Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD when playing basic games: HJT log


  • This topic is locked This topic is locked
6 replies to this topic

#1 fruit2006

fruit2006

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 05 September 2015 - 05:47 PM

Hello buddies,

I have a serious problem with my pc and I'm trying to find wether is software or hardware. I almost all the time use the pc for simple browsing, but lately I decided to play terraria (The less graphic-oriented gam ever created) and I'm getting crashes everytime after a while because of a 100% use of disk and memory. I find disturbing that even when i have no programs open, i have around 50% disk usage, so I'm suspecting malware. My pc is a Lenove with an I3 processor, nvidia graphics and 4gb ram, so I believe i should have not a single problem running a game, specially a soft one like terraria. I'm posting my log, if someone can help me out I'd be eternally in debt with him.

 

-deleted code for space-

 
 
Inb4 any help, thank you very much!

Edited by fruit2006, 06 September 2015 - 11:13 AM.


BC AdBot (Login to Remove)

 


#2 fruit2006

fruit2006
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 05 September 2015 - 05:47 PM

.


Edited by fruit2006, 06 September 2015 - 11:13 AM.


#3 fruit2006

fruit2006
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 05 September 2015 - 05:53 PM

Please delete this thread, it duplicated



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 AM

Posted 06 September 2015 - 10:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

p.s.
HijackThis is no longer supported and is not ready for 64 bit system.
I suggest your remove it Using the Add/Remove programs applet.
Use the Farbar tool from now on to report problems.
<<<>>>

Both of your topics were merged.

#5 fruit2006

fruit2006
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 06 September 2015 - 11:28 AM

Looks like i'm outdated and rusty in malware topics  :smash: . Just scanned my pc, here are the logs:

 

Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-09-2015

Ran by Eduardo (2015-09-06 13:24:20)
Running from C:\Users\Eduardo\Downloads
Windows 8.1 Single Language (X64) (2014-08-12 18:04:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-2116820475-2171392899-1723000193-500 - Administrator - Disabled)
Eduardo (S-1-5-21-2116820475-2171392899-1723000193-1002 - Administrator - Enabled) => C:\Users\Eduardo
HomeGroupUser$ (S-1-5-21-2116820475-2171392899-1723000193-1006 - Limited - Enabled)
Invitado (S-1-5-21-2116820475-2171392899-1723000193-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2116820475-2171392899-1723000193-1002\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
Actualización de NVIDIA 2.5.14.5 (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS PC Link (HKLM-x32\...\{077B24F1-B87A-4C57-AE35-E463A389D7FE}_is1) (Version: 1.22.24.1212 - ASUSTEK)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.67.1076 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dropbox (HKU\S-1-5-21-2116820475-2171392899-1723000193-1002\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Guía del usuario (x32 Version: 1.0.0.17 - Lenovo) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.54.2 - HTC)
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.1.5 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.2.1863 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.8.382 - Native Instruments)
NVIDIA Controlador de gráficos 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 355.82 (Version: 355.82 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Paquete de controladores de Windows - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.0.38816 - Grinding Gear Games)
POD2_0 (HKLM-x32\...\POD2_0) (Version:  - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.102 - Skype Technologies S.A.)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stata 13 (HKLM-x32\...\{217BE429-022D-4094-960F-0376E1CBE13E}) (Version: 13.0 - StataCorp LP)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.0 - Synaptics Incorporated)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Zatacka 0.1.7 (HKLM-x32\...\Zatacka_is1) (Version:  - Mage)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll No File
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll No File
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
22-08-2015 12:47:16 Quitado NVIDIA PhysX
29-08-2015 20:18:38 Punto de control programado
05-09-2015 19:53:30 Removed The Sims 3
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08C22B7D-0185-431B-A84C-81A493E968B0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {134C4A2A-3726-4D55-A05B-BACAEC0D1F1E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {2664DF24-FC21-4CA1-8B72-556ED509143C} - System32\Tasks\{7BDEC357-1B8E-4A7A-A0B0-E8779F9A9121} => pcalua.exe -a "C:\Program Files\Adobe\Adobe Illustrator CC (64 Bit)\Support Files\Contents\Windows\Illustrator.exe" -d "C:\Program Files\Adobe\Adobe Illustrator CC (64 Bit)\Support Files\Contents\Windows"
Task: {3519C385-DCB9-411C-BDD5-494424E84903} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2116820475-2171392899-1723000193-1002Core => C:\Users\Eduardo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-05] (Facebook Inc.)
Task: {37C9A416-244D-4BF3-9A4B-D107D67EBF96} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2116820475-2171392899-1723000193-1002Core => C:\Users\Eduardo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {424DC95A-47FA-4D8B-9270-77CE97558459} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {5F248B13-C470-4FC2-B16E-5195EE24DD8B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-13] (Synaptics Incorporated)
Task: {5F8D9781-6ECC-47E5-9182-179B891672BF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for EMONTES-Eduardo EMONTES => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {766D4911-6A04-419A-8F32-773305C17C71} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {77B98C16-46BC-4BBD-B7AF-88860CA8BBC1} - System32\Tasks\{714AFE36-A356-4768-9DDB-2F1B86F3B298} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {804201D0-7080-4DD9-831A-CC0C70A45080} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {828E228F-39E6-42A7-A51E-710BF9EE4349} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {9CF5F103-92BF-4CD7-9196-CCD82801C5DA} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2014-08-17] ()
Task: {BAF41C4C-02CC-4205-AFEE-2D235B948AE0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2116820475-2171392899-1723000193-1002UA => C:\Users\Eduardo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-05] (Facebook Inc.)
Task: {DBBCF31C-9E33-4F64-944F-55B786362838} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EDBA446A-4868-453F-94DF-4063B0CB8097} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2116820475-2171392899-1723000193-1002UA => C:\Users\Eduardo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {F33201FB-EC09-4554-93E6-F83FA44BD318} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F6441A03-8380-45E2-B76B-7FF56E4EC847} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2116820475-2171392899-1723000193-1002Core.job => C:\Users\Eduardo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2116820475-2171392899-1723000193-1002UA.job => C:\Users\Eduardo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2116820475-2171392899-1723000193-1002Core.job => C:\Users\Eduardo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2116820475-2171392899-1723000193-1002UA.job => C:\Users\Eduardo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-11-27 19:56 - 2015-08-25 15:46 - 00011896 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-11-27 19:57 - 2015-08-25 11:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-17 00:17 - 2014-08-17 00:17 - 03727360 _____ () C:\WINDOWS\AutoKMS\AutoKMS.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-11-27 20:30 - 2013-11-27 20:30 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-11-27 20:30 - 2013-11-27 20:30 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2012-10-01 21:36 - 2012-10-01 21:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-14 15:37 - 2015-07-14 15:37 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-09-07 06:48 - 2013-09-07 06:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 06:45 - 2013-09-07 06:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 06:52 - 2013-09-07 06:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-10-09 21:46 - 2013-09-19 18:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-07-14 15:37 - 2015-07-14 15:37 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-07-14 15:39 - 2015-07-14 15:39 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-08-22 12:29 - 2015-08-26 21:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-09-06 13:20 - 2015-09-06 13:20 - 00071168 _____ () c:\users\eduardo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgxenbt.dll
2015-03-04 18:45 - 2015-08-05 02:26 - 00012800 _____ () C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 18:45 - 2015-08-05 02:26 - 00779776 _____ () C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 00:36 - 2015-08-05 02:26 - 00056320 _____ () C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 18:45 - 2015-08-05 02:26 - 00012288 _____ () C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-09-05 20:16 - 2015-08-27 21:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-05 20:16 - 2015-08-27 21:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2013-11-27 19:56 - 2015-08-25 15:46 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-11-27 19:59 - 2013-08-08 18:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Eduardo\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Eduardo\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Eduardo\SkyDrive.old:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2116820475-2171392899-1723000193-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Eduardo\AppData\Roaming\Microsoft\Windows Photo Viewer\Papel tapiz de Visualizador de fotos de Windows.jpg
DNS Servers: 200.75.0.4 - 200.75.25.224
