Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ipconfig cmd windows still opening without advice


  • This topic is locked This topic is locked
6 replies to this topic

#1 laise91

laise91

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 02 November 2016 - 11:47 PM

Hi, I have a week watching in my screen an IPconfig command windows (msdos/ symbol system), popping out every 3 min in average. I've done the following things:

 

I did 

 

Farbar Service Scanner (FSS)

MiniToolBox  (MTB)

 

I could'nt install Malware Bytes, and everytime you recommend it I cannot install it. Sincerely, it stinks xD.

 

Instead of that I did run 

 

Malwarebytes Anti-Rootkit (MBAR) 

* Rkill.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015 01 (ATTENTION: ====> FRST version is 555 days old and could be outdated)
Ran by Quadcore (administrator) on QUADCORE-PC on 02-11-2016 23:32:41
Running from C:\Users\Quadcore\Desktop
Loaded Profiles: Quadcore & MSSQLSERVER (Available profiles: Quadcore & MSSQLSERVER)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Allway Sync\Bin\SyncService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(skype.cog.cc) C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
(Microsoft Corporation) C:\Program Files\XBox\XBLive.exe
(FNet Co., Ltd.) C:\Program Files\XFastUSB\XFastUsb.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Sony) C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe
(© 2015 Microsoft Corporation) C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Spotify Ltd) C:\Users\Quadcore\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Nico Mak Computing) C:\Program Files\WinZip\WZUpdateNotifier.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAHWindow32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\Quadcore\AppData\Local\Android\sdk\platform-tools\adb.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XFastUSB] => C:\Program Files\XFastUSB\XFastUsb.exe [5019360 2013-10-21] (FNet Co., Ltd.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2687160 2015-11-02] (Sony Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe [2062208 2016-05-26] (Sony)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [BingSvc] => C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [Spotify Web Helper] => C:\Users\Quadcore\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-10-28] (Spotify Ltd)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [Spotify] => C:\Users\Quadcore\AppData\Roaming\Spotify\Spotify.exe [7039088 2016-10-28] (Spotify Ltd)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Actualizar notificador.lnk [2016-03-09]
ShortcutTarget: Actualizar notificador.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-03-09]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-03-09]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2016-10-27]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-2172032273-4216305309-2282011400-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2172032273-4216305309-2282011400-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/es-pe/?ocid=iehp
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.pe/
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> DefaultScope {3E9B3460-CE53-422B-B912-82C0D64413F9} URL = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {26088229-6C0E-4236-8EDE-204B5E11713F} URL = http://www.youtube.com/results?search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {3E9B3460-CE53-422B-B912-82C0D64413F9} URL = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://espanol.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10270__160620__yaie&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\Nueva carpeta\bin\ssv.dll [2015-11-10] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\Nueva carpeta\bin\jp2ssv.dll [2015-11-10] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\rg57wkzr.default-1464210550442
FF DefaultSearchEngine: Yahoo®
FF SelectedSearchEngine: Yahoo®
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\Nueva carpeta\bin\dtplugin\npDeployJava1.dll [2015-11-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\Nueva carpeta\bin\plugin2\npjp2.dll [2015-11-10] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @raidcall.en/RCplugin -> C:\Users\Quadcore\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin: @raidcall.tw/RCplugin -> C:\Users\Quadcore\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2172032273-4216305309-2282011400-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Quadcore\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )
