Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm infected with this virus. Name: 27218346293184


  • Please log in to reply
3 replies to this topic

#1 laise91

laise91

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 27 April 2015 - 03:33 PM

First of all, I think that the virus is related to one of these programs Isobit, Advance care something and spyhunter. However, like a week or so I was  trying to install the adobe ilustrator program, and the program didn't initialized the installation process and that is weird.

Previously I did a help request in this section 

 

http://www.bleepingcomputer.com/forums/t/574544/help-tt-im-infected-with-27218346293184exe-virus-or-whatever-it-is/?p=3692261

 

However when I was trying to install the malware bytes program a runtime error popup and I could not finish the guidance she gave me, instead the user alex forward me to this section step. Thanks for your help. So, next are the logs :)


 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01
Ran by Quadcore (administrator) on QUADCORE-PC on 27-04-2015 15:16:32
Running from C:\Users\Quadcore\Desktop
Loaded Profiles: Quadcore & Administrador (Available profiles: Quadcore & Administrador)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FNet Co., Ltd.) C:\Program Files\XFastUSB\XFastUsb.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FNet Co., Ltd.) C:\Program Files\XFastUSB\XFastUsb.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Dropbox, Inc.) C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Malwarebytes Corporation                                    ) C:\Users\Quadcore\Downloads\mbam-setup-2.1.6.1022.exe
() C:\Users\Administrador\AppData\Local\Temp\is-JS3C9.tmp\mbam-setup-2.1.6.1022.tmp
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2145904 2011-02-22] (VIA)
HKLM\...\Run: [XFastUSB] => C:\Program Files\XFastUSB\XFastUsb.exe [5019360 2013-10-21] (FNet Co., Ltd.)
HKLM\...\Run: [EPSON Stylus CX4700 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EPSON Stylus CX4700 Series (Copiar 1)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EPSON Stylus CX4700 Series c12] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-09-30] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2014-03-24] (Logitech, Inc.)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {00854cf9-3e80-11e3-924e-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {00854d09-3e80-11e3-924e-bc5ff400a7ec} - G:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {00854d51-3e80-11e3-924e-001e101faa49} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {16f54905-a4c2-11e3-b6b1-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {16f54922-a4c2-11e3-b6b1-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {16f54957-a4c2-11e3-b6b1-001e101f50a4} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {21166a06-ac7f-11e3-99dd-bc5ff400a7ec} - F:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {246d54e1-5873-11e3-a0fb-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {2ed55a83-515d-11e4-ba89-001e101fb4df} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {2ed55a90-515d-11e4-ba89-001e101fb4df} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {37eb2114-9f16-11e3-b507-cdeb976eb9d2} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {37eb2123-9f16-11e3-b507-f94773773de8} - F:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {37eb2150-9f16-11e3-b507-f94773773de8} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {4967715e-9004-11e3-b3fb-001e101fabdd} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {4967716e-9004-11e3-b3fb-001e101fabdd} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {496771aa-9004-11e3-b3fb-001e101fabdd} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {5faf9bdf-4c64-11e3-8956-001e101f8ed0} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {5faf9bf3-4c64-11e3-8956-001e101f8ed0} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {78894ec9-548d-11e4-8ec0-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {aa2f1855-4a06-11e3-95fd-001e101f1ed9} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {b9760029-652f-11e4-a3be-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {cda8afda-65aa-11e4-9d31-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {cda8afea-65aa-11e4-9d31-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {cda8b01f-65aa-11e4-9d31-001e101f57d0} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {d2e0a10b-9293-11e3-aef0-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {d2e0a11a-9293-11e3-aef0-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {edb470bf-9f12-11e3-b27f-99cdd54cb0c5} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {f58b37b1-89ca-11e3-8a6c-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {fb306dcd-a840-11e3-b4bc-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {fb306ddf-a840-11e3-b4bc-001e101f7f74} - E:\AutoRun.exe
IFEO\ASCService.exe: [Debugger] nsjw.exe
IFEO\ASCTray.exe: [Debugger] nsjw.exe
IFEO\avcenter.exe: [Debugger] nsjw.exe
IFEO\avguard.exe: [Debugger] nsjw.exe
IFEO\avp.exe: [Debugger] nsjw.exe
IFEO\bdagent.exe: [Debugger] nsjw.exe
IFEO\ccuac.exe: [Debugger] nsjw.exe
IFEO\ComboFix.exe: [Debugger] nsjw.exe
IFEO\egui.exe: [Debugger] nsjw.exe
IFEO\hijackthis.exe: [Debugger] nsjw.exe
IFEO\keyscrambler.exe: [Debugger] nsjw.exe
IFEO\LiveUpdate.exe: [Debugger] nsjw.exe
IFEO\mbam.exe: [Debugger] nsjw.exe
IFEO\MpCmdRun.exe: [Debugger] nsjw.exe
IFEO\MSASCui.exe: [Debugger] nsjw.exe
IFEO\MsMpEng.exe: [Debugger] nsjw.exe
IFEO\msseces.exe: [Debugger] nsjw.exe
IFEO\spybotsd.exe: [Debugger] nsjw.exe
IFEO\SSScheduler.exe: [Debugger] nsjw.exe
IFEO\wireshark.exe: [Debugger] nsjw.exe
IFEO\zlclient.exe: [Debugger] nsjw.exe
InternetURL: C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url -> C:\ProgramData\27218346293184.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-03-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
Startup: C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-21]
ShortcutTarget: Dropbox.lnk -> C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
InternetURL: C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url -> C:\ProgramData\27218346293184.exe
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/es-pe/?ocid=iehp
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: bestadblocker -> {380707c5-15a2-4d30-98cd-8bfc19be8bdd} -> C:\Program Files\bestadblocker\CNW2suTnqDi0l2.dll No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-07] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-07] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{E226904E-A8C6-42C9-A839-696FF746EEA1}: [NameServer] 190.121.224.3 190.121.224.4
Tcpip\..\Interfaces\{F035570D-9363-4138-A3DF-76DB7584679E}: [NameServer] 190.121.224.3 190.121.224.4
 