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3FDB67DC-90F2-42F2-9716-0E8ECDA47622}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{30C3C8A6-D6BD-46E2-8C0F-EABA453B0039}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{37629BC0-2BA0-4E12-939A-4488B31D3C37}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{B18FC807-D3CB-4291-9783-CA626036E38A}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6240ACFE-4217-46B4-8380-200CFBAFCA83}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{801BA2DC-9A68-4386-B954-E034BAA90381}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{CA9349A8-E184-4E37-A3A6-DE21C3C7CBE3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{40EED857-648F-4292-98BE-1F887552C41B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31DC9A2F-DD2A-45F8-98E0-30058846650E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3B00E431-16E4-4236-B610-6B53F9E08964}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B9C3A19-4E90-4974-BC8A-159EBD06094E}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1D415BF2-E2C6-4D4C-84BA-6DBDC7FDBD78}] => (Allow) C:\Users\Eduardo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{713964FA-8F01-45D0-9B83-8352DADF3151}] => (Allow) C:\Users\Eduardo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDEBB250-9C47-477E-BBB8-53F8C383AE6E}] => (Allow) C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8D62779B-4060-45A5-9B14-043B86E25619}] => (Allow) C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F9158712-D169-4A54-BC37-4F06F70E3AEE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5F9353BF-B74B-4C3D-AC29-01C8B8F1463C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{3290F01F-404D-4CB5-9D62-C0035F188D23}C:\users\eduardo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\eduardo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{024CD91E-4ECF-4453-83F4-3DE1264D382C}C:\users\eduardo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\eduardo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{00C2F068-81E9-4B27-8499-3EAD5150ECBF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{0D39D74D-7644-469C-8152-B3E484024E67}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{7110CE7D-FD13-4DB2-9811-02A46AD90B48}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E916AA11-E593-4279-9058-A5C7EA34CA23}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4E28BBE5-52E4-4CA5-801E-63856D0F6F34}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{C90DC4A3-79CE-48AD-AB59-42E4EAE49B1F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{12BF64B4-2D82-4F57-A6C4-BC2B9740B405}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{539FE6A5-8F8F-4FBF-A78B-1E16AABEEC8B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3391971B-001B-4429-AB19-AC128A0AB869}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{10E99EC5-9CDD-45A8-9344-BA314FECAB79}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{2B97D520-8CAC-4B17-8300-7CDD97BCCFA2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{775A7F3D-8FA0-46CA-86CC-AB5F5E1FD08C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8B8D97F5-E0DA-4DA0-9D4B-8F5FA9288B11}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{228A2A5F-6A32-476D-945F-20AE9C2778BC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4D47D457-E9D4-454D-9D83-5A286712A01F}] => (Allow) C:\Users\Eduardo\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{D603F532-BDB5-445B-8A1D-C3625E43741C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{02A151F6-D9FC-43CA-B5B8-578EDF2183FF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{49795751-7E09-4049-AEBB-FEF034B6FF78}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{63AFC618-A6D3-4393-8A95-3001548EB2E3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{08E8E440-8E55-497B-A229-A92EC2A87260}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{12C11077-95FF-43D1-BBD8-E409CC056DEC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{02A8F768-73A8-46AB-AAED-EFD65307E2E8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{DCD622E2-3785-4666-8AC2-F9DB904C035D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{0796B34C-401A-4175-8019-710F054D9699}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{06CAA92A-5BF3-4AD6-83C4-0E7ED7A5E49D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [TCP Query User{7D62E9CB-0821-47B1-9204-C80E92714F9E}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{20D92872-4262-419A-B21C-3F6C0C9C7AC3}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{75D23B1D-E2E7-4982-B9CE-FFA6BF7E3C51}] => (Block) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{8DFA431A-7F7D-46C1-B207-EA878F364331}] => (Block) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{CF3402C5-3C8B-4BB4-A1DD-C8601590C428}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{CE2E3C5C-E224-4F0E-AC59-D5F2D3ADAE85}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{034560F6-262F-457A-9581-BA5B30A0DFEE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{E69309E6-0DA5-4AA9-B508-B3DF4C9ADAFE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{A78750D9-79B0-4EC7-9518-9E67F4A19CD3}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{44DCAABA-6E98-41BC-8A9D-606132521012}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{BFCBF4F4-D5F2-45F4-B388-419D4315E441}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{546DA4CD-1519-4131-B908-9BA7EF4FDEE3}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{8E799694-1145-42B9-81C1-EF03C3FF1F9C}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{00498AA5-EDE6-4F96-8757-EEAC641B6B23}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{B5C61B86-C160-4F2D-9FF9-A36E6072EBF5}] => (Block) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{8ABC4454-CC43-4F6A-B9CA-4B8D90FB5940}] => (Block) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{F4E64D42-BBF7-448E-B7A7-0444DD2CC5F1}] => (Block) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [{68C2D0FC-FB1F-4809-B51B-FE3871AC5CB9}] => (Block) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [{0688FF63-47FD-499F-9338-A4AD3866769A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{DDCACD35-1164-400F-862B-DE8D600CD438}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{7136508D-4973-4920-907B-B42117B1E4B8}C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [UDP Query User{753762BE-8C9F-4C58-B954-6AB5103F624F}C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [{D4747748-817A-4960-9174-F489682B7180}] => (Block) C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [{F79B4CC4-19BD-4F06-A14F-944782B00948}] => (Block) C:\program files (x86)\steam\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [{6134AC3E-04BA-4568-BFC6-C3382EDD4F7D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{A5BBF720-8F92-4CBE-AF95-F6740CCC2954}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{AF8676BC-D76F-48D2-9D40-7C1E21A1C835}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{75CCFFFE-433E-4455-84E7-C740C9EE35E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [TCP Query User{8605F7D2-2827-454E-A471-60BCADFA85D3}C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe
FirewallRules: [UDP Query User{1E27D29F-287F-4BAB-BC3A-BAA319ABFB29}C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe
FirewallRules: [{33D54478-ACBB-472D-A6AE-626667F4B269}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{6F9C4C87-7FFF-4734-BBCC-8450574EA95F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [TCP Query User{DD99FBD8-23EF-4AB2-A239-695933F911A7}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{42189AC0-C050-4F87-922E-AA404CD6184C}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{ABE41A13-F7E3-438B-AD30-83F4394B5FBD}C:\users\eduardo\appdata\local\temp\rar$exa0.341\age2_x1.exe] => (Block) C:\users\eduardo\appdata\local\temp\rar$exa0.341\age2_x1.exe
FirewallRules: [UDP Query User{C33BB846-486A-4FFE-B86E-4655FCA0A38F}C:\users\eduardo\appdata\local\temp\rar$exa0.341\age2_x1.exe] => (Block) C:\users\eduardo\appdata\local\temp\rar$exa0.341\age2_x1.exe
FirewallRules: [TCP Query User{6F50B391-45D8-466E-8F2C-E9B956CF5355}C:\users\eduardo\documents\age\age2_x1.exe] => (Block) C:\users\eduardo\documents\age\age2_x1.exe
FirewallRules: [UDP Query User{2A0C5B82-9BCC-457D-BFB5-2BEF65A4F693}C:\users\eduardo\documents\age\age2_x1.exe] => (Block) C:\users\eduardo\documents\age\age2_x1.exe
FirewallRules: [TCP Query User{642C9DA1-595C-4B6D-B98C-811AE7D49B57}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{909A4466-AC39-4883-B270-5A7F75723EC7}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{BCFAC1A7-9EAF-4154-BCE6-84B72AEA13FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe
FirewallRules: [{9A5593DC-E974-44B9-92C7-0DFC8ABFD7D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age of Mythology\Launcher.exe
FirewallRules: [{1D6CF1C8-B6A2-46FA-86AF-92AFB2D5A26D}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{DFA039A2-E057-41F1-8731-D15EF2544CF4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{38DA381A-59C6-4C07-9951-B7F6D6A93BD7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3A4EFB92-740A-406C-818B-0FBD34F6A773}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8222035B-7280-4D6C-B84E-3CC3017436D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5D831A15-87C2-4F84-A9D5-AE8E51A80FB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2B749A4B-FB4B-4447-B099-B77B441FC746}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A57D94FE-A37C-415F-A8B1-A257DBB51F70}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{48488160-E3DD-44CB-B6C3-2EDD355977CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{F86CF4B4-7FC9-45C3-9F3A-B465BF624B9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{C2350316-0616-41DA-86B3-DA1D34F75E72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{20E5CDC0-1DEA-48A6-B6AF-5C85ECEB5E96}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe
FirewallRules: [{A568CF97-B6CA-4762-A77A-CE377074523E}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/06/2015 01:21:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Avira.OE.ServiceHost.exe, versión: 1.1.25.25607, marca de tiempo: 0x5447ad7e
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.3.9600.16384, marca de tiempo: 0x52158f2d
Código de excepción: 0xe0434352
Desplazamiento de errores: 0x00013d67
Identificador del proceso con errores: 0x16b0
Hora de inicio de la aplicación con errores: 0xAvira.OE.ServiceHost.exe0
Ruta de acceso de la aplicación con errores: Avira.OE.ServiceHost.exe1
Ruta de acceso del módulo con errores: Avira.OE.ServiceHost.exe2
Identificador del informe: Avira.OE.ServiceHost.exe3
Nombre completo del paquete con errores: Avira.OE.ServiceHost.exe4
Identificador de aplicación relativa del paquete con errores: Avira.OE.ServiceHost.exe5
 
