Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

manual proxy settings can not be change & more problems


  • This topic is locked This topic is locked
63 replies to this topic

#1 arieljborrajo

arieljborrajo

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 02 October 2015 - 02:58 AM

Hi, my name is Ariel, I am from Argentina and I hope you can help me.  I have Windows 10 32 bits version (I upgrade windows 7 with the actualization that microsoft provides) and since some days ago I noted that I couldn't connect or enter or use any other browser than google (I tried do some searchs on these browsers: bing, yahoo, duckduckgo) but always received this message: This web page is not available ERR_TUNNEL_CONNECTION_FAILED. At first I thought it was a sort of method that Google use to avoid that people use another browsers (yeah... too conspiratorial) so I let it go... but then I realized that this could be a virus or spyware or malware, so I checked what could be the reasons for such error. One of the answers I found was that could be a problem with proxy settings, so I checked PC settings of the windows 10 system and found out that the manual proxy settings was set to use a proxy server *1 (Never in my life use a proxy server, and if i have to be sincere I don't know for sure what a proxy server is) the direction of proxy server is this: http=127.0.0.1:8080;https=127.0.0.1:8080 and below where you set the exceptions (except use the proxy server for addresses beginning with the following entries. Use the semicolon (;) to separate entries.) says this: <-loopback> 

I tried to disable the use of proxy server, but when I close the window or I go to another option of the menu, then the proxy setting go back to be enabled and I can't save the setting. I went to Internet Options>Connections>LAN Settings and I unchecked the box  (use a proxy server for the LAN)*2 but once again I can not save the setting (a strange message that I never seen before appears at the bottom of properties: internet window, that says: the system administrator controls some settings, and I say it is strange because I am or my count is the system administrator)*3

So basically my problem is that, but the Big problem (and I think this is more for you guys than for me) is that I did all the things you recomend not to do (scan and clean the threats with all kind of anti-spywares and anti-virus without send you a log of the results) I must plead in my defense that I did it before reading the warnings or recommendations you use to give. 
Also I found on my research about what can be the problem I have, some sort of solution, modify a registry on regedit (more specifically HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings -> ProxySettingsPerUser and set it from 0 (disabled) to 1 (enabled), but this solution is temporary, because once you restart the computer that registry on regedit set back to 0 and the proxy settings change one more time to enabled and set to the direction I mentioned before.

 

PS: I attach 3 screenshots that I take to show you the problems and the strange message I mentioned (*1; *2; *3)
PS: obviously you will notice that the language of the options of the screenshots are in Spanish (my native language) but I tried to translate all the lines you will need if you decide to help me guys,
PS: I spend 2 hours writing this message (I'm a little bit rusty with my english)

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:12 AM

Posted 02 October 2015 - 07:29 PM

Greetings arieljborrajo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

We are going to do a lot in this firs post. If you are unable to complete a step in Normal Boot try it in Safe Mode with Networking.

Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • RogueKiller log
  • FRST results
  • Addition log
  • MiniToolBox log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 arieljborrajo

arieljborrajo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 03 October 2015 - 07:55 AM

Hi Gary! thanks for help me. Sure, you may call me Ariel.

I Did everything you asked me to do. So here we go!

P.S.: every log I will paste, will be in Spansih... do you need I translate them for you?

AdwCleaner Scan Log
 

# AdwCleaner v5.009 - Registro generado 03/10/2015 en 07:59:20
# Actualizado 27/09/2015 por Xplode
# Base de datos : 2015-09-30.1 [Servidor]
# Sistema operativo : Windows 10 Pro  (x86)
# Nombre de usuario : Ari678 - ARI678-PC
# Ejecutado desde : C:\Users\Ari678\Desktop\adwcleaner_5.009.exe
# Opción : Escanear
 
***** [ Servicios ] *****
 
 
***** [ Carpetas ] *****
 
 
***** [ Archivos ] *****
 
Archivo Encontrar : C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
 
***** [ Accesos directos ] *****
 
 
***** [ Tareas programadas ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores Web ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [724 bytes] ##########

AdwCleaner Clean Log
 
# AdwCleaner v5.009 - Registro generado 03/10/2015 en 08:08:52
# Actualizado 27/09/2015 por Xplode
# Base de datos : 2015-09-30.1 [Servidor]
# Sistema operativo : Windows 10 Pro  (x86)
# Nombre de usuario : Ari678 - ARI678-PC
# Ejecutado desde : C:\Users\Ari678\Desktop\adwcleaner_5.009.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
 
***** [ Carpetas ] *****
 
 
***** [ Archivos ] *****
 
[-] Archivo Eliminar : C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
 
***** [ Accesos directos ] *****
 
 
***** [ Tareas programadas ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores Web ] *****
 
 
*************************
 
:: Winsock Configuración borrada
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [791 bytes] ##########
 
-----------------------------------------------------------------------------------------------------------------------------------
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Pro x86
Ran by Ari678 on 03/10/2015 at  8:14:49,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\System32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Public\Desktop\tuneup utilities 2014.lnk
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files\driver-soft
Successfully deleted: [Folder] C:\ProgramData\drivergenius
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tuneup utilities 2014
Successfully deleted: [Folder] C:\Users\Ari678\AppData\Roaming\tempdir
 
