreams: C:\ProgramData\Temp:D3A8AA31
    AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5
    HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\Run: [Ujvvmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Rocío\AppData\Local\ARPworks\New.dll
    C:\Users\Rocío\AppData\Local\ARPworks\
    CreateRestorePoint:
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
Step 4


Do you know how to make zip files? :)

  • Locate the file or folder that you want to compress.
  • Right-click the file or folder, point to Send to, and then click Compressed (zipped) folder.
    A new compressed folder is created in the same location. To rename it, right-click the folder, click Rename, and then type the new name.
I want you to do following:

Please search for that folder and create a zip-files of it. Please upload the zip-file to my channel.
C:\FRST\Quarantine
Thank you!

Edited by deeprybka, 07 March 2015 - 05:48 PM.
added step 4

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 taekwondo2015

taekwondo2015
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 07 March 2015 - 06:29 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01
Ran by Rocío at 2015-03-08 00:22:49 Run:1
Running from C:\Users\Rocío\Downloads
Loaded Profiles: Rocío (Available profiles: Rocío)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {9C23CF23-F3C2-4BCA-ACCB-3985C9893262} URL = 
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
Toolbar: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
C:\ProgramData\Microsoft\Security\
2015-03-02 23:44 - 2015-03-02 23:44 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Rocío\Downloads\SpyHunter-Installer.exe
2015-03-02 20:13 - 2015-03-03 21:11 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-03-02 20:13 - 2015-03-02 20:13 - 00002307 _____ () C:\Users\Rocío\Desktop\SpyHunter.lnk
2015-03-02 20:12 - 2015-03-02 20:13 - 00000000 ____D () C:\sh4ldr
2015-03-02 20:12 - 2015-03-02 20:12 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-03-02 20:11 - 2015-03-03 21:11 - 00000000 ____D () C:\WINDOWS\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
AlternateDataStreams: C:\ProgramData\Temp:2DAD076E
AlternateDataStreams: C:\ProgramData\Temp:61A065F2
AlternateDataStreams: C:\ProgramData\Temp:D3A8AA31
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\Run: [Ujvvmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Rocío\AppData\Local\ARPworks\New.dll
C:\Users\Rocío\AppData\Local\ARPworks\
CreateRestorePoint:
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider" => Key deleted successfully.
"HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1576284644-675206908-386992093-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C23CF23-F3C2-4BCA-ACCB-3985C9893262}" => Key deleted successfully.
HKCR\CLSID\{9C23CF23-F3C2-4BCA-ACCB-3985C9893262} => Key not found. 
"HKU\S-1-5-21-1576284644-675206908-386992093-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found. 
HKU\S-1-5-21-1576284644-675206908-386992093-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
 
"C:\ProgramData\Microsoft\Security" directory move:
 
Could not move "C:\ProgramData\Microsoft\Security" directory. => Scheduled to move on reboot.
 
C:\Users\Rocío\Downloads\SpyHunter-Installer.exe => Moved successfully.
"C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter" => File/Directory not found.
"C:\Users\Rocío\Desktop\SpyHunter.lnk" => File/Directory not found.
C:\sh4ldr => Moved successfully.
C:\Program Files (x86)\Enigma Software Group => Moved successfully.
C:\WINDOWS\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP => Moved successfully.
C:\ProgramData\Temp => ":2DAD076E" ADS removed successfully.
C:\ProgramData\Temp => ":61A065F2" ADS removed successfully.
C:\ProgramData\Temp => ":D3A8AA31" ADS removed successfully.
C:\ProgramData\Temp => ":F84B8DB5" ADS removed successfully.
HKU\S-1-5-21-1576284644-675206908-386992093-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Ujvvmedia => value deleted successfully.
"C:\Users\Rocío\AppData\Local\ARPworks" => File/Directory not found.
Restore point was successfully created.
EmptyTemp: => Removed 929.8 MB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-08 00:26:15)<=
 
C:\ProgramData\Microsoft\Security => Is moved successfully.
 
==== End of Fixlog 00:26:15 ====


#5 taekwondo2015

taekwondo2015
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 07 March 2015 - 06:33 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01
Ran by Rocío at 2015-03-08 00:22:49 Run:1
Running from C:\Users\Rocío\Downloads
Loaded Profiles: Rocío (Available profiles: Rocío)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {9C23CF23-F3C2-4BCA-ACCB-3985C9893262} URL = 
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
Toolbar: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
C:\ProgramData\Microsoft\Security\
2015-03-02 23:44 - 2015-03-02 23:44 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Rocío\Downloads\SpyHunter-Installer.exe
2015-03-02 20:13 - 2015-03-03 21:11 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-03-02 20:13 - 2015-03-02 20:13 - 00002307 _____ () C:\Users\Rocío\Desktop\SpyHunter.lnk
2015-03-02 20:12 - 2015-03-02 20:13 - 00000000 ____D () C:\sh4ldr
2015-03-02 20:12 - 2015-03-02 20:12 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-03-02 20:11 - 2015-03-03 21:11 - 00000000 ____D () C:\WINDOWS\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
AlternateDataStreams: C:\ProgramData\Temp:2DAD076E
AlternateDataStreams: C:\ProgramData\Temp:61A065F2
AlternateDataStreams: C:\ProgramData\Temp:D3A8AA31
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\Run: [Ujvvmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Rocío\AppData\Local\ARPworks\New.dll
C:\Users\Rocío\AppData\Local\ARPworks\
CreateRestorePoint:
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider" => Key deleted successfully.
"HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1576284644-675206908-386992093-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C23CF23-F3C2-4BCA-ACCB-3985C9893262}" => Key deleted successfully.
HKCR\CLSID\{9C23CF23-F3C2-4BCA-ACCB-3985C9893262} => Key not found. 
"HKU\S-1-5-21-1576284644-675206908-386992093-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found. 
HKU\S-1-5-21-1576284644-675206908-386992093-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
 
"C:\ProgramData\Microsoft\Security" directory move:
 
Could not move "C:\ProgramData\Microsoft\Security" directory. => Scheduled to move on reboot.
 
C:\Users\Rocío\Downloads\SpyHunter-Installer.exe => Moved successfully.
"C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter" => File/Directory not found.
"C:\Users\Rocío\Desktop\SpyHunter.lnk" => File/Directory not found.
C:\sh4ldr => Moved successfully.
C:\Program Files (x86)\Enigma Software Group => Moved successfully.
C:\WINDOWS\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP => Moved successfully.
C:\ProgramData\Temp => ":2DAD076E" ADS removed successfully.
C:\ProgramData\Temp => ":61A065F2" ADS removed successfully.
C:\ProgramData\Temp => ":D3A8AA31" ADS removed successfully.
C:\ProgramData\Temp => ":F84B8DB5" ADS removed successfully.
HKU\S-1-5-21-1576284644-675206908-386992093-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Ujvvmedia => value deleted successfully.
"C:\Users\Rocío\AppData\Local\ARPworks" => File/Directory not found.
Restore point was successfully created.
EmptyTemp: => Removed 929.8 MB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-08 00:26:15)<=
 
C:\ProgramData\Microsoft\Security => Is moved successfully.
 
