Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

atajitos.com its destroying my life xd


  • This topic is locked This topic is locked
17 replies to this topic

#1 laise91

laise91

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 30 January 2016 - 10:09 PM

Hi guys, I've been dealing with a virus that everytime I want to use the search bar from google automatically it redirects me to a browser with its name atajitos.com. I don't know if it has to do with the virus Poweliks.z that is a trojan, everytime my BullGuard antivirus does an analisis it comes with it, and another 2 virus, XBLive and Xbox.Live.dll.

 

My Windows pack is 7 Ultimate. And Like I said before, I have the BullGuard Antivirus, and I did an Emsisoft Scan before this, and used the eset software to remove the poweliks but nothing, he doesnt detect that as my bullguard.

 

Help please, thanks in advance.


Edited by laise91, 30 January 2016 - 10:45 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:09 AM

Posted 30 January 2016 - 11:02 PM

Greetings laise91 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner report
  • Junkware report
  • RogueKiller report
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 laise91

laise91
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 31 January 2016 - 02:22 AM

# AdwCleaner v5.031 - Registro generado 30/01/2016 en 23:47:09
# Actualizado 25/01/2016 por Xplode
# Base de datos : 2016-01-25.3 [Servidor]
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (x86)
# Nombre de usuario : Quadcore - QUADCORE-PC
# Ejecutado desde : C:\MAMA2\Downloads\Archivos Instalables Antivirus\AdwCleaner.exe
# Opción : Limpiar
# Apoyo : http://toolslib.net/forum

***** [ Servicios ] *****

 

 

When I try to do the last step, it throws this error:


[-]  Eliminar : SED

***** [ Carpetas ] *****

[-] Carpeta Eliminar : C:\Program Files\myfree codec
[-] Carpeta Eliminar : C:\ProgramData\Yellow AdBlocker
[-] Carpeta Eliminar : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Carpeta Eliminar : C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgjglmlehllifdekcggaapkaplbdpje
[-] Carpeta Eliminar : C:\Users\Quadcore\AppData\Roaming\ntsvc
[-] Carpeta Eliminar : C:\Users\Quadcore\AppData\Roaming\OpenCandy
[-] Carpeta Eliminar : C:\Windows\system32\config\systemprofile\AppData\Roaming\ntsvc

***** [ Archivos ] *****

[-] Archivo Eliminar : C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ikgjglmlehllifdekcggaapkaplbdpje_0.localstorage
[-] Archivo Eliminar : C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ikgjglmlehllifdekcggaapkaplbdpje_0.localstorage-journal
[-] Archivo Eliminar : C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_hp.myway.com_0.localstorage
[-] Archivo Eliminar : C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_hp.myway.com_0.localstorage-journal
[-] Archivo Eliminar : C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_videodownloadconverter.dl.myway.com_0.localstorage
[-] Archivo Eliminar : C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_videodownloadconverter.dl.myway.com_0.localstorage-journal
[-] Archivo Eliminar : C:\Windows\system32\lavasofttcpservice.dll

***** [ DLLs ] *****


***** [ Accesos directos ] *****


***** [ Tareas programadas ] *****


***** [ Registro ] *****

[-] Llave Eliminar : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Valor Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{E056AFDD-03E9-4D73-8D33-8FCCBCA73438}]
[-] Llave Eliminar : HKCU\Software\Myfree Codec
[-] Llave Eliminar : HKCU\Software\PRODUCTSETUP
[-] Llave Eliminar : HKCU\Software\STool
[-] Llave Eliminar : HKCU\Software\WEBAPP
[-] Llave Eliminar : HKLM\SOFTWARE\Myfree Codec
[-] Llave Eliminar : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Llave Eliminar : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Llave Eliminar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Llave Eliminar : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
[-] Llave Eliminar : HKLM\SOFTWARE\Classes\.bglog

***** [ Navegadores Web ] *****

[-] [C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminar : flvdirect.iamwired.net
[-] [C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminar : start.facemoods.com
[-] [C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminar : search.babylon.com
[-] [C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminar : websearch.ask.com
[-] [C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminar : mystart.incredibar.com
[-] [C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminar : search.conduit.com
[-] [C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminar : fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminar : ikgjglmlehllifdekcggaapkaplbdpje

*************************

:: Llaves "Tracing" removidas
:: Winsock Configuración borrada

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [5142 bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Ultimate x86
Ran by Quadcore (Administrator) on 30/01/2016 at 23:58:21.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 40

Successfully deleted: C:\ProgramData\15491162083461877127 (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\(default) (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File)
Successfully deleted: C:\Users\Quadcore\AppData\Roaming\3909 (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8whxomzz.default-1432116005980\extensions\bingsearch.full@microsoft.com\search.xml (File)
Successfully deleted: C:\Users\Quadcore\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Windows\System32\ai_recyclebin (Folder)
Successfully deleted: C:\Windows\Tasks\Uninstaller_SkipUac_Quadcore.job (Task)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05RTHTKS (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33N47D6Q (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZLCE189 (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SIRIYXF (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59RLXZ9P (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64NQS0MW (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHIO14R6 (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AN77PCEU (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B96JX9F1 (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EUFS4O12 (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1XBB6V6 (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GP2JXH9R (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IMFBBJNH (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KKLPUXX5 (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8ODJM3C (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRQJQ96O (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9DYCYH0 (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V033P1NU (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLWJXFKC (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJZ14E4X (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWEB7UDR (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3R1JBB7 (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z606QS0I (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZBS5MA9P (Folder)
Successfully deleted: C:\Users\Quadcore\AppData\Roaming\appdataFr3.bin (File)
Successfully repaired: C:\ProgramData\Microsoft\windows\Start Menu\Programs\Mozilla Firefox.lnk (Shortcut)
Successfully repaired: C:\Users\Quadcore\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (Shortcut)
Successfully repaired: C:\Users\Quadcore\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (Shortcut)
Successfully repaired: C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk (Shortcut)
Successfully repaired: C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (Shortcut)



Registry: 2

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\99eb144e (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/01/2016 at  0:02:16.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
correo : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Sitio web : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado en : Modo Normal
Usuario : Quadcore [Administrador]
Started from : C:\MAMA2\Downloads\Archivos Instalables Antivirus\RogueKiller.exe
Modo : Escanear -- Fecha : 01/31/2016 02:03:36

¤¤¤ Procesos : 0 ¤¤¤

¤¤¤ Registro : 14 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C} (C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll)  -> Encontrado
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202} (C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll)  -> Encontrado
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637} (C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll)  -> Encontrado
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ExplorerEx | (default) : {E056AFDD-03E9-4D73-8D33-8FCCBCA73438}  -> Encontrado
[Suspicious.Path] HKEY_USERS\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Windows\CurrentVersion\Run | ~Resuming Profile  - Análisis completa : "C:\Program Files\BullGuard Ltd\BullGuard\BgScan.exe" "profilepath: C:\Users\Quadcore\AppData\Roaming\BullGuard\Antivirus\Profiles\~Resuming Profile  - Análisis completa.xml" [7][x] -> Encontrado
[Suspicious.Path] HKEY_USERS\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Windows\CurrentVersion\Run | ~Resuming Profile  - Análisis completa.1 : "C:\Program Files\BullGuard Ltd\BullGuard\BgScan.exe" "profilepath: C:\Users\Quadcore\AppData\Roaming\BullGuard\Antivirus\Profiles\~Resuming Profile  - Análisis completa.1.xml" [7][x] -> Encontrado
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XBox (C:\Users\Quadcore\AppData\Roaming\XBox\XBLive.exe) -> Encontrado
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XBox (C:\Users\Quadcore\AppData\Roaming\XBox\XBLive.exe) -> Encontrado
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\XBox (C:\Users\Quadcore\AppData\Roaming\XBox\XBLive.exe) -> Encontrado
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{68DA50CA-CA0E-42F3-9037-EB8AC6FA2325} | DhcpNameServer : 10.0.1.1 ([X])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{68DA50CA-CA0E-42F3-9037-EB8AC6FA2325} | DhcpNameServer : 10.0.1.1 ([X])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{68DA50CA-CA0E-42F3-9037-EB8AC6FA2325} | DhcpNameServer : 10.0.1.1 ([X])  -> Encontrado
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Encontrado

¤¤¤ Tareas : 0 ¤¤¤

¤¤¤ Archivos : 0 ¤¤¤

¤¤¤ Archivo de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤

¤¤¤ Navegadores Web : 0 ¤¤¤

¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-221CA1 ATA Device +++++
--- User ---
[MBR] 7caf416c102dffab6740f306c9550e85
[BSP] 6c062f1f3caff92070c1714113f65d78 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-01-2016
Ran by Quadcore (administrator) on QUADCORE-PC (31-01-2016 02:07:13)
Running from C:\Users\Quadcore\Desktop
Loaded Profiles: Quadcore (Available Profiles: Quadcore)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files\Allway Sync\Bin\SyncService.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files\rUpdater\rUpdater_srv.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
() C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\WerFault.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XFastUSB] => C:\Program Files\XFastUSB\XFastUsb.exe [5019360 2013-10-21] (FNet Co., Ltd.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [BullGuard] => c:\program files\bullguard ltd\bullguard\BullGuard.exe [1084432 2016-01-25] (BullGuard Ltd.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2687160 2015-11-02] (Sony Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2304688 2015-11-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [{D0EF954A-A518-4D80-BF8A-1DAF981232CE}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\UbMaNGSanuWQtw').OGDGHG)));
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [~Resuming Profile  - An�lisis completa] => C:\Program Files\BullGuard Ltd\BullGuard\BgScan.exe [399376 2016-01-25] (BullGuard Ltd.)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [~Resuming Profile  - An�lisis completa.1] => C:\Program Files\BullGuard Ltd\BullGuard\BgScan.exe [399376 2016-01-25] (BullGuard Ltd.)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {00854cf9-3e80-11e3-924e-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {00854d09-3e80-11e3-924e-bc5ff400a7ec} - G:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {00854d51-3e80-11e3-924e-001e101faa49} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {16f54905-a4c2-11e3-b6b1-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {16f54922-a4c2-11e3-b6b1-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {16f54957-a4c2-11e3-b6b1-001e101f50a4} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {21166a06-ac7f-11e3-99dd-bc5ff400a7ec} - F:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {246d54e1-5873-11e3-a0fb-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {2ed55a83-515d-11e4-ba89-001e101fb4df} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {2ed55a90-515d-11e4-ba89-001e101fb4df} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {37eb2114-9f16-11e3-b507-cdeb976eb9d2} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {37eb2123-9f16-11e3-b507-f94773773de8} - F:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {37eb2150-9f16-11e3-b507-f94773773de8} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {4967715e-9004-11e3-b3fb-001e101fabdd} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {4967716e-9004-11e3-b3fb-001e101fabdd} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {496771aa-9004-11e3-b3fb-001e101fabdd} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {5faf9bdf-4c64-11e3-8956-001e101f8ed0} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {5faf9bf3-4c64-11e3-8956-001e101f8ed0} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {78894ec9-548d-11e4-8ec0-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {aa2f1855-4a06-11e3-95fd-001e101f1ed9} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {b9760029-652f-11e4-a3be-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {cda8afda-65aa-11e4-9d31-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {cda8afea-65aa-11e4-9d31-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {cda8b01f-65aa-11e4-9d31-001e101f57d0} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {d2e0a10b-9293-11e3-aef0-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {d2e0a11a-9293-11e3-aef0-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {edb470bf-9f12-11e3-b27f-99cdd54cb0c5} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {f58b37b1-89ca-11e3-8a6c-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {fb306dcd-a840-11e3-b4bc-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {fb306ddf-a840-11e3-b4bc-001e101f7f74} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-01-25] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-01-25] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-01-25] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll [2771896 2015-12-30] ()
Tcpip\Parameters: [DhcpNameServer] 200.48.225.130 200.48.225.146
Tcpip\..\Interfaces\{65E7732C-210E-4982-9E63-875A696B639C}: [DhcpNameServer] 200.48.225.130 200.48.225.146
Tcpip\..\Interfaces\{68DA50CA-CA0E-42F3-9037-EB8AC6FA2325}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{B92CF5C4-CB1D-40F5-99AD-EC1FFA3A51D3}: [DhcpNameServer] 200.48.225.130 200.48.225.146