 
 
~~~ Chrome
 
 
[C:\Users\Ari678\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Ari678\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Ari678\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Ari678\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/10/2015 at  8:19:00,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Questions: Why Junkware Tools delete my TuneUp? May I re-install TuneUp later?

--------------------------------------------------------------------------------------------------
 
RogueKiller V10.10.7.0 [Sep 28 2015] by Adlice Software
 
Sistema Operativo : Windows 10 (10.0.10240) 32 bits version
Iniciado en : Modo Normal
Usuario : Ari678 [Administrador]
Started from : C:\Users\Ari678\Desktop\RogueKiller.exe
Modo : Escanear -- Fecha : 10/03/2015 08:42:36
 
¤¤¤ Procesos : 0 ¤¤¤
 
¤¤¤ Registro : 8 ¤¤¤
[PUM.Proxy] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 190.55.60.129 181.47.248.145 ([-][(Unknown Country?) (XX)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 190.55.60.129 181.47.248.145 ([-][(Unknown Country?) (XX)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0a21074e-1618-4928-b0ba-80314e4eff77} | DhcpNameServer : 190.55.60.129 181.47.248.145 ([-][(Unknown Country?) (XX)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0a21074e-1618-4928-b0ba-80314e4eff77} | DhcpNameServer : 190.55.60.129 181.47.248.145 ([-][(Unknown Country?) (XX)])  -> Encontrado
[PUM.StartMenu] HKEY_USERS\S-1-5-21-460140493-847581487-85778212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Encontrado
[PUM.StartMenu] HKEY_USERS\S-1-5-21-460140493-847581487-85778212-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Encontrado
 
¤¤¤ Tareas : 0 ¤¤¤
 
¤¤¤ Archivos : 0 ¤¤¤
 
¤¤¤ Archivo de hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 license.superantispyware.com
 
¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤
 
¤¤¤ Navegadores Web : 0 ¤¤¤
 
¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-00B3A0 ATA Device +++++
--- User ---
[MBR] 7b0f47ce6507b23e23475fbd5dbebeb8
[BSP] 4648cb728b7d106f3bf2ad246febe7a8 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 55231 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 113113665 | Size: 250003 MB
User = LL1 ... OK
User = LL2 ... OK
 
------------------------------------------------------------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-10-2015
Ran by Ari678 (administrator) on ARI678-PC (03-10-2015 08:46:35)
Running from C:\Users\Ari678\Desktop
Loaded Profiles: Ari678 (Available Profiles: Ari678 & DefaultAppPool)
Platform: Microsoft Windows 10 Pro (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SiSTray] => C:\Program Files\SiS VGA Utilities\SiSTray.exe [557056 2010-12-15] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-10-01] (ESET)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6814240 2009-02-13] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-13] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-460140493-847581487-85778212-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
HKU\S-1-5-21-460140493-847581487-85778212-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Ari678\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-460140493-847581487-85778212-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATILDE.EXE [260160 2013-04-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-460140493-847581487-85778212-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-01] (SUPERAntiSpyware)
ShellExecuteHooks:  - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  No File [ ]
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: 127.0.0.1 license.superantispyware.com
Tcpip\Parameters: [DhcpNameServer] 190.55.60.129 181.47.248.145
Tcpip\..\Interfaces\{0a21074e-1618-4928-b0ba-80314e4eff77}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{0a21074e-1618-4928-b0ba-80314e4eff77}: [DhcpNameServer] 190.55.60.129 181.47.248.145
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-460140493-847581487-85778212-1000 -> DefaultScope {540FD3C0-B363-4B61-BA18-7C4859730E9C} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-07-08] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-05] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-05] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-460140493-847581487-85778212-1000 -> hxxp://www.google.com.ar/
 
FireFox:
========
FF ProfilePath: C:\Users\Ari678\AppData\Roaming\Mozilla\Firefox\Profiles\d8c9xxt1.default-1443645389176
FF Homepage: www.google.com.ar
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll [2014-01-29] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-30] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-460140493-847581487-85778212-1000: @hola.org/FlashPlayer -> C:\Users\Ari678\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll No File
FF Plugin HKU\S-1-5-21-460140493-847581487-85778212-1000: @hola.org/vlc -> C:\Users\Ari678\AppData\Local\Hola\firefox\app\vlc\npvlc.dll No File
FF Plugin HKU\S-1-5-21-460140493-847581487-85778212-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Ari678\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Ari678\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-07-18] (Octoshape ApS)
FF Extension: Download Manager (S3) - C:\Users\Ari678\AppData\Roaming\Mozilla\Firefox\Profiles\d8c9xxt1.default-1443645389176\Extensions\s3download@statusbar.xpi [2015-10-01]
FF Extension: Adblock Plus - C:\Users\Ari678\AppData\Roaming\Mozilla\Firefox\Profiles\d8c9xxt1.default-1443645389176\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-30]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-460140493-847581487-85778212-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Users\Ari678\AppData\Roaming\IDM\idmmzcc7
FF Extension: IDM integration - C:\Users\Ari678\AppData\Roaming\IDM\idmmzcc7 [2015-07-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.ar/
CHR StartupUrls: Default -> "hxxp://www.google.com.ar/"
CHR Profile: C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Diapositivas de Google) - C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-30]
CHR Extension: (Google Docs) - C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-30]
CHR Extension: (Google Drive) - C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-30]
CHR Extension: (YouTube) - C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Adblock Plus) - C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-30]
CHR Extension: (Búsqueda de Google) - C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-30]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-30]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-30]
CHR Extension: (IDM Integration Module) - C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-09-30]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-30]
CHR Extension: (Gmail) - C:\Users\Ari678\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-30]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-07-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-07-05] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-07-05] (CyberLink)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2014-10-01] (ESET)
S2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2013-09-20] (SEIKO EPSON CORPORATION)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S2 HDDC3Service; C:\Program Files\Ashampoo\Ashampoo HDD Control 3\HDDC3Service.exe [324456 2014-12-01] ()
S2 isupdate.exe; C:\Program Files\InstallShield\isupdate.exe [42496 2015-04-20] (InstallShield®) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2015-06-25] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [243128 2014-04-13] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [191928 2014-10-10] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135296 2014-10-10] (ESET)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
R2 epfwwfpr; C:\WINDOWS\System32\DRIVERS\epfwwfpr.sys [123424 2014-10-10] (ESET)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tsusbhub; C:\WINDOWS\System32\drivers\tsusbhub.sys [112640 2010-11-20] (Microsoft Corporation) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [30632 2015-06-04] (TuneUp Software)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [76560 2013-07-06] (CyberLink Corp.)
U3 idsvc; no ImagePath
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [65216 2015-09-30] (Sysinternals - www.sysinternals.com)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-03 08:46 - 2015-10-03 08:47 - 00016061 _____ C:\Users\Ari678\Desktop\FRST.txt
2015-10-03 08:46 - 2015-10-03 08:46 - 00000000 ____D C:\FRST
2015-10-03 08:37 - 2015-10-03 08:37 - 00016148 _____ C:\WINDOWS\system32\ARI678-PC_Ari678_HistoryPrediction.bin
2015-10-03 08:21 - 2015-10-03 08:45 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-03 08:21 - 2015-10-03 08:21 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-03 08:20 - 2015-10-03 08:20 - 00002033 _____ C:\Users\Ari678\Documents\JRT.txt
2015-10-03 08:19 - 2015-10-03 08:19 - 00002033 _____ C:\Users\Ari678\Desktop\JRT.txt
2015-10-03 08:09 - 2015-10-03 08:09 - 00000360 _____ C:\WINDOWS\PFRO.log
2015-10-03 07:52 - 2015-10-03 07:52 - 00891392 _____ (Farbar) C:\Users\Ari678\Desktop\MiniToolBox.exe
2015-10-03 07:51 - 2015-10-03 08:46 - 01697280 _____ (Farbar) C:\Users\Ari678\Desktop\FRST.exe
2015-10-03 07:50 - 2015-10-03 08:21 - 18801736 _____ C:\Users\Ari678\Desktop\RogueKiller.exe
2015-10-03 07:50 - 2015-10-03 08:14 - 01801288 _____ (Malwarebytes) C:\Users\Ari678\Desktop\JRT.exe
2015-10-02 05:54 - 2015-10-03 08:14 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-02 05:02 - 2015-10-02 05:03 - 195855730 _____ C:\Users\Ari678\Documents\Backup 02-10-15.reg
2015-10-02 03:56 - 2015-10-02 05:03 - 00003162 _____ C:\Users\Ari678\Desktop\mensaje en ingles a bleepingcomputer pidiendo ayuda.txt
2015-10-02 03:34 - 2015-10-02 03:34 - 00001708 _____ C:\Users\Ari678\Downloads\HitmanPro_20151002_0334.log
2015-10-02 02:12 - 2015-10-02 02:13 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Ari678\Downloads\tdsskiller.exe
2015-10-02 02:08 - 2015-10-02 02:08 - 05636125 _____ (Swearware) C:\Users\Ari678\Downloads\ComboFix.exe
2015-10-02 02:07 - 2015-10-02 02:07 - 04687448 _____ (Tweaking.com) C:\Users\Ari678\Downloads\tweaking.com_registry_backup_setup.exe
2015-10-02 02:01 - 2015-10-02 05:44 - 00000000 ____D C:\Users\Ari678\Documents\Fiddler2
2015-10-02 02:00 - 2015-10-02 05:44 - 00000000 ____D C:\Program Files\Fiddler2
2015-10-02 01:59 - 2015-10-02 01:59 - 01249824 _____ (Telerik) C:\Users\Ari678\Downloads\fiddler4setup.exe
2015-10-01 02:17 - 2015-10-01 02:17 - 00001281 _____ C:\Malwarebytes.txt
2015-10-01 01:24 - 2015-10-01 01:24 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-10-01 01:19 - 2015-10-02 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
2015-10-01 01:19 - 2015-10-01 01:19 - 00001708 _____ C:\Users\Ari678\Downloads\HitmanPro_20151001_0118.log
2015-10-01 01:10 - 2015-10-01 01:10 - 00001576 _____ C:\WINDOWS\system32\.crusader
2015-10-01 00:56 - 2015-10-01 01:10 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-01 00:07 - 2015-10-01 00:07 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-09-30 20:42 - 2015-09-15 13:12 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-09-30 20:42 - 2015-09-15 13:12 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-09-30 19:26 - 2015-09-30 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-30 19:24 - 2015-10-03 08:29 - 00001044 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-30 19:24 - 2015-10-03 08:10 - 00001040 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-30 19:23 - 2015-09-30 19:24 - 00929872 _____ (Google Inc.) C:\Users\Ari678\Downloads\ChromeSetup.exe