==== End of Fixlog 00:26:15 ====

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
Ran by Rocío at 2015-03-08 00:31:51
Running from C:\Users\Rocío\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: Firewall personal de ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\uTorrent) (Version: 3.4.2.33290 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ace Stream Media 2.2.4-next (HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\AceStream) (Version: 2.2.4-next - Ace Stream Media)
Actualización de NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
Adam's Venture 3 version 1.0 (HKLM-x32\...\{9887E914-5CDE-4AA9-81A8-D56B573FCBFF}_is1) (Version: 1.0 - Iceberg Interactive)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM-x32\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AR-K (HKLM-x32\...\AR-K_is1) (Version:  - Gato Salvaje S.L.)
Big Fish Games Client (HKLM-x32\...\BFGC) (Version: 1.3.0.11 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borgia - Faith and Fear (HKLM-x32\...\Borgia - Faith and Fear_is1) (Version:  - )
Broken Sword - La Leyenda de los Templarios - El Montaje del Director (HKLM-x32\...\{8864DCE2-C0E8-41C4-9B0E-F2106FD3E529}) (Version: 1.00.0000 - Revolution)
Broken Sword 2.5 - El regreso de los Templarios (HKLM-x32\...\{E41CA9F7-860A-4DB9-AF23-8DC7AA6A2FA6}) (Version: 1.00.0000 - Revolution)
Broken Sword II - Las Fuerzas del mal - Remasterizado (HKLM-x32\...\{72076A05-8B24-4835-B88B-5231EBE0A6BF}) (Version: 1.00.0000 - Revolution)
Broken Sword III - El Sueño del Dragon (HKLM-x32\...\{223C7F6F-9B06-4A64-A909-39470F4754E1}) (Version: 1.00.0000 - Revolution)
Brothers - A Tale of Two Sons (HKLM-x32\...\Brothers - A Tale of Two Sons_is1) (Version:  - 505 Games)
calibre 64bit (HKLM\...\{EA927D74-9D01-4436-89AE-ACF7C893C845}) (Version: 2.3.0 - Kovid Goyal)
Cat Girl Alliance 1.0 (HKLM-x32\...\{4DCD596A-3C70-4175-8241-5947E1CCE312}_is1) (Version:  - G-Collections.com)
Chronicles of Mystery: The Tree of Life (HKLM-x32\...\Chronicles of Mystery: The Tree of Life/EN-English_is1) (Version:  - City Interactive)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.03103 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103 - Cisco Systems, Inc.) Hidden
Contrast (HKLM-x32\...\Contrast_is1) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deponia (HKLM-x32\...\Deponia) (Version: 1.1 - Lace Mamba Global Ltd)
Dreamfall Chapters (HKLM-x32\...\Dreamfall Chapters_is1) (Version: 1.0 - )
eMule (HKLM-x32\...\eMule) (Version:  - )
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Smart Security (HKLM\...\{413E5248-BDE5-47D0-917B-D509AAF3F16A}) (Version: 8.0.304.1 - ESET, spol s r. o.)
Fable Anniversary (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0012}) (Version: 6.0 - Black Box)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\Grim Fandango Remastered_is1) (Version:  - )
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Deskjet 3050 J610 series Ayuda (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Estudio para la mejora del producto (HKLM\...\{1806B0A9-08B2-4044-9898-7B6E5E3F233D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Software básico del dispositivo (HKLM\...\{954F6D3C-A24F-4231-8885-24C1E55AF064}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Start (HKLM-x32\...\{4F189491-DD1A-418A-AE58-99B4CC692FDE}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Life Is Strange (HKLM-x32\...\Life Is Strange_is1) (Version:  - SQUARE ENIX)
Malwarebytes Anti-Malware versión 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Monkey Island™ Edición Especial Colección (HKLM-x32\...\MISEC) (Version: 1.0.0.0 - LucasArts)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
NVIDIA Controlador de gráficos 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Panel de control de NVIDIA 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.0 - Power Software Ltd)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Remember Me Repack (HKLM-x32\...\Remember Me Repack) (Version: 9.99 - VictorVal)
Renegade Ops Collection (HKLM-x32\...\Renegade Ops Collection_is1) (Version:  - )
Renta 2013 1.20 (HKLM-x32\...\2285-3920-8902-9260) (Version: 1.20 - AEAT)
Reprobates ES 1.2.19 (HKLM-x32\...\Reprobates ES_is1) (Version:  - Friendware)
Return to Mysterious Island 2 (HKLM-x32\...\Return to Mysterious Island 21.05) (Version: 1.05 - Kheops Studios)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shadow Puppeteer (HKLM-x32\...\Shadow Puppeteer_is1) (Version:  - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.206 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tales from the Borderlands (HKLM-x32\...\Tales from the Borderlands_is1) (Version:  - Telltale Games)
Tesla Effect: A Tex Murphy Adventure (HKLM-x32\...\VGVzbGFFZmZlY3RBVGV4TXVycGh5QWR2ZW50dXJl_is1) (Version: 1 - )
The Book of Unwritten Tales 2 version 1.0.0 DISC (HKLM-x32\...\The Book of Unwritten Tales 2_is1) (Version: 1.0.0 DISC - Nordic Games GmbH)
The Legend of Crystal Valley 1.001 (HKLM-x32\...\The Legend of Crystal Valley_is1) (Version:  - )
The Lost Cases of 221B Baker St (HKLM-x32\...\The Lost Cases of 221B Baker St_is1) (Version:  - Focus Multimedia Ltd)
The Wolf Among Us Episode 5 (HKLM-x32\...\The Wolf Among Us Episode 5_is1) (Version:  - )
UltraISO Premium V9.62 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
WinISO 5.3 (HKLM-x32\...\WinISO_is1) (Version:  - WinISO Computing Inc.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid 1.1.3 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1576284644-675206908-386992093-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
04-03-2015 00:07:14 Instalado ESET NOD32 Antivirus
05-03-2015 23:19:52 Instalado Broken Sword IV - El Angel de la Muerte
07-03-2015 21:47:12 Registry Reviver Restore Point (03/07/15)
08-03-2015 00:16:18 Removed SpyHunter
08-03-2015 00:23:02 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2DC982D7-6EEA-4C54-B102-AD7D7EA0212F} - System32\Tasks\GoogleUpdateTaskMachineUA1cf48d24d4b450b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {2EEDD284-FAB4-402E-9327-8BEC9BBC0721} - System32\Tasks\Start Registry Reviver for RocíoAndrés@Rocío(logon) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
Task: {42508FD5-816E-49DE-AADF-86525A1C1B6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {448FFDA0-8E97-47D9-AAB5-A3502491D6F1} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4816F666-8C87-45F8-963B-61AC48D2C1F2} - System32\Tasks\{15A375E1-C428-4FED-A19D-1A086301C4F9} => pcalua.exe -a C:\Users\Rocío\AppData\Local\Temp\nro.tmp\SetupX.exe
Task: {4FFE7C95-82C4-4703-8FA2-88124D3ED7EA} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {55A49CEE-2EEB-476E-BF4B-48E2145668E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {653EC7A3-2547-42B9-8F32-44952997035A} - System32\Tasks\GoogleUpdateTaskMachineCore1d03ffe7abea77 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {6AEA0FAA-2F96-4016-AB3D-7270B341C9AF} - System32\Tasks\GoogleUpdateTaskMachineCore1cf696f54c42309 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {77565B82-082A-48AC-946E-496BF947C364} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8a35a1a53a70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {858C0322-9217-4490-9AB1-40BC73A5DCB8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
Task: {93D9BA5C-DCF1-4AE4-8901-3D19D000E6AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {B2573B80-821E-4251-8E97-5F06E0B1BF7D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {B4C43C50-AAAC-4816-9555-74EE6C10650D} - System32\Tasks\GoogleUpdateTaskMachineUA1cf2dacb6cf952 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {BA20E842-6343-4FC7-90D0-B56D138BC417} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {BAF122E2-82FF-4BB5-9C21-9A64D103A102} - System32\Tasks\HPCeeScheduleForRocío => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {CE44E194-3319-4FBD-ADCD-464E869E29DF} - System32\Tasks\{7404D850-0771-4171-92D3-0D5137569069} => Chrome.exe http://ui.skype.com/ui/0/6.20.0.104/es/go/help.faq.installer?LastError=1618
Task: {D21FBEB9-587D-4F74-A058-4BCA6AD2DAFF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {D2560E95-4B6C-4463-90C9-06C43B24E81C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {E9345990-9133-4976-BF73-FC2A02FE0588} - System32\Tasks\AdobeAAMUpdater-1.0-RocíoAndrés-Rocío => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8a35a1a53a70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d03ffe7abea77.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf48d24d4b450b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRocío.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-10-23 22:21 - 2015-02-05 22:01 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-30 19:46 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-26 13:41 - 2014-09-26 13:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-10-03 17:36 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-03-26 16:44 - 2013-03-26 16:44 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-28 22:18 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-04 00:16 - 2015-02-28 02:56 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libglesv2.dll
2015-03-04 00:16 - 2015-02-28 02:56 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libegl.dll
2014-10-23 22:21 - 2015-02-05 22:01 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-04 00:16 - 2015-02-28 02:56 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\pdf.dll
2013-09-30 22:39 - 2013-05-08 22:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01812566.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20732711.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01812566.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20732711.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
DNS Servers: 62.81.16.148 - 62.81.16.213
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\StartupApproved\Run: => "HP Deskjet 3050 J610 series (NET)"
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1576284644-675206908-386992093-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1576284644-675206908-386992093-1006 - Limited - Enabled)
Invitado (S-1-5-21-1576284644-675206908-386992093-501 - Limited - Enabled)
Rocío (S-1-5-21-1576284644-675206908-386992093-1002 - Administrator - Enabled) => C:\Users\Rocío
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/08/2015 00:23:01 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
 