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={eb041877356241c1989d19d41b3efea6}&r=eg
SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={eb041877356241c1989d19d41b3efea6}&r=eg
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://espanol.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150520__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {26088229-6C0E-4236-8EDE-204B5E11713F} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {3E9B3460-CE53-422B-B912-82C0D64413F9} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://espanol.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150520__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={eb041877356241c1989d19d41b3efea6}&r=eg
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\Nueva carpeta\bin\ssv.dll [2015-11-10] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\Nueva carpeta\bin\jp2ssv.dll [2015-11-10] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.allinchrome.com/?bd=sc&oem=ntsvc&uid=WDCXWD5000AAKX-221CA1_WD-WCAYULJ7578575785&version=2.3.0.10992&pid=414031160&tid=712

FireFox:
========
FF ProfilePath: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8whxomzz.default-1432116005980
FF NewTab: about:blank
FF DefaultSearchEngine: atajitos
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: atajitos
FF Homepage: about:home
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\Nueva carpeta\bin\dtplugin\npDeployJava1.dll [2015-11-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\Nueva carpeta\bin\plugin2\npjp2.dll [2015-11-10] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @raidcall.en/RCplugin -> C:\Users\Quadcore\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin: @raidcall.tw/RCplugin -> C:\Users\Quadcore\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin: @rim.com/npappworld -> C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll [2012-10-24] ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2172032273-4216305309-2282011400-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Quadcore\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )
FF Plugin HKU\S-1-5-21-2172032273-4216305309-2282011400-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Quadcore\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2172032273-4216305309-2282011400-1000: SkypePlugin -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-09-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-09-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-09-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-09-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-09-25] (Apple Inc.)
FF SearchPlugin: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8whxomzz.default-1432116005980\searchplugins\.xml [2015-12-18]
FF SearchPlugin: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8whxomzz.default-1432116005980\searchplugins\atajitos.xml [2015-12-22]
FF Extension: Bing Search - C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8whxomzz.default-1432116005980\Extensions\bingsearch.full@microsoft.com [2016-01-31] [not signed]
FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-28] [not signed]
FF HKLM\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard => not found
FF HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://nav.brotlab.net?uid={eb041877356241c1989d19d41b3efea6}&r=eg
CHR NewTab: Default -> "chrome-extension://ikgjglmlehllifdekcggaapkaplbdpje/stubby.html"
CHR DefaultSearchURL: Default -> hxxp://search.atajitos.com?q={searchTerms}&uid={eb041877356241c1989d19d41b3efea6}&r=eg
CHR DefaultSearchKeyword: Default -> atajitos
CHR Profile: C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Presentaciones de Google) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-17]
CHR Extension: (Google Docs) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-17]
CHR Extension: (Google Drive) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-17]
CHR Extension: (Llamadas de Skype) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-01-06]
CHR Extension: (YouTube) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-17]
CHR Extension: (Búsqueda de Google) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-17]
CHR Extension: (Mouse Drag) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\eddldcghfdhmdcfmjolaefkjglmeobpf [2015-12-19]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-17]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-17]
CHR Extension: (Skype) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-18]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-17]
CHR Extension: (Gmail) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () [File not signed]
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1046032 2016-01-25] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [563216 2016-01-25] (BullGuard Ltd.)
R2 BsCache; c:\program files\bullguard ltd\bullguard\BsCache.dll [147472 2016-01-25] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [382480 2016-01-25] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [675856 2016-01-25] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [571408 2016-01-28] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [485392 2016-01-25] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [251408 2016-01-25] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [343568 2016-01-25] (BullGuard Ltd.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1023728 2015-03-31] (Disc Soft Ltd)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3568840 2015-08-16] (INCA Internet Co., Ltd.)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [495800 2015-11-02] (Sony Corporation)
R2 rUpdater; C:\Program Files\rUpdater\rUpdater_srv.exe [85504 2015-04-25] () [File not signed]
R2 SkypeUpdateEx; C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe [193456 2015-12-10] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [809456 2015-12-07] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [45800 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 XBox; C:\Users\Quadcore\AppData\Roaming\XBox\XBLive.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\Users\Quadcore\LUIS ADOLFO\Nueva carpeta (SACADA DEK DESKTOP)\bin\a2ddax86.sys [22056 2015-04-27] (Emsisoft GmbH)
R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [44720 2015-10-09] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [338608 2015-10-09] (Agnitum Ltd.)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [98608 2015-10-09] (BullGuard Ltd.)
R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [27800 2015-10-09] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [69512 2015-10-09] (BullGuard Ltd.)
S3 cleanhlp; C:\Users\Quadcore\LUIS ADOLFO\Nueva carpeta (SACADA DEK DESKTOP)\bin\cleanhlp32.sys [50200 2015-04-27] (Emsisoft GmbH)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2015-04-28] (Disc Soft Ltd)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29760 2015-10-15] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2013-10-21] (FNet Co., Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-08-06] (LogMeIn, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [67184 2013-10-21] (Atheros Communications, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-29] (Malwarebytes Corporation)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [264688 2015-10-09] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [21600 2015-10-09] (BullGuard Ltd.)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corporation                           )
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corporation                           )
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [33024 2013-05-19] (Scarlet.Crush Productions)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2015-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [35552 2015-12-07] (Tunngle.net)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [422664 2015-10-12] (BitDefender S.R.L.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1801328 2011-02-17] (VIA Technologies, Inc.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-31 02:07 - 2016-01-31 02:07 - 00030161 _____ C:\Users\Quadcore\Desktop\FRST.txt
2016-01-31 01:15 - 2016-01-31 01:21 - 00000000 ____D C:\Users\Quadcore\AppData\Local\CrashDumps
2016-01-31 00:05 - 2016-01-31 01:17 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-31 00:04 - 2016-01-31 01:15 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-31 00:02 - 2016-01-31 00:02 - 00005610 _____ C:\Users\Quadcore\Desktop\JRT.txt
2016-01-30 18:02 - 2016-01-30 18:02 - 00000000 ____D C:\Users\Quadcore\AppData\LocalLow\uTorrent
2016-01-30 17:31 - 2016-01-30 19:47 - 00000000 ____D C:\Users\Quadcore\Downloads\JOY 2015 English Movies DVDScr XviD AAC Audio Clean New Source with Sample ~ ☻rDX☻
2016-01-30 16:26 - 2016-01-30 16:26 - 154934277 _____ C:\Windows\MEMORY.DMP
2016-01-30 16:26 - 2016-01-30 16:26 - 00145480 _____ C:\Windows\Minidump\013016-16718-01.dmp
2016-01-28 19:09 - 2016-01-28 19:09 - 00000000 ____D C:\Users\Quadcore\Documents\League of Legends
2016-01-28 11:42 - 2016-01-28 11:43 - 08486912 _____ C:\Program Files\SUNATPDT.MDB
2016-01-28 11:14 - 2016-01-28 11:14 - 00008278 _____ C:\Program Files\062120151200INCL4H1HIKBG3D9L1IB20D4C70303BEGBHKCBA60ACCC.ZIP
2016-01-28 03:37 - 2016-01-28 03:37 - 01396860 _____ C:\Users\Quadcore\Desktop\GIFPSD.psd
2016-01-28 02:25 - 2016-01-28 02:25 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-01-28 02:25 - 2016-01-28 02:25 - 00001107 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-01-27 21:17 - 2016-01-27 21:30 - 00000000 ____D C:\Users\TEMP.Quadcore-PC
2016-01-25 19:59 - 2016-01-25 19:59 - 00147496 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2016-01-25 19:59 - 2016-01-25 19:59 - 00061720 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2016-01-24 17:52 - 2016-01-31 00:32 - 00000000 ____D C:\Users\Quadcore\AppData\Roaming\XBox
2016-01-22 10:35 - 2016-01-22 10:42 - 00000000 ____D C:\Users\TEMP
2016-01-21 14:37 - 2016-01-21 14:37 - 00083035 _____ C:\Users\Quadcore\Desktop\siol-version-2m.gp5
2016-01-19 14:56 - 2016-01-19 14:56 - 00000000 ____D C:\Program Files\0702
2016-01-19 04:23 - 2016-01-19 04:44 - 00000000 ____D C:\Users\Quadcore\AppData\Roaming\vlc
2016-01-19 04:23 - 2016-01-19 04:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-01-19 04:22 - 2016-01-19 04:22 - 00000000 ____D C:\Program Files\VideoLAN
2016-01-19 04:07 - 2016-01-19 04:07 - 00000000 __RHD C:\Users\Public\Libraries
2016-01-14 11:06 - 2016-01-14 11:11 - 124562733 _____ C:\Users\Quadcore\Desktop\VID_20160107_191210754.mp4
2016-01-14 09:36 - 2016-01-14 20:49 - 00011264 _____ C:\Users\Quadcore\Documents\CONSULTAPENDIENTEXC2008.xls
2016-01-13 00:33 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-01-13 00:33 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-01-13 00:30 - 2015-07-22 12:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-01-13 00:30 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 00:30 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-01-13 00:30 - 2015-07-22 11:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-01-06 18:10 - 2016-01-06 18:10 - 00000000 ____D C:\Users\Quadcore\AppData\Local\SkypePlugin
2016-01-04 17:55 - 2016-01-04 17:55 - 00001467 _____ C:\Users\Quadcore\Desktop\MEDPERU.accdb - Acceso directo.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-31 02:07 - 2015-12-12 15:06 - 00000000 ____D C:\ProgramData\BullGuard
2016-01-31 02:07 - 2015-04-27 15:16 - 00000000 ____D C:\FRST
2016-01-31 02:00 - 2013-10-26 15:52 - 00000000 ____D C:\Users\Quadcore\AppData\Local\Adobe
2016-01-31 00:02 - 2013-09-27 16:25 - 00001401 _____ C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-31 00:01 - 2015-12-13 16:26 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-31 00:01 - 2009-07-13 23:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-31 00:01 - 2009-07-13 23:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-30 23:57 - 2015-10-28 09:12 - 00000000 ____D C:\ProgramData\System32
2016-01-30 23:52 - 2015-06-11 12:46 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-30 23:52 - 2015-06-08 22:43 - 00000000 ___RD C:\Users\Quadcore\Creative Cloud Files
2016-01-30 23:51 - 2015-12-11 19:28 - 00000439 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-01-30 23:50 - 2015-09-24 08:58 - 00000000 ____D C:\Program Files\SkypeUpdateEx
2016-01-30 23:50 - 2013-12-03 17:51 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-01-30 23:49 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-30 23:48 - 2015-12-12 15:41 - 00205936 _____ C:\Windows\system32\config\afw_db.conf
2016-01-30 23:48 - 2015-12-12 15:41 - 00000356 _____ C:\Windows\system32\config\afw_hm.conf
2016-01-30 23:47 - 2015-05-09 14:36 - 00000000 ____D C:\AdwCleaner
2016-01-30 23:46 - 2014-11-19 18:28 - 00000000 ____D C:\Users\Quadcore\AppData\Roaming\uTorrent
2016-01-30 20:18 - 2010-11-20 19:30 - 00816488 _____ C:\Windows\system32\perfh00A.dat
2016-01-30 20:18 - 2010-11-20 19:30 - 00184602 _____ C:\Windows\system32\perfc00A.dat
2016-01-30 20:18 - 2010-11-20 16:01 - 01869352 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-30 20:18 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-01-30 16:26 - 2015-05-24 00:21 - 00000000 ____D C:\Windows\Minidump
2016-01-30 16:26 - 2009-07-13 21:37 - 00000000 ____D C:\Windows
2016-01-29 13:31 - 2013-09-27 16:25 - 00000000 ____D C:\Users\Quadcore
2016-01-28 11:42 - 2014-05-09 18:16 - 00000355 _____ C:\Windows\Pm000.INI
2016-01-28 11:40 - 2014-05-09 18:16 - 00000000 ____D C:\Program Files\rpt
2016-01-28 11:32 - 2014-05-09 18:16 - 00000000 ____D C:\Program Files\tmp
2016-01-28 11:32 - 2014-05-09 18:16 - 00000000 ____D C:\Program Files\0621
2016-01-28 11:31 - 2014-05-09 18:37 - 00000000 _____ C:\Program Files\Mens.txt
2016-01-28 10:58 - 2015-10-16 03:41 - 00000132 _____ C:\Users\Quadcore\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2016-01-28 02:43 - 2013-10-26 15:52 - 00000000 ____D C:\Users\Quadcore\AppData\Roaming\Adobe
2016-01-28 02:25 - 2013-10-21 09:38 - 00000000 ____D C:\Program Files\Adobe
2016-01-28 02:24 - 2013-10-21 09:38 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-27 21:18 - 2009-07-13 23:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-27 09:09 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2016-01-24 21:04 - 2009-07-13 23:53 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-24 15:53 - 2013-10-21 10:05 - 00000000 ____D C:\Program Files\Google
2016-01-19 14:56 - 2014-05-09 18:16 - 00004920 _____ C:\Program Files\MENU_PM.txt
2016-01-19 14:56 - 2013-10-21 13:45 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-01-19 09:00 - 2015-12-13 16:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-19 02:56 - 2015-12-24 18:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-18 22:05 - 2015-04-27 15:13 - 01721856 _____ (Farbar) C:\Users\Quadcore\Desktop\FRST.exe
2016-01-16 19:32 - 2014-11-17 20:41 - 00000000 ___RD C:\Program Files\Skype
2016-01-14 19:13 - 2015-05-29 11:55 - 00000000 __SHD C:\Users\Quadcore\AppData\Local\EmieUserList
2016-01-14 19:13 - 2015-05-29 11:55 - 00000000 __SHD C:\Users\Quadcore\AppData\Local\EmieSiteList
2016-01-14 19:13 - 2015-05-29 11:55 - 00000000 __SHD C:\Users\Quadcore\AppData\Local\EmieBrowserModeList
2016-01-14 08:20 - 2013-10-21 09:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-13 17:12 - 2013-10-21 13:58 - 00120952 _____ C:\Users\Quadcore\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-13 11:12 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2016-01-13 08:17 - 2009-07-13 23:33 - 03901848 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 08:16 - 2015-04-19 11:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 02:16 - 2015-05-12 07:55 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-13 02:16 - 2010-11-20 19:38 - 00000000 ____D C:\Program Files\Windows Journal
2016-01-13 02:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-13 01:54 - 2013-10-21 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-13 01:54 - 2013-10-21 13:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 01:48 - 2015-05-09 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 01:25 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-13 01:13 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-13 01:13 - 2009-07-13 21:04 - 00000478 _____ C:\Windows\win.ini
2016-01-10 03:42 - 2013-10-21 10:06 - 00000000 ____D C:\Users\Quadcore\AppData\Roaming\Skype
2016-01-07 15:47 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-01-02 10:31 - 2015-12-12 15:11 - 00000000 ____D C:\Users\Quadcore\AppData\Roaming\BullGuard