FireFox:
========
FF ProfilePath: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8o88du80.default-1419284120088
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-07] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll [2008-03-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @rim.com/npappworld -> C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll [2012-10-24] ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2172032273-4216305309-2282011400-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Quadcore\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )
FF user.js: detected! => C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8o88du80.default-1419284120088\user.js [2015-04-23]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8o88du80.default-1419284120088\Extensions\iobitascsurfingprotection@iobit.com [2015-04-23]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8o88du80.default-1419284120088\Extensions\firefox-hotfix@mozilla.org.xpi [2014-12-22]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-28]
FF HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-16]
CHR Extension: (Google Docs) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-16]
CHR Extension: (Google Drive) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-16]
CHR Extension: (YouTube) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-16]
CHR Extension: (Google Search) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-16]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2014-12-16]
CHR Extension: (Google Sheets) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-16]
CHR Extension: (AdBlock) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-16]
CHR Extension: (Bookmark Manager) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-16]
CHR Extension: (Gmail) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-16]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [X]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\Users\Quadcore\Desktop\Nueva carpeta\bin\a2ddax86.sys [22056 2015-04-27] (Emsisoft GmbH)
R3 cleanhlp; C:\Users\Quadcore\Desktop\Nueva carpeta\bin\cleanhlp32.sys [50200 2015-04-27] (Emsisoft GmbH)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29760 2015-04-25] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2013-10-21] (FNet Co., Ltd.)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2011-02-25] (Huawei Technologies Co., Ltd.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [67184 2013-10-21] (Atheros Communications, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-29] (Malwarebytes Corporation)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [895592 2011-05-09] (Realtek Semiconductor Corporation                           )
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [33024 2013-05-19] (Scarlet.Crush Productions)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184216 2014-12-02] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1801328 2011-02-17] (VIA Technologies, Inc.)
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-27 15:16 - 2015-04-27 15:17 - 00027423 _____ () C:\Users\Quadcore\Desktop\FRST.txt
2015-04-27 15:16 - 2015-04-27 15:16 - 00000000 ____D () C:\FRST
2015-04-27 15:14 - 2015-04-27 15:13 - 01140736 _____ (Farbar) C:\Users\Quadcore\Desktop\FRST.exe
2015-04-27 15:13 - 2015-04-27 15:13 - 01140736 _____ (Farbar) C:\Users\Quadcore\Downloads\FRST.exe
2015-04-27 13:22 - 2015-04-27 13:23 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Quadcore\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-27 13:09 - 2015-04-27 13:09 - 00072704 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2015-04-27 13:09 - 2015-04-27 13:09 - 00000342 _____ () C:\Windows\system32\eamclean.dat
2015-04-27 12:02 - 2015-04-27 13:16 - 00000000 ____D () C:\Users\Quadcore\Desktop\Nueva carpeta
2015-04-27 12:02 - 2015-04-27 12:02 - 00000870 _____ () C:\Users\Quadcore\Desktop\Start Emsisoft Emergency Kit.lnk
2015-04-27 11:55 - 2015-04-27 12:01 - 154931864 _____ () C:\Users\Quadcore\Downloads\EmsisoftEmergencyKit.exe
2015-04-27 11:53 - 2015-04-27 12:03 - 00000000 ____D () C:\Users\Quadcore\Desktop\rkill
2015-04-27 11:52 - 2015-04-27 11:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Quadcore\Downloads\rkill.com
2015-04-27 11:41 - 2015-04-27 11:47 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Macromedia
2015-04-27 11:41 - 2015-04-27 11:41 - 00001397 _____ () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-27 11:41 - 2015-04-27 11:41 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Logitech
2015-04-27 11:41 - 2015-04-27 11:41 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\Epson
2015-04-27 11:41 - 2015-04-27 11:41 - 00000000 ____D () C:\Users\Administrador\AppData\Roaming\ArcSoft
2015-04-27 11:41 - 2015-04-27 11:41 - 00000000 ____D () C:\Users\Administrador\AppData\Local\Google
2015-04-27 11:41 - 2015-04-27 11:41 - 00000000 ____D () C:\Users\Administrador\AppData\Local\ArcSoft
2015-04-27 11:40 - 2015-04-27 11:41 - 00000000 ____D () C:\Users\Administrador
2015-04-27 11:40 - 2015-04-27 11:40 - 00000020 ___SH () C:\Users\Administrador\ntuser.ini
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\Reciente
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\Plantillas
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\Mis documentos
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\Menú Inicio
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\Impresoras
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\Entorno de red
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\Documents\Mis vídeos
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\Documents\Mis imágenes
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\Documents\Mi música
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\Datos de programa
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\Configuración local