 
Operación:
   Recopilando datos del escritor
 
Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {8076daad-7820-4b23-a0d3-3050d3c5a18d}
 
Error: (03/06/2015 00:11:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15063
 
Error: (03/06/2015 00:11:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15063
 
Error: (03/06/2015 00:11:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2015 10:33:56 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: RocíoAndrés)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements.  <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.
 
Error: (03/05/2015 10:15:23 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: RocíoAndrés)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements.  <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.
 
Error: (03/05/2015 09:58:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IEXPLORE.EXE, versión: 11.0.9600.17416, marca de tiempo: 0x5452eed9
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17630, marca de tiempo: 0x54b0d74f
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000e581f
Identificador del proceso con errores: 0x710
Hora de inicio de la aplicación con errores: 0xIEXPLORE.EXE0
Ruta de acceso de la aplicación con errores: IEXPLORE.EXE1
Ruta de acceso del módulo con errores: IEXPLORE.EXE2
Identificador del informe: IEXPLORE.EXE3
Nombre completo del paquete con errores: IEXPLORE.EXE4
Identificador de aplicación relativa del paquete con errores: IEXPLORE.EXE5
 
Error: (03/05/2015 09:47:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IEXPLORE.EXE, versión: 11.0.9600.17416, marca de tiempo: 0x5452eed9
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17630, marca de tiempo: 0x54b0d74f
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000e581f
Identificador del proceso con errores: 0x6c4
Hora de inicio de la aplicación con errores: 0xIEXPLORE.EXE0
Ruta de acceso de la aplicación con errores: IEXPLORE.EXE1
Ruta de acceso del módulo con errores: IEXPLORE.EXE2
Identificador del informe: IEXPLORE.EXE3
Nombre completo del paquete con errores: IEXPLORE.EXE4
Identificador de aplicación relativa del paquete con errores: IEXPLORE.EXE5
 
Error: (03/05/2015 09:47:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IEXPLORE.EXE, versión: 11.0.9600.17416, marca de tiempo: 0x5452eed9
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17630, marca de tiempo: 0x54b0d74f
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000e581f
Identificador del proceso con errores: 0x17f0
Hora de inicio de la aplicación con errores: 0xIEXPLORE.EXE0
Ruta de acceso de la aplicación con errores: IEXPLORE.EXE1
Ruta de acceso del módulo con errores: IEXPLORE.EXE2
Identificador del informe: IEXPLORE.EXE3
Nombre completo del paquete con errores: IEXPLORE.EXE4
Identificador de aplicación relativa del paquete con errores: IEXPLORE.EXE5
 
Error: (03/05/2015 09:46:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: chrome.exe, versión: 41.0.2272.76, marca de tiempo: 0x54f10bed
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.3.9600.17278, marca de tiempo: 0x53eeb460
Código de excepción: 0x0eedfade
Desplazamiento de errores: 0x00012f71
Identificador del proceso con errores: 0xd64
Hora de inicio de la aplicación con errores: 0xchrome.exe0
Ruta de acceso de la aplicación con errores: chrome.exe1
Ruta de acceso del módulo con errores: chrome.exe2
Identificador del informe: chrome.exe3
Nombre completo del paquete con errores: chrome.exe4
Identificador de aplicación relativa del paquete con errores: chrome.exe5
 
 
System errors:
=============
Error: (03/08/2015 00:25:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Firewall de Windows se cerró con el error específico de servicio 
%%5
 
Error: (03/08/2015 00:24:53 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.
 
Ruta de acceso del módulo: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (03/08/2015 00:24:53 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.
 
Ruta de acceso del módulo: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (03/08/2015 00:24:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.
 
Ruta de acceso del módulo: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (03/08/2015 00:23:20 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: El Administrador de control de servicios intentó realizar una acción correctora (Reiniciar el servicio) después de la terminación inesperada del servicio Windows Search, pero ocurrió el siguiente error: 
%%1056
 
Error: (03/08/2015 00:22:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel® Dynamic Application Loader Host Interface Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (03/08/2015 00:22:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.
 
Error: (03/08/2015 00:22:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel® ME Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (03/08/2015 00:22:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio CyberLink PowerDVD 12 Media Server Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (03/08/2015 00:22:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel® Management and Security Application Local Management Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
 
Microsoft Office Sessions:
=========================
Error: (01/17/2014 05:06:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 19%
Total physical RAM: 7962.15 MB
Available physical RAM: 6380.68 MB
Total Pagefile: 16154.15 MB
Available Pagefile: 14580.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:910.17 GB) (Free:154.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.57 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FBDFD923)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#6 taekwondo2015

taekwondo2015
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 07 March 2015 - 06:38 PM

The quarantine zip file gave me this error when trying to upload it:

 

Malware Submission

The size of your file is greater than maximum file size of 5 MBs.


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 PM

Posted 08 March 2015 - 06:35 AM

You've posted the contents of Fixlog.txt twice but the FRST.txt is missing. :)
Can you please also post the contents of FRST.txt? (If you don't find the log anymore repeat the FRST scan .)