==================== Files in the root of some directories =======

2014-06-10 13:43 - 2014-06-10 13:43 - 0008237 _____ () C:\Program Files\062120140401LA53F2330841H4FGF18FAA3CLD303BEGBHKCBA60I679.ZIP
2014-11-10 20:55 - 2014-11-10 20:55 - 0007975 _____ () C:\Program Files\062120141001I23EH13LFGHM7H625K51FJ6CLD303BEGBHKCBA60ACCC.ZIP
2015-01-09 20:17 - 2015-01-09 20:17 - 0007989 _____ () C:\Program Files\06212014120043A0A0FHGBJ00L537E6D1D5CLD303BEGBHKCBA60ACCC.ZIP
2015-11-02 09:48 - 2015-11-02 09:48 - 0008045 _____ () C:\Program Files\062120150900F5K199G61A8F4N1G4988M7NC70303BEGBHKCBA60ACCC.ZIP
2015-10-12 10:13 - 2015-10-12 10:13 - 0008040 _____ () C:\Program Files\06212015090E050111AHF32C6GIIF0LCA9NC70303BEGBHKCBA60ACCC.ZIP
2015-12-09 21:36 - 2015-12-09 21:36 - 0008061 _____ () C:\Program Files\06212015110M891670CJKC635DF75195EDEC70303BEGBHKCBA60ACCC.ZIP
2016-01-28 11:14 - 2016-01-28 11:14 - 0008278 _____ () C:\Program Files\062120151200INCL4H1HIKBG3D9L1IB20D4C70303BEGBHKCBA60ACCC.ZIP
2014-05-09 18:16 - 2013-06-10 15:24 - 0040960 _____ (SUNAT) C:\Program Files\20530.exe
2015-10-13 20:11 - 2015-10-13 20:11 - 0000058 _____ () C:\Program Files\Actualizaciones.ini
2010-06-02 05:21 - 2010-06-02 05:21 - 1347354 _____ () C:\Program Files\Apr2005_d3dx9_25_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1078962 _____ () C:\Program Files\Apr2005_d3dx9_25_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1397830 _____ () C:\Program Files\Apr2006_d3dx9_30_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1115221 _____ () C:\Program Files\Apr2006_d3dx9_30_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0916430 _____ () C:\Program Files\Apr2006_MDX1_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 4162630 _____ () C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0179133 _____ () C:\Program Files\Apr2006_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0133103 _____ () C:\Program Files\Apr2006_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0087101 _____ () C:\Program Files\Apr2006_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0046010 _____ () C:\Program Files\Apr2006_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0698612 _____ () C:\Program Files\APR2007_d3dx10_33_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0695865 _____ () C:\Program Files\APR2007_d3dx10_33_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1607358 _____ () C:\Program Files\APR2007_d3dx9_33_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1606039 _____ () C:\Program Files\APR2007_d3dx9_33_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0195766 _____ () C:\Program Files\APR2007_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0151225 _____ () C:\Program Files\APR2007_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0096817 _____ () C:\Program Files\APR2007_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0053302 _____ () C:\Program Files\APR2007_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1350542 _____ () C:\Program Files\Aug2005_d3dx9_27_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1077644 _____ () C:\Program Files\Aug2005_d3dx9_27_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0182903 _____ () C:\Program Files\AUG2006_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0137235 _____ () C:\Program Files\AUG2006_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0087142 _____ () C:\Program Files\AUG2006_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0046058 _____ () C:\Program Files\AUG2006_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0852286 _____ () C:\Program Files\AUG2007_d3dx10_35_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0796867 _____ () C:\Program Files\AUG2007_d3dx10_35_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1800160 _____ () C:\Program Files\AUG2007_d3dx9_35_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1708152 _____ () C:\Program Files\AUG2007_d3dx9_35_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0198096 _____ () C:\Program Files\AUG2007_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0153012 _____ () C:\Program Files\AUG2007_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0867612 _____ () C:\Program Files\Aug2008_d3dx10_39_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0849167 _____ () C:\Program Files\Aug2008_d3dx10_39_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1794084 _____ () C:\Program Files\Aug2008_d3dx9_39_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1464672 _____ () C:\Program Files\Aug2008_d3dx9_39_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0121772 _____ () C:\Program Files\Aug2008_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0092996 _____ () C:\Program Files\Aug2008_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0271412 _____ () C:\Program Files\Aug2008_XAudio_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0271038 _____ () C:\Program Files\Aug2008_XAudio_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0919044 _____ () C:\Program Files\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0900598 _____ () C:\Program Files\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 3112111 _____ () C:\Program Files\Aug2009_d3dcsx_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 3319740 _____ () C:\Program Files\Aug2009_d3dcsx_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0232635 _____ () C:\Program Files\Aug2009_d3dx10_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0192131 _____ () C:\Program Files\Aug2009_d3dx10_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0136301 _____ () C:\Program Files\Aug2009_d3dx11_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0105044 _____ () C:\Program Files\Aug2009_d3dx11_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0930116 _____ () C:\Program Files\Aug2009_d3dx9_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0728456 _____ () C:\Program Files\Aug2009_d3dx9_42_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122408 _____ () C:\Program Files\Aug2009_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093106 _____ () C:\Program Files\Aug2009_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273264 _____ () C:\Program Files\Aug2009_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0272642 _____ () C:\Program Files\Aug2009_XAudio_x86.cab
2015-10-13 20:13 - 2015-10-13 20:21 - 0000025 _____ () C:\Program Files\CfgInternet.ini
2015-10-13 20:21 - 2015-10-13 20:21 - 0009334 _____ () C:\Program Files\CfgMenu10.chg
2015-12-17 10:38 - 2015-12-17 10:38 - 0927824 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2014-05-09 18:16 - 2000-07-17 10:58 - 0024576 _____ (SUNAT) C:\Program Files\Compacta.exe
2015-10-13 20:04 - 2015-10-13 20:21 - 0000598 _____ () C:\Program Files\ContaSOL.ini
2015-04-30 06:24 - 2015-04-30 06:26 - 0000000 _____ () C:\Program Files\DebugLog.txt
2010-06-02 05:22 - 2010-06-02 05:22 - 1357976 _____ () C:\Program Files\Dec2005_d3dx9_28_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1079456 _____ () C:\Program Files\Dec2005_d3dx9_28_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0212807 _____ () C:\Program Files\DEC2006_d3dx10_00_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0191720 _____ () C:\Program Files\DEC2006_d3dx10_00_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1571154 _____ () C:\Program Files\DEC2006_d3dx9_32_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1574376 _____ () C:\Program Files\DEC2006_d3dx9_32_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0192475 _____ () C:\Program Files\DEC2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0145599 _____ () C:\Program Files\DEC2006_XACT_x86.cab
2011-03-30 11:40 - 2011-03-30 11:40 - 0095576 _____ (Microsoft Corporation) C:\Program Files\DSETUP.dll
2011-03-30 11:40 - 2011-03-30 11:40 - 1566040 _____ () C:\Program Files\dsetup32.dll
2011-03-30 11:40 - 2011-03-30 11:40 - 0044624 _____ () C:\Program Files\dxdllreg_x86.cab
2011-03-30 11:40 - 2011-03-30 11:40 - 0517976 _____ () C:\Program Files\DXSETUP.exe
2011-03-30 11:40 - 2011-03-30 11:40 - 0097152 _____ () C:\Program Files\dxupdate.cab
2014-05-09 18:16 - 2003-01-06 10:07 - 0016848 _____ () C:\Program Files\error_.txt
2014-05-09 18:16 - 2005-02-03 16:29 - 0114688 _____ (S U N A T) C:\Program Files\Exonera.exe
2010-06-02 05:22 - 2010-06-02 05:22 - 1247499 _____ () C:\Program Files\Feb2005_d3dx9_24_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1013225 _____ () C:\Program Files\Feb2005_d3dx9_24_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1362796 _____ () C:\Program Files\Feb2006_d3dx9_29_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1084720 _____ () C:\Program Files\Feb2006_d3dx9_29_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0178359 _____ () C:\Program Files\Feb2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0132409 _____ () C:\Program Files\Feb2006_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0194675 _____ () C:\Program Files\FEB2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0147983 _____ () C:\Program Files\FEB2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054678 _____ () C:\Program Files\Feb2010_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0020713 _____ () C:\Program Files\Feb2010_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122446 _____ () C:\Program Files\Feb2010_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093180 _____ () C:\Program Files\Feb2010_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0276960 _____ () C:\Program Files\Feb2010_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0277191 _____ () C:\Program Files\Feb2010_XAudio_x86.cab
2015-10-13 20:13 - 2015-10-13 20:13 - 0000052 _____ () C:\Program Files\InicioSesion.ini
2010-06-02 05:22 - 2010-06-02 05:22 - 1336002 _____ () C:\Program Files\Jun2005_d3dx9_26_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1064925 _____ () C:\Program Files\Jun2005_d3dx9_26_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0180785 _____ () C:\Program Files\JUN2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0133671 _____ () C:\Program Files\JUN2006_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0699044 _____ () C:\Program Files\JUN2007_d3dx10_34_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0698472 _____ () C:\Program Files\JUN2007_d3dx10_34_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1607774 _____ () C:\Program Files\JUN2007_d3dx9_34_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1607286 _____ () C:\Program Files\JUN2007_d3dx9_34_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0197122 _____ () C:\Program Files\JUN2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0152909 _____ () C:\Program Files\JUN2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0867828 _____ () C:\Program Files\JUN2008_d3dx10_38_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0849919 _____ () C:\Program Files\JUN2008_d3dx10_38_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1792608 _____ () C:\Program Files\JUN2008_d3dx9_38_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1463878 _____ () C:\Program Files\JUN2008_d3dx9_38_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0055154 _____ () C:\Program Files\JUN2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021905 _____ () C:\Program Files\JUN2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121054 _____ () C:\Program Files\JUN2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093128 _____ () C:\Program Files\JUN2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0269628 _____ () C:\Program Files\JUN2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0269024 _____ () C:\Program Files\JUN2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0944460 _____ () C:\Program Files\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0931471 _____ () C:\Program Files\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0752783 _____ () C:\Program Files\Jun2010_d3dcsx_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0762188 _____ () C:\Program Files\Jun2010_d3dcsx_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0235955 _____ () C:\Program Files\Jun2010_d3dx10_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0197283 _____ () C:\Program Files\Jun2010_d3dx10_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0138205 _____ () C:\Program Files\Jun2010_d3dx11_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0109445 _____ () C:\Program Files\Jun2010_d3dx11_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0937246 _____ () C:\Program Files\Jun2010_d3dx9_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0768036 _____ () C:\Program Files\Jun2010_d3dx9_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0124596 _____ () C:\Program Files\Jun2010_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093686 _____ () C:\Program Files\Jun2010_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0277338 _____ () C:\Program Files\Jun2010_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0278060 _____ () C:\Program Files\Jun2010_XAudio_x86.cab
2014-05-09 18:16 - 2002-01-22 10:14 - 0000969 _____ () C:\Program Files\Leeme.txt
2010-06-02 05:22 - 2010-06-02 05:22 - 0844884 _____ () C:\Program Files\Mar2008_d3dx10_37_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0818260 _____ () C:\Program Files\Mar2008_d3dx10_37_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1769862 _____ () C:\Program Files\Mar2008_d3dx9_37_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1443282 _____ () C:\Program Files\Mar2008_d3dx9_37_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0055058 _____ () C:\Program Files\Mar2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021867 _____ () C:\Program Files\Mar2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122336 _____ () C:\Program Files\Mar2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093734 _____ () C:\Program Files\Mar2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0251194 _____ () C:\Program Files\Mar2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0226250 _____ () C:\Program Files\Mar2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1067160 _____ () C:\Program Files\Mar2009_d3dx10_41_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1040745 _____ () C:\Program Files\Mar2009_d3dx10_41_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1973702 _____ () C:\Program Files\Mar2009_d3dx9_41_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1612446 _____ () C:\Program Files\Mar2009_d3dx9_41_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054600 _____ () C:\Program Files\Mar2009_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021298 _____ () C:\Program Files\Mar2009_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121506 _____ () C:\Program Files\Mar2009_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0092740 _____ () C:\Program Files\Mar2009_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0275044 _____ () C:\Program Files\Mar2009_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273018 _____ () C:\Program Files\Mar2009_XAudio_x86.cab
2014-05-09 18:37 - 2016-01-28 11:31 - 0000000 _____ () C:\Program Files\Mens.txt
2014-05-09 18:16 - 2016-01-19 14:56 - 0004920 _____ () C:\Program Files\MENU_PM.txt
2010-06-02 05:22 - 2010-06-02 05:22 - 0864600 _____ () C:\Program Files\Nov2007_d3dx10_36_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0803884 _____ () C:\Program Files\Nov2007_d3dx10_36_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1802058 _____ () C:\Program Files\Nov2007_d3dx9_36_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1709360 _____ () C:\Program Files\Nov2007_d3dx9_36_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0046144 _____ () C:\Program Files\NOV2007_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0018496 _____ () C:\Program Files\NOV2007_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0196762 _____ () C:\Program Files\NOV2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0148264 _____ () C:\Program Files\NOV2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0994154 _____ () C:\Program Files\Nov2008_d3dx10_40_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0965421 _____ () C:\Program Files\Nov2008_d3dx10_40_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1906878 _____ () C:\Program Files\Nov2008_d3dx9_40_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1550796 _____ () C:\Program Files\Nov2008_d3dx9_40_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054522 _____ () C:\Program Files\Nov2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021851 _____ () C:\Program Files\Nov2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121794 _____ () C:\Program Files\Nov2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0092684 _____ () C:\Program Files\Nov2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273960 _____ () C:\Program Files\Nov2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0272611 _____ () C:\Program Files\Nov2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0086037 _____ () C:\Program Files\Oct2005_xinput_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0045359 _____ () C:\Program Files\Oct2005_xinput_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1412902 _____ () C:\Program Files\OCT2006_d3dx9_31_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1127217 _____ () C:\Program Files\OCT2006_d3dx9_31_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0182361 _____ () C:\Program Files\OCT2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0138017 _____ () C:\Program Files\OCT2006_XACT_x86.cab
2014-05-09 18:16 - 2011-02-14 11:22 - 0897024 _____ (S U N A T) C:\Program Files\pdt00.exe
2014-05-09 18:16 - 2000-01-13 13:34 - 0086016 _____ (S U N A T) C:\Program Files\PDTActPa.exe
2015-10-27 09:36 - 2015-10-27 09:36 - 0076168 _____ () C:\Program Files\PDTBACKUP2015102700000000000.ZIP
2014-05-09 18:16 - 2013-05-31 13:55 - 0507904 _____ (S U N A T) C:\Program Files\PDTEnvio.exe
2014-05-09 18:16 - 2013-05-06 17:26 - 0221184 _____ (S U N A T) C:\Program Files\PDTRegDe.exe
2014-05-09 18:16 - 2002-12-06 13:28 - 0000277 _____ () C:\Program Files\Pm000.INI
2014-05-09 18:16 - 1999-07-05 18:32 - 0077824 _____ () C:\Program Files\pm000.mdw
2014-05-09 18:16 - 2007-03-02 10:37 - 1093632 _____ (SUNAT) C:\Program Files\pmModDoc.exe
2014-05-09 18:16 - 2004-12-15 10:16 - 0098304 _____ (SUNAT) C:\Program Files\pmModEPS.exe
2014-05-09 18:16 - 2011-01-03 08:24 - 1638400 _____ (SUNAT) C:\Program Files\pmTraDer.exe
2014-05-09 18:16 - 2013-06-10 14:00 - 0020480 _____ (SUNAT) C:\Program Files\Repara.exe
2014-05-09 18:16 - 2011-01-28 08:42 - 0125738 _____ () C:\Program Files\SUNATPDT.HLP
2016-01-28 11:42 - 2016-01-28 11:43 - 8486912 _____ () C:\Program Files\SUNATPDT.MDB
2015-10-13 20:04 - 2015-10-13 20:10 - 0000167 _____ () C:\Program Files\Ubicaciones.ini
2015-06-10 00:35 - 2015-12-09 00:46 - 0000034 _____ () C:\Users\Quadcore\AppData\Roaming\AdobeWLCMCache.dat
2015-05-24 00:07 - 2013-07-21 21:59 - 0012005 _____ () C:\Users\Quadcore\AppData\Roaming\alsoft.ini
2015-10-16 03:41 - 2016-01-28 10:58 - 0000132 _____ () C:\Users\Quadcore\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2015-03-07 12:49 - 2015-07-17 22:38 - 0000385 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Desktop.Exception.log
2015-03-07 12:46 - 2015-03-07 12:46 - 0001147 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-03-07 12:49 - 2015-07-17 22:38 - 0000385 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-04-21 11:22 - 2015-07-17 22:38 - 0000154 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Transcoder.Exception.log
2015-05-03 17:56 - 2015-05-03 17:56 - 0000099 _____ () C:\Users\Quadcore\AppData\Roaming\settings.xml
2015-04-21 11:22 - 2015-07-17 22:36 - 0022528 _____ () C:\Users\Quadcore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-28 17:51 - 2015-02-28 17:51 - 0000001 _____ () C:\Users\Quadcore\AppData\Local\llftool.4.30.agreement
2015-05-04 17:17 - 2015-05-04 17:17 - 0000218 _____ () C:\Users\Quadcore\AppData\Local\recently-used.xbel
2013-11-01 14:13 - 2015-06-02 11:41 - 0007597 _____ () C:\Users\Quadcore\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Quadcore\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Quadcore\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-29 09:11