2015-09-30 18:14 - 2015-09-17 03:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-09-30 18:14 - 2015-09-17 02:51 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-30 18:14 - 2015-09-17 02:45 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-30 18:14 - 2015-09-17 02:37 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-30 18:13 - 2015-09-24 19:37 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-30 18:13 - 2015-09-17 03:28 - 06265168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-30 18:13 - 2015-09-17 03:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-09-30 18:13 - 2015-09-17 03:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-09-30 18:13 - 2015-09-17 03:28 - 00680144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-09-30 18:13 - 2015-09-17 03:27 - 01766952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 18:13 - 2015-09-17 03:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-09-30 18:13 - 2015-09-17 03:26 - 01856848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-09-30 18:13 - 2015-09-17 03:26 - 01708376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-09-30 18:13 - 2015-09-17 03:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-09-30 18:13 - 2015-09-17 03:26 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-09-30 18:13 - 2015-09-17 03:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-30 18:13 - 2015-09-17 03:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-09-30 18:13 - 2015-09-17 03:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-09-30 18:13 - 2015-09-17 03:13 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-09-30 18:13 - 2015-09-17 02:48 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-09-30 18:13 - 2015-09-17 02:47 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-30 18:13 - 2015-09-17 02:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-09-30 18:13 - 2015-09-17 02:42 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-09-30 18:13 - 2015-09-17 02:41 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-30 18:13 - 2015-09-17 02:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-09-30 18:13 - 2015-09-17 02:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-30 18:13 - 2015-09-17 02:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-09-30 18:13 - 2015-09-17 02:39 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-30 18:13 - 2015-09-17 02:39 - 01829376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-30 18:13 - 2015-09-17 02:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-09-30 18:13 - 2015-09-17 02:36 - 00926720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-09-30 18:13 - 2015-09-17 02:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-09-30 18:13 - 2015-09-17 02:35 - 03026432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-09-30 18:13 - 2015-09-17 02:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-30 18:13 - 2015-09-17 02:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-09-30 18:13 - 2015-09-17 02:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-09-30 18:13 - 2015-09-17 02:32 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-30 18:13 - 2015-09-17 02:32 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-09-30 18:13 - 2015-09-17 02:32 - 00989696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-09-30 18:13 - 2015-09-17 02:32 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-09-30 18:13 - 2015-09-17 02:31 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-09-30 18:13 - 2015-09-17 02:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-30 18:13 - 2015-09-17 02:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-09-30 18:13 - 2015-09-17 02:27 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-09-30 18:13 - 2015-09-17 02:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-09-30 18:12 - 2015-09-24 20:18 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-09-30 18:12 - 2015-09-24 19:43 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-09-30 18:12 - 2015-09-24 19:30 - 02985472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-30 18:12 - 2015-09-24 19:28 - 01127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-09-30 18:12 - 2015-09-24 19:25 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-09-30 18:12 - 2015-09-24 19:25 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-09-30 18:12 - 2015-09-24 19:11 - 01499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-30 18:12 - 2015-09-17 03:28 - 01343952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-09-30 18:12 - 2015-09-17 03:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-09-30 18:12 - 2015-09-17 03:28 - 00083792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-09-30 18:12 - 2015-09-17 03:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-09-30 18:12 - 2015-09-17 03:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-09-30 18:12 - 2015-09-17 03:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-09-30 18:12 - 2015-09-17 03:26 - 00436064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-09-30 18:12 - 2015-09-17 03:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-09-30 18:12 - 2015-09-17 03:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-09-30 18:12 - 2015-09-17 03:26 - 00414560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-09-30 18:12 - 2015-09-17 03:26 - 00274272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-09-30 18:12 - 2015-09-17 03:26 - 00228192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-09-30 18:12 - 2015-09-17 02:51 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-09-30 18:12 - 2015-09-17 02:49 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-09-30 18:12 - 2015-09-17 02:48 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-09-30 18:12 - 2015-09-17 02:48 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-09-30 18:12 - 2015-09-17 02:47 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-09-30 18:12 - 2015-09-17 02:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-09-30 18:12 - 2015-09-17 02:46 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-09-30 18:12 - 2015-09-17 02:43 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-09-30 18:12 - 2015-09-17 02:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-09-30 18:12 - 2015-09-17 02:41 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-09-30 18:12 - 2015-09-17 02:40 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-09-30 18:12 - 2015-09-17 02:40 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-09-30 18:12 - 2015-09-17 02:40 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-09-30 18:12 - 2015-09-17 02:39 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-09-30 18:12 - 2015-09-17 02:39 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-09-30 18:12 - 2015-09-17 02:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-09-30 18:12 - 2015-09-17 02:36 - 06529024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-09-30 18:12 - 2015-09-17 02:36 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-09-30 18:12 - 2015-09-17 02:36 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-09-30 18:12 - 2015-09-17 02:36 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-09-30 18:12 - 2015-09-17 02:36 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-09-30 18:12 - 2015-09-17 02:35 - 01762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-09-30 18:12 - 2015-09-17 02:35 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-09-30 18:12 - 2015-09-17 02:34 - 00350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-09-30 18:12 - 2015-09-17 02:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-09-30 18:12 - 2015-09-17 02:32 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-09-30 18:12 - 2015-09-17 02:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-09-30 18:12 - 2015-09-17 02:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-09-30 18:12 - 2015-09-17 02:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-09-30 18:12 - 2015-09-17 02:31 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-09-30 18:12 - 2015-09-17 02:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-09-30 18:12 - 2015-09-17 02:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-09-30 18:12 - 2015-09-17 02:30 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-09-30 18:12 - 2015-09-17 02:30 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-09-30 18:12 - 2015-09-17 02:30 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-09-30 18:12 - 2015-09-17 02:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-09-30 18:12 - 2015-09-17 02:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-09-30 18:12 - 2015-09-17 02:28 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-09-30 18:12 - 2015-09-17 02:27 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-09-30 18:12 - 2015-09-17 02:27 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-09-30 18:12 - 2015-09-12 22:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-09-30 18:11 - 2015-09-24 20:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-09-30 18:11 - 2015-09-24 20:34 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-09-30 18:11 - 2015-09-24 19:43 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-09-30 18:11 - 2015-09-24 19:42 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-30 18:11 - 2015-09-24 19:29 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-30 18:11 - 2015-09-24 19:28 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-09-30 18:11 - 2015-09-24 19:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-09-30 18:11 - 2015-09-24 19:25 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-09-30 18:11 - 2015-09-24 19:25 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-09-30 18:11 - 2015-09-24 19:24 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-09-30 18:11 - 2015-09-24 19:19 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-09-30 18:11 - 2015-09-19 00:50 - 00083160 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-09-30 18:11 - 2015-09-17 03:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-09-30 18:11 - 2015-09-17 03:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-09-30 18:11 - 2015-09-17 03:26 - 00335696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-09-30 18:11 - 2015-09-17 03:15 - 00070744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-30 18:11 - 2015-09-17 03:13 - 00918880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-30 18:11 - 2015-09-17 02:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-09-30 18:11 - 2015-09-17 02:51 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-09-30 18:11 - 2015-09-17 02:51 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-09-30 18:11 - 2015-09-17 02:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-09-30 18:11 - 2015-09-17 02:49 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-09-30 18:11 - 2015-09-17 02:46 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-09-30 18:11 - 2015-09-17 02:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-09-30 18:11 - 2015-09-17 02:45 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-09-30 18:11 - 2015-09-17 02:45 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-09-30 18:11 - 2015-09-17 02:45 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-09-30 18:11 - 2015-09-17 02:45 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-09-30 18:11 - 2015-09-17 02:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-09-30 18:11 - 2015-09-17 02:39 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-09-30 18:11 - 2015-09-17 02:39 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-09-30 18:11 - 2015-09-17 02:39 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-09-30 18:11 - 2015-09-17 02:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-09-30 18:11 - 2015-09-17 02:36 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-09-30 18:11 - 2015-09-17 02:36 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-09-30 18:11 - 2015-09-17 02:34 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-09-30 18:11 - 2015-09-17 02:34 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-09-30 18:11 - 2015-09-17 02:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-09-30 18:11 - 2015-09-17 02:33 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-09-30 18:11 - 2015-09-17 02:33 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-09-30 18:11 - 2015-09-17 02:33 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-09-30 18:11 - 2015-09-17 02:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-09-30 18:11 - 2015-09-17 02:30 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-09-30 18:11 - 2015-09-17 02:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-09-30 18:11 - 2015-09-17 02:29 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-09-30 18:11 - 2015-09-17 02:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-09-30 18:11 - 2015-09-17 02:28 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-09-30 18:10 - 2015-09-17 02:45 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-09-30 18:10 - 2015-09-17 02:40 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-09-30 18:10 - 2015-09-17 02:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-30 18:10 - 2015-09-17 02:39 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-09-30 18:10 - 2015-09-17 02:30 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-09-30 17:44 - 2015-10-03 08:08 - 00000000 ____D C:\AdwCleaner