How is the computer running?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 taekwondo2015

taekwondo2015
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 08 March 2015 - 08:12 AM

Hi!

 

Can I remove the trojans from the quarantine section of Malwarebytes anti Malware and eset smart security 8 to check if the notification does not appear again when I reboot the pc?

 

Thanks,



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 PM

Posted 08 March 2015 - 08:26 AM

Yes!
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 PM

Posted 08 March 2015 - 09:25 AM

Please post the FRST.txt here. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 taekwondo2015

taekwondo2015
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 08 March 2015 - 12:06 PM

I thought I have pasted the info here sorry.

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 01
Ran by Rocío at 2015-03-08 14:03:30
Running from C:\Users\Rocío\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: Firewall personal de ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\uTorrent) (Version: 3.4.2.33290 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ace Stream Media 2.2.4-next (HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\AceStream) (Version: 2.2.4-next - Ace Stream Media)
Actualización de NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
Adam's Venture 3 version 1.0 (HKLM-x32\...\{9887E914-5CDE-4AA9-81A8-D56B573FCBFF}_is1) (Version: 1.0 - Iceberg Interactive)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM-x32\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AR-K (HKLM-x32\...\AR-K_is1) (Version:  - Gato Salvaje S.L.)
Big Fish Games Client (HKLM-x32\...\BFGC) (Version: 1.3.0.11 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borgia - Faith and Fear (HKLM-x32\...\Borgia - Faith and Fear_is1) (Version:  - )
Broken Sword - La Leyenda de los Templarios - El Montaje del Director (HKLM-x32\...\{8864DCE2-C0E8-41C4-9B0E-F2106FD3E529}) (Version: 1.00.0000 - Revolution)
Broken Sword 2.5 - El regreso de los Templarios (HKLM-x32\...\{E41CA9F7-860A-4DB9-AF23-8DC7AA6A2FA6}) (Version: 1.00.0000 - Revolution)
Broken Sword II - Las Fuerzas del mal - Remasterizado (HKLM-x32\...\{72076A05-8B24-4835-B88B-5231EBE0A6BF}) (Version: 1.00.0000 - Revolution)
Broken Sword III - El Sueño del Dragon (HKLM-x32\...\{223C7F6F-9B06-4A64-A909-39470F4754E1}) (Version: 1.00.0000 - Revolution)
Brothers - A Tale of Two Sons (HKLM-x32\...\Brothers - A Tale of Two Sons_is1) (Version:  - 505 Games)
calibre 64bit (HKLM\...\{EA927D74-9D01-4436-89AE-ACF7C893C845}) (Version: 2.3.0 - Kovid Goyal)
Cat Girl Alliance 1.0 (HKLM-x32\...\{4DCD596A-3C70-4175-8241-5947E1CCE312}_is1) (Version:  - G-Collections.com)
Chronicles of Mystery: The Tree of Life (HKLM-x32\...\Chronicles of Mystery: The Tree of Life/EN-English_is1) (Version:  - City Interactive)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.03103 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103 - Cisco Systems, Inc.) Hidden
Contrast (HKLM-x32\...\Contrast_is1) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deponia (HKLM-x32\...\Deponia) (Version: 1.1 - Lace Mamba Global Ltd)
Dreamfall Chapters (HKLM-x32\...\Dreamfall Chapters_is1) (Version: 1.0 - )
eMule (HKLM-x32\...\eMule) (Version:  - )
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Smart Security (HKLM\...\{413E5248-BDE5-47D0-917B-D509AAF3F16A}) (Version: 8.0.304.1 - ESET, spol s r. o.)
Fable Anniversary (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0012}) (Version: 6.0 - Black Box)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\Grim Fandango Remastered_is1) (Version:  - )
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Deskjet 3050 J610 series Ayuda (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Estudio para la mejora del producto (HKLM\...\{1806B0A9-08B2-4044-9898-7B6E5E3F233D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Software básico del dispositivo (HKLM\...\{954F6D3C-A24F-4231-8885-24C1E55AF064}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Start (HKLM-x32\...\{4F189491-DD1A-418A-AE58-99B4CC692FDE}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Life Is Strange (HKLM-x32\...\Life Is Strange_is1) (Version:  - SQUARE ENIX)
Malwarebytes Anti-Malware versión 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Monkey Island™ Edición Especial Colección (HKLM-x32\...\MISEC) (Version: 1.0.0.0 - LucasArts)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{F384C1E1-3A16-4073-95C3-7271FE0ED4C2}) (Version: 15.0.02200 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
NVIDIA Controlador de gráficos 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Panel de control de NVIDIA 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.0 - Power Software Ltd)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Remember Me Repack (HKLM-x32\...\Remember Me Repack) (Version: 9.99 - VictorVal)
Renegade Ops Collection (HKLM-x32\...\Renegade Ops Collection_is1) (Version:  - )
Renta 2013 1.20 (HKLM-x32\...\2285-3920-8902-9260) (Version: 1.20 - AEAT)
Reprobates ES 1.2.19 (HKLM-x32\...\Reprobates ES_is1) (Version:  - Friendware)
Return to Mysterious Island 2 (HKLM-x32\...\Return to Mysterious Island 21.05) (Version: 1.05 - Kheops Studios)
Shadow Puppeteer (HKLM-x32\...\Shadow Puppeteer_is1) (Version:  - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Simon the Sorcerer (HKLM-x32\...\{F26F0A2B-4CA4-4B79-B6E8-F0001CEAC5DC}) (Version: 1.01.0000 - Silver Style Entertainment)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.206 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tales from the Borderlands (HKLM-x32\...\Tales from the Borderlands_is1) (Version:  - Telltale Games)
Tesla Effect: A Tex Murphy Adventure (HKLM-x32\...\VGVzbGFFZmZlY3RBVGV4TXVycGh5QWR2ZW50dXJl_is1) (Version: 1 - )
The Book of Unwritten Tales 2 version 1.0.0 DISC (HKLM-x32\...\The Book of Unwritten Tales 2_is1) (Version: 1.0.0 DISC - Nordic Games GmbH)
The Legend of Crystal Valley 1.001 (HKLM-x32\...\The Legend of Crystal Valley_is1) (Version:  - )
The Lost Cases of 221B Baker St (HKLM-x32\...\The Lost Cases of 221B Baker St_is1) (Version:  - Focus Multimedia Ltd)
The Wolf Among Us Episode 5 (HKLM-x32\...\The Wolf Among Us Episode 5_is1) (Version:  - )
UltraISO Premium V9.62 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
WinISO 5.3 (HKLM-x32\...\WinISO_is1) (Version:  - WinISO Computing Inc.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xvid 1.1.3 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1576284644-675206908-386992093-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
04-03-2015 00:07:14 Instalado ESET NOD32 Antivirus
05-03-2015 23:19:52 Instalado Broken Sword IV - El Angel de la Muerte
07-03-2015 21:47:12 Registry Reviver Restore Point (03/07/15)
08-03-2015 00:16:18 Removed SpyHunter
08-03-2015 00:23:02 Restore Point Created by FRST
08-03-2015 10:34:51 Installed Simon the Sorcerer.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2DC982D7-6EEA-4C54-B102-AD7D7EA0212F} - System32\Tasks\GoogleUpdateTaskMachineUA1cf48d24d4b450b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {2EEDD284-FAB4-402E-9327-8BEC9BBC0721} - System32\Tasks\Start Registry Reviver for RocíoAndrés@Rocío(logon) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
Task: {42508FD5-816E-49DE-AADF-86525A1C1B6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {448FFDA0-8E97-47D9-AAB5-A3502491D6F1} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4816F666-8C87-45F8-963B-61AC48D2C1F2} - System32\Tasks\{15A375E1-C428-4FED-A19D-1A086301C4F9} => pcalua.exe -a C:\Users\Rocío\AppData\Local\Temp\nro.tmp\SetupX.exe
Task: {4FFE7C95-82C4-4703-8FA2-88124D3ED7EA} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-08-20] (Nero AG)
Task: {55A49CEE-2EEB-476E-BF4B-48E2145668E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {653EC7A3-2547-42B9-8F32-44952997035A} - System32\Tasks\GoogleUpdateTaskMachineCore1d03ffe7abea77 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {6AEA0FAA-2F96-4016-AB3D-7270B341C9AF} - System32\Tasks\GoogleUpdateTaskMachineCore1cf696f54c42309 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {77565B82-082A-48AC-946E-496BF947C364} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8a35a1a53a70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {858C0322-9217-4490-9AB1-40BC73A5DCB8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
Task: {93D9BA5C-DCF1-4AE4-8901-3D19D000E6AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {B2573B80-821E-4251-8E97-5F06E0B1BF7D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {B4C43C50-AAAC-4816-9555-74EE6C10650D} - System32\Tasks\GoogleUpdateTaskMachineUA1cf2dacb6cf952 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09] (Google Inc.)
Task: {BA20E842-6343-4FC7-90D0-B56D138BC417} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {BAF122E2-82FF-4BB5-9C21-9A64D103A102} - System32\Tasks\HPCeeScheduleForRocío => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {CE44E194-3319-4FBD-ADCD-464E869E29DF} - System32\Tasks\{7404D850-0771-4171-92D3-0D5137569069} => Chrome.exe http://ui.skype.com/ui/0/6.20.0.104/es/go/help.faq.installer?LastError=1618
Task: {D21FBEB9-587D-4F74-A058-4BCA6AD2DAFF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {D2560E95-4B6C-4463-90C9-06C43B24E81C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {E9345990-9133-4976-BF73-FC2A02FE0588} - System32\Tasks\AdobeAAMUpdater-1.0-RocíoAndrés-Rocío => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8a35a1a53a70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d03ffe7abea77.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf48d24d4b450b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRocío.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-10-23 22:21 - 2015-02-05 22:01 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-30 19:46 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-26 13:41 - 2014-09-26 13:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-10-03 17:36 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-03-26 16:44 - 2013-03-26 16:44 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-30 22:39 - 2013-05-08 22:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-01-28 22:18 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-04 00:16 - 2015-02-28 02:56 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libglesv2.dll
2015-03-04 00:16 - 2015-02-28 02:56 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libegl.dll
2014-10-23 22:21 - 2015-02-05 22:01 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-04 00:16 - 2015-02-28 02:56 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01812566.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20732711.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01812566.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20732711.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1576284644-675206908-386992093-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img9.jpg
DNS Servers: 62.81.16.148 - 62.81.16.213
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\StartupApproved\Run: => "HP Deskjet 3050 J610 series (NET)"
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1576284644-675206908-386992093-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1576284644-675206908-386992093-1006 - Limited - Enabled)
Invitado (S-1-5-21-1576284644-675206908-386992093-501 - Limited - Enabled)
Rocío (S-1-5-21-1576284644-675206908-386992093-1002 - Administrator - Enabled) => C:\Users\Rocío
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/08/2015 10:21:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32235016
 