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by Quadcore (2016-01-31 02:08:30)
Running from C:\Users\Quadcore\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2013-09-27 21:25:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

21311614C1AD4996A56D (S-1-5-21-2172032273-4216305309-2282011400-1053 - Limited - Enabled)
Administrador (S-1-5-21-2172032273-4216305309-2282011400-500 - Administrator - Enabled)
Invitado (S-1-5-21-2172032273-4216305309-2282011400-501 - Limited - Disabled)
Quadcore (S-1-5-21-2172032273-4216305309-2282011400-1000 - Administrator - Enabled) => C:\Users\Quadcore

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Enabled - Out of date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: BullGuard Antispyware (Enabled - Out of date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall (Enabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 3.4.1.181 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (32 Bit) (HKLM\...\{CA2BE00C-F2E1-4CE7-8B25-4F1F3B2FF18A}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Aeria Ignite (HKLM\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Allway Sync version 15.1.9 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)
Antares Auto-Tune Evo RTAS (HKLM\...\{4D68D398-7760-426D-8395-83EE0676FC7E}) (Version: 6.00.0009 - Antares Audio Technologies)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (Version: 3.3 - Microsoft Corporation) Hidden
ArcSoft WebCam Companion 4 (HKLM\...\{12450631-3289-40F7-AEC3-F6DCB6E1BDCF}) (Version: 4.0.20.365 - ArcSoft)
Ashampoo Burning Studio 12 v.12.0.1 (HKLM\...\Ashampoo Burning Studio 12_is1) (Version: 12.0.1 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Avid Effects (HKLM\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.7 - Avid Technology, Inc.)
Avid HD Driver (x86) (HKLM\...\{01C898E1-38A7-49B1-9398-49E40636E2C5}) (Version: 10.3.7 - Avid Technology, Inc.)
Avid Pro Tools (HKLM\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.7 - Avid Technology, Inc.)
Azure AD Authentication Connected Service (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bastion (HKLM\...\{7AF3D8F2-B2C2-4F8B-AFA4-C90001F56B1A}) (Version: 1.0.2 - Supergiant Games)
BatchInpaint 2.2 (HKLM\...\{BA413735-865A-4BF5-AAD2-B4D2998ED019}}_is1) (Version:  - teorex)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BlackBerry App World Browser Plugin (HKLM\...\{AC094FFF-963F-4E8A-96BE-D1E7EFC9DF67}) (Version: 4.2.0.12 - Research In Motion Limited)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 16.0 - BullGuard Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Compatibilidad con Aplicaciones de Apple (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Compresor WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Dolby Axon - 1.5.1.1 (HKLM\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Dotfuscator and Analytics Community Edition 5.18.1 (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Download Navigator (HKLM\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM\...\{79D0F056-39DE-4FDD-83FD-1554CE2C6443}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM\...\EEPPPlugIn) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Facebook Plug-In (HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
GOM Player (HKLM\...\GOM Player) (Version:  - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Guacamelee (Remove Only) (HKLM\...\Guacamelee) (Version:  - )
Guitar Pro 5.2 (HKLM\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
K-Lite Codec Pack 4.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.1.0 - )
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware versión 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
MergeModule_x86 (Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{D9D937B0-E842-4130-9588-B948E876904A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{246dcb72-b18c-4ab9-9de9-8a996296b01d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{825E2AB1-4502-4A51-8C52-D8D3398BE9D2}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 es-MX) (HKLM\...\Mozilla Firefox 43.0.4 (x86 es-MX)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (Version: 14.0.23107 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C89}) (Version: 4.0.6 - dotPDN LLC)
Papers, Please (HKLM\...\{428CF694-7D31-4C42-8F7D-7187F5EF6937}) (Version: 1.1.65 - 3909 LLC)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x86) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PDT Planilla Electronica - PLAME (HKLM\...\PDTPLAME) (Version: 2.8.5 - UNKNOWN)
PDT Planilla Electronica - PLAME (Version: 2.8.5 - UNKNOWN) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Pixillion, convertidor de archivos de imagen (HKLM\...\Pixillion) (Version: 2.91 - NCH Software)
Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
PlayMemories Home (HKLM\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.0.03.11020 - Sony Corporation)
PMB_ModeEditor (Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (Version: 10.0.03 - Sony Corporation) Hidden
PreEmptive Analytics Visual Studio Components (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Programa de Declaración Telemática (HKLM\...\{A6E23415-7BA4-4CA3-99DA-B7F9D33E1F5B}) (Version:  - )
Project64 1.7 (HKLM\...\Project64 1.7) (Version:  - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RaidCall (HKLM\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (Version: 14.0.23107 - Microsoft Corporation) Hidden
rUpdater (HKLM\...\{8B78A332-0E17-40A5-83D0-5595D2EA5729}) (Version: 1.4.0 - rUpdater Company)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype Web Plugin (HKLM\...\{F6C18D35-D3EB-4AEA-B266-C2F11B6DB723}) (Version: 7.12.0.55 - Skype Technologies S.A.)
Skype™ 7.13 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Software Logitech Unifying 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Sound Forge Audio Studio 10.0 (HKLM\...\{BC208D90-4643-11E3-987B-F04DA23A5C58}) (Version: 10.0.252 - Sony)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Super Meat Boy v1.5 (HKLM\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2015 (Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (Version: 14.0.23107 - Microsoft Corporation) Hidden
TP-LINK TL-WN725N_TL-WN723N Controlador (HKLM\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
Tunngle (HKLM\...\Tunngle_is1) (Version: 5.8.3 - Tunngle.net GmbH)
Unity (32-bit) (HKLM\...\Unity (32-bit)) (Version: 5.2.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{D8C21FB1-47FD-4CCA-8579-E8EB7FA380B2}) (Version:  - Microsoft)
Utilidad de configuración inalámbrica de TP-LINK (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VIA Administrador de dispositivos de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
VideoPad, software para edición de vídeo (HKLM\...\VideoPad) (Version: 3.88 - NCH Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WavePad, editor de audio (HKLM\...\WavePad) (Version: 6.07 - NCH Software)
WCF Data Services 5.6.4 Runtime (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Phone app for desktop (HKLM\...\{3549ACF5-2BE0-4FCC-8D3A-15B4342DE901}) (Version: 1.1.2726.0 - Microsoft Corporation)
XFastUSB (HKLM\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.)
Your Application Name (HKLM\...\{AA6EB693-FE08-4515-A991-C74F53AD7D7A}) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{147D75F3-19D5-4810-800D-7F50A02E8B60}\InprocServer32 -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\GatewayActiveX.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Quadcore\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{500D5FFA-40A9-49D6-B07A-1B393727694A}\InprocServer32 -> C:\Windows\system32\digiasio.dll (Avid Technology, Inc.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{7253b364-18c5-555a-4b07-26abb39c9f99}\InprocServer32 -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\EdgeBrokerPS.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{B9BE850C-F3F7-48AD-BB5B-A0CDA0706DB5}\localserver32 -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\GatewayVersion.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{CD351190-38EC-4BA7-AA4A-11C342ABD724}\localserver32 -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\PluginHost.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019883C8-FACF-4A66-95D7-939ECDA6FB96} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {026167A7-81B7-4F85-84C6-DF8ADB9B9FA9} - System32\Tasks\{A65F4792-8E8B-4229-ADAE-1A17A240EE07} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-26] (SEIKO EPSON CORP.)
Task: {1EFB3034-7CD6-4CC2-961C-CB60A9EB79CE} - System32\Tasks\{5B79B3D9-0ED7-44E2-B7B6-1EFC05EF68FD} => pcalua.exe -a C:\Users\Quadcore\Desktop\VIDEOSND\Shockwave_Installer_Slim.exe -d C:\Users\Quadcore\Desktop\VIDEOSND
Task: {1EFBE306-A57B-4F82-8FC6-29E557688EE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2040AADC-F9E5-4491-9F25-46C838D1406C} - System32\Tasks\{6456999E-8C68-44F9-B7B6-BA85245BE273} => pcalua.exe -a "C:\Program Files\DIGITEL 3G\uninst.exe"
Task: {25F9E0FE-18A4-4F6F-AEE6-7D867F9184C2} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {360F7E94-1C29-4C96-BEDD-6C57607B6410} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {3C3A90CE-0B08-4CD1-AAA4-BF82C9458E3E} - System32\Tasks\apagate nene => C:\Windows\System32\shutdown.exe [2009-07-13] (Microsoft Corporation)
Task: {4D86789A-B07F-471C-9CDC-2A34442A7077} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {6611D0CC-25ED-4C24-9FF0-066CB2877BB0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Quadcore-PC-Quadcore Quadcore-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {765FDC23-0D1B-4421-86CD-E508659A3CC4} - System32\Tasks\{3B7EE954-677F-4944-B31D-0B60764C5005} => pcalua.exe -a "E:\DIGITEL 3G\Setup.exe" -d "E:\DIGITEL 3G"
Task: {7B846188-6138-4355-93C2-86DCE9950233} - System32\Tasks\{EECCAC8D-3900-4A1F-A0D3-509E898E0A8C} => C:\Program Files\pdt00.exe [2011-02-14] (S U N A T)
Task: {855660F8-0DEF-4CBF-B318-7F1C4068527F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A75A6A51-37E3-44CA-ADCE-9CAD460C4F72} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A76203FE-C2DC-4316-8A50-AEC67B2BA139} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {CB6E4F75-8996-4280-A482-0EDC87A1036A} - System32\Tasks\BullGuard\BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2016-01-25] (BullGuard Ltd.)
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {DE74B0BA-40D5-468C-8058-5594ABE44BDF} - System32\Tasks\AdobeAAMUpdater-1.0-Quadcore-PC-Quadcore => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {F072E983-7305-4058-9C70-524B174EF1B4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {F855ACC9-F948-4734-B7B9-0457DD2FB83D} - System32\Tasks\{1B5F9C2C-C268-43A7-A882-1B5ADD28E87F} => pcalua.exe -a "C:\Users\Quadcore\MED_PERU\IGV\PROGRAMA TELEMATICO NUEVO\igvrta.exe" -d "C:\Users\Quadcore\MED_PERU\IGV\PROGRAMA TELEMATICO NUEVO"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Opera N Saturday.job => C:\Program Files\Opera\launcher.exe
Task: C:\Windows\Tasks\Opera N Sunday.job => C:\Program Files\Opera\launcher.exe
Task: C:\Windows\Tasks\Opera N.job => C:\Program Files\Opera\launcher.exe
Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe
Task: C:\Windows\Tasks\Software Removal Tool logs upload retry.job => C:\Users\Quadcore\Downloads\software_removal_tool.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-25 19:59 - 2016-01-25 19:59 - 00583448 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2016-01-25 19:59 - 2016-01-25 19:59 - 00074008 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2016-01-25 19:59 - 2016-01-25 19:59 - 00557336 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2015-12-30 15:08 - 2015-12-30 15:08 - 02771896 _____ () C:\ProgramData\System32\SafeGuard32.dll
2015-11-14 04:22 - 2015-11-14 04:22 - 00486048 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
2014-05-01 09:15 - 2014-05-01 09:15 - 00463360 _____ () C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll
2016-01-25 19:59 - 2016-01-25 19:59 - 00074008 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2016-01-25 19:59 - 2016-01-25 19:59 - 00557336 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2013-10-21 13:40 - 2007-05-22 10:29 - 00128512 _____ () C:\Program Files\WinRAR\rarext.dll
2016-01-25 19:59 - 2016-01-25 19:59 - 00583448 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2015-06-13 00:39 - 2015-04-13 15:55 - 00182784 _____ () C:\Program Files\Allway Sync\Bin\SyncService.exe
2016-01-25 19:59 - 2016-01-25 19:59 - 00056600 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2015-04-25 10:12 - 2015-04-25 10:12 - 00085504 _____ () C:\Program Files\rUpdater\rUpdater_srv.exe
2015-04-25 10:12 - 2015-04-25 10:12 - 00070656 _____ () C:\Program Files\rUpdater\rupd_dll.dll
2015-09-24 08:09 - 2015-12-10 10:56 - 00193456 _____ () C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe
2015-12-10 04:17 - 2015-12-08 11:12 - 00126896 _____ () C:\Program Files\SkypeUpdateEx\SkypeUpdate.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:lEMshoDVdnz5fW43XOf5JfS
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:q9UsMmSScrpVmIYVk2ZPJY9QhHkN
AlternateDataStreams: C:\Program Files\Common Files\System:Nbyqva2Oh1CutlNgF9ezixh
AlternateDataStreams: C:\ProgramData\Microsoft:3ZnQuoDRLoxpeGySyw60bafi
AlternateDataStreams: C:\ProgramData\Microsoft:DcVfws079i5janZMheK15PJUqa
AlternateDataStreams: C:\ProgramData\Microsoft:Imp0Bs6k7aSKAZcCkxgF6rY
AlternateDataStreams: C:\ProgramData\Microsoft:J2injGlgqjG22yZtitnwc
AlternateDataStreams: C:\ProgramData\Microsoft:PzjAMPmAdGGhzlazjE
AlternateDataStreams: C:\Users\Quadcore\Cookies:cyR0Jl4vtf2PvNwP1rY0rn
AlternateDataStreams: C:\Users\Quadcore\AppData\Local\mbysv3UW55Wv:T8OpXAUduwM8AEGvKOMvFMi6v
AlternateDataStreams: C:\Users\Quadcore\AppData\Local\Temp:z3Kr1cLJSOqJgOgiAxILcu6buKrYBP