2015-09-30 17:43 - 2015-09-30 17:44 - 01670656 _____ C:\Users\Ari678\Desktop\adwcleaner_5.009.exe
2015-09-30 16:23 - 2015-10-01 02:17 - 00002026 _____ C:\Users\Ari678\Desktop\SUPERAntiSpyware Professional.lnk
2015-09-30 16:23 - 2015-09-30 16:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-30 16:23 - 2015-09-30 16:23 - 00000000 ____D C:\Users\Ari678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-09-30 06:01 - 2015-09-30 06:02 - 00000000 ____D C:\KVRT_Data
2015-09-30 06:00 - 2015-09-30 06:01 - 92428448 _____ (Kaspersky Lab ZAO) C:\Users\Ari678\Downloads\KVRT.exe
2015-09-30 05:49 - 2015-09-30 05:49 - 00014152 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP111.SYS
2015-09-30 05:10 - 2015-09-30 05:10 - 00967601 _____ C:\Users\Ari678\Downloads\ProcessMonitor.zip
2015-09-30 05:10 - 2015-09-30 05:10 - 00065216 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2015-09-26 05:19 - 2015-09-26 05:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-09-25 16:47 - 2015-08-17 18:28 - 00606896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvStreaming.exe
2015-09-25 16:42 - 2015-09-25 16:42 - 24209024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv32.dll
2015-09-25 16:42 - 2015-09-25 16:42 - 14633232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dum.dll
2015-09-25 16:42 - 2015-09-25 16:42 - 11379416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-09-25 16:42 - 2015-09-25 16:42 - 11316168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-09-25 16:42 - 2015-09-25 16:42 - 03996288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-09-25 16:42 - 2015-09-25 16:42 - 01068216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco3234181.dll
2015-09-25 16:42 - 2015-09-25 16:42 - 00921400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco3234181.dll
2015-09-25 16:42 - 2015-09-25 16:42 - 00916152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR.dll
2015-09-25 16:42 - 2015-09-25 16:42 - 00877752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC.dll
2015-09-25 16:42 - 2015-09-25 16:42 - 00021015 _____ C:\WINDOWS\system32\nvinfo.pb
2015-09-25 16:41 - 2015-09-25 16:41 - 15302784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-09-08 17:47 - 2015-09-08 17:47 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-09-08 16:34 - 2015-08-27 02:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-08 16:34 - 2015-08-27 02:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-08 16:33 - 2015-08-27 02:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-08 16:33 - 2015-08-27 02:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-08 16:33 - 2015-08-27 02:19 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-08 16:33 - 2015-08-27 02:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-08 16:33 - 2015-08-27 02:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-08 16:33 - 2015-08-27 02:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-08 16:33 - 2015-08-27 02:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-08 16:33 - 2015-08-27 02:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-08 16:33 - 2015-08-27 02:11 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-08 16:33 - 2015-08-27 02:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-08 16:33 - 2015-08-27 02:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-03 08:45 - 2015-08-27 16:45 - 00000945 _____ C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Update {122A1C91-53E5-4CDD-89B6-F7B5B25BBD40}.job
2015-10-03 08:45 - 2015-08-27 16:45 - 00000759 _____ C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Invitation {122A1C91-53E5-4CDD-89B6-F7B5B25BBD40}.job
2015-10-03 08:31 - 2014-09-02 23:31 - 00000917 _____ C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Update {2172E84E-2AF7-422E-A648-5DE1F90A4A91}.job
2015-10-03 08:31 - 2014-09-02 23:31 - 00000731 _____ C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Invitation {2172E84E-2AF7-422E-A648-5DE1F90A4A91}.job
2015-10-03 08:14 - 2015-08-24 19:08 - 02267034 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-03 08:14 - 2015-08-24 14:24 - 00142174 _____ C:\WINDOWS\system32\prfh0404.dat
2015-10-03 08:14 - 2015-08-24 14:24 - 00046630 _____ C:\WINDOWS\system32\prfc0404.dat
2015-10-03 08:12 - 2015-07-10 05:28 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-03 08:10 - 2015-08-24 19:06 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-03 08:10 - 2015-07-10 06:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-03 08:09 - 2015-07-10 03:59 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-02 20:42 - 2014-06-23 01:57 - 00000000 ____D C:\Users\Ari678\AppData\Local\JDownloader2
2015-10-02 16:03 - 2015-07-10 05:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-02 09:23 - 2015-07-10 05:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-02 09:14 - 2014-05-12 00:39 - 00000000 ____D C:\ProgramData\DVD Shrink
2015-10-02 05:46 - 2015-05-22 06:01 - 00000000 ____D C:\Users\Ari678\Documents\Backup Ccleaner
2015-10-02 05:45 - 2015-07-10 03:14 - 00000000 ____D C:\Users\Ari678\AppData\Roaming\IDM
2015-10-02 05:45 - 2014-04-13 20:07 - 00000000 ____D C:\Users\Ari678\AppData\Roaming\uTorrent
2015-10-02 05:28 - 2009-07-13 23:37 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-01 04:05 - 2014-04-19 01:53 - 00000000 ____D C:\Users\Ari678\AppData\Roaming\DMCache
2015-10-01 02:45 - 2014-04-19 01:53 - 00000000 ____D C:\Users\Ari678\Downloads\Video
2015-10-01 02:19 - 2015-08-24 19:23 - 00001520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-01 02:19 - 2014-08-13 18:53 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
2015-10-01 02:19 - 2014-08-13 18:48 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
2015-10-01 02:19 - 2014-08-13 18:45 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
2015-10-01 02:19 - 2014-08-13 18:41 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.exe.lnk
2015-10-01 02:19 - 2014-08-13 18:40 - 00001505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
2015-10-01 02:19 - 2014-08-13 18:20 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-01 02:19 - 2014-08-13 16:48 - 00000967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-10-01 02:19 - 2014-04-14 15:07 - 00001943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2015-10-01 02:19 - 2014-04-14 15:07 - 00001932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
2015-10-01 02:19 - 2014-04-14 15:07 - 00001866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2015-10-01 02:19 - 2014-04-13 22:55 - 00001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-01 02:19 - 2014-04-13 02:29 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-01 02:19 - 2014-04-13 01:49 - 00002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-10-01 02:17 - 2015-08-24 22:04 - 00001043 _____ C:\Users\Ari678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Funciones opcionales.lnk
2015-10-01 02:17 - 2015-08-24 22:00 - 00002365 _____ C:\Users\Ari678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-01 02:17 - 2015-08-24 21:58 - 00001202 _____ C:\Users\Ari678\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET NOD32 Antivirus.lnk
2015-10-01 02:17 - 2015-05-26 21:57 - 00001171 _____ C:\Users\Public\Desktop\Ashampoo HDD Control 3.lnk
2015-10-01 02:17 - 2015-05-11 22:59 - 00001105 _____ C:\Users\Ari678\Desktop\RenameMaster.exe.lnk
2015-10-01 02:17 - 2015-01-14 11:58 - 00001010 _____ C:\Users\Ari678\Desktop\Hard Disk Low Level Format Tool.lnk
2015-10-01 02:17 - 2015-01-14 11:42 - 00001178 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard 8.6.lnk
2015-10-01 02:17 - 2014-12-14 20:43 - 00000961 _____ C:\Users\Ari678\Desktop\ScummVM.lnk
2015-10-01 02:17 - 2014-09-30 20:42 - 00001030 _____ C:\Users\Ari678\Desktop\GonVisor.lnk
2015-10-01 02:17 - 2014-09-29 01:19 - 00000818 _____ C:\Users\Ari678\Desktop\COMICS.lnk
2015-10-01 02:17 - 2014-09-02 23:15 - 00002109 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2015-10-01 02:17 - 2014-09-02 23:08 - 00000926 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-10-01 02:17 - 2014-09-02 20:56 - 00001404 _____ C:\Users\Ari678\Desktop\Compumap.lnk
2015-10-01 02:17 - 2014-08-16 18:40 - 00001165 _____ C:\Users\Ari678\Desktop\Adobe Photoshop CS5.1.lnk
2015-10-01 02:17 - 2014-06-23 02:08 - 00002019 _____ C:\Users\Ari678\Desktop\JDownloader 2.lnk
2015-10-01 02:17 - 2014-05-29 11:52 - 00002047 _____ C:\Users\Public\Desktop\Nokia Suite.lnk
2015-10-01 02:17 - 2014-05-28 17:23 - 00001227 _____ C:\Users\Ari678\Desktop\Media Player Classic.lnk
2015-10-01 02:17 - 2014-05-17 17:36 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-01 02:17 - 2014-05-12 00:39 - 00000949 _____ C:\Users\Ari678\Desktop\DVD Shrink.lnk
2015-10-01 02:17 - 2014-04-21 19:50 - 00002713 _____ C:\Users\Ari678\Desktop\Nero Express.lnk
2015-10-01 02:17 - 2014-04-14 15:07 - 00001967 _____ C:\Users\Ari678\Desktop\JDownloader.lnk
2015-10-01 02:17 - 2014-04-13 23:52 - 00000699 _____ C:\Users\Ari678\Desktop\JDownloader - Acceso directo.lnk
2015-10-01 02:17 - 2014-04-13 23:51 - 00000685 _____ C:\Users\Ari678\Desktop\SERIES TV.lnk
2015-10-01 02:17 - 2014-04-13 23:10 - 00001020 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-01 02:17 - 2014-04-13 22:18 - 00000794 _____ C:\Users\Ari678\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-10-01 02:17 - 2014-04-13 21:41 - 00000905 _____ C:\Users\Ari678\Desktop\Ares.lnk
2015-10-01 02:17 - 2014-04-13 03:55 - 00002647 _____ C:\Users\Ari678\Desktop\Microsoft Office Excel 2007.lnk
2015-10-01 02:17 - 2014-04-13 03:55 - 00002639 _____ C:\Users\Ari678\Desktop\Microsoft Office Word 2007.lnk
2015-10-01 02:17 - 2014-04-13 02:48 - 00002135 _____ C:\Users\Public\Desktop\CyberLink PowerDVD 13.lnk
2015-10-01 02:17 - 2014-04-13 02:15 - 00001946 _____ C:\Users\Public\Desktop\Actualizar licencia de NOD32.lnk
2015-10-01 02:17 - 2014-04-13 01:59 - 00001175 _____ C:\Users\Ari678\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-10-01 02:17 - 2014-04-13 01:59 - 00001151 _____ C:\Users\Public\Desktop\GOM Player.lnk
2015-10-01 02:17 - 2014-04-13 01:42 - 00000961 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-01 02:17 - 2013-05-01 19:09 - 00002889 _____ C:\Users\Public\Desktop\Nero 2014.lnk
2015-10-01 01:48 - 2014-05-17 17:53 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 23:33 - 2015-08-24 19:11 - 00000000 ____D C:\Users\Ari678
2015-09-30 23:32 - 2015-07-10 03:59 - 78905344 _____ C:\WINDOWS\system32\config\SOFTWARE_tureg_old
2015-09-30 23:32 - 2015-07-10 03:59 - 12845056 _____ C:\WINDOWS\system32\config\SYSTEM_tureg_old
2015-09-30 23:32 - 2015-07-10 03:59 - 00040960 _____ C:\WINDOWS\system32\config\SECURITY_tureg_old
2015-09-30 23:31 - 2015-07-10 03:59 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT_tureg_old
2015-09-30 20:40 - 2015-07-10 03:59 - 05505024 _____ C:\WINDOWS\system32\config\DRIVERS_tureg_old
2015-09-30 20:39 - 2015-07-10 05:28 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-09-30 20:39 - 2015-07-10 05:28 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-09-30 20:39 - 2015-07-10 05:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-30 20:39 - 2015-07-10 05:28 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-30 20:39 - 2015-07-10 05:28 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-09-30 20:39 - 2015-07-10 05:28 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-30 20:39 - 2015-07-10 05:28 - 00000000 ____D C:\WINDOWS\Provisioning
2015-09-30 20:39 - 2015-07-10 05:28 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-09-30 20:24 - 2014-07-06 23:29 - 00005632 _____ C:\Users\Ari678\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-30 19:27 - 2014-04-13 02:56 - 00000000 ____D C:\Users\Ari678\AppData\Local\Google
2015-09-30 19:26 - 2014-04-13 02:57 - 00000000 ____D C:\Program Files\Google
2015-09-30 18:59 - 2015-07-10 05:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-30 16:13 - 2014-04-15 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-09-29 23:42 - 2014-05-17 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-29 23:42 - 2014-05-17 17:36 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-29 21:53 - 2015-07-10 05:28 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-09-29 18:41 - 2014-04-13 21:41 - 00000000 ____D C:\Users\Ari678\Desktop\My Shared Folder