Error: (03/08/2015 10:21:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32235016
 
Error: (03/08/2015 10:21:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/08/2015 00:23:01 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
 
 
Operación:
   Recopilando datos del escritor
 
Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {8076daad-7820-4b23-a0d3-3050d3c5a18d}
 
Error: (03/06/2015 00:11:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15063
 
Error: (03/06/2015 00:11:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15063
 
Error: (03/06/2015 00:11:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2015 10:33:56 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: RocíoAndrés)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements.  <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.
 
Error: (03/05/2015 10:15:23 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: RocíoAndrés)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements.  <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.
 
Error: (03/05/2015 09:58:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IEXPLORE.EXE, versión: 11.0.9600.17416, marca de tiempo: 0x5452eed9
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.17630, marca de tiempo: 0x54b0d74f
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000e581f
Identificador del proceso con errores: 0x710
Hora de inicio de la aplicación con errores: 0xIEXPLORE.EXE0
Ruta de acceso de la aplicación con errores: IEXPLORE.EXE1
Ruta de acceso del módulo con errores: IEXPLORE.EXE2
Identificador del informe: IEXPLORE.EXE3
Nombre completo del paquete con errores: IEXPLORE.EXE4
Identificador de aplicación relativa del paquete con errores: IEXPLORE.EXE5
 
 
System errors:
=============
Error: (03/08/2015 11:14:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio CyberLink PowerDVD 12 Media Server Service se terminó de manera inesperada. Esto ha sucedido 2 veces.
 
Error: (03/08/2015 10:31:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80073d0a: AD2F1837.GettingStartedwithWindows8.
 
Error: (03/08/2015 10:31:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80073d0a: Microsoft.BingTravel.
 
Error: (03/08/2015 10:31:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80073d0a: Microsoft.BingHealthAndFitness.
 
Error: (03/08/2015 01:23:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio CyberLink PowerDVD 12 Media Server Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (03/08/2015 00:25:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Firewall de Windows se cerró con el error específico de servicio 
%%5
 
Error: (03/08/2015 00:24:53 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.
 
Ruta de acceso del módulo: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (03/08/2015 00:24:53 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.
 
Ruta de acceso del módulo: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (03/08/2015 00:24:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN se detuvo inesperadamente.
 
Ruta de acceso del módulo: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (03/08/2015 00:23:20 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: El Administrador de control de servicios intentó realizar una acción correctora (Reiniciar el servicio) después de la terminación inesperada del servicio Windows Search, pero ocurrió el siguiente error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
Error: (01/17/2014 05:06:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 22%
Total physical RAM: 7962.15 MB
Available physical RAM: 6196.15 MB
Total Pagefile: 16154.15 MB
Available Pagefile: 14221.12 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:910.17 GB) (Free:159.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.57 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FBDFD923)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Let me know if you see it correctly please.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 01
Ran by Rocío (administrator) on ROCÍOANDRÉS on 08-03-2015 14:02:07
Running from C:\Users\Rocío\Downloads
Loaded Profiles: Rocío (Available profiles: Rocío)
Platform: Windows 8.1 (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\MountPoints2: G - "G:\BS4Launcher.exe" 
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\MountPoints2: H - "H:\setup.exe" 
HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\MountPoints2: {fa445a89-8e8a-11e3-be84-a0481c224d87} - "G:\BS4Launcher.exe" 
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/1185-154363-12092-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/1185-154363-12092-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> DefaultScope {95244034-FC75-4E9B-9D89-E7D0250AF8A3} URL = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1576284644-675206908-386992093-1002 -> {95244034-FC75-4E9B-9D89-E7D0250AF8A3} URL = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
 