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\AppData\Local\Historial
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\AppData\Local\Datos de programa
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 _SHDL () C:\Users\Administrador\AppData\Local\Archivos temporales de Internet
2015-04-27 11:40 - 2009-07-13 23:42 - 00000000 ___RD () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-27 11:40 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-26 18:29 - 2015-04-26 18:29 - 00000000 ____D () C:\Users\Quadcore\Downloads\Transistor - (2014) PC - RELOADED
2015-04-26 18:27 - 2015-04-26 18:27 - 00181750 _____ () C:\Users\Quadcore\Downloads\Transistor_-_(2014)_PC_-_RELOADED.torrent
2015-04-25 21:05 - 2015-04-25 21:05 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\Autodesk
2015-04-25 21:05 - 2015-04-25 21:05 - 00000000 ____D () C:\ProgramData\Autodesk
2015-04-25 01:42 - 2015-04-25 01:42 - 00000000 ____D () C:\Users\Quadcore\Tracing
2015-04-24 10:20 - 2015-04-24 10:20 - 00373991 _____ () C:\Users\Quadcore\Desktop\mail migralaise91@live.html
2015-04-23 19:53 - 2015-04-23 19:53 - 01175712 _____ () C:\Users\Quadcore\Downloads\DS4Windows.-.J2K.v1.4.25 (1).zip
2015-04-23 19:51 - 2015-04-23 19:51 - 01175712 _____ () C:\Users\Quadcore\Downloads\DS4Windows.-.J2K.v1.4.25.zip
2015-04-23 06:29 - 2015-04-23 06:32 - 69554176 _____ () C:\Users\Quadcore\Downloads\eav_nt32_esl (1).msi
2015-04-23 06:00 - 2015-04-23 06:00 - 00000000 ____D () C:\Windows\system32\Adobe
2015-04-23 05:59 - 2015-04-23 06:00 - 05008664 _____ (Adobe Systems Inc.) C:\Users\Quadcore\Downloads\Shockwave_Installer_Slim.exe
2015-04-23 05:28 - 2015-04-23 06:40 - 03708958 _____ () C:\Users\Quadcore\Downloads\presentacion creatividad Luis adolfo.pptx
2015-04-23 05:25 - 2015-04-27 13:11 - 00000840 _____ () C:\Windows\setupact.log
2015-04-23 05:25 - 2015-04-23 05:25 - 00002814 _____ () C:\Windows\PFRO.log
2015-04-23 05:25 - 2015-04-23 05:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-23 05:09 - 2015-04-23 05:09 - 00000000 ____D () C:\MATS
2015-04-23 05:06 - 2015-04-23 05:06 - 00347816 _____ (Microsoft Corporation) C:\Users\Quadcore\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.8235323937724573.2.1.Run.exe
2015-04-23 05:04 - 2015-04-23 05:04 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-04-23 05:04 - 2015-04-23 05:04 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\Apple Computer
2015-04-23 05:04 - 2015-04-23 05:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-04-23 05:04 - 2015-04-23 05:04 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-23 05:04 - 2015-04-23 05:04 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-04-23 05:02 - 2015-04-23 05:02 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\ProductData
2015-04-23 05:01 - 2015-04-23 05:05 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-23 05:01 - 2015-04-23 05:04 - 00000000 ____D () C:\ProgramData\IObit
2015-04-23 05:01 - 2015-04-23 05:04 - 00000000 ____D () C:\Program Files\IObit
2015-04-23 05:01 - 2015-04-23 05:03 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\IObit
2015-04-23 05:01 - 2015-04-23 05:01 - 00001214 _____ () C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-04-23 05:01 - 2015-04-23 05:01 - 00000272 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Quadcore.job
2015-04-23 05:01 - 2015-04-23 05:01 - 00000000 ____D () C:\Users\Quadcore\AppData\IObit
2015-04-23 04:40 - 2015-04-23 04:40 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-23 04:39 - 2015-04-23 05:14 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2015-04-23 04:38 - 2015-04-23 04:42 - 69554176 _____ () C:\Users\Quadcore\Downloads\eav_nt32_esl.msi
2015-04-23 03:24 - 2015-04-23 05:09 - 00000000 ____D () C:\sh4ldr
2015-04-23 03:24 - 2015-04-23 03:24 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-04-23 03:23 - 2015-04-23 03:23 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-04-23 00:32 - 2015-04-23 00:32 - 00181483 _____ () C:\Users\Quadcore\Downloads\EL VIAJE DE APOLO ENTREVISTA CORREGIDO.pptx
2015-04-23 00:18 - 2015-04-23 00:18 - 00155806 _____ () C:\Users\Quadcore\Downloads\viajeapolo.pptx
2015-04-22 23:45 - 2015-04-22 23:45 - 00516892 _____ () C:\Users\Quadcore\Downloads\el viaje de apolo ppt final (1).pptx
2015-04-22 23:21 - 2015-04-22 23:21 - 00514740 _____ () C:\Users\Quadcore\Downloads\el viaje de apolo ppt final.pptx
2015-04-22 22:57 - 2015-04-22 22:57 - 00072110 _____ () C:\Users\Quadcore\Downloads\Estructura y Elementos.pptx
2015-04-22 22:25 - 2015-04-22 22:25 - 02276993 _____ () C:\Users\Quadcore\Downloads\Promoción.pptx
2015-04-22 21:29 - 2015-04-22 21:29 - 00045991 _____ () C:\Users\Quadcore\Downloads\Presentación1.pptx
2015-04-22 19:24 - 2015-04-22 19:24 - 00181209 _____ () C:\Users\Quadcore\Downloads\EL VIAJE DE APOLO ENTREVISTA.pptx
2015-04-21 11:22 - 2015-04-21 11:25 - 00000077 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Transcoder.Exception.log
2015-04-21 11:22 - 2015-04-21 11:23 - 00022016 _____ () C:\Users\Quadcore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-21 09:14 - 2015-04-21 09:14 - 00070392 _____ () C:\Users\Quadcore\Downloads\2015.xlsx
2015-04-21 05:41 - 2015-04-21 09:35 - 00000000 ____D () C:\Users\Quadcore\AppData\Local\Temporary Projects
2015-04-20 11:01 - 2015-04-20 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatchInpaint
2015-04-20 11:01 - 2015-04-20 11:01 - 00000000 ____D () C:\Program Files\BatchInpaint
2015-04-20 11:00 - 2015-04-20 11:00 - 09310095 _____ (teorex ) C:\Users\Quadcore\Downloads\BatchInpaintSetup.exe
2015-04-20 08:05 - 2015-04-20 08:05 - 00000000 ____D () C:\ProgramData\RegRun
2015-04-20 08:04 - 2015-04-20 08:07 - 00000000 ____D () C:\Users\Quadcore\Documents\RegRun2
2015-04-20 08:04 - 2015-04-20 08:04 - 00000002 RSHOT () C:\Windows\winstart.bat
2015-04-20 08:02 - 2015-04-20 08:03 - 16735931 _____ () C:\Users\Quadcore\Downloads\unhackme.zip