2015-09-29 17:41 - 2015-07-10 05:28 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-25 16:42 - 2015-07-05 19:28 - 00069432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-09-25 16:42 - 2015-06-29 22:46 - 16278688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2um.dll
2015-09-25 16:42 - 2015-06-29 22:46 - 10713272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-09-25 16:41 - 2015-06-29 22:46 - 02857720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi.dll
2015-09-24 02:00 - 2014-04-19 01:53 - 00000000 ____D C:\Users\Ari678\Downloads\Compressed
2015-09-21 23:06 - 2015-07-21 23:17 - 00000000 ____D C:\Users\Ari678\AppData\Roaming\NVIDIA
2015-09-21 23:05 - 2014-04-25 20:40 - 00000000 ____D C:\Users\Ari678\AppData\Local\ACD Systems
2015-09-15 17:48 - 2014-09-30 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GonVisor
2015-09-15 17:48 - 2014-09-30 20:42 - 00000000 ____D C:\Program Files\GonVisor
2015-09-09 03:07 - 2015-07-10 06:53 - 03689888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-09 03:05 - 2015-07-10 10:30 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 18:10 - 2014-04-12 18:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 17:48 - 2014-04-13 03:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-07 18:37 - 2015-06-17 18:21 - 00000000 ____D C:\Users\Ari678\AppData\Roaming\Spotify
2015-09-06 03:50 - 2015-08-24 14:59 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-06 03:50 - 2014-04-13 03:32 - 00000000 ____D C:\Users\Ari678\AppData\Roaming\DAEMON Tools Pro
 
==================== Files in the root of some directories =======
 
2014-04-14 16:03 - 2014-04-14 16:03 - 0000044 _____ () C:\Users\Ari678\AppData\Roaming\WB.CFG
2014-07-06 23:29 - 2015-09-30 20:24 - 0005632 _____ () C:\Users\Ari678\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-14 11:58 - 2015-01-14 11:58 - 0000001 _____ () C:\Users\Ari678\AppData\Local\llftool.4.40.agreement
2015-01-14 11:58 - 2015-01-14 11:58 - 0000019 _____ () C:\Users\Ari678\AppData\Local\llftool.license
2015-08-25 00:25 - 2015-08-25 00:25 - 0000017 _____ () C:\Users\Ari678\AppData\Local\resmon.resmoncfg
2015-08-24 19:05 - 2015-08-24 19:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Ari678\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Ari678\AppData\Local\Temp\HitmanPro.exe
C:\Users\Ari678\AppData\Local\Temp\proxy_vole4382795528022084263.dll
C:\Users\Ari678\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 02:06
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-10-2015
Ran by Ari678 (2015-10-03 08:48:02)
Running from C:\Users\Ari678\Desktop
Microsoft Windows 10 Pro (X86) (2015-08-25 00:52:45)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-460140493-847581487-85778212-500 - Administrator - Disabled)
Ari678 (S-1-5-21-460140493-847581487-85778212-1000 - Administrator - Enabled) => C:\Users\Ari678
Arielito (S-1-5-21-460140493-847581487-85778212-1001 - Administrator - Enabled)
DefaultAccount (S-1-5-21-460140493-847581487-85778212-503 - Limited - Disabled)
Invitado (S-1-5-21-460140493-847581487-85778212-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-460140493-847581487-85778212-1000\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
7-Zip 9.16 beta (HKLM\...\7-Zip) (Version:  - )
ACDSee Photo Manager 12 (HKLM\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.344 - ACD Systems International Inc.)
Actualización de NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12)  MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
AIDA64 Extreme Edition v2.80 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 2.80 - FinalWire Ltd.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ares 2.1.7 (HKLM\...\Ares) (Version: 2.1.7-Build#3041 - Ares Development Group)
Ashampoo HDD Control 3 v.3.00.40 (HKLM\...\{4209F371-7505-A040-718A-C57DA1CB7247}_is1) (Version: 3.00.40 - Ashampoo GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Compatibilidad con Aplicaciones de Apple (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
CyberLink PowerDVD 13 (HKLM\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.3105.58 - CyberLink Corp.)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
dBpoweramp [Arrange Audio] Codec (HKLM\...\dBpoweramp [Arrange Audio] Codec) (Version: Release 3 - Illustrate)
dBpoweramp [Audio Info] Codec (HKLM\...\dBpoweramp [Audio Info] Codec) (Version: Release 1 - Illustrate)
dBpoweramp [Calculate Audio CRC] Codec (HKLM\...\dBpoweramp [Calculate Audio CRC] Codec) (Version:  - )
dBpoweramp [Channel Split] Codec (HKLM\...\dBpoweramp [Channel Split] Codec) (Version:  - )
dBpoweramp [ID Tag Update] Codec (HKLM\...\dBpoweramp [ID Tag Update] Codec) (Version: Release 2.1 - Illustrate)
dBpoweramp [Length Split] Codec (HKLM\...\dBpoweramp [Length Split] Codec) (Version:  - )
dBpoweramp [Multi Encoder] Codec (HKLM\...\dBpoweramp [Multi Encoder] Codec) (Version: Release 3 - Illustrate)
dBpoweramp [ReplayGain] Codec (HKLM\...\dBpoweramp [ReplayGain] Codec) (Version: Release 2 - Illustrate)
dBpoweramp [Tag From Filename] Codec (HKLM\...\dBpoweramp [Tag From Filename] Codec) (Version: Release 1 - Illustrate)
dBpoweramp CD Writer (HKLM\...\dBpoweramp CD Writer) (Version: Release 3.1 - Illustrate)
dBpoweramp Dalet Codec (HKLM\...\dBpoweramp Dalet Codec) (Version:  - )
dBpoweramp DSP Effects (HKLM\...\dBpoweramp DSP Effects) (Version: Release 6 - Illustrate)
dBpoweramp FLAC Codec (HKLM\...\dBpoweramp FLAC Codec) (Version: Release 12 (FLAC 1.2.1) - Illustrate)
dBpoweramp m4a Codec (HKLM\...\dBpoweramp m4a Codec) (Version: Release 14 - Illustrate)
dBpoweramp Monkeys Audio Codec (HKLM\...\dBpoweramp Monkeys Audio Codec) (Version:  - )
dBpoweramp Mp2 and BwfMp2 codec (HKLM\...\dBpoweramp Mp2 and BwfMp2 codec) (Version:  - )
dBpoweramp mp3 (Fraunhofer IIS) Codec (HKLM\...\dBpoweramp mp3 (Fraunhofer IIS) Codec) (Version: Release 2a (v4.0.3) - Illustrate)
dBpoweramp Music Converter (HKLM\...\dBpoweramp Music Converter) (Version: Release 13.5 - Illustrate)
dBpoweramp Ogg Vorbis Codec (HKLM\...\dBpoweramp Ogg Vorbis Codec) (Version: Release 19 (Vorbis v1.2.0) - Illustrate)
dBpoweramp Real Audio (Helix) Encoder (HKLM\...\dBpoweramp Real Audio (Helix) Encoder) (Version:  - )
dBPoweramp tooLame MP2 codec (HKLM\...\dBPoweramp tooLame MP2 codec) (Version:  - )
dBpoweramp Wave64 Codec (HKLM\...\dBpoweramp Wave64 Codec) (Version:  - )
dBpoweramp WavPack Codec (HKLM\...\dBpoweramp WavPack Codec) (Version:  - )
dBpoweramp Windows Media Audio 10 Codec (HKLM\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 7 - Illustrate)
DivXLand Media Subtitler (HKLM\...\DivXLand Media Subtitler) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink Instal)
EaseUS Data Recovery Wizard 8.6 (HKLM\...\EaseUS Data Recovery Wizard 8.6_is1) (Version:  - EaseUS)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM\...\{79D0F056-39DE-4FDD-83FD-1554CE2C6443}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM\...\EEPPPlugIn) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
Epson Event Manager (HKLM\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-211 214 216 Series Printer Uninstall (HKLM\...\EPSON XP-211 214 216 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET NOD32 Antivirus (HKLM\...\{0926665A-244C-4BA4-909D-F9BA98F7266A}) (Version: 8.0.304.1 - ESET, spol s r. o.)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
GonVisor 2.42.06 (HKLM\...\GonVisor_is1) (Version:  - GAA)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 10.5.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
Malwarebytes Anti-Malware versión 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{825E2AB1-4502-4A51-8C52-D8D3398BE9D2}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 40.0.3 (x86 es-AR) (HKLM\...\Mozilla Firefox 40.0.3 (x86 es-AR)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM\...\{CFF19D4A-F26D-4C6C-8535-A7C9107C9027}) (Version: 15.0.07100 - Nero AG)
Nero 2014 Content Pack (HKLM\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
Nero Info (HKLM\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
NVIDIA Controlador de 3D Vision 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.81 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
Octoshape Streaming Services (HKU\S-1-5-21-460140493-847581487-85778212-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Panel de control de NVIDIA 341.81 (Version: 341.81 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (Version: 15.0.0005 - Nero AG) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5791 - Realtek Semiconductor Corp.)
ReNamer (HKLM\...\ReNamer_is1) (Version: 5.50 - [den4b] Denis Kozlov)
ScummVM 1.7.0 (HKLM\...\ScummVM_is1) (Version:  - The ScummVM Team)
SiS VGA Utilities (HKLM\...\SiS VGA Utilities) (Version: 5.29 - Silicon Integrated Systems Corporation)
Software Updater (HKLM\...\{D60071DB-459C-465C-92EF-336E65F1A436}) (Version: 4.0.1 - SEIKO EPSON CORPORATION)
Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.3 - Tukero[X]Team)
TuneUp Utilities 2014 (es-MX) (Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.353 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinSnap (HKLM\...\WinSnap) (Version: 3.5.7 - NTWind Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-460140493-847581487-85778212-1000_Classes\CLSID\{7D4733C0-C43B-4A81-AF43-F9B20D1F8348}\InprocServer32 -> C:\Users\Ari678\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-apoctoshape.dll (Octoshape ApS)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:04 - 2014-04-13 02:04 - 00000864 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 license.superantispyware.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0558C53F-5164-426B-AB5A-C4ED5E781E3E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0A2C32C3-18CD-4D86-BB67-8B280C1C0648} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {0C08F7A6-F890-422A-99CD-5939E1BC34FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {161C2B76-1DB1-46AA-A8A7-B5EC9D083930} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {183B4580-364B-49BF-932C-35E4272EAE74} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19277F45-C85C-4E0F-AFDA-A097F417E7C8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1D543EC0-A9E1-4035-AE88-268EC79F7E84} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2854EA71-C567-4D71-8562-ABD0AF99B96A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2CB4EF1F-2BF7-41BA-92D7-EE6B71910ED2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2D4E0B35-87A7-4503-98EF-9E8E4C31767F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3A3A29B5-77ED-4CE7-9E49-66716AE29206} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {40F26E95-2302-463C-BBEA-BFDD555A860A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {421D95A8-B8AC-4A02-AB87-D2DD9CAB6675} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {48BBF06B-D42A-4865-A46C-CA6B855DB802} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {54715AEA-85FC-4EBB-A3F8-87A76DC71A11} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56C6EB22-DDD8-4E5E-90C7-63238C521C97} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5808E998-E189-4B60-B4E4-8AB725B30778} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5A56744F-E66C-44FF-B95C-314A261A452B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6B8F9F0F-E6B7-4723-B370-61CCB84EADA7} - System32\Tasks\Programa de actualización en línea de Adobe => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {6C9019AE-0FAC-4551-B55A-DA26D0C2F88C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-30] (Google Inc.)
Task: {6F44931D-A97B-4D64-B2D0-7002AF740C4C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {78FECCB2-7F1E-478F-B308-EF28FBC06F3C} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {79CBE2E5-608F-4217-BD5C-723ACEB83FD9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {86C54806-F424-4694-B39C-8B1779453E65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-30] (Google Inc.)
Task: {8F3938B3-199A-48D7-B80F-F9C88BD2EDFA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {92A191FB-186D-403F-8F14-AA7DBEABE747} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-08] (Piriform Ltd)
Task: {93BD6AB1-B191-4C99-9960-002E3DEDD614} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {9605AA41-B815-4270-8B02-B28176C2F51C} - System32\Tasks\{DDDE8D28-D5C5-49D2-AE6E-7638E2B2E32E} => E:\SEGA\KGEN98.EXE