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1576284644-675206908-386992093-1002: @acestream.net/acestreamplugin,version=2.2.4-next -> \player\npace_plugin.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-1576284644-675206908-386992093-1002\...\Firefox\Extensions: [magicplayer@torrentstream.org] - \extensions\firefox\magicplayer@torrentstream.org
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.es/"
CHR Profile: C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09]
CHR Extension: (Google Drive) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09]
CHR Extension: (YouTube) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09]
CHR Extension: (Google Search) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09]
CHR Extension: (Blossom) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\idjmedbobeakbopimfiicbonioiahhnd [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR Extension: (Gmail) - C:\Users\Rocío\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
S3 KAUpdateService; C:\Program Files (x86)\The Book of Unwritten Tales 2\service\KAUpdateService.exe [36864 2015-01-27] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-27] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-02-08] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-10-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-10-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-10-10] (ESET)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-02-08] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2013-03-26] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-08 14:02 - 2015-03-08 14:02 - 00000000 ____D () C:\Users\Rocío\Downloads\FRST-OlderVersion
2015-03-08 10:54 - 2015-03-08 10:58 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\simon4
2015-03-08 10:41 - 2015-03-08 10:41 - 00002136 _____ () C:\Users\Public\Desktop\Comenzar Simon the Sorcerer 4.lnk
2015-03-08 10:41 - 2015-03-08 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simon the Sorcerer 4
2015-03-08 10:36 - 2015-03-08 10:41 - 00000000 ____D () C:\Program Files (x86)\Simon the Sorcerer - Chaos happens
2015-03-08 10:33 - 2015-03-08 10:33 - 00000000 ____D () C:\Users\Rocío\Desktop\simonthesorcerer4
2015-03-08 00:51 - 2015-03-08 00:51 - 00000000 ____D () C:\Users\Rocío\Desktop\pájaros andrés
2015-03-07 22:29 - 2015-03-07 22:43 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Broken Sword 2.5
2015-03-07 21:56 - 2015-03-08 00:32 - 00036365 _____ () C:\Users\Rocío\Downloads\Addition.txt
2015-03-07 21:55 - 2015-03-08 14:03 - 00020182 _____ () C:\Users\Rocío\Downloads\FRST.txt
2015-03-07 21:55 - 2015-03-08 14:02 - 00000000 ____D () C:\FRST
2015-03-07 21:54 - 2015-03-08 14:02 - 02095104 _____ (Farbar) C:\Users\Rocío\Downloads\FRST64.exe
2015-03-07 21:18 - 2015-03-07 21:18 - 00002598 _____ () C:\WINDOWS\System32\Tasks\Start Registry Reviver for RocíoAndrés@Rocío(logon)
2015-03-06 00:01 - 2015-03-06 00:05 - 00000000 ____D () C:\Users\Rocío\Documents\Broken Sword II - Remastered
2015-03-05 23:41 - 2015-03-05 23:41 - 00000000 ____D () C:\Users\Rocío\Documents\Broken Sword - The Angel of Death
2015-03-05 23:22 - 2015-03-07 22:26 - 00000000 ____D () C:\Program Files (x86)\Revolution
2015-03-05 23:18 - 2015-03-07 20:57 - 00000000 ____D () C:\Users\Rocío\Documents\bout2
2015-03-05 23:18 - 2015-03-05 23:19 - 00000000 ____D () C:\Program Files (x86)\The Book of Unwritten Tales 2
2015-03-05 23:18 - 2015-03-05 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Unwritten Tales 2
2015-03-05 22:03 - 2015-03-08 00:39 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-04 23:51 - 2015-03-04 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-03-04 00:10 - 2015-03-04 23:51 - 00000000 ____D () C:\ProgramData\ESET
2015-03-04 00:10 - 2015-03-04 23:51 - 00000000 ____D () C:\Program Files\ESET
2015-03-04 00:06 - 2015-03-03 14:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-03 21:32 - 2015-03-05 22:01 - 00000000 ____D () C:\MATS
2015-03-02 23:44 - 2015-03-04 23:46 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2015-03-02 23:21 - 2015-03-03 23:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-02 20:16 - 2015-03-02 20:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-03-02 00:05 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-02 00:05 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-02 00:05 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-03-02 00:05 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-02 00:05 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-02 00:05 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-03-02 00:05 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-02 00:05 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-03-02 00:05 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-03-02 00:05 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-03-02 00:05 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-02 00:05 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-02 00:05 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-02 00:05 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-02 00:05 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-02 00:05 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-02 00:05 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-03-02 00:05 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-03-02 00:05 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-03-02 00:05 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-03-02 00:05 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-03-02 00:05 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-02 00:05 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-03-02 00:05 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-01 23:51 - 2015-03-01 23:51 - 00000000 __SHD () C:\Users\Rocío\AppData\Local\EmieBrowserModeList
2015-03-01 22:36 - 2015-03-05 22:33 - 00002259 _____ () C:\WINDOWS\epplauncher.mif
2015-03-01 22:22 - 2015-03-05 22:36 - 00000000 ____D () C:\AdwCleaner
2015-03-01 22:21 - 2015-03-01 22:21 - 00000000 _____ () C:\autoexec.bat
2015-03-01 21:31 - 2015-03-08 13:58 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-01 21:30 - 2015-03-01 21:31 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-01 21:30 - 2015-03-01 21:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-03-01 21:29 - 2015-03-01 21:29 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-01 19:32 - 2015-03-02 16:31 - 00000000 ____D () C:\Users\Rocío\Desktop\pájaros y perros móvil
2015-03-01 19:13 - 2015-03-02 16:55 - 00000000 ____D () C:\Users\Rocío\Desktop\movil cosas
2015-03-01 18:59 - 2015-03-01 19:00 - 00000000 ____D () C:\Users\Rocío\Desktop\andrea
2015-03-01 18:58 - 2015-03-01 18:58 - 00000000 ____D () C:\Users\Rocío\Desktop\médico y cole
2015-03-01 18:57 - 2015-03-01 18:57 - 00000000 ____D () C:\Users\Rocío\Desktop\empleo
2015-02-27 23:45 - 2015-03-03 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange
2015-02-27 23:43 - 2015-03-03 21:11 - 00000000 ____D () C:\Program Files (x86)\Life Is Strange
2015-02-27 23:33 - 2015-02-27 23:33 - 00332768 _____ () C:\WINDOWS\Minidump\022715-36328-01.dmp
2015-02-25 23:43 - 2015-02-25 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-02-25 23:41 - 2015-02-25 23:42 - 16342352 _____ (Geek Software GmbH ) C:\Users\Rocío\Downloads\pdf24-creator-6.9.2.exe
2015-02-25 18:53 - 2015-02-25 18:53 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Ice-Pick Lodge
2015-02-25 18:52 - 2015-02-25 18:52 - 00000000 ____D () C:\Program Files (x86)\Ice-pick Lodge
2015-02-25 18:51 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 18:51 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 18:51 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 18:51 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 18:51 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 18:51 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 21:25 - 2015-03-08 01:22 - 00015985 _____ () C:\Users\Rocío\Desktop\reducción jornada.xlsx
2015-02-18 23:57 - 2015-02-18 23:57 - 00000000 ____D () C:\Users\Rocío\AppData\Local\BigFinishGames
2015-02-18 23:45 - 2015-02-18 23:45 - 00001016 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tesla Effect A Tex Murphy Adventure.lnk
2015-02-18 23:30 - 2015-02-18 23:45 - 00000000 ____D () C:\Program Files (x86)\Tesla Effect A Tex Murphy Adventure
2015-02-17 20:14 - 2015-02-17 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Friendware
2015-02-17 20:14 - 2015-02-17 20:14 - 00000000 ____D () C:\Program Files (x86)\Friendware
2015-02-17 19:06 - 2015-02-17 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Never Alone (Kisima Ingitchuna)
2015-02-17 18:51 - 2015-03-02 23:27 - 00000000 ____D () C:\Program Files (x86)\Never Alone
2015-02-17 18:20 - 2015-02-17 19:12 - 00000000 ____D () C:\Program Files (x86)\The Vanishing of Ethan Carter
2015-02-15 20:36 - 2015-02-15 20:36 - 00000000 ____D () C:\Users\Rocío\Desktop\Recetas thermomix
2015-02-15 20:32 - 2015-02-15 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Fandango Remastered
2015-02-15 20:21 - 2015-02-15 20:34 - 00000000 ____D () C:\Program Files (x86)\Grim Fandango Remastered
2015-02-15 19:46 - 2015-03-05 22:43 - 00000000 ____D () C:\Users\Rocío\Desktop\pasar ordenador
2015-02-15 16:01 - 2015-02-17 18:22 - 00000000 ____D () C:\Users\Rocío\Downloads\Imagina y Crea con Pipo
2015-02-15 15:46 - 2015-02-15 15:46 - 00014450 _____ () C:\Users\Rocío\Downloads\[kickass.to]aprende.a.leer.con.pipo.1.pc.torrent
2015-02-15 15:46 - 2015-02-15 15:46 - 00011040 _____ () C:\Users\Rocío\Downloads\[kickass.to]imagina.y.crea.con.pipo.torrent
2015-02-11 22:58 - 2015-02-11 22:58 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-02-11 22:58 - 2015-02-11 22:58 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-02-11 22:23 - 2015-02-11 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cateia Games
2015-02-11 22:23 - 2015-02-11 22:23 - 00000000 ____D () C:\Program Files (x86)\Cateia Games
2015-02-11 22:23 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-02-11 22:23 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 03299512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-02-11 22:23 - 2015-02-05 22:01 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-02-11 22:23 - 2015-02-05 22:01 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-02-10 22:29 - 2015-02-10 22:29 - 00000638 _____ () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pedido.lnk
2015-02-10 22:03 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 22:03 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 22:03 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 22:03 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 19:50 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 19:50 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 19:50 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 19:50 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 19:50 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 19:50 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 19:50 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 19:50 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 19:50 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 19:50 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 19:50 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 19:50 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 19:50 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 19:50 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-10 19:50 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-10 19:50 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-10 19:50 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-10 19:50 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 19:50 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 19:50 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 19:50 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 19:50 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 19:50 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 19:50 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 19:50 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 19:50 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 19:49 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 19:49 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-10 19:49 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 19:49 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 19:49 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 19:49 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 19:49 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 19:49 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 19:49 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 19:49 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 19:49 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 19:49 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 19:49 