Error: (09/06/2015 01:21:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.TypeInitializationException
Pila:
   en NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   en NLog.LogFactory.get_Configuration()
   en NLog.LogFactory.GetLogger(LoggerCacheKey)
   en NLog.LogFactory.GetLogger(System.String)
   en NLog.LogManager.GetLogger(System.String)
   en Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   en Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   en Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   en Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/06/2015 01:21:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Avira.OE.ServiceHost.exe, versión: 1.1.25.25607, marca de tiempo: 0x5447ad7e
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.3.9600.16384, marca de tiempo: 0x52158f2d
Código de excepción: 0xe0434352
Desplazamiento de errores: 0x00013d67
Identificador del proceso con errores: 0x14dc
Hora de inicio de la aplicación con errores: 0xAvira.OE.ServiceHost.exe0
Ruta de acceso de la aplicación con errores: Avira.OE.ServiceHost.exe1
Ruta de acceso del módulo con errores: Avira.OE.ServiceHost.exe2
Identificador del informe: Avira.OE.ServiceHost.exe3
Nombre completo del paquete con errores: Avira.OE.ServiceHost.exe4
Identificador de aplicación relativa del paquete con errores: Avira.OE.ServiceHost.exe5
 
Error: (09/06/2015 01:21:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.TypeInitializationException
Pila:
   en NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   en NLog.LogFactory.get_Configuration()
   en NLog.LogFactory.GetLogger(LoggerCacheKey)
   en NLog.LogFactory.GetLogger(System.String)
   en NLog.LogManager.GetLogger(System.String)
   en Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   en Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   en Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   en Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/06/2015 01:20:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Avira.OE.Systray.exe, versión: 1.1.25.25617, marca de tiempo: 0x5447ad92
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.3.9600.16384, marca de tiempo: 0x52158f2d
Código de excepción: 0xe0434352
Desplazamiento de errores: 0x00013d67
Identificador del proceso con errores: 0xfbc
Hora de inicio de la aplicación con errores: 0xAvira.OE.Systray.exe0
Ruta de acceso de la aplicación con errores: Avira.OE.Systray.exe1
Ruta de acceso del módulo con errores: Avira.OE.Systray.exe2
Identificador del informe: Avira.OE.Systray.exe3
Nombre completo del paquete con errores: Avira.OE.Systray.exe4
Identificador de aplicación relativa del paquete con errores: Avira.OE.Systray.exe5
 
Error: (09/06/2015 01:20:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.Systray.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.Configuration.ConfigurationErrorsException
Pila:
   en System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   en System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   en System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
   en System.Configuration.ConfigurationManager.GetSection(System.String)
   en System.Configuration.ConfigurationManager.get_AppSettings()
   en Avira.OE.WinCore.OeProductInfo.get_Culture()
   en Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   en Avira.OE.Systray.Program.Main(System.String[])
 
Error: (09/06/2015 01:20:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Avira.OE.ServiceHost.exe, versión: 1.1.25.25607, marca de tiempo: 0x5447ad7e
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.3.9600.16384, marca de tiempo: 0x52158f2d
Código de excepción: 0xe0434352
Desplazamiento de errores: 0x00013d67
Identificador del proceso con errores: 0x920
Hora de inicio de la aplicación con errores: 0xAvira.OE.ServiceHost.exe0
Ruta de acceso de la aplicación con errores: Avira.OE.ServiceHost.exe1
Ruta de acceso del módulo con errores: Avira.OE.ServiceHost.exe2
Identificador del informe: Avira.OE.ServiceHost.exe3
Nombre completo del paquete con errores: Avira.OE.ServiceHost.exe4
Identificador de aplicación relativa del paquete con errores: Avira.OE.ServiceHost.exe5
 