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\google.com.pe -> hxxps://www.google.com.pe
IE trusted site: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\viabcp.com -> hxxps://bcpzonasegura.viabcp.com
IE restricted site: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\atajitos.com -> hxxp://www.atajitos.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.48.225.130 - 200.48.225.146
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Utilidad de configuración inalámbrica de TP-LINK.lnk => C:\Windows\pss\Utilidad de configuración inalámbrica de TP-LINK.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPSON Stylus CX4700 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /F "C:\Windows\TEMP\E_S36C.tmp" /EF "HKLM"
MSCONFIG\startupreg: EPSON Stylus CX4700 Series (Copiar 1) => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /F "C:\Windows\TEMP\E_SAE39.tmp" /EF "HKLM"
MSCONFIG\startupreg: EPSON Stylus CX4700 Series c12 => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /F "C:\Windows\TEMP\E_SCFC5.tmp" /EF "HKLM"
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: rUpdater1 => C:\Program Files\rUpdater\rUpdater_agent.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8C897590-EF70-4564-ACEC-D5CB842F3D96}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C1A86759-5BCD-46BF-8E0C-8E121503D48F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{965FC50B-8A1D-45C8-A507-AAFC0F1617A3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6F983658-EF50-40C1-83D9-6EBAE11D306C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D8F04CDA-11B3-47E0-8659-F7B53F81870E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{4508DB02-1700-4B09-8A22-5977E69BA6EE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{F4254BF5-7D45-4F8B-AECD-05A6CD2F513D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{9655445B-CA1F-4E0A-8AE4-B232C37B5EC2}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B1EDB53F-9ED4-48ED-9FF3-86A3F75DE268}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{5E3C65D8-EA95-45DD-9376-0C4A97217FB1}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{3EB2DF51-ACD0-43EF-A3C6-78CA0910859A}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{B7A46E60-1789-4D8F-A29F-B8F7AF11B366}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{D48DB54F-7290-4FB6-91AD-FC0CEE4B39EB}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C110E11C-4233-462D-A2CD-3FA2AFBA67C1}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{96136388-F633-47D6-A1EE-727183A44CEF}] => (Allow) LPort=4481
FirewallRules: [{832F96A0-0568-4D11-8A11-F37F60967AC5}] => (Allow) LPort=4481
FirewallRules: [{19E89A14-EEAE-43B1-887B-E48180B0C705}] => (Allow) LPort=4482
FirewallRules: [{F7F981B6-04B8-4E82-AA67-DA14A6B5E5F6}] => (Allow) LPort=4482
FirewallRules: [{CB5BA1E2-6856-4DE2-98F7-4CF4D1C64549}] => (Allow) C:\Program Files\DolbyAxon\Axon.exe
FirewallRules: [{C15CCE0D-2C03-46D4-B9F5-00C2A331A28B}] => (Allow) C:\Program Files\DolbyAxon\Axon.exe
FirewallRules: [{8CF1FB63-592F-4D78-A620-9D94FB895C16}] => (Allow) C:\Users\Quadcore\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{36F987D6-3694-4A91-9BDC-180E6E1F8DF7}] => (Allow) C:\Users\Quadcore\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{CD423028-859F-4F55-8889-018741E26704}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{94B64917-02BD-4B72-968D-2DE4962F0A80}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{94407791-1131-4B7D-9591-A86E7DA10582}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{333D113F-474B-4B2F-9E6E-3706CDBAD732}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [{9B7404C6-4BCE-475D-9BCE-B9A58A9928B3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{976E9E1A-215A-45F1-A876-00B65FFBB229}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9249CB7C-34CB-4335-9F66-84310E7202FC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{28F4E3F6-14AF-445E-9935-9E4216D01732}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{AA8E7530-B9E7-44CD-8533-E55D753A3296}C:\program files\raidcall\raidcall.exe] => (Allow) C:\program files\raidcall\raidcall.exe
FirewallRules: [UDP Query User{9BF86C12-7D94-4587-B83D-D87CDA34E847}C:\program files\raidcall\raidcall.exe] => (Allow) C:\program files\raidcall\raidcall.exe
FirewallRules: [TCP Query User{A0626C51-D1E5-49DA-BA66-09A4B4B0D0FE}F:\juegos\gamepad para ps4\zsnesw.exe] => (Allow) F:\juegos\gamepad para ps4\zsnesw.exe
FirewallRules: [UDP Query User{7F398B33-0407-427C-8C76-0943970B2F12}F:\juegos\gamepad para ps4\zsnesw.exe] => (Allow) F:\juegos\gamepad para ps4\zsnesw.exe
FirewallRules: [TCP Query User{4A83DC87-BA5F-489D-83BD-E1E6528A8F96}F:\juegos\znes9\zsnesw.exe] => (Allow) F:\juegos\znes9\zsnesw.exe
FirewallRules: [UDP Query User{D8C7377B-83B7-4686-A0AF-86C8BF5E6F0A}F:\juegos\znes9\zsnesw.exe] => (Allow) F:\juegos\znes9\zsnesw.exe
FirewallRules: [{AF9D8FBB-F356-4285-8344-1FA6D68B35EC}] => (Block) F:\juegos\znes9\zsnesw.exe
FirewallRules: [{AC8C9B7A-F00A-4DD1-9B72-35862C4F3DEC}] => (Block) F:\juegos\znes9\zsnesw.exe
FirewallRules: [TCP Query User{6C253C8A-7C7F-498C-A1EA-8F4393514DA2}C:\users\quadcore\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\quadcore\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{65C04453-E769-49C8-B721-620A3D2FAEDB}C:\users\quadcore\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\quadcore\appdata\local\akamai\netsession_win.exe
FirewallRules: [{7D1D0884-088D-4412-8320-B25F40A70586}] => (Allow) C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{AFBB50E1-C19F-4569-A709-C78795113FAE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{527ECCE0-3EA5-4CA8-AE1F-DC2453A51C4A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{D7BEDBE4-D790-4E63-ACA5-10855BF0FC71}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2119025F-33A3-4B7B-A978-8478C7A2BCBC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7EFDFC28-F9FA-4AE8-BA17-F86C1F383FD4}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{15C77BB3-A3C5-47FB-8BF8-31E700B28C97}C:\program files\avid\pro tools\protools.exe] => (Allow) C:\program files\avid\pro tools\protools.exe
FirewallRules: [UDP Query User{71AEAAEF-F5DF-4A3B-9E4C-605CE05C2359}C:\program files\avid\pro tools\protools.exe] => (Allow) C:\program files\avid\pro tools\protools.exe
FirewallRules: [{9FFB0033-B670-4430-AFF1-9063CA0E3D32}] => (Block) C:\program files\avid\pro tools\protools.exe
FirewallRules: [{4839BAA5-509E-489F-897B-108A4ED19F8E}] => (Block) C:\program files\avid\pro tools\protools.exe
FirewallRules: [{86C386E6-2D2C-490C-AD2B-467970B3A08E}] => (Allow) C:\Program Files\RaidCall\rcplugin.exe
FirewallRules: [{0729DA14-5AC8-4F20-8877-8D224315BE15}] => (Allow) C:\Program Files\RaidCall\rcplugin.exe
FirewallRules: [TCP Query User{5707E8A3-9335-47B0-B6E2-48670E54B8B5}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{92029D05-4A8E-4B8C-A41B-20563F88EDFB}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [{53461164-3EC7-4768-B8EB-523B34CA53C3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F6A62800-5E01-49DA-996D-7807DAA2FC10}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5EE7A43F-A26A-49E0-B9AD-6C49C7EC9512}] => (Allow) C:\Program Files\Tunngle\TnglCtrl.exe
FirewallRules: [{9F454B6A-9616-4D6D-A98C-DDADB29F4D92}] => (Allow) C:\Program Files\Tunngle\TnglCtrl.exe
FirewallRules: [{B8477BCA-CEAA-44E8-ADEE-1D4C188E6F45}] => (Allow) C:\Program Files\Tunngle\Tunngle.exe
FirewallRules: [{3D476B56-D5FD-4235-84CC-25F9F6763BB9}] => (Allow) C:\Program Files\Tunngle\Tunngle.exe
FirewallRules: [{77A139FD-AA04-4744-91DD-54F546354A25}] => (Allow) C:\Program Files\RaidCall\rcplugin.exe
FirewallRules: [{312FEF74-5C9E-4663-B882-6A20DB09ABD1}] => (Allow) C:\Program Files\RaidCall\rcplugin.exe
FirewallRules: [{725DCCD7-17D4-4B1B-9A09-9C595B318F65}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9E87D1A3-B117-416A-B5F3-32E2DAE68B34}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

19-01-2016 14:55:46 Instalado Your Application Name
27-01-2016 18:51:23 Punto de control programado
30-01-2016 23:58:26 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2016 02:07:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: notepad.exe, versión: 6.1.7601.18917, marca de tiempo: 0x559ea6ff
Nombre del módulo con errores: SafeGuard32.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x568382a8
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x711742c3
Id. del proceso con errores: 0x1548
Hora de inicio de la aplicación con errores: 0xnotepad.exe0
Ruta de acceso de la aplicación con errores: notepad.exe1
Ruta de acceso del módulo con errores: notepad.exe2
Id. del informe: notepad.exe3

Error: (01/31/2016 01:20:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: explorer.exe, versión: 6.1.7601.17567, marca de tiempo: 0x4d6727a7
Nombre del módulo con errores: SafeGuard32.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x568382a8
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x711742c3
Id. del proceso con errores: 0x14a4
Hora de inicio de la aplicación con errores: 0xexplorer.exe0
Ruta de acceso de la aplicación con errores: explorer.exe1
Ruta de acceso del módulo con errores: explorer.exe2
Id. del informe: explorer.exe3

Error: (01/31/2016 12:12:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SvcHost.exe_BsCache, versión: 6.1.7600.16385, marca de tiempo: 0x4a5bc100
Nombre del módulo con errores: SafeGuard32.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x568382a8
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x7107221c
Id. del proceso con errores: 0xe2c
Hora de inicio de la aplicación con errores: 0xSvcHost.exe_BsCache0
Ruta de acceso de la aplicación con errores: SvcHost.exe_BsCache1
Ruta de acceso del módulo con errores: SvcHost.exe_BsCache2
Id. del informe: SvcHost.exe_BsCache3

Error: (01/31/2016 12:11:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SvcHost.exe_BsCache, versión: 6.1.7600.16385, marca de tiempo: 0x4a5bc100
Nombre del módulo con errores: SafeGuard32.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x568382a8
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x711742c3
Id. del proceso con errores: 0xe2c
Hora de inicio de la aplicación con errores: 0xSvcHost.exe_BsCache0
Ruta de acceso de la aplicación con errores: SvcHost.exe_BsCache1
Ruta de acceso del módulo con errores: SvcHost.exe_BsCache2
Id. del informe: SvcHost.exe_BsCache3

Error: (01/31/2016 12:11:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: explorer.exe, versión: 6.1.7601.17567, marca de tiempo: 0x4d6727a7
Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.19045, marca de tiempo: 0x56258dbb
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0001f90c
Id. del proceso con errores: 0x192c
Hora de inicio de la aplicación con errores: 0xexplorer.exe0
Ruta de acceso de la aplicación con errores: explorer.exe1
Ruta de acceso del módulo con errores: explorer.exe2
Id. del informe: explorer.exe3

Error: (01/30/2016 11:58:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina ConvertStringSidToSid(S-1-5-21-2172032273-4216305309-2282011400-500.bak). HR = 0x80070539, La estructura del identificador de seguridad no es válida.
.


Operación:
   Evento OnIdentify
   Recopilando datos del escritor

Contexto:
   Contexto de ejecución: Shadow Copy Optimization Writer
   Id. de clase del escritor: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Nombre del escritor: Shadow Copy Optimization Writer
   Id. de instancia del escritor: {fbbebccc-1156-4d79-a0f3-f510d6b1f87d}

Error: (01/30/2016 11:51:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2016 11:48:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: svchost.exe_DiagTrack, versión: 6.1.7600.16385, marca de tiempo: 0x4a5bc100
Nombre del módulo con errores: SafeGuard32.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x568382a8
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x70ea42c3
Id. del proceso con errores: 0x978
Hora de inicio de la aplicación con errores: 0xsvchost.exe_DiagTrack0
Ruta de acceso de la aplicación con errores: svchost.exe_DiagTrack1
Ruta de acceso del módulo con errores: svchost.exe_DiagTrack2
Id. del informe: svchost.exe_DiagTrack3

Error: (01/30/2016 11:47:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Adobe CEF Helper.exe, versión: 3.4.0.175, marca de tiempo: 0x564a80aa
Nombre del módulo con errores: libcef.dll, versión: 3.2171.2069.0, marca de tiempo: 0x551bdc44
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00444106
Id. del proceso con errores: 0x1500
Hora de inicio de la aplicación con errores: 0xAdobe CEF Helper.exe0
Ruta de acceso de la aplicación con errores: Adobe CEF Helper.exe1
Ruta de acceso del módulo con errores: Adobe CEF Helper.exe2
Id. del informe: Adobe CEF Helper.exe3

Error: (01/30/2016 10:17:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: explorer.exe, versión: 6.1.7601.17567, marca de tiempo: 0x4d6727a7
Nombre del módulo con errores: SafeGuard32.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x568382a8
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x70ea42c3
Id. del proceso con errores: 0x12b8
Hora de inicio de la aplicación con errores: 0xexplorer.exe0
Ruta de acceso de la aplicación con errores: explorer.exe1
Ruta de acceso del módulo con errores: explorer.exe2
Id. del informe: explorer.exe3


System errors:
=============
Error: (01/31/2016 01:18:09 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/31/2016 12:55:23 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/31/2016 12:53:13 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/31/2016 12:51:54 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/31/2016 12:27:01 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/31/2016 12:24:09 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/31/2016 12:21:38 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/31/2016 12:12:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio BullGuard CODS service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/31/2016 12:10:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Xbox Live Network Manager Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/31/2016 12:04:27 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 78%
Total physical RAM: 2013.09 MB
Available physical RAM: 440.46 MB
Total Virtual: 4026.17 MB
Available Virtual: 2254.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:267.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3A2E3A2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

When I try to retrieve the .NFO it throws me this error, I put the log from windows, and I restart the program msinfo32 but nothing could work.