2015-04-20 00:07 - 2015-04-22 01:45 - 00000000 ____D () C:\Users\Quadcore\Desktop\VIDEOSND
2015-04-19 23:26 - 2015-04-19 23:26 - 00000000 ____D () C:\pfs_Up
2015-04-19 21:03 - 2015-04-19 21:03 - 00000000 ____D () C:\Users\Quadcore\AppData\Adobe Illustrator CS6
2015-04-19 20:32 - 2015-04-27 13:09 - 00000000 ___HD () C:\{$1284-9213-2940-1289$}
2015-04-19 12:26 - 2015-04-19 12:26 - 00000000 ____D () C:\ProgramData\aodobamnppinampfphflchckgcpkchig
2015-04-19 12:25 - 2015-04-19 22:52 - 00000000 ____D () C:\ProgramData\{055f4833-d10f-6d47-055f-f4833d1020cf}
2015-04-19 11:29 - 2008-07-10 19:28 - 00050200 _____ (Microsoft Corporation) C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2015-04-19 11:28 - 2008-07-10 19:28 - 00079896 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2015-04-19 11:27 - 2015-04-19 11:27 - 00000000 ____D () C:\Windows\system32\RsFx
2015-04-19 11:27 - 2015-04-19 11:27 - 00000000 ____D () C:\Windows\system32\1033
2015-04-19 11:25 - 2015-04-19 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2015-04-19 11:22 - 2015-04-19 11:22 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2015-04-19 11:22 - 2015-04-19 11:22 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-04-19 11:22 - 2015-04-19 11:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-04-19 11:18 - 2015-04-21 05:47 - 00000000 ____D () C:\Users\Quadcore\Documents\Visual Studio 2008
2015-04-19 11:18 - 2015-04-19 11:18 - 00001128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C# 2008 Express Edition.lnk
2015-04-19 11:17 - 2015-04-19 11:22 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2015-04-19 11:16 - 2015-04-19 11:16 - 00000000 ____D () C:\Program Files\Microsoft SDKs
2015-04-19 11:08 - 2015-04-19 11:09 - 02714112 _____ (Microsoft Corporation) C:\Users\Quadcore\Downloads\vcssetup.exe
2015-04-18 23:57 - 2012-07-20 10:05 - 00278056 _____ () C:\Users\Quadcore\Downloads\burnstown dam.ttf
2015-04-18 14:54 - 2015-04-18 14:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-04-18 14:50 - 2013-05-19 02:02 - 00033024 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys
2015-04-18 14:49 - 2015-04-24 06:37 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\DS4Windows
2015-04-18 14:37 - 2015-04-18 14:40 - 69999448 _____ (Microsoft Corporation) C:\Users\Quadcore\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2015-04-18 14:32 - 2015-04-18 14:32 - 01181824 _____ () C:\Users\Quadcore\Downloads\DS4Windows.zip
2015-04-18 14:31 - 2015-04-18 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-04-18 14:31 - 2015-04-18 14:31 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2015-04-18 14:30 - 2015-04-18 14:31 - 07480696 _____ (Microsoft Corporation) C:\Users\Quadcore\Downloads\Xbox360_32Esp.exe
2015-04-18 08:02 - 2015-04-18 08:02 - 00001817 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Bastion.lnk
2015-04-18 08:02 - 2015-04-18 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bastion
2015-04-18 08:01 - 2015-04-18 08:02 - 00000000 ____D () C:\Program Files\Bastion
2015-04-18 08:00 - 2015-04-18 08:00 - 00000000 ____D () C:\Program Files\Microsoft XNA
2015-04-18 08:00 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-04-18 08:00 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-04-18 08:00 - 2009-03-16 14:18 - 00069448 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-04-18 08:00 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-04-18 08:00 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-04-18 08:00 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-04-18 07:08 - 2015-04-18 07:40 - 791207424 _____ () C:\Users\Quadcore\Downloads\Bastion.msi
2015-04-17 02:26 - 2015-04-17 02:32 - 42821540 _____ () C:\Users\Quadcore\Desktop\El poder de soñar.avi
2015-04-17 01:50 - 2015-04-17 01:51 - 07475432 _____ () C:\Users\Quadcore\Downloads\Zona de comfort.mp4
2015-04-15 22:22 - 2015-04-15 22:22 - 00034904 _____ () C:\Users\Quadcore\Downloads\Pierina Montoya.xlsx
2015-04-15 22:22 - 2015-04-15 22:22 - 00015513 _____ () C:\Users\Quadcore\Downloads\Tarea 1 - Lógica Proposicional.xlsx
2015-04-14 19:11 - 2015-04-14 19:11 - 07415808 _____ () C:\Program Files\SUNATPDT.MDB
2015-04-13 18:40 - 2015-04-13 18:40 - 00024600 _____ () C:\Users\Quadcore\Downloads\20555949457_201503_01_42949269_r08.xml
2015-04-13 01:13 - 2015-04-13 01:13 - 00000000 ____D () C:\Users\Quadcore\Documents\BrokenAge
2015-04-13 00:48 - 2015-04-13 00:48 - 00000000 ____D () C:\Users\Quadcore\Downloads\Redist
2015-04-13 00:48 - 2014-04-11 11:02 - 00013908 _____ () C:\Users\Quadcore\Downloads\ReadMe.txt
2015-04-13 00:47 - 2014-06-25 15:59 - 634116481 _____ () C:\Users\Quadcore\Downloads\pdata.pck
2015-04-13 00:47 - 2014-06-25 15:59 - 09379746 _____ () C:\Users\Quadcore\Downloads\data.pck
2015-04-13 00:47 - 2014-06-25 15:59 - 05290496 _____ (Double Fine Productions, Inc.) C:\Users\Quadcore\Downloads\BrokenAge.exe
2015-04-13 00:46 - 2014-06-09 11:53 - 445657845 _____ () C:\Users\Quadcore\Downloads\audio.pck
2015-04-12 18:09 - 2015-04-12 18:09 - 00485679 _____ () C:\Users\Quadcore\Documents\Ahogo de luna presentación.pptx
2015-04-04 12:02 - 2015-04-04 12:04 - 51169547 _____ () C:\Users\Quadcore\Downloads\CLIP_1.mp4
2015-04-04 10:37 - 2015-04-04 10:41 - 105382372 _____ () C:\Users\Quadcore\Downloads\wetransfer-a1e15d.zip
2015-04-03 17:11 - 2015-04-03 17:12 - 07487910 _____ () C:\Users\Quadcore\Downloads\pseint-w32-20150312.exe
2015-04-02 01:17 - 2015-04-02 01:17 - 01230098 _____ () C:\Users\Quadcore\Downloads\avance viaje de apolo.pptx
2015-04-02 01:17 - 2015-04-02 01:17 - 01230098 _____ () C:\Users\Quadcore\Downloads\avance viaje de apolo (1).pptx
2015-04-02 01:16 - 2015-04-02 01:16 - 00010519 _____ () C:\Users\Quadcore\Downloads\precios 1.xlsx
2015-04-02 00:57 - 2015-04-02 01:18 - 00118755 _____ () C:\Users\Quadcore\Downloads\usbshow.zip
2015-04-01 21:13 - 2015-04-01 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2015-04-01 21:13 - 2015-04-01 21:13 - 00000000 ____D () C:\Program Files\Windows Phone