Error: (09/06/2015 01:19:50 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.TypeInitializationException
Pila:
   en NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   en NLog.LogFactory.get_Configuration()
   en NLog.LogFactory.GetLogger(LoggerCacheKey)
   en NLog.LogFactory.GetLogger(System.String)
   en NLog.LogManager.GetLogger(System.String)
   en Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   en Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   en Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   en Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/05/2015 08:44:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Avira.OE.Systray.exe, versión: 1.1.25.25617, marca de tiempo: 0x5447ad92
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.3.9600.16384, marca de tiempo: 0x52158f2d
Código de excepción: 0xe0434352
Desplazamiento de errores: 0x00013d67
Identificador del proceso con errores: 0x1040
Hora de inicio de la aplicación con errores: 0xAvira.OE.Systray.exe0
Ruta de acceso de la aplicación con errores: Avira.OE.Systray.exe1
Ruta de acceso del módulo con errores: Avira.OE.Systray.exe2
Identificador del informe: Avira.OE.Systray.exe3
Nombre completo del paquete con errores: Avira.OE.Systray.exe4
Identificador de aplicación relativa del paquete con errores: Avira.OE.Systray.exe5
 
Error: (09/05/2015 08:44:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.Systray.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.Configuration.ConfigurationErrorsException
Pila:
   en System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   en System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   en System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
   en System.Configuration.ConfigurationManager.GetSection(System.String)
   en System.Configuration.ConfigurationManager.get_AppSettings()
   en Avira.OE.WinCore.OeProductInfo.get_Culture()
   en Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   en Avira.OE.Systray.Program.Main(System.String[])
 
 
System errors:
=============
Error: (09/06/2015 01:21:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Avira Service Host se terminó de manera inesperada. Esto ha sucedido 3 veces.
 
Error: (09/06/2015 01:21:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Avira Service Host terminó inesperadamente. Esto se ha repetido 2 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.
 
Error: (09/06/2015 01:20:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Avira Service Host terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.
 
Error: (09/06/2015 01:18:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Windows Search no pudo iniciarse debido al siguiente error: 
%%3
 
Error: (09/06/2015 01:18:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Steam Client Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (09/06/2015 01:18:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.
 
Error: (09/06/2015 01:18:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel® Dynamic Application Loader Host Interface Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (09/06/2015 01:18:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel® Rapid Storage Technology se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (09/06/2015 01:18:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio iPod Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (09/06/2015 01:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel® Integrated Clock Controller Service - Intel® ICCS se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
 
Microsoft Office:
=========================
Error: (09/06/2015 01:21:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.25.256075447ad7eKERNELBASE.dll6.3.9600.1638452158f2de043435200013d6716b001d0e8c00e8e0a3eC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll4c5e59bf-54b3-11e5-82a3-40f02f39c8aa
 
Error: (09/06/2015 01:21:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.TypeInitializationException
Pila:
   en NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   en NLog.LogFactory.get_Configuration()
   en NLog.LogFactory.GetLogger(LoggerCacheKey)
   en NLog.LogFactory.GetLogger(System.String)
   en NLog.LogManager.GetLogger(System.String)
   en Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   en Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   en Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   en Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/06/2015 01:21:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.25.256075447ad7eKERNELBASE.dll6.3.9600.1638452158f2de043435200013d6714dc01d0e8c005cd8343C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll443bce32-54b3-11e5-82a3-40f02f39c8aa
 
Error: (09/06/2015 01:21:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.TypeInitializationException
Pila:
   en NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   en NLog.LogFactory.get_Configuration()
   en NLog.LogFactory.GetLogger(LoggerCacheKey)
   en NLog.LogFactory.GetLogger(System.String)
   en NLog.LogManager.GetLogger(System.String)
   en Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   en Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   en Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   en Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/06/2015 01:20:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.25.256175447ad92KERNELBASE.dll6.3.9600.1638452158f2de043435200013d67fbc01d0e8bfea294dbaC:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll32be37c3-54b3-11e5-82a3-40f02f39c8aa
 
Error: (09/06/2015 01:20:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.Systray.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.Configuration.ConfigurationErrorsException
Pila:
   en System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   en System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   en System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
   en System.Configuration.ConfigurationManager.GetSection(System.String)
   en System.Configuration.ConfigurationManager.get_AppSettings()
   en Avira.OE.WinCore.OeProductInfo.get_Culture()
   en Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   en Avira.OE.Systray.Program.Main(System.String[])
 
Error: (09/06/2015 01:20:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.25.256075447ad7eKERNELBASE.dll6.3.9600.1638452158f2de043435200013d6792001d0e8bfd4cc13cbC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll22290798-54b3-11e5-82a3-40f02f39c8aa
 
Error: (09/06/2015 01:19:50 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.TypeInitializationException
Pila:
   en NLog.Common.InternalLogger.Debug(System.String, System.Object[])
   en NLog.LogFactory.get_Configuration()
   en NLog.LogFactory.GetLogger(LoggerCacheKey)
   en NLog.LogFactory.GetLogger(System.String)
   en NLog.LogManager.GetLogger(System.String)
   en Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
   en Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
   en Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
   en Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/05/2015 08:44:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.25.256175447ad92KERNELBASE.dll6.3.9600.1638452158f2de043435200013d67104001d0e834dee176cdC:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll1e3b087f-5428-11e5-82a2-40f02f39c8aa
 