 

Firma con problemas:
  Nombre del evento de problema:    BEX
  Nombre de la aplicación:    msinfo32.exe
  Versión de la aplicación:    6.1.7601.17514
  Marca de tiempo de la aplicación:    4ce78d0f
  Nombre del módulo con errores:    SafeGuard32.dll_unloaded
  Versión del módulo con errores:    0.0.0.0
  Marca de tiempo del módulo con errores:    568382a8
  Desplazamiento de excepción:    711742c3
  Código de excepción:    c0000005
  Datos de excepción:    00000008
  Versión del sistema operativo:    6.1.7601.2.1.0.256.1
  Id. de configuración regional:    8202
  Información adicional 1:    fa66
  Información adicional 2:    fa6696398de2b9f98383d7a3bf5c3ea1
  Información adicional 3:    fa66
  Información adicional 4:    fa6696398de2b9f98383d7a3bf5c3ea1



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:09 AM

Posted 31 January 2016 - 03:39 PM

Thank you for the information. Don't worry about the System Summary for now.

Does this look familiar?

www.allinchrome.com

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [{D0EF954A-A518-4D80-BF8A-1DAF981232CE}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\UbMaNGSanuWQtw').OGDGHG)));
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {00854cf9-3e80-11e3-924e-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {00854d09-3e80-11e3-924e-bc5ff400a7ec} - G:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {00854d51-3e80-11e3-924e-001e101faa49} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {16f54905-a4c2-11e3-b6b1-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {16f54922-a4c2-11e3-b6b1-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {16f54957-a4c2-11e3-b6b1-001e101f50a4} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {21166a06-ac7f-11e3-99dd-bc5ff400a7ec} - F:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {246d54e1-5873-11e3-a0fb-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {2ed55a83-515d-11e4-ba89-001e101fb4df} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {2ed55a90-515d-11e4-ba89-001e101fb4df} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {37eb2114-9f16-11e3-b507-cdeb976eb9d2} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {37eb2123-9f16-11e3-b507-f94773773de8} - F:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {37eb2150-9f16-11e3-b507-f94773773de8} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {4967715e-9004-11e3-b3fb-001e101fabdd} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {4967716e-9004-11e3-b3fb-001e101fabdd} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {496771aa-9004-11e3-b3fb-001e101fabdd} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {5faf9bdf-4c64-11e3-8956-001e101f8ed0} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {5faf9bf3-4c64-11e3-8956-001e101f8ed0} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {78894ec9-548d-11e4-8ec0-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {aa2f1855-4a06-11e3-95fd-001e101f1ed9} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {b9760029-652f-11e4-a3be-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {cda8afda-65aa-11e4-9d31-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {cda8afea-65aa-11e4-9d31-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {cda8b01f-65aa-11e4-9d31-001e101f57d0} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {d2e0a10b-9293-11e3-aef0-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {d2e0a11a-9293-11e3-aef0-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {edb470bf-9f12-11e3-b27f-99cdd54cb0c5} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {f58b37b1-89ca-11e3-8a6c-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {fb306dcd-a840-11e3-b4bc-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {fb306ddf-a840-11e3-b4bc-001e101f7f74} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} =>  No File
SearchScopes: HKLM -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={eb041877356241c1989d19d41b3efea6}&r=eg
SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={eb041877356241c1989d19d41b3efea6}&r=eg
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={eb041877356241c1989d19d41b3efea6}&r=eg
FF DefaultSearchEngine: atajitos
FF SelectedSearchEngine: atajitos
FF SearchPlugin: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8whxomzz.default-1432116005980\searchplugins\atajitos.xml [2015-12-22]
FF SearchPlugin: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8whxomzz.default-1432116005980\searchplugins\.xml [2015-12-18]
FF HKLM\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard => not found
CHR HomePage: Default -> hxxp://nav.brotlab.net?uid={eb041877356241c1989d19d41b3efea6}&r=eg
CHR NewTab: Default -> "chrome-extension://ikgjglmlehllifdekcggaapkaplbdpje/stubby.html"
CHR DefaultSearchURL: Default -> hxxp://search.atajitos.com?q={searchTerms}&uid={eb041877356241c1989d19d41b3efea6}&r=eg
CHR DefaultSearchKeyword: Default -> atajitos
S2 XBox; C:\Users\Quadcore\AppData\Roaming\XBox\XBLive.exe [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
2016-01-19 14:56 - 2016-01-19 14:56 - 00000000 ____D C:\Program Files\0702
2016-01-28 11:32 - 2014-05-09 18:16 - 00000000 ____D C:\Program Files\tmp
2016-01-28 11:32 - 2014-05-09 18:16 - 00000000 ____D C:\Program Files\0621
Task: {765FDC23-0D1B-4421-86CD-E508659A3CC4} - System32\Tasks\{3B7EE954-677F-4944-B31D-0B60764C5005} => pcalua.exe -a "E:\DIGITEL 3G\Setup.exe" -d "E:\DIGITEL 3G"
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:lEMshoDVdnz5fW43XOf5JfS
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:q9UsMmSScrpVmIYVk2ZPJY9QhHkN
AlternateDataStreams: C:\Program Files\Common Files\System:Nbyqva2Oh1CutlNgF9ezixh
AlternateDataStreams: C:\ProgramData\Microsoft:3ZnQuoDRLoxpeGySyw60bafi
AlternateDataStreams: C:\ProgramData\Microsoft:DcVfws079i5janZMheK15PJUqa
AlternateDataStreams: C:\ProgramData\Microsoft:Imp0Bs6k7aSKAZcCkxgF6rY
AlternateDataStreams: C:\ProgramData\Microsoft:J2injGlgqjG22yZtitnwc
AlternateDataStreams: C:\ProgramData\Microsoft:PzjAMPmAdGGhzlazjE
AlternateDataStreams: C:\Users\Quadcore\Cookies:cyR0Jl4vtf2PvNwP1rY0rn
AlternateDataStreams: C:\Users\Quadcore\AppData\Local\mbysv3UW55Wv:T8OpXAUduwM8AEGvKOMvFMi6v
AlternateDataStreams: C:\Users\Quadcore\AppData\Local\Temp:z3Kr1cLJSOqJgOgiAxILcu6buKrYBP
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 laise91