FF Plugin HKU\S-1-5-21-2172032273-4216305309-2282011400-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Quadcore\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-02-19] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2172032273-4216305309-2282011400-1000: SkypePlugin -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\rg57wkzr.default-1464210550442\searchplugins\yahoo-lavasoft.xml [2016-06-20]
FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-06-09]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-28]
FF HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-17]
CHR Extension: (Google Drive) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-20]
CHR Extension: (YouTube) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-17]
CHR Extension: (Pixlr Touch Up) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2016-07-12]
CHR Extension: (Creately - Diagrams & Collaboration) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\mehmcgkakgfcibfkeofncglipefjcfnn [2016-06-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-17]
CHR Extension: (Gmail) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-20]
CHR Extension: (Chrome Media Router) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-31]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [937984 2015-07-22] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1023728 2015-03-31] (Disc Soft Ltd)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [272136 2016-10-13] (McAfee, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2009-07-13] (Microsoft Corporation)
R2 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [206424 2012-02-11] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3568840 2015-08-16] (INCA Internet Co., Ltd.)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [495800 2015-11-02] (Sony Corporation)
R2 SkypeUpdateEx; C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe [172464 2016-06-08] (skype.cog.cc)
S4 SQLSERVERAGENT; c:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [438360 2012-02-11] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [45800 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [2121728 2016-05-27] (Microsoft Corporation) [File not signed]
R2 XBox; C:\Program Files\XBox\XBLive.exe [4992952 2016-05-25] (Microsoft Corporation)
S2 Remotr Service; C:\Program Files\Remotr\RemotrService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\Users\Quadcore\LUIS ADOLFO\Nueva carpeta (SACADA DEK DESKTOP)\bin\a2ddax86.sys [22056 2015-04-27] (Emsisoft GmbH)
S3 cleanhlp; C:\Users\Quadcore\LUIS ADOLFO\Nueva carpeta (SACADA DEK DESKTOP)\bin\cleanhlp32.sys [50200 2015-04-27] (Emsisoft GmbH)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2015-04-28] (Disc Soft Ltd)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29760 2016-10-08] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2013-10-21] (FNet Co., Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-08-06] (LogMeIn, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [67184 2013-10-21] (Atheros Communications, Inc.)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [141824 2010-11-20] (Microsoft Corporation)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [268888 2012-02-11] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corporation                           )
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [33024 2013-05-19] (Scarlet.Crush Productions)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2015-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1801328 2011-02-17] (VIA Technologies, Inc.)
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2016-11-02 23:32 - 2016-11-02 23:33 - 00023868 _____ () C:\Users\Quadcore\Desktop\FRST.txt
2016-11-02 22:29 - 2016-11-02 22:29 - 00001081 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2016-11-02 22:29 - 2016-11-02 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2016-11-02 22:29 - 2016-11-02 22:29 - 00000000 ____D () C:\Program Files\Runtime Software
2016-11-01 03:01 - 2016-11-01 03:01 - 00001684 _____ () C:\Users\Quadcore\Desktop\iExplore.exe - Acceso directo.lnk
2016-11-01 02:35 - 2016-11-01 03:03 - 00002654 _____ () C:\Users\Quadcore\Desktop\Rkill.txt
2016-11-01 02:35 - 2016-11-01 03:02 - 00000000 ____D () C:\Users\Quadcore\Desktop\rkill
2016-11-01 01:14 - 2016-11-01 02:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-01 01:12 - 2016-11-01 02:09 - 00000000 ____D () C:\Users\Quadcore\Desktop\mbar
2016-10-28 12:27 - 2016-10-28 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-10-27 02:10 - 2016-10-27 02:10 - 00163606 _____ () C:\Users\Quadcore\Desktop\NUEVA 12SEPTGT GOLD.rar