Task: {9E9E7285-424B-433C-8B42-A41DD37BFBA8} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {2172E84E-2AF7-422E-A648-5DE1F90A4A91} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLDE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {A2BB01DB-7E42-46D7-8A5A-D3188FB73997} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A2CFC10C-3EF3-4F4B-B5DA-1422B1684E85} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AABF76C8-ABCE-4E35-A13A-899D936643DF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B14F5223-CE56-4EEF-A202-A09255075D50} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB4F8F87-CE02-47E5-BCB2-FA61852EDFB4} - System32\Tasks\EPSON XP-211 214 216 Series Update {2172E84E-2AF7-422E-A648-5DE1F90A4A91} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLDE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {C654624F-3848-4AA8-8FE4-973C55061356} - System32\Tasks\LuckyBrowse => C:\Program Files\LuckyBrowse\app\luckybrowse.exe
Task: {CA0E71D7-6B8E-4F8E-8FDF-ED2022E1A373} - System32\Tasks\EPSON XP-211 214 216 Series Update {122A1C91-53E5-4CDD-89B6-F7B5B25BBD40} => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FTSLDE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {CAE42F0D-BC4E-476B-BB74-06CDEBA55238} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CC368418-F1D7-4191-AB84-1E4D2BE11F37} - System32\Tasks\{A630531D-839C-4CB7-8A52-F6A3E68A69B8} => pcalua.exe -a "D:\PROGRAMAS\DbPowerAmp\Utility Codecs\dBpoweramp-Codec-[Audio_Info]-R1.exe" -d "D:\PROGRAMAS\DbPowerAmp\Utility Codecs"
Task: {D065D4D1-8B83-4F57-BBDF-34CE5D43D30C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D6184A33-1EC9-4CE4-A159-F7604345D3CC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {DA89FDC6-2FCF-493E-B39D-6F407EB29FBA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E21356FF-8C87-40B7-8511-97BF70738153} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E3AD1DC5-ED6D-4657-A883-ED7C9F2287D4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2D4506D-C182-442C-B616-ADD9016A1818} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {122A1C91-53E5-4CDD-89B6-F7B5B25BBD40} => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FTSLDE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {F3A72D90-57DA-416E-AEF2-BDAAACAFC941} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-06-08] (Oracle Corporation)
Task: {F4447D63-614E-4D9E-981F-B306A0D6952B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F728A7AC-6429-4FD5-AC9E-6C03F325569A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Invitation {122A1C91-53E5-4CDD-89B6-F7B5B25BBD40}.job => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FTSLDE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Invitation {2172E84E-2AF7-422E-A648-5DE1F90A4A91}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLDE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Update {122A1C91-53E5-4CDD-89B6-F7B5B25BBD40}.job => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FTSLDE.EXE:/EXE:{122A1C91-53E5-4CDD-89B6-F7B5B25BBD40} /F:UpdateWORKGROUP\ARI678-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Update {2172E84E-2AF7-422E-A648-5DE1F90A4A91}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLDE.EXE:/EXE:{2172E84E-2AF7-422E-A648-5DE1F90A4A91} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-24 14:50 - 2015-08-24 14:50 - 00025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-26 02:28 - 2015-08-11 05:53 - 00301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-30 18:13 - 2015-09-17 03:27 - 01766952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 18:13 - 2015-09-17 03:27 - 01766952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-04-12 20:38 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2015-07-10 05:24 - 2015-07-10 05:24 - 00288768 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:24 - 2015-07-10 05:24 - 00111104 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-09-30 18:13 - 2015-09-17 02:28 - 04317696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-09-30 18:10 - 2015-09-17 02:25 - 00377856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-30 18:11 - 2015-09-17 02:25 - 01183232 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 18:13 - 2015-09-17 02:26 - 01425920 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 05:25 - 2015-07-10 10:30 - 00107520 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2014-04-13 03:34 - 2014-03-17 03:23 - 00003132 _____ () C:\Program Files\DAEMON Tools Pro\MSIMG32.dll
2015-07-14 18:20 - 2015-07-14 18:20 - 00756376 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-460140493-847581487-85778212-1000\...\hola.org -> hxxp://hola.org
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-460140493-847581487-85778212-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ari678\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "XboxStat"
HKU\S-1-5-21-460140493-847581487-85778212-1000\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-460140493-847581487-85778212-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-460140493-847581487-85778212-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-460140493-847581487-85778212-1000\...\StartupApproved\Run: => "hola"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{AAB908F1-9418-40F4-9DA9-93BD75F08B83}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A1D0BEBA-0E7A-4AB4-965C-920346869B4F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{89EC0C39-C948-4D36-8BFF-6040761A8464}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{E3A55D7D-7434-42AB-8315-E004CDF19D9F}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{BB2CBA2A-49AC-4647-BA11-03891C9DBCDC}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{871C8C21-80CC-41C4-833F-DB971C5BA43F}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{0D8DF4B8-596F-4663-A494-F7CC098B5C32}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{AFF9CC83-A088-4532-A5A0-3A781305866D}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{D6DB7501-33BD-447B-BCB4-CFC4CB688F63}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{FC0E7DCA-6EEE-401A-B024-4DF5D9D5D791}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe
FirewallRules: [UDP Query User{F98F5BDF-8EA7-4B56-881A-73F3FE93FFA0}C:\users\ari678\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\ari678\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [TCP Query User{C696E649-D5B2-4C19-9DBE-1381D7C96E0D}C:\users\ari678\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\ari678\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{FFD575B4-9F73-4F87-9B0D-92D0FB6AE314}] => (Allow) C:\Program Files\Nero\KM\NMDllHost.exe
FirewallRules: [{80FEF254-D952-443E-98A7-2106412484BF}] => (Allow) C:\Program Files\Nero\KM\NMDllHost.exe
FirewallRules: [{73333561-1D2D-4CCA-AE21-203D08B5DFAE}] => (Allow) C:\Program Files\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{A40813F4-5170-4424-B528-C5ABD5D77B15}] => (Allow) C:\Program Files\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{145F6B75-6C26-4A46-8491-8B9B3C256CEC}] => (Allow) C:\Users\Ari678\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A7511698-6BAA-47D1-87AC-E4BE007D590C}] => (Allow) C:\Users\Ari678\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{0259C35A-A263-468A-8FDF-A315CC6A5D78}C:\program files\ares\ares.exe] => (Allow) C:\program files\ares\ares.exe
FirewallRules: [TCP Query User{2698A2CB-4169-473C-89B3-D171A98A72F4}C:\program files\ares\ares.exe] => (Allow) C:\program files\ares\ares.exe
FirewallRules: [{909B5B62-0C4C-45C2-A1C2-C4933C9AE72C}] => (Allow) C:\Program Files\CyberLink\PowerDVD13\Movie\PowerDVD Cinema\PowerDVDCinema13.exe
FirewallRules: [{DE8F4C10-8E67-4402-8856-524A0E7A6076}] => (Allow) C:\Program Files\CyberLink\PowerDVD13\Movie\PowerDVD.exe
FirewallRules: [{90790912-7EF4-4BBD-ABB6-01D782275412}] => (Allow) C:\Program Files\CyberLink\PowerDVD13\PowerDVD13ML.exe
FirewallRules: [{C131FB2E-0BA7-4362-AEEF-180DA82045FD}] => (Allow) C:\Program Files\CyberLink\PowerDVD13\PowerDVD13Agent.exe
FirewallRules: [{772CAC88-3129-4D35-A4B7-8F22AC5A4AD4}] => (Allow) C:\Program Files\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
FirewallRules: [{B0EE4B2E-7E46-4868-8147-E24874F32049}] => (Allow) C:\Program Files\CyberLink\PowerDVD13\PowerDVD13.exe
FirewallRules: [{77696B30-0B46-4B1D-9AFD-781CA2DF3430}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{AEAA0C40-E175-4A64-B719-7C72D684D512}] => (Allow) D:\PROGRAMAS\SpotifySetup.exe
FirewallRules: [{B6A5CE4A-FF91-4B97-B3A4-659C1AC13863}] => (Allow) D:\PROGRAMAS\SpotifySetup.exe
FirewallRules: [{55070ACB-E4AA-4444-96B0-34E679A97819}] => (Allow) D:\PROGRAMAS\SpotifySetup.exe
FirewallRules: [{0CF45714-9B29-48A6-B2F6-E2E0E7E43A05}] => (Allow) D:\PROGRAMAS\SpotifySetup.exe
FirewallRules: [{024C458A-EE7A-4CF8-B6CB-748DE197DB10}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/02/2015 05:45:11 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80040d07, "iehistory://{S-1-5-21-460140493-847581487-85778212-1000}/">.
 
Error: (10/02/2015 05:45:11 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80040d07, "iehistory://{S-1-5-21-460140493-847581487-85778212-1000}/">.
 
Error: (10/02/2015 05:44:50 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80040d07, "iehistory://{S-1-5-21-460140493-847581487-85778212-1000}/">.
 
Error: (10/02/2015 05:44:49 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80040d07, "iehistory://{S-1-5-21-460140493-847581487-85778212-1000}/">.
 
Error: (10/02/2015 05:18:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SystemSettings.exe, versión: 10.0.10240.16384, marca de tiempo: 0x559f3c37
Nombre del módulo con errores: MusUpdateHandlers.dll, versión: 10.0.10240.16392, marca de tiempo: 0x55a8616a
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0002dbbd
Identificador del proceso con errores: 0x10f8
Hora de inicio de la aplicación con errores: 0xSystemSettings.exe0
Ruta de acceso de la aplicación con errores: SystemSettings.exe1
Ruta de acceso del módulo con errores: SystemSettings.exe2
Identificador del informe: SystemSettings.exe3
Nombre completo del paquete con errores: SystemSettings.exe4
Identificador de aplicación relativa del paquete con errores: SystemSettings.exe5
 
Error: (10/02/2015 05:03:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ari678-PC)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.
 
Error: (10/02/2015 05:03:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ari678-PC)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.
 
Error: (10/02/2015 03:26:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ari678-PC)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.
 
Error: (10/01/2015 04:04:34 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado DeviceIoControl(\\?\Volume{d07d563c-bf96-11e4-ba28-001e8c81403f} - 000001CC,0x0053c06c,04204C10,0,04203C08,4096,[0]). HR = 0x800701e3, No se pudo realizar la solicitud debido a un error irrecuperable de hardware de dispositivo.
.
 
 
Operación:
   Elegir automáticamente un volumen de área de diferencia
   Procesar EndPrepareSnapshots
 
Contexto:
   Contexto de ejecución: System Provider
 
Error: (10/01/2015 04:03:04 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado DeviceIoControl(\\?\Volume{d07d563c-bf96-11e4-ba28-001e8c81403f} - 00000164,0x0053c06c,04204C10,0,04203C08,4096,[0]). HR = 0x800701e3, No se pudo realizar la solicitud debido a un error irrecuperable de hardware de dispositivo.
.
 
 
Operación:
   Elegir automáticamente un volumen de área de diferencia
   Procesar EndPrepareSnapshots
 
Contexto:
   Contexto de ejecución: System Provider
 
 
System errors:
=============
Error: (10/03/2015 08:26:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: específico de la aplicaciónLocalActivación{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSERVICIO LOCALS-1-5-19LocalHost (con LRPC)No disponibleNo disponible
 
Error: (10/03/2015 08:15:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Instalador de módulos de Windows terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.
 
Error: (10/03/2015 08:15:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Nero Update se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (10/03/2015 08:15:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio TuneUp Utilities Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (10/03/2015 08:15:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Message Queue Server terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.
 