Error: (09/05/2015 08:44:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.Systray.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.Configuration.ConfigurationErrorsException
Pila:
   en System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   en System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   en System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
   en System.Configuration.ConfigurationManager.GetSection(System.String)
   en System.Configuration.ConfigurationManager.get_AppSettings()
   en Avira.OE.WinCore.OeProductInfo.get_Culture()
   en Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
   en Avira.OE.Systray.Program.Main(System.String[])
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 3993.77 MB
Available physical RAM: 1953.84 MB
Total Virtual: 7993.77 MB
Available Virtual: 5540.9 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:214.2 GB) (Free:104.74 GB) NTFS
Drive f: (Música y Películas) (Fixed) (Total:237.41 GB) (Free:52.41 GB) NTFS
Drive g: (OFFICE14) (CDROM) (Total:0.71 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0E50AA48)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-09-2015

Ran by Eduardo (administrator) on EMONTES (06-09-2015 13:22:53)
Running from C:\Users\Eduardo\Downloads
Loaded Profiles: Eduardo (Available Profiles: Eduardo)
Platform: Windows 8.1 Single Language (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\AutoKMS\AutoKMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_fa1dc1539b4180d8\TiWorker.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Oleg N. Scherbakov) C:\Windows\Temp\InstallTAPAdapter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2013-11-27] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-11-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKU\S-1-5-21-2116820475-2171392899-1723000193-1002\...\Run: [Facebook Update] => C:\Users\Eduardo\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-05] (Facebook Inc.)
HKU\S-1-5-21-2116820475-2171392899-1723000193-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2116820475-2171392899-1723000193-1002\...\Run: [Dropbox Update] => C:\Users\Eduardo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-08-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155792 2015-08-25] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Eduardo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{7D2B3948-6753-44CA-8EB4-D8343E85654C}: [DhcpNameServer] 190.160.0.15 200.30.192.14 200.83.1.5
Tcpip\..\Interfaces\{C898B5AD-491C-44D9-B0E6-71673097829A}: [DhcpNameServer] 200.75.0.4 200.75.25.224
 