2015-04-01 21:11 - 2015-04-01 21:11 - 00000000 ____D () C:\ProgramData\Applications
2015-04-01 21:10 - 2015-04-01 21:10 - 06745792 _____ (Microsoft Corporation) C:\Users\Quadcore\Downloads\WindowsPhone.exe
2015-04-01 01:49 - 2015-04-01 01:50 - 20367761 _____ () C:\Users\Quadcore\Downloads\04 - Masahiro Sayama - Creature Creation.flac
2015-03-31 18:19 - 2015-03-31 18:19 - 00047616 _____ () C:\Users\Quadcore\Downloads\4_5_7.xls
2015-03-31 18:17 - 2015-03-31 18:18 - 00239616 _____ () C:\Users\Quadcore\Downloads\4_1_7.xls
2015-03-29 15:25 - 2015-03-29 15:26 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\Braid
2015-03-29 15:21 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-03-29 15:20 - 2015-03-29 15:20 - 00000925 _____ () C:\Users\Quadcore\Desktop\Braid.lnk
2015-03-29 15:20 - 2015-03-29 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Braid
2015-03-29 15:20 - 2015-03-29 15:20 - 00000000 ____D () C:\Program Files\Braid
2015-03-28 18:05 - 2015-03-28 18:11 - 124643573 _____ ( ) C:\Users\Quadcore\Downloads\braid_full_1015.exe
2015-03-28 18:05 - 2015-03-28 18:05 - 00000857 _____ () C:\Users\Quadcore\Desktop\µTorrent.lnk
2015-03-28 18:05 - 2015-03-28 18:05 - 00000837 _____ () C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-03-28 18:02 - 2015-03-28 18:03 - 01738064 _____ (BitTorrent Inc.) C:\Users\Quadcore\Downloads\uTorrent (1).exe
2015-03-28 18:01 - 2015-03-28 18:01 - 00009800 _____ () C:\Users\Quadcore\Downloads\braid_full_1015.exe.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-27 14:53 - 2013-09-27 16:20 - 01253450 _____ () C:\Windows\WindowsUpdate.log
2015-04-27 14:35 - 2013-10-21 09:30 - 00000000 ___RD () C:\Users\Quadcore\VANESSA
2015-04-27 13:19 - 2009-07-13 23:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-27 13:19 - 2009-07-13 23:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-27 13:16 - 2010-11-20 16:01 - 01814062 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-27 13:13 - 2015-03-21 02:07 - 00000000 ___RD () C:\Users\Quadcore\Dropbox
2015-04-27 13:13 - 2015-03-21 00:56 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\Dropbox
2015-04-27 13:12 - 2013-12-03 17:51 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-27 13:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\tracing
2015-04-27 13:09 - 2014-04-24 14:11 - 00000000 ____D () C:\Users\Quadcore\LUIS ADOLFO
2015-04-27 13:09 - 2014-03-13 18:42 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\Macromedia
2015-04-27 13:09 - 2013-10-21 14:04 - 00000000 ____D () C:\Windows\AutoKMS
2015-04-27 12:48 - 2013-10-21 10:06 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\Skype
2015-04-27 11:52 - 2015-03-21 02:07 - 00001029 _____ () C:\Users\Quadcore\Desktop\Dropbox.lnk
2015-04-27 11:52 - 2015-03-21 01:00 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-27 11:41 - 2009-07-13 23:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-27 02:01 - 2014-11-19 18:28 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\uTorrent
2015-04-26 15:38 - 2013-09-27 16:25 - 00001401 _____ () C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-26 15:34 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-25 20:58 - 2013-10-21 13:46 - 00029760 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETTBOH_305.SYS
2015-04-25 01:42 - 2013-09-27 16:25 - 00000000 ____D () C:\Users\Quadcore
2015-04-23 16:41 - 2014-01-12 14:30 - 00000000 ____D () C:\Users\Quadcore\MED_PERU
2015-04-23 05:20 - 2013-09-27 10:47 - 00000000 ____D () C:\Windows\Panther
2015-04-21 11:25 - 2015-03-07 12:49 - 00000308 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-04-21 11:25 - 2015-03-07 12:49 - 00000308 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Desktop.Exception.log
2015-04-21 11:06 - 2013-10-21 13:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-21 03:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-20 08:04 - 2009-07-13 21:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-04-20 08:04 - 2009-07-13 21:04 - 00001688 _____ () C:\Windows\system32\autoexec.nt
2015-04-19 22:36 - 2014-12-16 03:25 - 00001024 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 22:33 - 2013-10-21 09:38 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-19 22:15 - 2014-03-13 13:47 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-19 14:01 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-19 12:29 - 2014-12-16 03:25 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 12:29 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-19 11:27 - 2013-10-21 13:56 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-04-19 11:26 - 2013-10-26 15:52 - 00000000 ____D () C:\Users\Quadcore\AppData\Local\Adobe
2015-04-19 10:56 - 2009-07-13 23:33 - 00434744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-19 00:05 - 2013-10-21 13:58 - 00111920 _____ () C:\Users\Quadcore\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-17 10:40 - 2013-10-21 09:20 - 00000000 ____D () C:\Users\Quadcore\JACQUELINE
2015-04-17 09:38 - 2014-12-16 03:27 - 00002161 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-14 19:11 - 2014-05-09 18:16 - 00000355 _____ () C:\Windows\Pm000.INI
2015-04-14 16:53 - 2015-01-05 10:41 - 00018561 _____ () C:\Users\Quadcore\Documents\LIMA1.xlsx
2015-04-14 16:28 - 2014-10-24 21:53 - 00015308 _____ () C:\Users\Quadcore\Documents\Libro1vier24.xlsx
2015-04-14 12:15 - 2014-03-13 13:47 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-14 12:15 - 2014-03-13 13:47 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-02 08:45 - 2014-11-17 20:41 - 00000000 ___RD () C:\Program Files\Skype
2015-04-02 08:45 - 2013-10-21 10:06 - 00000000 ____D () C:\ProgramData\Skype
2015-04-02 08:44 - 2009-07-13 23:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-02 01:19 - 2015-03-06 19:31 - 00000000 ____D () C:\Users\Quadcore\VALENTINA
2015-03-31 16:38 - 2014-09-15 14:47 - 00000000 ____D () C:\MAMA2
 