laise91
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 31 January 2016 - 05:55 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by Quadcore (2016-01-31 17:30:12) Run:2
Running from C:\Users\Quadcore\Desktop
Loaded Profiles: Quadcore (Available Profiles: Quadcore)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [{D0EF954A-A518-4D80-BF8A-1DAF981232CE}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\UbMaNGSanuWQtw').OGDGHG)));
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {00854cf9-3e80-11e3-924e-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {00854d09-3e80-11e3-924e-bc5ff400a7ec} - G:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {00854d51-3e80-11e3-924e-001e101faa49} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {16f54905-a4c2-11e3-b6b1-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {16f54922-a4c2-11e3-b6b1-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {16f54957-a4c2-11e3-b6b1-001e101f50a4} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {21166a06-ac7f-11e3-99dd-bc5ff400a7ec} - F:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {246d54e1-5873-11e3-a0fb-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {2ed55a83-515d-11e4-ba89-001e101fb4df} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {2ed55a90-515d-11e4-ba89-001e101fb4df} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {37eb2114-9f16-11e3-b507-cdeb976eb9d2} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {37eb2123-9f16-11e3-b507-f94773773de8} - F:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {37eb2150-9f16-11e3-b507-f94773773de8} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {4967715e-9004-11e3-b3fb-001e101fabdd} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {4967716e-9004-11e3-b3fb-001e101fabdd} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {496771aa-9004-11e3-b3fb-001e101fabdd} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {5faf9bdf-4c64-11e3-8956-001e101f8ed0} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {5faf9bf3-4c64-11e3-8956-001e101f8ed0} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {78894ec9-548d-11e4-8ec0-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {aa2f1855-4a06-11e3-95fd-001e101f1ed9} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {b9760029-652f-11e4-a3be-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {cda8afda-65aa-11e4-9d31-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {cda8afea-65aa-11e4-9d31-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {cda8b01f-65aa-11e4-9d31-001e101f57d0} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {d2e0a10b-9293-11e3-aef0-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {d2e0a11a-9293-11e3-aef0-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {edb470bf-9f12-11e3-b27f-99cdd54cb0c5} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {f58b37b1-89ca-11e3-8a6c-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {fb306dcd-a840-11e3-b4bc-bc5ff400a7ec} - E:\AutoRun.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\MountPoints2: {fb306ddf-a840-11e3-b4bc-001e101f7f74} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} =>  No File
SearchScopes: HKLM -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={eb041877356241c1989d19d41b3efea6}&r=eg
SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={eb041877356241c1989d19d41b3efea6}&r=eg
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com?q={searchTerms}&uid={eb041877356241c1989d19d41b3efea6}&r=eg
FF DefaultSearchEngine: atajitos
FF SelectedSearchEngine: atajitos
FF SearchPlugin: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8whxomzz.default-1432116005980\searchplugins\atajitos.xml [2015-12-22]
FF SearchPlugin: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8whxomzz.default-1432116005980\searchplugins\.xml [2015-12-18]
FF HKLM\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard => not found
CHR HomePage: Default -> hxxp://nav.brotlab.net?uid={eb041877356241c1989d19d41b3efea6}&r=eg
CHR NewTab: Default -> "chrome-extension://ikgjglmlehllifdekcggaapkaplbdpje/stubby.html"
CHR DefaultSearchURL: Default -> hxxp://search.atajitos.com?q={searchTerms}&uid={eb041877356241c1989d19d41b3efea6}&r=eg
CHR DefaultSearchKeyword: Default -> atajitos
S2 XBox; C:\Users\Quadcore\AppData\Roaming\XBox\XBLive.exe [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
2016-01-19 14:56 - 2016-01-19 14:56 - 00000000 ____D C:\Program Files\0702
2016-01-28 11:32 - 2014-05-09 18:16 - 00000000 ____D C:\Program Files\tmp
2016-01-28 11:32 - 2014-05-09 18:16 - 00000000 ____D C:\Program Files\0621
Task: {765FDC23-0D1B-4421-86CD-E508659A3CC4} - System32\Tasks\{3B7EE954-677F-4944-B31D-0B60764C5005} => pcalua.exe -a "E:\DIGITEL 3G\Setup.exe" -d "E:\DIGITEL 3G"
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:lEMshoDVdnz5fW43XOf5JfS
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:q9UsMmSScrpVmIYVk2ZPJY9QhHkN
AlternateDataStreams: C:\Program Files\Common Files\System:Nbyqva2Oh1CutlNgF9ezixh
AlternateDataStreams: C:\ProgramData\Microsoft:3ZnQuoDRLoxpeGySyw60bafi
AlternateDataStreams: C:\ProgramData\Microsoft:DcVfws079i5janZMheK15PJUqa
AlternateDataStreams: C:\ProgramData\Microsoft:Imp0Bs6k7aSKAZcCkxgF6rY
AlternateDataStreams: C:\ProgramData\Microsoft:J2injGlgqjG22yZtitnwc
AlternateDataStreams: C:\ProgramData\Microsoft:PzjAMPmAdGGhzlazjE
AlternateDataStreams: C:\Users\Quadcore\Cookies:cyR0Jl4vtf2PvNwP1rY0rn
AlternateDataStreams: C:\Users\Quadcore\AppData\Local\mbysv3UW55Wv:T8OpXAUduwM8AEGvKOMvFMi6v
AlternateDataStreams: C:\Users\Quadcore\AppData\Local\Temp:z3Kr1cLJSOqJgOgiAxILcu6buKrYBP
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{D0EF954A-A518-4D80-BF8A-1DAF981232CE} => value removed successfully.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00854cf9-3e80-11e3-924e-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{00854cf9-3e80-11e3-924e-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00854d09-3e80-11e3-924e-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{00854d09-3e80-11e3-924e-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00854d51-3e80-11e3-924e-001e101faa49}" => key removed successfully.
HKCR\CLSID\{00854d51-3e80-11e3-924e-001e101faa49} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16f54905-a4c2-11e3-b6b1-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{16f54905-a4c2-11e3-b6b1-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16f54922-a4c2-11e3-b6b1-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{16f54922-a4c2-11e3-b6b1-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16f54957-a4c2-11e3-b6b1-001e101f50a4}" => key removed successfully.
HKCR\CLSID\{16f54957-a4c2-11e3-b6b1-001e101f50a4} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21166a06-ac7f-11e3-99dd-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{21166a06-ac7f-11e3-99dd-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{246d54e1-5873-11e3-a0fb-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{246d54e1-5873-11e3-a0fb-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ed55a83-515d-11e4-ba89-001e101fb4df}" => key removed successfully.
HKCR\CLSID\{2ed55a83-515d-11e4-ba89-001e101fb4df} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ed55a90-515d-11e4-ba89-001e101fb4df}" => key removed successfully.
HKCR\CLSID\{2ed55a90-515d-11e4-ba89-001e101fb4df} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37eb2114-9f16-11e3-b507-cdeb976eb9d2}" => key removed successfully.
HKCR\CLSID\{37eb2114-9f16-11e3-b507-cdeb976eb9d2} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37eb2123-9f16-11e3-b507-f94773773de8}" => key removed successfully.
HKCR\CLSID\{37eb2123-9f16-11e3-b507-f94773773de8} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37eb2150-9f16-11e3-b507-f94773773de8}" => key removed successfully.
HKCR\CLSID\{37eb2150-9f16-11e3-b507-f94773773de8} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4967715e-9004-11e3-b3fb-001e101fabdd}" => key removed successfully.
HKCR\CLSID\{4967715e-9004-11e3-b3fb-001e101fabdd} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4967716e-9004-11e3-b3fb-001e101fabdd}" => key removed successfully.
HKCR\CLSID\{4967716e-9004-11e3-b3fb-001e101fabdd} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{496771aa-9004-11e3-b3fb-001e101fabdd}" => key removed successfully.
HKCR\CLSID\{496771aa-9004-11e3-b3fb-001e101fabdd} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5faf9bdf-4c64-11e3-8956-001e101f8ed0}" => key removed successfully.
HKCR\CLSID\{5faf9bdf-4c64-11e3-8956-001e101f8ed0} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5faf9bf3-4c64-11e3-8956-001e101f8ed0}" => key removed successfully.
HKCR\CLSID\{5faf9bf3-4c64-11e3-8956-001e101f8ed0} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78894ec9-548d-11e4-8ec0-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{78894ec9-548d-11e4-8ec0-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa2f1855-4a06-11e3-95fd-001e101f1ed9}" => key removed successfully.
HKCR\CLSID\{aa2f1855-4a06-11e3-95fd-001e101f1ed9} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9760029-652f-11e4-a3be-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{b9760029-652f-11e4-a3be-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cda8afda-65aa-11e4-9d31-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{cda8afda-65aa-11e4-9d31-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cda8afea-65aa-11e4-9d31-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{cda8afea-65aa-11e4-9d31-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cda8b01f-65aa-11e4-9d31-001e101f57d0}" => key removed successfully.
HKCR\CLSID\{cda8b01f-65aa-11e4-9d31-001e101f57d0} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2e0a10b-9293-11e3-aef0-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{d2e0a10b-9293-11e3-aef0-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2e0a11a-9293-11e3-aef0-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{d2e0a11a-9293-11e3-aef0-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edb470bf-9f12-11e3-b27f-99cdd54cb0c5}" => key removed successfully.