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 19:49 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-10 19:49 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 19:49 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 19:49 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 19:49 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 19:49 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 19:49 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 19:49 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 19:49 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 19:49 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 19:49 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 19:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-02-10 19:49 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-02-10 19:49 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-02-10 19:49 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-02-10 19:49 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-02-10 19:49 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-02-10 19:49 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:49 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-02-10 19:49 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-02-10 19:49 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-02-10 19:49 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-02-10 19:49 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-02-10 19:49 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2015-02-10 19:49 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-02-10 19:48 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 19:48 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 19:48 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 19:48 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 19:48 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 19:48 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 19:48 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 19:48 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 19:48 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 19:48 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 19:48 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 19:48 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 19:48 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 19:48 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-02-10 19:48 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-02-10 19:48 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-02-10 19:48 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-02-10 19:48 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-02-10 19:48 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-02-10 19:48 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-02-10 19:48 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-02-10 19:48 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-02-10 19:48 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-02-10 19:48 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-02-10 19:48 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-02-10 19:48 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-02-10 19:48 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-02-10 19:48 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-02-10 19:48 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-02-10 19:48 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-02-10 19:48 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-02-10 19:48 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-02-10 19:48 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-02-10 19:48 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-02-10 19:48 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-02-10 19:48 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-02-10 19:48 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2015-02-10 19:48 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2015-02-10 19:48 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2015-02-10 19:48 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2015-02-10 19:48 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2015-02-10 19:48 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2015-02-10 19:48 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2015-02-10 19:48 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-02-10 19:48 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2015-02-10 19:48 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-02-10 19:48 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2015-02-10 19:48 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2015-02-10 19:48 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2015-02-10 19:48 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 19:48 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2015-02-10 19:48 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2015-02-10 19:48 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-02-10 19:48 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2015-02-10 19:48 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2015-02-08 22:52 - 2015-02-08 22:52 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Mozilla
2015-02-08 22:50 - 2015-02-08 22:50 - 00314016 _____ () C:\WINDOWS\system32\Drivers\atksgt.sys
2015-02-08 22:50 - 2015-02-08 22:50 - 00043680 _____ () C:\WINDOWS\system32\Drivers\lirsgt.sys
2015-02-08 22:50 - 2015-02-08 22:50 - 00000000 ____D () C:\ProgramData\Tages
2015-02-08 22:13 - 2015-02-08 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Puppeteer
2015-02-08 22:12 - 2015-02-08 22:12 - 00000000 ____D () C:\Program Files (x86)\Shadow Puppeteer
2015-02-08 20:53 - 2015-02-08 20:53 - 00081920 ___SH () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thumbs.db
2015-02-08 20:52 - 2015-02-08 20:52 - 00000000 ____D () C:\Users\Rocío\Documents\Korra
2015-02-08 19:19 - 2015-02-08 19:19 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box
2015-02-08 19:11 - 2015-02-08 19:26 - 00000000 ____D () C:\Program Files (x86)\Fable Anniversary
2015-02-08 11:38 - 2015-02-08 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
2015-02-08 11:31 - 2015-02-08 11:31 - 00000000 ____D () C:\Program Files (x86)\Focus Home Interactive
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-08 14:03 - 2014-01-08 21:24 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1576284644-675206908-386992093-1002
2015-03-08 13:57 - 2014-10-30 19:46 - 01082210 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-08 13:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-08 11:10 - 2014-03-26 10:03 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf48d24d4b450b.job
2015-03-08 11:10 - 2014-02-06 20:17 - 00000000 ____D () C:\Users\Rocío\Torrents
2015-03-08 10:46 - 2014-01-12 21:33 - 00000000 ____D () C:\Users\Rocío\CV
2015-03-08 10:42 - 2013-07-22 10:22 - 00243966 _____ () C:\WINDOWS\DirectX.log
2015-03-08 10:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-08 01:23 - 2014-01-31 22:53 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\uTorrent
2015-03-08 00:50 - 2014-02-12 00:05 - 00000000 ____D () C:\Users\Rocío\Desktop\juegos
2015-03-08 00:49 - 2013-07-10 17:53 - 00000000 ____D () C:\Users\Rocío\Desktop\mi gordita
2015-03-08 00:42 - 2014-02-20 20:01 - 00000000 ____D () C:\Users\Rocío\Downloads\The Search For Amelia Earhart [English][PC][WwW.GamesTorrents.CoM]
2015-03-08 00:29 - 2014-12-06 13:37 - 00092672 ___SH () C:\Users\Rocío\Downloads\Thumbs.db
2015-03-08 00:26 - 2014-11-10 22:55 - 00393216 ___SH () C:\Users\Rocío\Desktop\Thumbs.db
2015-03-08 00:26 - 2013-08-22 15:46 - 00316813 _____ () C:\WINDOWS\setupact.log
2015-03-08 00:25 - 2014-09-24 07:11 - 00028184 _____ () C:\WINDOWS\PFRO.log
2015-03-08 00:25 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-08 00:25 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-07 23:02 - 2014-01-09 19:54 - 00000000 ____D () C:\Users\Rocío\AppData\Local\Adobe
2015-03-07 22:26 - 2013-07-22 10:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-05 22:44 - 2014-02-04 20:55 - 00000000 ____D () C:\Users\Rocío\Desktop\pelis
2015-03-05 22:35 - 2014-04-12 10:43 - 00000000 ____D () C:\Users\Rocío\Desktop\Peppa pig
2015-03-05 22:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Performance
2015-03-05 21:06 - 2014-01-10 22:57 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForRocío
2015-03-05 21:06 - 2014-01-10 22:57 - 00000356 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForRocío.job
2015-03-05 20:32 - 2014-08-03 20:01 - 00000000 ____D () C:\Program Files (x86)\3DM-brokenage
2015-03-04 00:17 - 2014-01-09 19:43 - 00002208 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-04 00:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-03 22:06 - 2014-01-11 16:06 - 00000000 ____D () C:\Users\Rocío\Desktop\programas
2015-03-03 21:54 - 2014-10-30 19:56 - 00000000 ____D () C:\Users\Rocío
2015-03-03 21:11 - 2014-10-30 19:43 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-03 21:11 - 2014-06-24 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-03 21:11 - 2014-06-24 22:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-03 21:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinMetadata
2015-03-03 21:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-03-03 21:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-03 21:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-03 21:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-03 21:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-03 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2015-03-03 20:19 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-03 08:37 - 2014-01-30 21:14 - 00000000 ____D () C:\Users\Rocío\Desktop\mp3s
2015-03-02 20:16 - 2014-01-11 16:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-02 19:53 - 2014-12-19 17:51 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Nero
2015-03-02 00:01 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-03-01 23:47 - 2013-08-22 15:44 - 05160016 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-01 22:56 - 2014-01-11 21:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-01 22:29 - 2014-01-08 21:17 - 00000992 _____ () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 21:48 - 2013-09-30 22:58 - 00000000 ____D () C:\ProgramData\Temp
2015-03-01 21:31 - 2014-01-09 19:09 - 00000000 ____D () C:\Users\Rocío\AppData\Roaming\Malwarebytes
2015-03-01 19:00 - 2015-01-16 19:50 - 00000000 ____D () C:\Users\Rocío\Desktop\varios fotos ordenar
2015-03-01 18:59 - 2014-06-20 14:08 - 00000000 ____D () C:\Users\Rocío\Desktop\Trabajo
2015-03-01 17:12 - 2014-11-23 17:57 - 00018944 ___SH () C:\Users\Rocío\Thumbs.db
2015-02-27 23:48 - 2014-02-20 23:27 - 00000000 ____D () C:\Users\Rocío\Documents\My Games
2015-02-27 23:46 - 2013-09-30 22:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-27 23:33 - 2014-10-30 19:42 - 631743103 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-27 23:24 - 2015-01-16 19:51 - 00000000 ____D () C:\Users\Rocío\Desktop\pedido
2015-02-26 23:03 - 2014-02-01 23:57 - 00000000 ____D () C:\Users\Rocío\Documents\Broken Sword 5
2015-02-25 23:43 - 2014-01-17 16:32 - 00000000 ____D () C:\Program Files (x86)\PDF24
2015-02-25 23:42 - 2014-09-20 19:08 - 00000895 _____ () C:\Users\Rocío\Downloads\Descargas - Acceso directo.lnk
2015-02-25 18:48 - 2014-11-29 22:00 - 00000000 ____D () C:\Program Files (x86)\Memoria
2015-02-24 22:48 - 2014-02-03 22:07 - 00000000 ____D () C:\Users\Rocío\documental ovejero
2015-02-24 22:48 - 2014-01-12 18:47 - 00000000 ____D () C:\Users\Rocío\cds pajaros
2015-02-24 21:27 - 2015-01-16 19:52 - 00000000 ____D () C:\Users\Rocío\Desktop\varios
2015-02-18 23:59 - 2014-10-13 16:34 - 00000000 ____D () C:\Program Files\Adobe
2015-02-18 23:56 - 2014-10-13 16:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-15 23:51 - 2014-02-19 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
2015-02-15 23:51 - 2014-02-19 23:39 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2015-02-15 23:43 - 2014-03-15 23:23 - 00000000 ____D () C:\Users\Rocío\Documents\Art of Murder  -  The Hunt for the Puppeteer
2015-02-15 20:27 - 2014-05-31 13:42 - 00000000 ____D () C:\Users\Rocío\Documents\Electronic Arts
2015-02-11 22:26 - 2014-10-30 19:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-10 23:41 - 2014-12-07 23:11 - 00000000 ____D () C:\Program Files (x86)\The Night of the Rabbit
2015-02-10 23:40 - 2014-10-11 16:23 - 00000000 ____D () C:\Games
2015-02-08 20:53 - 2014-12-01 22:43 - 00000924 _____ () C:\Users\Rocío\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\cumple Rocío 2 añitos.lnk
2015-02-08 19:21 - 2014-12-14 11:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-02-08 19:20 - 2015-01-20 23:48 - 00000000 ____D () C:\Program Files (x86)\Gabriel Knight Sins of the Fathers
2015-02-08 19:20 - 2014-02-20 22:29 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
 