Error: (10/03/2015 08:15:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio InstallShield Application Updater se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (10/03/2015 08:15:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Ashampoo HDD Control 3 Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (10/03/2015 08:15:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio EpsonCustomerParticipation se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (10/03/2015 08:15:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Epson Scanner Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (10/03/2015 08:15:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio SAS Core Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 1000 milisegundos: Reiniciar el servicio.
 
 
CodeIntegrity:
===================================
  Date: 2015-10-01 08:47:40.592
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-10-01 08:47:40.493
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-10-01 08:47:40.380
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-10-01 08:47:40.165
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-10-01 08:47:40.084
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-10-01 08:47:39.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-10-01 08:47:35.233
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-10-01 08:47:33.764
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-09-10 11:06:47.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2015-09-10 11:06:47.870
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 67%
Total physical RAM: 2047.24 MB
Available physical RAM: 656.11 MB
Total Virtual: 4095.24 MB
Available Virtual: 3138.59 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:53.94 GB) (Free:19.61 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Disco Local) (Fixed) (Total:122.07 GB) (Free:12.81 GB) NTFS
Drive e: (Disco Local) (Fixed) (Total:122.08 GB) (Free:15.61 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D13DD13D)
Partition 1: (Active) - (Size=53.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================
 
MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Ari678 (administrator) on 03-10-2015 at 09:14:13
Running from "C:\Users\Ari678\Desktop"
Microsoft Windows 10 Pro  (X86)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Configuracin IP de Windows
 
Se vaci correctamente la cach de resolucin de DNS.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1 license.superantispyware.com
127.0.0.1 license.superantispyware.com
 
========================= IP Configuration: ================================
 
SiS191 Ethernet Controller = Conexión de área local (Connected)
 
 
# ----------------------------------
# Configuracin de IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# Fin de la configuracin de IPv4
 
 
 
Configuracin IP de Windows
 
   Nombre de host. . . . . . . . . : Ari678-PC
   Sufijo DNS principal  . . . . . : 
   Tipo de nodo. . . . . . . . . . : hbrido
   Enrutamiento IP habilitado. . . : no
   Proxy WINS habilitado . . . . . : no
 
Adaptador de Ethernet Conexin de rea local:
 
   Sufijo DNS especfico para la conexin. . : 
   Descripcin . . . . . . . . . . . . . . . : SiS191 Ethernet Controller
   Direccin fsica. . . . . . . . . . . . . : 00-1E-8C-81-40-3F
   DHCP habilitado . . . . . . . . . . . . . : s
   Configuracin automtica habilitada . . . : s
   Vnculo: direccin IPv6 local. . . : fe80::14d4:fe82:9ee5:bdd7%3(Preferido) 
   Direccin IPv4. . . . . . . . . . . . . . : 192.168.0.2(Preferido) 
   Mscara de subred . . . . . . . . . . . . : 255.255.255.0
   Concesin obtenida. . . . . . . . . . . . : sbado, 3 de octubre de 2015 8:10:05
   La concesin expira . . . . . . . . . . . : martes, 13 de octubre de 2015 8:10:04
   Puerta de enlace predeterminada . . . . . : 192.168.0.1
   Servidor DHCP . . . . . . . . . . . . . . : 192.168.0.1
   IAID DHCPv6 . . . . . . . . . . . . . . . : 234888844
   DUID de cliente DHCPv6. . . . . . . . . . : 00-01-00-01-1A-DB-42-FA-00-1E-8C-81-40-3F
   Servidores DNS. . . . . . . . . . . . . . : 2001:4860:4860::8888
                                       2001:4860:4860::8844
                                       8.8.8.8
                                       8.8.4.4
   NetBIOS sobre TCP/IP. . . . . . . . . . . : habilitado
 
Adaptador de tnel isatap.{0A21074E-1618-4928-B0BA-80314E4EFF77}:
 
   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS especfico para la conexin. . : 
   Descripcin . . . . . . . . . . . . . . . : Microsoft ISATAP Adapter
   Direccin fsica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP habilitado . . . . . . . . . . . . . : no
   Configuracin automtica habilitada . . . : s
 
Adaptador de tnel Teredo Tunneling Pseudo-Interface:
 
   Sufijo DNS especfico para la conexin. . : 
   Descripcin . . . . . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Direccin fsica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP habilitado . . . . . . . . . . . . . : no
   Configuracin automtica habilitada . . . : s
   Direccin IPv6 . . . . . . . . . . : 2001:0:9d38:90d7:cbe:31a3:45e9:eb3d(Preferido) 
   Vnculo: direccin IPv6 local. . . : fe80::cbe:31a3:45e9:eb3d%6(Preferido) 
   Puerta de enlace predeterminada . . . . . : ::
   IAID DHCPv6 . . . . . . . . . . . . . . . : 100663296
   DUID de cliente DHCPv6. . . . . . . . . . : 00-01-00-01-1A-DB-42-FA-00-1E-8C-81-40-3F
   NetBIOS sobre TCP/IP. . . . . . . . . . . : deshabilitado
DNS request timed out.
    timeout was 2 seconds.
Servidor:  UnKnown
Address:  2001:4860:4860::8888
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Haciendo ping a google.com [173.194.42.72] con 32 bytes de datos:
Respuesta desde 173.194.42.72: bytes=32 tiempo=10ms TTL=57
Respuesta desde 173.194.42.72: bytes=32 tiempo=10ms TTL=57
 
Estadsticas de ping para 173.194.42.72:
    Paquetes: enviados = 2, recibidos = 2, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    Mnimo = 10ms, Mximo = 10ms, Media = 10ms
DNS request timed out.
    timeout was 2 seconds.
Servidor:  UnKnown
Address:  2001:4860:4860::8888
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Haciendo ping a yahoo.com [98.139.183.24] con 32 bytes de datos:
Respuesta desde 98.139.183.24: bytes=32 tiempo=158ms TTL=52
Respuesta desde 98.139.183.24: bytes=32 tiempo=158ms TTL=52
 
Estadsticas de ping para 98.139.183.24:
    Paquetes: enviados = 2, recibidos = 2, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    Mnimo = 158ms, Mximo = 158ms, Media = 158ms
 
Haciendo ping a 127.0.0.1 con 32 bytes de datos:
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128
Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128
 
Estadsticas de ping para 127.0.0.1:
    Paquetes: enviados = 2, recibidos = 2, perdidos = 0
    (0% perdidos),
Tiempos aproximados de ida y vuelta en milisegundos:
    Mnimo = 0ms, Mximo = 0ms, Media = 0ms
===========================================================================
ILista de interfaces
  3...00 1e 8c 81 40 3f ......SiS191 Ethernet Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  6...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================
 
IPv4 Tabla de enrutamiento
===========================================================================
Rutas activas:
Destino de red        Mscara de red   Puerta de enlace   Interfaz  Mtrica
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2     20
        127.0.0.0        255.0.0.0      En vnculo         127.0.0.1    306
        127.0.0.1  255.255.255.255      En vnculo         127.0.0.1    306
  127.255.255.255  255.255.255.255      En vnculo         127.0.0.1    306
      192.168.0.0    255.255.255.0      En vnculo       192.168.0.2    276
      192.168.0.2  255.255.255.255      En vnculo       192.168.0.2    276
    192.168.0.255  255.255.255.255      En vnculo       192.168.0.2    276
        224.0.0.0        240.0.0.0      En vnculo         127.0.0.1    306
        224.0.0.0        240.0.0.0      En vnculo       192.168.0.2    276
  255.255.255.255  255.255.255.255      En vnculo         127.0.0.1    306
  255.255.255.255  255.255.255.255      En vnculo       192.168.0.2    276
===========================================================================
Rutas persistentes:
  Ninguno
 
IPv6 Tabla de enrutamiento
===========================================================================
Rutas activas:
 Cuando destino de red mtrica      Puerta de enlace
  6    306 ::/0                     En vnculo
  1    306 ::1/128                  En vnculo
  6    306 2001::/32                En vnculo
  6    306 2001:0:9d38:90d7:cbe:31a3:45e9:eb3d/128
                                    En vnculo
  3    276 fe80::/64                En vnculo
  6    306 fe80::/64                En vnculo
  6    306 fe80::cbe:31a3:45e9:eb3d/128
                                    En vnculo
  3    276 fe80::14d4:fe82:9ee5:bdd7/128
                                    En vnculo
  1    306 ff00::/8                 En vnculo
  3    276 ff00::/8                 En vnculo
  6    306 ff00::/8                 En vnculo
===========================================================================
Rutas persistentes:
  Ninguno
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\system32\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [315232] (Microsoft Corporation)
 
**** End of log ****
 
 
 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:12 AM

Posted 03 October 2015 - 05:36 PM

Hi Ariel,

I apologize for the delayed reply. I was never notified of your response.

I am going to ask you to uninstall SUPERAntiSpyware as it appears you do not have a valid Product Key for that program. If I am in error please let me know. I am also concerned about E:\SEGA\KGEN98.EXE and recommend you refrain from utilizing that file. I would even go so far as to suggest you remove it.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

SUPERAntiSpyware

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
SearchScopes: HKU\S-1-5-21-460140493-847581487-85778212-1000 -> DefaultScope {540FD3C0-B363-4B61-BA18-7C4859730E9C} URL = 
FF Plugin HKU\S-1-5-21-460140493-847581487-85778212-1000: @hola.org/FlashPlayer -> C:\Users\Ari678\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll No File
FF Plugin HKU\S-1-5-21-460140493-847581487-85778212-1000: @hola.org/vlc -> C:\Users\Ari678\AppData\Local\Hola\firefox\app\vlc\npvlc.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2015-10-03 08:37 - 2015-10-03 08:37 - 00016148 _____ C:\WINDOWS\system32\ARI678-PC_Ari678_HistoryPrediction.bin
2015-10-01 01:19 - 2015-10-02 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
C:\Users\Ari678\AppData\Local\Temp\proxy_vole4382795528022084263.dll
Task: {0558C53F-5164-426B-AB5A-C4ED5E781E3E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0A2C32C3-18CD-4D86-BB67-8B280C1C0648} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {0C08F7A6-F890-422A-99CD-5939E1BC34FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {19277F45-C85C-4E0F-AFDA-A097F417E7C8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2D4E0B35-87A7-4503-98EF-9E8E4C31767F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3A3A29B5-77ED-4CE7-9E49-66716AE29206} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {40F26E95-2302-463C-BBEA-BFDD555A860A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {56C6EB22-DDD8-4E5E-90C7-63238C521C97} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5808E998-E189-4B60-B4E4-8AB725B30778} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {79CBE2E5-608F-4217-BD5C-723ACEB83FD9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C654624F-3848-4AA8-8FE4-973C55061356} - System32\Tasks\LuckyBrowse => C:\Program Files\LuckyBrowse\app\luckybrowse.exe
 C:\Program Files\LuckyBrowse
Task: {CAE42F0D-BC4E-476B-BB74-06CDEBA55238} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F728A7AC-6429-4FD5-AC9E-6C03F325569A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 arieljborrajo

arieljborrajo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 03 October 2015 - 07:40 PM

Hi Gary! I Uninstalled Super Anti-Spyware and I have to tell that the KGEN98.exe I already uninstalled it many years ago, so... is strange that path still alive. Regarding to Utorrent I will keep it, I Won't use it untill we done with this, and I will be careful when I use it. Thanks for caring.

So... this is the fixlog.
 

Fix result of Farbar Recovery Scan Tool (x86) Version:30-10-2015