Internet Explorer:
==================
HKU\S-1-5-21-2116820475-2171392899-1723000193-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2116820475-2171392899-1723000193-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2116820475-2171392899-1723000193-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2116820475-2171392899-1723000193-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-2116820475-2171392899-1723000193-1002 -> DefaultScope {DDE48A25-5285-42DD-AE9F-A06EEF90DFBB} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-25] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2116820475-2171392899-1723000193-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Eduardo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2116820475-2171392899-1723000193-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.cl_
CHR DefaultSuggestURL: Default -> 
CHR Plugin: (YouTube) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Eduardo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Profile: C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-11-26]
CHR Extension: (Google Docs) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-12]
CHR Extension: (Google Drive) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-12]
CHR Extension: (YouTube) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-12]
CHR Extension: (Adblock Plus) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-12]
CHR Extension: (Google Search) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-12]
CHR Extension: (Game of Thrones: Stark) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbafmmdkmpcojanmmfaehohbhdcilag [2015-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-08-12]
CHR Extension: (Cuevana Stream) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg [2014-08-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-21]
CHR Extension: (NaClBox) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnheimjfkanojafofghpkcddhpbbnmac [2014-08-12]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-12]
CHR Extension: (Gmail) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-12]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-27] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-07-15] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-31] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-11] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-01] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-13] (Synaptics Incorporated)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-06 13:22 - 2015-09-06 13:23 - 00000000 ____D C:\FRST
2015-09-06 13:22 - 2015-09-06 13:22 - 00026355 _____ C:\Users\Eduardo\Downloads\FRST.txt
2015-09-06 13:21 - 2015-09-06 13:21 - 02190336 _____ (Farbar) C:\Users\Eduardo\Downloads\FRST64.exe
2015-09-06 13:17 - 2015-09-06 13:18 - 00000000 ____D C:\AdwCleaner
2015-09-06 13:14 - 2015-09-06 13:14 - 01654272 _____ C:\Users\Eduardo\Downloads\adwcleaner_5.005.exe
2015-09-05 20:43 - 2015-09-05 20:43 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-09-05 20:43 - 2015-09-05 20:43 - 00000000 ____D C:\WINDOWS\system32\NV
2015-09-05 20:28 - 2015-09-05 20:29 - 00000000 ____D C:\WINDOWS\LastGood
2015-09-05 20:27 - 2015-08-25 15:46 - 42840368 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 37819184 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 22525560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 18543736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 17082392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 16637336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 15512888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 14936264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 14635792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 13661160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 12515016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 12185152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 11089200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-09-05 20:27 - 2015-08-25 15:46 - 03112904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 02940720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 02627704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 01898288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435582.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 01558648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435582.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 01075320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 01064752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 00986232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 00945456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-09-05 20:27 - 2015-08-25 15:46 - 00031352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-09-05 20:25 - 2015-09-05 20:25 - 00000000 ____D C:\NVIDIA
2015-09-05 20:18 - 2015-09-05 20:23 - 302380336 _____ (NVIDIA Corporation) C:\Users\Eduardo\Downloads\355.82-notebook-win8-win7-64bit-international-whql.exe
2015-09-05 20:03 - 2015-09-06 13:21 - 00000000 ___RD C:\Users\Eduardo\SkyDrive
2015-09-05 19:54 - 2015-09-05 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-05 19:42 - 2015-09-05 19:42 - 00000000 ____D C:\Users\Eduardo\Downloads\backups
2015-09-05 19:40 - 2015-09-05 19:40 - 00029855 _____ C:\Users\Eduardo\Documents\hijackthis.log
2015-09-05 19:36 - 2015-09-05 19:36 - 00000000 ____D C:\Users\Eduardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-05 19:35 - 2015-09-05 19:39 - 00029855 _____ C:\Users\Eduardo\Downloads\hijackthis.log
2015-09-05 19:32 - 2015-09-05 19:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Eduardo\Downloads\HijackThis.exe
2015-08-30 23:00 - 2015-09-06 13:22 - 00004962 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for EMONTES-Eduardo EMONTES
2015-08-22 12:46 - 2015-08-22 12:46 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-08-22 12:44 - 2015-08-07 08:06 - 01898104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435560.dll
2015-08-22 12:44 - 2015-08-07 08:06 - 01558832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435560.dll
2015-08-22 12:30 - 2015-08-22 15:17 - 00000000 ____D C:\Users\Eduardo\AppData\Local\NVIDIA Corporation
2015-08-22 12:29 - 2015-08-26 21:37 - 01423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-08-22 12:29 - 2015-08-26 21:37 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-08-22 12:29 - 2015-08-26 21:36 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-08-22 12:29 - 2015-08-26 21:36 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-08-22 12:29 - 2015-08-11 01:52 - 00072504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-08-22 12:29 - 2015-08-11 01:52 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-08-22 12:29 - 2015-08-11 01:52 - 00050472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-08-22 10:29 - 2015-08-22 10:29 - 00297600 _____ C:\WINDOWS\Minidump\082215-17421-01.dmp
2015-08-16 21:10 - 2015-08-16 21:10 - 00297600 _____ C:\WINDOWS\Minidump\081615-20953-01.dmp
2015-08-13 23:23 - 2015-08-13 23:23 - 06205656 _____ C:\Users\Eduardo\Downloads\J Balvin - Ginza (iTunes) (Www.FlowHot.Net).m4a
2015-08-10 22:04 - 2015-09-06 13:20 - 00000000 ____D C:\Users\Eduardo\AppData\Local\HTC MediaHub
2015-08-10 22:04 - 2015-08-10 22:12 - 00000000 ____D C:\Users\Eduardo\AppData\Roaming\HTC
2015-08-10 22:04 - 2015-08-10 22:04 - 00000000 ____D C:\Users\Eduardo\Documents\HTC
2015-08-10 22:03 - 2015-09-05 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2015-08-10 22:02 - 2015-08-10 22:04 - 00000000 ____D C:\Program Files (x86)\HTC
2015-08-10 22:01 - 2015-09-05 20:30 - 00000000 ____D C:\Temp
2015-08-10 22:01 - 2015-08-10 22:01 - 00000000 ____D C:\ProgramData\HTC
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-06 13:21 - 2014-08-29 00:49 - 00000000 ____D C:\Users\Eduardo\AppData\Local\CrashDumps
2015-09-06 13:20 - 2014-08-12 18:31 - 00000000 ___RD C:\Users\Eduardo\Dropbox
2015-09-06 13:20 - 2014-08-12 18:23 - 00000000 ____D C:\Users\Eduardo\AppData\Roaming\Dropbox
2015-09-06 13:20 - 2014-08-12 16:07 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-06 13:19 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-06 13:18 - 2014-08-12 16:55 - 22581704 _____ C:\Users\Public\CAFADEBUG.log
2015-09-06 13:18 - 2013-11-27 20:30 - 00004608 _____ C:\WINDOWS\system32\VfService.trf
2015-09-06 13:18 - 2013-11-27 19:56 - 01222125 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-06 13:12 - 2013-11-27 20:34 - 00816474 _____ C:\WINDOWS\system32\perfh00A.dat
2015-09-06 13:12 - 2013-11-27 20:34 - 00171540 _____ C:\WINDOWS\system32\perfc00A.dat
2015-09-06 13:12 - 2013-08-28 05:36 - 01833224 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-06 13:10 - 2014-08-12 16:07 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-06 13:08 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-06 01:34 - 2015-06-21 21:24 - 00000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2116820475-2171392899-1723000193-1002UA.job
2015-09-06 01:34 - 2015-06-21 21:24 - 00000890 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2116820475-2171392899-1723000193-1002Core.job
2015-09-05 23:27 - 2014-09-05 15:22 - 00000952 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2116820475-2171392899-1723000193-1002UA.job
2015-09-05 22:04 - 2014-08-12 15:10 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2116820475-2171392899-1723000193-1002
2015-09-05 20:51 - 2014-08-12 18:33 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-05 20:47 - 2014-11-02 19:45 - 00003754 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-09-05 20:42 - 2014-08-12 15:04 - 00000000 ____D C:\Users\Eduardo
2015-09-05 20:30 - 2013-11-27 19:57 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-05 20:30 - 2013-11-27 19:40 - 00047948 _____ C:\WINDOWS\setupact.log
2015-09-05 20:17 - 2014-08-12 16:07 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-05 20:03 - 2014-12-04 20:40 - 00000000 ___RD C:\Users\Eduardo\SkyDrive (2).old
2015-09-05 19:57 - 2013-08-28 05:34 - 00420996 _____ C:\WINDOWS\PFRO.log
2015-09-05 19:55 - 2013-11-27 19:42 - 00057650 _____ C:\WINDOWS\DPINST.LOG
2015-09-05 19:52 - 2014-10-13 14:04 - 00000000 ____D C:\ProgramData\Origin
2015-09-05 19:27 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-03 21:21 - 2015-07-30 20:04 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-03 21:03 - 2013-11-27 19:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-29 19:05 - 2014-08-12 16:07 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 19:05 - 2014-08-12 16:07 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 14:27 - 2014-09-05 15:22 - 00000930 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2116820475-2171392899-1723000193-1002Core.job
2015-08-26 20:24 - 2014-08-12 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-25 15:46 - 2013-11-27 19:56 - 03527696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-08-25 15:46 - 2013-11-27 19:56 - 01106672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-08-25 15:46 - 2013-11-27 19:56 - 00944736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-08-25 15:46 - 2013-11-27 19:56 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-08-25 15:46 - 2013-11-27 19:56 - 00155792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-08-25 15:46 - 2013-11-27 19:56 - 00033025 _____ C:\WINDOWS\system32\nvinfo.pb
2015-08-25 11:24 - 2013-11-27 19:57 - 06884984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-08-25 11:24 - 2013-11-27 19:57 - 03496752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-08-25 11:24 - 2013-11-27 19:57 - 02558584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-08-25 11:24 - 2013-11-27 19:57 - 01062520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-08-25 11:24 - 2013-11-27 19:57 - 00937776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-08-25 11:24 - 2013-11-27 19:57 - 00582448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2015-08-25 11:24 - 2013-11-27 19:57 - 00385144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-08-25 11:24 - 2013-11-27 19:57 - 00075056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-08-25 11:24 - 2013-11-27 19:57 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-08-25 09:35 - 2013-11-27 19:57 - 05165808 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-08-22 15:11 - 2014-08-12 17:46 - 00000000 ____D C:\Users\Eduardo\AppData\Roaming\uTorrent
2015-08-22 12:48 - 2013-11-27 19:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-08-22 12:46 - 2013-11-27 19:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-22 12:30 - 2014-08-13 15:56 - 00000000 ____D C:\Users\Eduardo\AppData\Local\NVIDIA
2015-08-22 11:32 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-22 10:29 - 2014-12-04 20:38 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-22 10:28 - 2014-12-04 20:38 - 425870201 _____ C:\WINDOWS\MEMORY.DMP
2015-08-20 20:26 - 2014-08-12 15:06 - 00000000 ____D C:\Users\Eduardo\Documents\Bluetooth Folder
2015-08-16 21:53 - 2014-08-13 18:33 - 01137152 ___SH C:\Users\Eduardo\Downloads\Thumbs.db
2015-08-16 15:20 - 2013-08-22 11:44 - 05153520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-16 14:25 - 2014-08-12 15:04 - 00000000 ____D C:\Users\Eduardo\AppData\Local\Packages
2015-08-13 21:11 - 2014-08-13 16:12 - 00000000 ____D C:\Users\Eduardo\AppData\Roaming\Skype
2015-08-10 22:29 - 2015-05-08 18:46 - 00000000 ____D C:\Users\Eduardo\Desktop\temp
2015-08-10 22:04 - 2014-08-12 17:15 - 00000000 ____D C:\Users\Eduardo\AppData\Roaming\Apple Computer
2015-08-10 22:04 - 2014-08-12 17:15 - 00000000 ____D C:\Users\Eduardo\AppData\Local\Apple Computer
2015-08-10 22:02 - 2015-01-31 02:13 - 00000000 ____D C:\Users\Eduardo\AppData\Local\Downloaded Installations
2015-08-09 21:53 - 2014-08-31 19:59 - 00280576 ___SH C:\Users\Eduardo\Desktop\Thumbs.db
2015-08-09 21:31 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
 