==================== Files in the root of some directories =======
 
2014-06-10 13:43 - 2014-06-10 13:43 - 0008237 _____ () C:\Program Files\062120140401LA53F2330841H4FGF18FAA3CLD303BEGBHKCBA60I679.ZIP
2014-11-10 20:55 - 2014-11-10 20:55 - 0007975 _____ () C:\Program Files\062120141001I23EH13LFGHM7H625K51FJ6CLD303BEGBHKCBA60ACCC.ZIP
2015-01-09 20:17 - 2015-01-09 20:17 - 0007989 _____ () C:\Program Files\06212014120043A0A0FHGBJ00L537E6D1D5CLD303BEGBHKCBA60ACCC.ZIP
2014-05-09 18:16 - 2013-06-10 15:24 - 0040960 _____ (SUNAT) C:\Program Files\20530.exe
2014-05-09 18:16 - 2000-07-17 10:58 - 0024576 _____ (SUNAT) C:\Program Files\Compacta.exe
2014-05-09 18:16 - 2003-01-06 10:07 - 0016848 _____ () C:\Program Files\error_.txt
2014-05-09 18:16 - 2005-02-03 16:29 - 0114688 _____ (S U N A T) C:\Program Files\Exonera.exe
2014-05-09 18:16 - 2002-01-22 10:14 - 0000969 _____ () C:\Program Files\Leeme.txt
2014-05-09 18:37 - 2015-02-10 20:55 - 0000000 _____ () C:\Program Files\Mens.txt
2014-05-09 18:16 - 2015-02-10 20:32 - 0004828 _____ () C:\Program Files\MENU_PM.txt
2014-05-09 18:16 - 2011-02-14 11:22 - 0897024 _____ (S U N A T) C:\Program Files\pdt00.exe
2014-05-09 18:16 - 2000-01-13 13:34 - 0086016 _____ (S U N A T) C:\Program Files\PDTActPa.exe
2014-05-09 18:16 - 2013-05-31 13:55 - 0507904 _____ (S U N A T) C:\Program Files\PDTEnvio.exe
2014-05-09 18:16 - 2013-05-06 17:26 - 0221184 _____ (S U N A T) C:\Program Files\PDTRegDe.exe
2014-05-09 18:16 - 2002-12-06 13:28 - 0000277 _____ () C:\Program Files\Pm000.INI
2014-05-09 18:16 - 1999-07-05 18:32 - 0077824 _____ () C:\Program Files\pm000.mdw
2014-05-09 18:16 - 2007-03-02 10:37 - 1093632 _____ (SUNAT) C:\Program Files\pmModDoc.exe
2014-05-09 18:16 - 2004-12-15 10:16 - 0098304 _____ (SUNAT) C:\Program Files\pmModEPS.exe
2014-05-09 18:16 - 2011-01-03 08:24 - 1638400 _____ (SUNAT) C:\Program Files\pmTraDer.exe
2014-05-09 18:16 - 2013-06-10 14:00 - 0020480 _____ (SUNAT) C:\Program Files\Repara.exe
2014-05-09 18:16 - 2011-01-28 08:42 - 0125738 _____ () C:\Program Files\SUNATPDT.HLP
2015-04-14 19:11 - 2015-04-14 19:11 - 7415808 _____ () C:\Program Files\SUNATPDT.MDB
2015-03-07 12:49 - 2015-04-21 11:25 - 0000308 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Desktop.Exception.log
2015-03-07 12:46 - 2015-03-07 12:46 - 0001147 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-03-07 12:49 - 2015-04-21 11:25 - 0000308 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-04-21 11:22 - 2015-04-21 11:25 - 0000077 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Transcoder.Exception.log
2015-04-21 11:22 - 2015-04-21 11:23 - 0022016 _____ () C:\Users\Quadcore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-28 17:51 - 2015-02-28 17:51 - 0000001 _____ () C:\Users\Quadcore\AppData\Local\llftool.4.30.agreement
2013-11-01 14:13 - 2015-02-02 19:36 - 0007597 _____ () C:\Users\Quadcore\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\Quadcore\AppData\Local\Temp\AcDeltree.exe
C:\Users\Quadcore\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppo5pjf.dll
C:\Users\Quadcore\AppData\Local\Temp\SHSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 12:04
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2015 01
Ran by Quadcore at 2015-04-27 15:17:34
Running from C:\Users\Quadcore\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-2172032273-4216305309-2282011400-500 - Administrator - Enabled) => C:\Users\Administrador
Invitado (S-1-5-21-2172032273-4216305309-2282011400-501 - Limited - Enabled)
Quadcore (S-1-5-21-2172032273-4216305309-2282011400-1000 - Administrator - Enabled) => C:\Users\Quadcore
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\uTorrent) (Version: 3.4.2.39744 - BitTorrent Inc.)
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
ArcSoft WebCam Companion 4 (HKLM\...\{12450631-3289-40F7-AEC3-F6DCB6E1BDCF}) (Version: 4.0.20.365 - ArcSoft)
Ashampoo Burning Studio 12 v.12.0.1 (HKLM\...\Ashampoo Burning Studio 12_is1) (Version: 12.0.1 - Ashampoo GmbH & Co. KG)
Bastion (HKLM\...\{7AF3D8F2-B2C2-4F8B-AFA4-C90001F56B1A}) (Version: 1.0.2 - Supergiant Games)
BatchInpaint 2.2 (HKLM\...\{BA413735-865A-4BF5-AAD2-B4D2998ED019}}_is1) (Version:  - teorex)
BlackBerry App World Browser Plugin (HKLM\...\{AC094FFF-963F-4E8A-96BE-D1E7EFC9DF67}) (Version: 4.2.0.12 - Research In Motion Limited)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Braid (Version 1.015) (HKLM\...\Braid_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Compresor WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
DIGITEL 3G (HKLM\...\DIGITEL 3G) (Version: DIGITEL 3G - )
Dolby Axon - 1.5.1.1 (HKLM\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Download Navigator (HKLM\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
Dropbox (HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM\...\{79D0F056-39DE-4FDD-83FD-1554CE2C6443}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM\...\EEPPPlugIn) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Facebook Plug-In (HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
GOM Player (HKLM\...\GOM Player) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.3.0.118 - IObit)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Codec Pack 4.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.1.0 - )
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware versión 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.30401.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{D9D937B0-E842-4130-9588-B948E876904A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{825E2AB1-4502-4A51-8C52-D8D3398BE9D2}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 es-ES) (HKLM\...\Mozilla Firefox 33.1.1 (x86 es-ES)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
Programa de Declaración Telemática (HKLM\...\{A6E23415-7BA4-4CA3-99DA-B7F9D33E1F5B}) (Version:  - )
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VIA Administrador de dispositivos de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
VideoPad, software para edición de vídeo (HKLM\...\VideoPad) (Version: 3.88 - NCH Software)
Windows Phone app for desktop (HKLM\...\{3549ACF5-2BE0-4FCC-8D3A-15B4342DE901}) (Version: 1.1.2726.0 - Microsoft Corporation)
XFastUSB (HKLM\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Quadcore\AppData\Local\Temp\3150\temp\Adobe illustrator cs6 Serial number Crack Rar Downloa (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
18-04-2015 07:59:45 Installed Microsoft XNA Framework Redistributable 3.1
18-04-2015 08:00:23 Installed Bastion
18-04-2015 14:31:25 Se ha instalado DirectX
18-04-2015 14:50:55 Instalación del paquete de controladores de dispositivo: Scarlet.Crush Productions Dispositivos del sistema
23-04-2015 03:23:43 Installed SpyHunter
23-04-2015 04:38:37 Removed SpyHunter
23-04-2015 04:48:50 Removed SpyHunter
26-04-2015 15:16:13 Instalador de Módulos de Windows
26-04-2015 15:33:54 Instalador de Módulos de Windows
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {026167A7-81B7-4F85-84C6-DF8ADB9B9FA9} - System32\Tasks\{A65F4792-8E8B-4229-ADAE-1A17A240EE07} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-26] (SEIKO EPSON CORP.)