2016-10-22 14:21 - 2016-10-22 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUNAT
2016-10-22 13:51 - 2016-10-22 13:51 - 08749056 _____ () C:\Program Files\SUNATPDT.MDB
2016-10-20 18:00 - 2016-10-20 18:31 - 00000000 ____D () C:\Users\Quadcore\Downloads\Band.of.Outsiders.[Bande.a.part].1964.DVDRip.H264.AAC.Gopo
2016-10-20 10:27 - 2016-10-20 10:27 - 00005948 _____ () C:\Users\Quadcore\Desktop\Factura CRÉDITO.txt
2016-10-12 08:40 - 2016-10-12 08:43 - 39431278 _____ () C:\Users\Quadcore\Desktop\stopthisongbailesito.avi
2016-10-09 19:16 - 2016-11-02 11:21 - 00000000 ____D () C:\Users\Public\Documents\AdobeGC
2016-10-08 22:43 - 2016-10-08 22:44 - 00000000 ____D () C:\Users\Quadcore\Downloads\Rake (2010) - Season 1
2016-10-08 13:57 - 2016-10-08 13:57 - 00050615 _____ () C:\Users\Quadcore\Desktop\VENDO ESTA TUCSON 2.pptx
2016-10-07 22:11 - 2016-11-02 08:17 - 00000000 ____D () C:\Users\MSSQLSERVER
2016-10-07 22:11 - 2016-10-07 22:11 - 00000020 ___SH () C:\Users\MSSQLSERVER\ntuser.ini
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\Reciente
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\Plantillas
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\Mis documentos
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\Menú Inicio
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\Impresoras
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\Entorno de red
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\Documents\Mis vídeos
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\Documents\Mis imágenes
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\Documents\Mi música
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\Datos de programa
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\Configuración local
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\AppData\Local\Historial
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\AppData\Local\Datos de programa
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL () C:\Users\MSSQLSERVER\AppData\Local\Archivos temporales de Internet
2016-10-07 22:11 - 2015-10-10 23:08 - 00000000 ____D () C:\Users\MSSQLSERVER\AppData\Roaming\Macromedia
2016-10-07 22:11 - 2015-05-10 05:24 - 00000000 ____D () C:\Users\MSSQLSERVER\Documents\Visual Studio 2008
2016-10-07 22:11 - 2015-05-09 17:23 - 00000000 ____D () C:\Users\MSSQLSERVER\AppData\Local\Microsoft Help
2016-10-07 22:11 - 2012-02-11 10:02 - 00045656 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL11.MSSQLSERVER-sqlagtctr.dll
2016-10-07 22:11 - 2009-07-13 23:42 - 00000000 ___RD () C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-10-07 22:11 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-10-07 22:10 - 2012-02-11 10:03 - 00082520 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQLSERVER-sqlctr11.0.2100.60.dll
2016-10-07 22:09 - 2012-02-11 10:08 - 00147032 _____ (Microsoft Corporation) C:\Windows\system32\hadrres.dll
2016-10-07 22:09 - 2012-02-11 10:08 - 00069208 _____ (Microsoft Corporation) C:\Windows\system32\fssres.dll
2016-10-07 22:01 - 2016-10-07 22:01 - 00000000 ____D () C:\Users\Quadcore\Documents\Visual Studio 2010
2016-10-07 21:56 - 2016-10-07 21:57 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0
2016-10-07 21:47 - 2016-10-07 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2016-10-06 12:44 - 2016-10-06 12:44 - 00909326 _____ () C:\Users\Quadcore\Documents\ECO_Ses7_Rojas Peña Andrea Alexandra.pptx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2016-11-02 23:32 - 2015-04-27 15:16 - 00000000 ____D () C:\FRST
2016-11-02 23:08 - 2016-02-16 16:59 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-02 22:56 - 2016-06-20 20:48 - 00001024 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-02 20:56 - 2016-06-20 20:48 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-02 20:51 - 2009-07-13 23:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-02 20:51 - 2009-07-13 23:34 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-02 19:07 - 2015-05-04 13:35 - 00000000 ____D () C:\ProgramData\Unity
2016-11-02 16:39 - 2014-01-12 14:30 - 00000000 ____D () C:\Users\Quadcore\MED_PERU
2016-11-02 16:39 - 2013-10-21 09:20 - 00000000 ____D () C:\Users\Quadcore\JACQUELINE
2016-11-02 16:39 - 2013-09-27 16:25 - 00000000 ____D () C:\Users\Quadcore
2016-11-02 13:51 - 2014-04-24 14:11 - 00000000 ____D () C:\Users\Quadcore\LUIS ADOLFO
2016-11-02 12:04 - 2016-03-18 09:16 - 00000034 _____ () C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-11-02 08:55 - 2016-08-21 01:33 - 00000000 ____D () C:\Users\Quadcore\AppData\Local\Spotify