==================== Files in the root of some directories =======
 
2013-11-27 20:01 - 2013-11-27 20:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Eduardo\AppData\Local\Temp\avgnt.exe
C:\Users\Eduardo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgxenbt.dll
C:\Users\Eduardo\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Eduardo\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Eduardo\AppData\Local\Temp\oct2181.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct2BF1.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct35A9.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct46B9.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct54CF.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct568B.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct5E9F.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct61FE.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct6866.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct69ED.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct6D35.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct758C.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct857E.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct913F.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct96E3.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct982D.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\oct99A8.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\octA872.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\octB2D9.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\octCE1.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\octD53E.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\octEF44.tmp.exe
C:\Users\Eduardo\AppData\Local\Temp\ose00000.exe
C:\Users\Eduardo\AppData\Local\Temp\sqlite3.dll
C:\Users\Eduardo\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-01 23:43
 
==================== End of FRST.txt ============================

 

 

Thanks for your help, i'll keep steady for your next instructions.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 AM

Posted 06 September 2015 - 01:35 PM

Nothing suspicious was found on your logs. This is just a cleanup of empty registry keys.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2116820475-2171392899-1723000193-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll No File
CHR Plugin: (YouTube) - C:\Users\Eduardo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

The only problem reported is this.

Description: Nombre de la aplicación con errores: Avira.OE.ServiceHost.exe, versión: 1.1.25.25607, marca de tiempo: 0x5447ad7e
Nombre del módulo con errores: KERNELBASE.dll, versión: 6.3.9600.16384, marca de tiempo: 0x52158f2d

Can you reinstall Avira and see if the problem persists.

If it does continue.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • List last 10 Event Viewer log
  • List Devices (problems only)
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
================

Picture of the tool.
http://i.imgur.com/wNeKMCX.png

How is the computer running now?

p.s.
Is the problem of BSOD just when you play terraria?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 AM

Posted 12 September 2015 - 08:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users