Task: {2040AADC-F9E5-4491-9F25-46C838D1406C} - System32\Tasks\{6456999E-8C68-44F9-B7B6-BA85245BE273} => pcalua.exe -a "C:\Program Files\DIGITEL 3G\uninst.exe"
Task: {25F9E0FE-18A4-4F6F-AEE6-7D867F9184C2} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {360F7E94-1C29-4C96-BEDD-6C57607B6410} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {39AFAAF7-41C2-48F0-8ED9-49B732B7F881} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {56B59EC8-9AFE-4F39-B179-4CD9ED168C64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-16] (Google Inc.)
Task: {765FDC23-0D1B-4421-86CD-E508659A3CC4} - System32\Tasks\{3B7EE954-677F-4944-B31D-0B60764C5005} => pcalua.exe -a "E:\DIGITEL 3G\Setup.exe" -d "E:\DIGITEL 3G"
Task: {7B846188-6138-4355-93C2-86DCE9950233} - System32\Tasks\{EECCAC8D-3900-4A1F-A0D3-509E898E0A8C} => C:\Program Files\pdt00.exe [2011-02-14] (S U N A T)
Task: {9046B0BE-5D10-4748-919B-82E36437785B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9A20B8F8-2E08-4B19-B211-1937EC2BD673} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-16] (Google Inc.)
Task: {A76203FE-C2DC-4316-8A50-AEC67B2BA139} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {BD0E07EE-6606-4931-8874-0A3DD5E5DA78} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Quadcore-PC-Quadcore Quadcore-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {CDE25A00-9DD9-43D2-B7A0-AA2A7C921ED2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {E344CB69-8FFC-462C-9E66-52AF7AAF0329} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F855ACC9-F948-4734-B7B9-0457DD2FB83D} - System32\Tasks\{1B5F9C2C-C268-43A7-A882-1B5ADD28E87F} => pcalua.exe -a "C:\Users\Quadcore\MED_PERU\IGV\PROGRAMA TELEMATICO NUEVO\igvrta.exe" -d "C:\Users\Quadcore\MED_PERU\IGV\PROGRAMA TELEMATICO NUEVO"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Quadcore.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-03-14 10:27 - 2011-03-14 10:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2013-10-21 13:44 - 2011-02-22 13:32 - 00080496 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2013-10-21 13:44 - 2011-02-22 13:32 - 00113264 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2013-10-21 13:44 - 2011-02-22 13:32 - 00623216 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2013-10-21 13:40 - 2007-05-22 10:29 - 00128512 _____ () C:\Program Files\WinRAR\rarext.dll
2015-04-27 13:12 - 2015-04-27 13:12 - 00043008 _____ () c:\users\quadcore\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppo5pjf.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00750080 _____ () C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00047616 _____ () C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00865280 _____ () C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00200704 _____ () C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-27 13:32 - 2015-04-27 13:32 - 00706560 _____ () C:\Users\Administrador\AppData\Local\Temp\is-JS3C9.tmp\mbam-setup-2.1.6.1022.tmp
2007-05-11 00:50 - 2007-05-11 00:50 - 00017024 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\viewerps.dll
2015-04-17 09:38 - 2015-04-13 16:55 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-17 09:38 - 2015-04-13 16:55 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-17 09:38 - 2015-04-13 16:55 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2172032273-4216305309-2282011400-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{8C897590-EF70-4564-ACEC-D5CB842F3D96}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C1A86759-5BCD-46BF-8E0C-8E121503D48F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{965FC50B-8A1D-45C8-A507-AAFC0F1617A3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6F983658-EF50-40C1-83D9-6EBAE11D306C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D8F04CDA-11B3-47E0-8659-F7B53F81870E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{85553BCA-E960-49C0-B085-2063AE91F6FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\outlook.exe
FirewallRules: [TCP Query User{4508DB02-1700-4B09-8A22-5977E69BA6EE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{F4254BF5-7D45-4F8B-AECD-05A6CD2F513D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{9655445B-CA1F-4E0A-8AE4-B232C37B5EC2}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B1EDB53F-9ED4-48ED-9FF3-86A3F75DE268}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{5E3C65D8-EA95-45DD-9376-0C4A97217FB1}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{3EB2DF51-ACD0-43EF-A3C6-78CA0910859A}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{B7A46E60-1789-4D8F-A29F-B8F7AF11B366}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B3B6AB17-41AA-484A-9343-CB899104436C}C:\program files\java\jre1.6.0_05\bin\javaw.exe] => (Allow) C:\program files\java\jre1.6.0_05\bin\javaw.exe
FirewallRules: [UDP Query User{566CBDB2-9166-4989-89D7-2D020AF282F1}C:\program files\java\jre1.6.0_05\bin\javaw.exe] => (Allow) C:\program files\java\jre1.6.0_05\bin\javaw.exe
FirewallRules: [{D48DB54F-7290-4FB6-91AD-FC0CEE4B39EB}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C110E11C-4233-462D-A2CD-3FA2AFBA67C1}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{96136388-F633-47D6-A1EE-727183A44CEF}] => (Allow) LPort=4481
FirewallRules: [{832F96A0-0568-4D11-8A11-F37F60967AC5}] => (Allow) LPort=4481
FirewallRules: [{19E89A14-EEAE-43B1-887B-E48180B0C705}] => (Allow) LPort=4482
FirewallRules: [{F7F981B6-04B8-4E82-AA67-DA14A6B5E5F6}] => (Allow) LPort=4482
FirewallRules: [{7EE630A2-954F-4145-8D56-B911064AB5FF}] => (Allow) C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6B605F9F-C49D-45AA-997F-E3C5F69E39FF}] => (Allow) C:\Users\Quadcore\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CB5BA1E2-6856-4DE2-98F7-4CF4D1C64549}] => (Allow) C:\Program Files\DolbyAxon\Axon.exe
FirewallRules: [{C15CCE0D-2C03-46D4-B9F5-00C2A331A28B}] => (Allow) C:\Program Files\DolbyAxon\Axon.exe
FirewallRules: [{8CF1FB63-592F-4D78-A620-9D94FB895C16}] => (Allow) C:\Users\Quadcore\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{36F987D6-3694-4A91-9BDC-180E6E1F8DF7}] => (Allow) C:\Users\Quadcore\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE357BEB-3942-4FA1-88DF-E8A8BF6434AD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2498AB43-398A-48D1-BA30-5C05E6CC61DC}] => (Allow) C:\Program Files\UnHackMe\Unhackme.exe
FirewallRules: [{919C4F2D-3F0A-43E0-B13C-F334A075D495}] => (Allow) C:\Program Files\UnHackMe\Unhackme.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/27/2015 01:33:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: KHALMNPR.EXE, versión: 5.80.4.0, marca de tiempo: 0x5330b43b
Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17514, marca de tiempo: 0x4ce7b96e
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00052ca9
Id. del proceso con errores: 0xd08
Hora de inicio de la aplicación con errores: 0xKHALMNPR.EXE0
Ruta de acceso de la aplicación con errores: KHALMNPR.EXE1
Ruta de acceso del módulo con errores: KHALMNPR.EXE2
Id. del informe: KHALMNPR.EXE3
 