==================== Files in the root of some directories =======
 
2014-06-29 20:27 - 2014-06-29 20:27 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Rocío\Actualizacion_Renta2013_windows_1_20.exe
C:\Users\Rocío\Actualizacion_Renta2013_windows_1_21.exe
C:\Users\Rocío\dstwoupdate.dat
C:\Users\Rocío\ESRDiscPatcher.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-05 23:51
 
==================== End Of Log ============================


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 PM

Posted 08 March 2015 - 12:12 PM

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


Let's do a final check up:

Step 2


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 taekwondo2015

taekwondo2015
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 09 March 2015 - 05:06 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 01
Ran by Rocío at 2015-03-09 23:05:49 Run:2
Running from C:\Users\Rocío\Downloads
Loaded Profiles: Rocío (Available profiles: Rocío)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
*****************
 
esgiguard => Service deleted successfully.
 
==== End of Fixlog 23:05:49 ====


#14 taekwondo2015

taekwondo2015
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 09 March 2015 - 05:31 PM

I think my PC is working properly right now. 

 

No notifications from eset when I reboot.

 

Hitman pro gave as result several issues but I need them for some programs to work.

 

THANKS A LOT FOR YOUR HELP!!!!

 

:)  :)  :)  :)



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:16 PM

Posted 09 March 2015 - 05:46 PM

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java 8 Update 31



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users