2016-11-02 08:34 - 2016-08-21 01:30 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\Spotify
2016-11-02 08:34 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2016-11-02 08:18 - 2015-12-11 19:28 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2016-11-02 08:17 - 2016-06-21 11:39 - 00019552 _____ () C:\Windows\setupact.log
2016-11-02 08:17 - 2013-12-03 17:51 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2016-11-02 08:17 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2016-11-01 12:55 - 2015-11-09 15:11 - 00000000 ____D () C:\Program Files\RegSeeker
2016-11-01 12:51 - 2015-03-23 00:16 - 00000000 ____D () C:\Users\Quadcore\Pendrive Rojo MEDRILLCA
2016-11-01 03:00 - 2016-09-03 21:46 - 00000000 ____D () C:\ProgramData\Remotr
2016-11-01 02:20 - 2016-06-21 11:39 - 00003910 _____ () C:\Windows\PFRO.log
2016-11-01 02:12 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2016-11-01 01:14 - 2014-12-15 18:10 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-01 01:12 - 2014-12-15 18:10 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-31 07:01 - 2013-11-01 14:13 - 00007614 _____ () C:\Users\Quadcore\AppData\Local\Resmon.ResmonCfg
2016-10-31 05:20 - 2015-10-16 03:41 - 00000132 _____ () C:\Users\Quadcore\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2016-10-28 19:04 - 2013-10-21 10:04 - 00000000 ____D () C:\Users\Quadcore\AppData\Local\Google
2016-10-28 12:27 - 2016-02-16 16:59 - 00002045 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-10-28 12:27 - 2014-10-17 12:01 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2016-10-28 10:33 - 2013-10-21 09:30 - 00000000 ___RD () C:\Users\Quadcore\VANESSA
2016-10-27 11:38 - 2016-03-21 16:26 - 00198785 _____ () C:\Users\Quadcore\Documents\OneNotePort
2016-10-27 10:36 - 2015-05-03 17:12 - 00000000 ____D () C:\Program Files\Opera
2016-10-26 21:26 - 2016-07-25 20:23 - 00000000 ___RD () C:\Users\Quadcore\Desktop\chino
2016-10-26 18:08 - 2016-02-16 16:59 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-26 18:08 - 2016-02-16 16:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-26 18:08 - 2014-03-13 13:47 - 00000000 ____D () C:\Windows\system32\Macromed
2016-10-25 22:45 - 2015-12-02 04:06 - 00000000 ____D () C:\Users\Quadcore\Desktop\tallervanessanoborrar
2016-10-24 09:14 - 2014-11-17 20:41 - 00000000 ___RD () C:\Program Files\Skype
2016-10-24 03:01 - 2016-06-20 20:50 - 00002169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 02:19 - 2013-10-26 15:52 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\Adobe
2016-10-23 01:43 - 2015-09-23 03:55 - 00000000 ____D () C:\Program Files\TeamViewer
2016-10-22 13:51 - 2016-02-04 17:10 - 00000000 ____D () C:\Program Files\TMP
2016-10-22 13:51 - 2016-01-31 01:15 - 00000000 ____D () C:\Users\Quadcore\AppData\Local\CrashDumps
2016-10-22 13:51 - 2014-05-09 18:16 - 00000356 _____ () C:\Windows\Pm000.INI
2016-10-22 13:51 - 2014-05-09 18:16 - 00000000 ____D () C:\Program Files\0621
2016-10-22 13:50 - 2014-05-09 18:37 - 00000074 _____ () C:\Program Files\Mens.txt
2016-10-22 03:46 - 2013-10-21 10:06 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\Skype
2016-10-22 02:32 - 2015-04-21 11:22 - 00024064 _____ () C:\Users\Quadcore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-22 01:14 - 2016-01-19 04:23 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\vlc
2016-10-21 22:58 - 2016-06-24 00:19 - 00044351 _____ () C:\Windows\WindowsUpdate.log
2016-10-21 02:43 - 2014-11-19 18:28 - 00000000 ____D () C:\Users\Quadcore\AppData\Roaming\uTorrent
2016-10-17 20:33 - 2010-11-20 16:01 - 02116490 _____ () C:\Windows\system32\PerfStringBackup.INI
2016-10-11 14:06 - 2013-10-21 09:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-10-08 19:13 - 2016-08-03 10:51 - 00000000 ____D () C:\Users\Quadcore\Desktop\Nueva carpeta
2016-10-08 19:09 - 2013-10-21 13:46 - 00029760 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETTBOH_305.SYS
2016-10-07 22:07 - 2013-10-21 13:53 - 00000000 ____D () C:\Program Files\Microsoft Office
2016-10-07 22:07 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2016-10-07 22:05 - 2013-10-21 13:56 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2016-10-07 22:01 - 2015-04-19 11:27 - 00000000 ____D () C:\Windows\system32\1033
2016-10-07 21:53 - 2015-09-16 05:38 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2016-10-07 20:16 - 2016-06-15 20:09 - 00000000 ____D () C:\Users\Quadcore\AppData\Local\Microsoft_Corporation
2016-10-06 21:44 - 2015-06-18 22:01 - 00000000 ____D () C:\Users\Quadcore\Documents\Archivos de Outlook
 