Error: (04/27/2015 01:26:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa mbam-setup-2.1.6.1022.tmp, versión 51.52.0.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 15e4
 
Hora de inicio: 01d081174bf4b92f
 
Hora de finalización: 4
 
Ruta de acceso de la aplicación: C:\Users\Quadcore\AppData\Local\Temp\is-MSTT0.tmp\mbam-setup-2.1.6.1022.tmp
 
Identificador de informe:
 
Error: (04/27/2015 01:13:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/27/2015 11:41:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/27/2015 11:39:55 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: No se pudo crear el punto de restauración (proceso = C:\Windows\servicing\TrustedInstaller.exe; descripción = Instalador de Módulos de Windows; error = 0x8007043c).
 
Error: (04/27/2015 10:46:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/27/2015 10:40:24 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Detalles:
Se devolvió esta operación porque se agotó el tiempo de espera.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (04/27/2015 10:36:23 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Detalles:
Se devolvió esta operación porque se agotó el tiempo de espera.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (04/27/2015 10:32:11 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Detalles:
Se devolvió esta operación porque se agotó el tiempo de espera.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (04/27/2015 10:28:10 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Detalles:
Se devolvió esta operación porque se agotó el tiempo de espera.  (HRESULT : 0x800705b4) (0x800705b4)
 
 
System errors:
=============
Error: (04/27/2015 01:12:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio LiveUpdate no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (04/27/2015 01:12:03 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: El servicio SNMP detectó un error al tener acceso a la clave del Registro SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error: (04/27/2015 01:11:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Advanced SystemCare Service 8 no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (04/27/2015 01:11:54 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Se deshabilitaron algunas características de administración de energía en estado de rendimiento del procesador debido a un problema conocido de firmware. Consulte al fabricante del equipo si hay firmware actualizado.
 
Error: (04/27/2015 11:39:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio LiveUpdate no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (04/27/2015 11:39:22 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: El servicio SNMP detectó un error al tener acceso a la clave del Registro SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
 
Error: (04/27/2015 11:39:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Advanced SystemCare Service 8 no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (04/27/2015 11:39:10 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Se deshabilitaron algunas características de administración de energía en estado de rendimiento del procesador debido a un problema conocido de firmware. Consulte al fabricante del equipo si hay firmware actualizado.
 
Error: (04/27/2015 11:40:01 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084VSS{0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
 
Error: (04/27/2015 10:51:12 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}
 
 
Microsoft Office Sessions:
=========================
Error: (04/27/2015 01:33:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: KHALMNPR.EXE5.80.4.05330b43bntdll.dll6.1.7601.175144ce7b96ec000000500052ca9d0801d08115b090ae34C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Windows\SYSTEM32\ntdll.dlle2c13c10-ed0b-11e4-89d4-bc5ff400a7ec
 
Error: (04/27/2015 01:26:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam-setup-2.1.6.1022.tmp51.52.0.015e401d081174bf4b92f4C:\Users\Quadcore\AppData\Local\Temp\is-MSTT0.tmp\mbam-setup-2.1.6.1022.tmp
 
Error: (04/27/2015 01:13:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/27/2015 11:41:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/27/2015 11:39:55 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeInstalador de Módulos de Windows0x8007043c
 
Error: (04/27/2015 10:46:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/27/2015 10:40:24 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Detalles:
Se devolvió esta operación porque se agotó el tiempo de espera.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (04/27/2015 10:36:23 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Detalles:
Se devolvió esta operación porque se agotó el tiempo de espera.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (04/27/2015 10:32:11 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Detalles:
Se devolvió esta operación porque se agotó el tiempo de espera.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (04/27/2015 10:28:10 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Detalles:
Se devolvió esta operación porque se agotó el tiempo de espera.  (HRESULT : 0x800705b4) (0x800705b4)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 84%
Total physical RAM: 2013.09 MB
Available physical RAM: 318.18 MB
Total Pagefile: 4026.17 MB
Available Pagefile: 1928.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:338.43 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3A2E3A2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:20 PM

Posted 01 May 2015 - 08:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This is the type o infection we are dealing with.
http://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2014-042113-4446-99
I strongly suggest you change all your passwords.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(Malwarebytes Corporation                                    ) C:\Users\Quadcore\Downloads\mbam-setup-2.1.6.1022.exe
() C:\Users\Administrador\AppData\Local\Temp\is-JS3C9.tmp\mbam-setup-2.1.6.1022.tmp
IFEO\ASCService.exe: [Debugger] nsjw.exe
IFEO\ASCTray.exe: [Debugger] nsjw.exe
IFEO\avcenter.exe: [Debugger] nsjw.exe
IFEO\avguard.exe: [Debugger] nsjw.exe
IFEO\avp.exe: [Debugger] nsjw.exe
IFEO\bdagent.exe: [Debugger] nsjw.exe
IFEO\ccuac.exe: [Debugger] nsjw.exe
IFEO\ComboFix.exe: [Debugger] nsjw.exe
IFEO\egui.exe: [Debugger] nsjw.exe
IFEO\hijackthis.exe: [Debugger] nsjw.exe
IFEO\keyscrambler.exe: [Debugger] nsjw.exe
IFEO\LiveUpdate.exe: [Debugger] nsjw.exe
IFEO\mbam.exe: [Debugger] nsjw.exe
IFEO\MpCmdRun.exe: [Debugger] nsjw.exe
IFEO\MSASCui.exe: [Debugger] nsjw.exe
IFEO\MsMpEng.exe: [Debugger] nsjw.exe
IFEO\msseces.exe: [Debugger] nsjw.exe
IFEO\spybotsd.exe: [Debugger] nsjw.exe
IFEO\SSScheduler.exe: [Debugger] nsjw.exe
IFEO\wireshark.exe: [Debugger] nsjw.exe
IFEO\zlclient.exe: [Debugger] nsjw.exe
InternetURL: C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url -> C:\ProgramData\27218346293184.exe
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
InternetURL: C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.com.url -> C:\ProgramData\27218346293184.exe
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: bestadblocker -> {380707c5-15a2-4d30-98cd-8bfc19be8bdd} -> C:\Program Files\bestadblocker\CNW2suTnqDi0l2.dll No File
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL No File
FF user.js: detected! => C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8o88du80.default-1419284120088\user.js [2015-04-23]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8o88du80.default-1419284120088\Extensions\iobitascsurfingprotection@iobit.com [2015-04-23]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2014-12-16]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [X]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe" [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Quadcore\AppData\Local\Temp\AcDeltree.exe
C:\Users\Quadcore\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppo5pjf.dll
C:\Users\Quadcore\AppData\Local\Temp\SHSetup.exe
C:\ProgramData\27218346293184.exe
C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8o88du80.default-1419284120088\Extensions\iobitascsurfingprotection@iobit.com 
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Chrome was compromised I suggest you remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>


How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:20 PM

Posted 06 May 2015 - 10:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:20 PM

Posted 10 May 2015 - 09:43 AM

This topic has been re-opened at the request of the person who originally posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users