HKCR\CLSID\{edb470bf-9f12-11e3-b27f-99cdd54cb0c5} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f58b37b1-89ca-11e3-8a6c-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{f58b37b1-89ca-11e3-8a6c-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb306dcd-a840-11e3-b4bc-bc5ff400a7ec}" => key removed successfully.
HKCR\CLSID\{fb306dcd-a840-11e3-b4bc-bc5ff400a7ec} => key not found.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb306ddf-a840-11e3-b4bc-001e101f7f74}" => key removed successfully.
HKCR\CLSID\{fb306ddf-a840-11e3-b4bc-001e101f7f74} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ExplorerEx" => key removed successfully.
HKCR\CLSID\{E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E921F400-D383-4B1B-9DE6-FCFCACFC1173}" => key removed successfully.
HKCR\CLSID\{E921F400-D383-4B1B-9DE6-FCFCACFC1173} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E921F400-D383-4B1B-9DE6-FCFCACFC1173}" => key removed successfully.
HKCR\CLSID\{E921F400-D383-4B1B-9DE6-FCFCACFC1173} => key not found.
Firefox DefaultSearchEngine removed successfully.
Firefox SelectedSearchEngine removed successfully.
C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8whxomzz.default-1432116005980\searchplugins\atajitos.xml => moved successfully
C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\8whxomzz.default-1432116005980\searchplugins\.xml => moved successfully
HKLM\Software\Mozilla\Firefox\Extensions\\antiphishing@bullguard => value removed successfully.
Chrome HomePage => removed successfully.
Chrome NewTab => removed successfully.
Chrome DefaultSearchURL => removed successfully.
Chrome DefaultSearchKeyword => removed successfully.
XBox => service removed successfully.
dgderdrv => service removed successfully.
ewusbmbb => service removed successfully.
ew_hwusbdev => service removed successfully.
huawei_cdcacm => service removed successfully.
huawei_enumerator => service removed successfully.
hwdatacard => service removed successfully.
C:\Program Files\0702 => moved successfully
C:\Program Files\tmp => moved successfully
C:\Program Files\0621 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{765FDC23-0D1B-4421-86CD-E508659A3CC4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{765FDC23-0D1B-4421-86CD-E508659A3CC4}" => key removed successfully.
C:\Windows\System32\Tasks\{3B7EE954-677F-4944-B31D-0B60764C5005} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B7EE954-677F-4944-B31D-0B60764C5005}" => key removed successfully.
C:\Program Files\Common Files\microsoft shared => ":lEMshoDVdnz5fW43XOf5JfS" ADS removed successfully..
C:\Program Files\Common Files\microsoft shared => ":q9UsMmSScrpVmIYVk2ZPJY9QhHkN" ADS removed successfully..
C:\Program Files\Common Files\System => ":Nbyqva2Oh1CutlNgF9ezixh" ADS removed successfully..
C:\ProgramData\Microsoft => ":3ZnQuoDRLoxpeGySyw60bafi" ADS removed successfully..
C:\ProgramData\Microsoft => ":DcVfws079i5janZMheK15PJUqa" ADS removed successfully..
C:\ProgramData\Microsoft => ":Imp0Bs6k7aSKAZcCkxgF6rY" ADS removed successfully..
C:\ProgramData\Microsoft => ":J2injGlgqjG22yZtitnwc" ADS removed successfully..
C:\ProgramData\Microsoft => ":PzjAMPmAdGGhzlazjE" ADS removed successfully..
"C:\Users\Quadcore\Cookies" => ":cyR0Jl4vtf2PvNwP1rY0rn" ADS not found.
C:\Users\Quadcore\AppData\Local\mbysv3UW55Wv => ":T8OpXAUduwM8AEGvKOMvFMi6v" ADS removed successfully..
C:\Users\Quadcore\AppData\Local\Temp => ":z3Kr1cLJSOqJgOgiAxILcu6buKrYBP" ADS removed successfully..


The system needed a reboot.

==== End of Fixlog 17:30:51 ====

 

And yeah, the allinchrome.com its a previous threat that we thought we already worked on. Thanks, the computer is working normally.

Atajitos.com doesnt appear anymore. I will throw this question: BullGuard Antivirus its a trustable program?

 

Thanks again

laise



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:09 AM

Posted 31 January 2016 - 06:26 PM

Greetings laise.

That report looks fantastic.

We need to remove the allichrome entry. I wasn't sure about it so we haven't removed it yet.

I don't really know anything about BullGuard Antivirus but I will say I very rarely see it in my Topics, for whatever that is worth.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.allinchrome.com/?bd=sc&oem=ntsvc&uid=WDCXWD5000AAKX-221CA1_WD-WCAYULJ7578575785&version=2.3.0.10992&pid=414031160&tid=712
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program, this may take some time
  • Click on 2. Scan
  • Click Yes to detecting Potentially Unwanted Programs
  • Click Malware Scan
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste or attach the report to your reply
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Emsisoft report
  • Security check report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 laise91

laise91
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 31 January 2016 - 09:21 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by Quadcore (2016-01-31 19:06:04) Run:3
Running from C:\Users\Quadcore\Desktop
Loaded Profiles: Quadcore (Available Profiles: Quadcore)
Boot Mode: Normal

==============================================

fixlist content:
*****************
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.allinchrome.com/?bd=sc&oem=ntsvc&uid=WDCXWD5000AAKX-221CA1_WD-WCAYULJ7578575785&version=2.3.0.10992&pid=414031160&tid=712
emptytemp:
*****************

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
EmptyTemp: => 707.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:08:13 ====

 

Emsisoft Emergency Kit - Version 9.0
Last update: 27/04/2015 12:09:26 p.m.
User account: Quadcore-PC\Quadcore

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    31/01/2016 07:21:43 p.m.

Scanned    270519
Found    0

Scan end:    31/01/2016 09:13:34 p.m.
Scan time:    1:51:51
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
BullGuard Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Microsoft VisualStudio JavaScript Project System
 Java 8 Update 25  
 Java 8 Update 65  
 Microsoft VisualStudio JavaScript Language Service
 Java version 32-bit out of Date!
 Adobe Reader XI  
 Mozilla Firefox (43.0.4)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

 

//-----//

 

During the last scan there was an error, referencing to a program called Object C. This must be a coding language program isnt it?



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:09 AM

Posted 31 January 2016 - 09:26 PM

Yes it is. The report looks good.

Other than that one event are you having any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 laise91

laise91
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 31 January 2016 - 09:27 PM

No thanks a lot, I think you can close the topic :)

 

Edit: I mean I have another, but I dont know if its a virus or something, it actually has todo with having the windows explorer open, it crashes like if i have it for 6 or 7 min without non aparent reason.


Edited by laise91, 31 January 2016 - 09:31 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:09 AM

Posted 31 January 2016 - 09:31 PM

Very good.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 laise91

laise91
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 31 January 2016 - 09:37 PM

Sorry for  bothering again, In my last post I edited,

 

"Edit: I mean I have another, but I dont know if its a virus or something, it actually has todo with having the windows explorer open, it crashes like if i have it for 6 or 7 min without non aparent reason."

 

Firma con problemas:
  Nombre del evento de problema:    APPCRASH
  Nombre de la aplicación:    explorer.exe
  Versión de la aplicación:    6.1.7601.17567
  Marca de tiempo de la aplicación:    4d6727a7
  Nombre del módulo con errores:    SafeGuard32.dll_unloaded
  Versión del módulo con errores:    0.0.0.0
  Marca de tiempo del módulo con errores:    568382a8
  Código de excepción:    c0000005
  Desplazamiento de excepción:    70a842c3
  Versión del sistema operativo:    6.1.7601.2.1.0.256.1
  Id. de configuración regional:    8202
  Información adicional 1:    0f31
  Información adicional 2:    0f3137665bbf0bb676c8a16f3fa76e52
  Información adicional 3:    4b25
  Información adicional 4:    4b25b1e87a85359e2499b57a19eeee33

Lea nuestra declaración de privacidad en línea:



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:09 AM

Posted 31 January 2016 - 09:44 PM

OK, do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
2015-12-30 15:08 - 2015-12-30 15:08 - 02771896 _____ () C:\ProgramData\System32\SafeGuard32.dll
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll [2771896 2015-12-30] ()
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Any better?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 laise91

laise91
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 31 January 2016 - 10:14 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:18-01-2016
Ran by Quadcore (2016-01-31 22:10:58) Run:4
Running from C:\Users\Quadcore\Desktop
Loaded Profiles: Quadcore (Available Profiles: Quadcore)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
2015-12-30 15:08 - 2015-12-30 15:08 - 02771896 _____ () C:\ProgramData\System32\SafeGuard32.dll
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll [2771896 2015-12-30] ()
*****************

Restore point was successfully created.
C:\ProgramData\System32\SafeGuard32.dll => moved successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007" => key removed successfully.

==== End of Fixlog 22:11:59 ====

 

And I need to see if that worked.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:09 AM

Posted 31 January 2016 - 10:19 PM

Very good. I will be ending for the evening soon so we can touch base tomorrow.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 laise91

laise91
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 31 January 2016 - 10:27 PM

I think it worked. Thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users