Ran by Ari678 (2015-10-03 21:23:27) Run:1
Running from C:\Users\Ari678\Desktop
Loaded Profiles: Ari678 (Available Profiles: Ari678 & DefaultAppPool)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
SearchScopes: HKU\S-1-5-21-460140493-847581487-85778212-1000 -> DefaultScope {540FD3C0-B363-4B61-BA18-7C4859730E9C} URL = 
FF Plugin HKU\S-1-5-21-460140493-847581487-85778212-1000: @hola.org/FlashPlayer -> C:\Users\Ari678\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll No File
FF Plugin HKU\S-1-5-21-460140493-847581487-85778212-1000: @hola.org/vlc -> C:\Users\Ari678\AppData\Local\Hola\firefox\app\vlc\npvlc.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2015-10-03 08:37 - 2015-10-03 08:37 - 00016148 _____ C:\WINDOWS\system32\ARI678-PC_Ari678_HistoryPrediction.bin
2015-10-01 01:19 - 2015-10-02 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
C:\Users\Ari678\AppData\Local\Temp\proxy_vole4382795528022084263.dll
Task: {0558C53F-5164-426B-AB5A-C4ED5E781E3E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0A2C32C3-18CD-4D86-BB67-8B280C1C0648} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {0C08F7A6-F890-422A-99CD-5939E1BC34FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {19277F45-C85C-4E0F-AFDA-A097F417E7C8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2D4E0B35-87A7-4503-98EF-9E8E4C31767F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3A3A29B5-77ED-4CE7-9E49-66716AE29206} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {40F26E95-2302-463C-BBEA-BFDD555A860A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {56C6EB22-DDD8-4E5E-90C7-63238C521C97} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5808E998-E189-4B60-B4E4-8AB725B30778} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {79CBE2E5-608F-4217-BD5C-723ACEB83FD9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C654624F-3848-4AA8-8FE4-973C55061356} - System32\Tasks\LuckyBrowse => C:\Program Files\LuckyBrowse\app\luckybrowse.exe
 C:\Program Files\LuckyBrowse
Task: {CAE42F0D-BC4E-476B-BB74-06CDEBA55238} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F728A7AC-6429-4FD5-AC9E-6C03F325569A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
hosts:
*****************
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-460140493-847581487-85778212-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-460140493-847581487-85778212-1000\Software\MozillaPlugins\@hola.org/FlashPlayer" => key removed successfully.
C:\Users\Ari678\AppData\Local\Hola\firefox\app\flash\NPSWF32_18_0_0_232.dll => not found.
"HKU\S-1-5-21-460140493-847581487-85778212-1000\Software\MozillaPlugins\@hola.org/vlc" => key removed successfully.
C:\Users\Ari678\AppData\Local\Hola\firefox\app\vlc\npvlc.dll => not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully.
idsvc => service removed successfully.
wfpcapture => service removed successfully.
wpcsvc => service removed successfully.
C:\WINDOWS\system32\ARI678-PC_Ari678_HistoryPrediction.bin => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse => moved successfully
C:\Users\Ari678\AppData\Local\Temp\proxy_vole4382795528022084263.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0558C53F-5164-426B-AB5A-C4ED5E781E3E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0558C53F-5164-426B-AB5A-C4ED5E781E3E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A2C32C3-18CD-4D86-BB67-8B280C1C0648}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A2C32C3-18CD-4D86-BB67-8B280C1C0648}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C08F7A6-F890-422A-99CD-5939E1BC34FB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C08F7A6-F890-422A-99CD-5939E1BC34FB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19277F45-C85C-4E0F-AFDA-A097F417E7C8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19277F45-C85C-4E0F-AFDA-A097F417E7C8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D4E0B35-87A7-4503-98EF-9E8E4C31767F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D4E0B35-87A7-4503-98EF-9E8E4C31767F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A3A29B5-77ED-4CE7-9E49-66716AE29206}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A3A29B5-77ED-4CE7-9E49-66716AE29206}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40F26E95-2302-463C-BBEA-BFDD555A860A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40F26E95-2302-463C-BBEA-BFDD555A860A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56C6EB22-DDD8-4E5E-90C7-63238C521C97}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56C6EB22-DDD8-4E5E-90C7-63238C521C97}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5808E998-E189-4B60-B4E4-8AB725B30778}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5808E998-E189-4B60-B4E4-8AB725B30778}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79CBE2E5-608F-4217-BD5C-723ACEB83FD9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79CBE2E5-608F-4217-BD5C-723ACEB83FD9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C654624F-3848-4AA8-8FE4-973C55061356}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C654624F-3848-4AA8-8FE4-973C55061356}" => key removed successfully.
C:\Windows\System32\Tasks\LuckyBrowse => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyBrowse" => key removed successfully.
"C:\Program Files\LuckyBrowse" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAE42F0D-BC4E-476B-BB74-06CDEBA55238}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAE42F0D-BC4E-476B-BB74-06CDEBA55238}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F728A7AC-6429-4FD5-AC9E-6C03F325569A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F728A7AC-6429-4FD5-AC9E-6C03F325569A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
==== End of Fixlog 21:23:29 ====

The proxy setting seems to return to normally and I could enter or use any other browser than google.

My concern is that all this progress back again when I restart the machine.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:12 AM

Posted 03 October 2015 - 07:49 PM

Go ahead and reboot and see how we do.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:12 AM

Posted 03 October 2015 - 11:07 PM

I am signing off for the evening but if you post something I will check it first thing in the morning.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 arieljborrajo

arieljborrajo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 03 October 2015 - 11:31 PM

Hey Gary! sorry for the delayed reply, I was on a family reunion.

It happened what I feared, I restart the computer and the proxy settings go back to his former status (I mean: unchangeable and connected to http=127.0.0.1:8080;https=127.0.0.1:8080)

Meanwhile I will change the entry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings>ProxySettingsPerUser from 0 to 1 of the registry, which it is the temporary solution to the problem (more or less is the same solution that fixlist did)



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:12 AM

Posted 04 October 2015 - 02:58 PM

Thanks, please do this next.

===================================================

Resetting Registry Proxy Settings

--------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reboot:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FSS log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 arieljborrajo

arieljborrajo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 04 October 2015 - 04:48 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:04-10-2015
Ran by Ari678 (2015-10-04 17:55:53) Run:2
Running from C:\Users\Ari678\Desktop
Loaded Profiles: Ari678 (Available Profiles: Ari678 & DefaultAppPool)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reboot:
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
 
========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========
 
La operaci¢n se complet¢ correctamente.
 
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========
 
La operaci¢n se complet¢ correctamente.
 
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========
 
La operaci¢n se complet¢ correctamente.
 
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========
 
ERROR: El sistema no ha podido encontrar la clave o el valor del Registro
especificados.
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========
 
ERROR: El sistema no ha podido encontrar la clave o el valor del Registro
especificados.
 
 
========= End of Reg: =========
 
 
========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========
 
La operaci¢n se complet¢ correctamente.
 
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========
 
La operaci¢n se complet¢ correctamente.
 
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========
 
La operaci¢n se complet¢ correctamente.
 
 
 
========= End of Reg: =========
 
 
========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========
 
La operaci¢n se complet¢ correctamente.
 
 
 
========= End of Reg: =========
 
EmptyTemp: => 470.4 MB temporary data Removed.
 
 
The system needed a reboot.
 

==== End of Fixlog 17:56:26 ====

-----------------------------------------------------------------------------------------------------------------------------------

 

Farbar Service Scanner Version: 26-07-2015
Ran by Ari678 (administrator) on 04-10-2015 at 18:01:21
Running from "C:\Users\Ari678\Desktop"
Microsoft Windows 10 Pro  (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\nsisvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\WINDOWS\system32\dhcpcore.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tdx.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\mpssvc.dll => File is digitally signed
C:\WINDOWS\system32\bfe.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuaueng.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\iphlpsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

 

 

Computer Behavior: the proxy settings still connected to host http=127.0.0.1:8080;https=127.0.0.1:8080
The solutions are only temporary, when I restart or you restart (through fixlist orders) the pc, the proxy settings go back to its former status

P.S.: if you don't mind, I will attach the screenshots of proxy settings window, and Internet Option Windows, with a few messages that maybe will help, or at least will serve to make you understand a little more the problem.

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:12 AM

Posted 04 October 2015 - 05:44 PM

Thank you Ariel.

I need a little clarification please. Are you having these issues with every browser, Internet Explorer, Edge, Firefox, and Chrome? If not, could you provide more detail for each.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 arieljborrajo

arieljborrajo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 04 October 2015 - 05:54 PM

Yes Gary, with every browser: Edge, Mozilla Firefox and Chrome (Internet Explorer is no longer available in Windows 10, or at least I don't have it)



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:12 AM

Posted 04 October 2015 - 06:19 PM

Thank you Ariel.

See if this is successful.

===================================================

Modifying Proxy Settings as Administrator in Internet Explorer - Windows 10

--------------------
  • Left click the Search the web and Windows magnifying glass in the lower left hand corner of the Desktop
  • Type iexplore.exe
  • Right click on the Internet Explorer Desktop App above and select Run as Administrator
  • If you are asked if you want to allow Internet Explorer make changes to the System select Yes
  • Click Tools, then Internet Options
  • Click the Connections tab
  • Click the LAN Settings button
  • Check Automatically detect settings and uncheck Use a proxy server for your LAN
  • Click Apply, then OK
  • Close Internet Explorer, relauch the browser and check your Internet performance
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 arieljborrajo

arieljborrajo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:12 PM

Posted 04 October 2015 - 06:34 PM

Hey Gary, we have a problem, or maybe I have a problem... I did as you said and type iexplorer.exe on Search the web and Windows and nothing happened, there is no Internet Explorer on my pc. What should I do now?



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:12 AM

Posted 04 October 2015 - 06:40 PM

If you right click on Edge does it give you the Run as Administrator option? If so, go through the steps that way.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users