==================== Files in the root of some directories =======
 
2014-06-10 13:43 - 2014-06-10 13:43 - 0008237 _____ () C:\Program Files\062120140401LA53F2330841H4FGF18FAA3CLD303BEGBHKCBA60I679.ZIP
2014-11-10 20:55 - 2014-11-10 20:55 - 0007975 _____ () C:\Program Files\062120141001I23EH13LFGHM7H625K51FJ6CLD303BEGBHKCBA60ACCC.ZIP
2015-01-09 20:17 - 2015-01-09 20:17 - 0007989 _____ () C:\Program Files\06212014120043A0A0FHGBJ00L537E6D1D5CLD303BEGBHKCBA60ACCC.ZIP
2015-11-02 09:48 - 2015-11-02 09:48 - 0008045 _____ () C:\Program Files\062120150900F5K199G61A8F4N1G4988M7NC70303BEGBHKCBA60ACCC.ZIP
2015-10-12 10:13 - 2015-10-12 10:13 - 0008040 _____ () C:\Program Files\06212015090E050111AHF32C6GIIF0LCA9NC70303BEGBHKCBA60ACCC.ZIP
2015-12-09 21:36 - 2015-12-09 21:36 - 0008061 _____ () C:\Program Files\06212015110M891670CJKC635DF75195EDEC70303BEGBHKCBA60ACCC.ZIP
2016-01-28 11:14 - 2016-01-28 11:14 - 0008278 _____ () C:\Program Files\062120151200INCL4H1HIKBG3D9L1IB20D4C70303BEGBHKCBA60ACCC.ZIP
2016-03-20 10:46 - 2016-03-20 10:55 - 0008363 _____ () C:\Program Files\0621201601003622NK5IDNJI15I5JDDJ34GC70303BEGBHKCBA60ACCC.ZIP
2016-04-21 20:50 - 2016-04-21 20:50 - 0008004 _____ () C:\Program Files\06212016030BIHC691KFGJ3F1A259K6N2MEC70303BEGBHKCBA60ACCC.ZIP
2016-06-21 18:50 - 2016-06-21 18:50 - 0008017 _____ () C:\Program Files\06212016050KLGKHI5LG61I028CD7B6NKD1C70303BEGBHKCBA60ACCC.ZIP
2016-09-20 18:24 - 2016-09-20 18:24 - 0007977 _____ () C:\Program Files\0621201608005KKCE0A4BCEIB557KE0DM76C70303BEGBHKCBA60ACCC.ZIP
2016-09-20 18:28 - 2016-09-20 18:28 - 0007980 _____ () C:\Program Files\06212016080195C519K5109MJ51IDDE8G1KC70303BEGBHKCBA60ACCC.ZIP
2014-05-09 18:16 - 2013-06-10 15:24 - 0040960 _____ (SUNAT) C:\Program Files\20530.exe
2015-10-13 20:11 - 2015-10-13 20:11 - 0000058 _____ () C:\Program Files\Actualizaciones.ini
2010-06-02 05:21 - 2010-06-02 05:21 - 1347354 _____ () C:\Program Files\Apr2005_d3dx9_25_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1078962 _____ () C:\Program Files\Apr2005_d3dx9_25_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1397830 _____ () C:\Program Files\Apr2006_d3dx9_30_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1115221 _____ () C:\Program Files\Apr2006_d3dx9_30_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0916430 _____ () C:\Program Files\Apr2006_MDX1_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 4162630 _____ () C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0179133 _____ () C:\Program Files\Apr2006_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0133103 _____ () C:\Program Files\Apr2006_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0087101 _____ () C:\Program Files\Apr2006_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0046010 _____ () C:\Program Files\Apr2006_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0698612 _____ () C:\Program Files\APR2007_d3dx10_33_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0695865 _____ () C:\Program Files\APR2007_d3dx10_33_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1607358 _____ () C:\Program Files\APR2007_d3dx9_33_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1606039 _____ () C:\Program Files\APR2007_d3dx9_33_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0195766 _____ () C:\Program Files\APR2007_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0151225 _____ () C:\Program Files\APR2007_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0096817 _____ () C:\Program Files\APR2007_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0053302 _____ () C:\Program Files\APR2007_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1350542 _____ () C:\Program Files\Aug2005_d3dx9_27_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1077644 _____ () C:\Program Files\Aug2005_d3dx9_27_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0182903 _____ () C:\Program Files\AUG2006_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0137235 _____ () C:\Program Files\AUG2006_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0087142 _____ () C:\Program Files\AUG2006_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0046058 _____ () C:\Program Files\AUG2006_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0852286 _____ () C:\Program Files\AUG2007_d3dx10_35_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0796867 _____ () C:\Program Files\AUG2007_d3dx10_35_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1800160 _____ () C:\Program Files\AUG2007_d3dx9_35_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1708152 _____ () C:\Program Files\AUG2007_d3dx9_35_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0198096 _____ () C:\Program Files\AUG2007_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0153012 _____ () C:\Program Files\AUG2007_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0867612 _____ () C:\Program Files\Aug2008_d3dx10_39_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0849167 _____ () C:\Program Files\Aug2008_d3dx10_39_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1794084 _____ () C:\Program Files\Aug2008_d3dx9_39_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1464672 _____ () C:\Program Files\Aug2008_d3dx9_39_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0121772 _____ () C:\Program Files\Aug2008_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0092996 _____ () C:\Program Files\Aug2008_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0271412 _____ () C:\Program Files\Aug2008_XAudio_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0271038 _____ () C:\Program Files\Aug2008_XAudio_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0919044 _____ () C:\Program Files\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0900598 _____ () C:\Program Files\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 3112111 _____ () C:\Program Files\Aug2009_d3dcsx_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 3319740 _____ () C:\Program Files\Aug2009_d3dcsx_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0232635 _____ () C:\Program Files\Aug2009_d3dx10_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0192131 _____ () C:\Program Files\Aug2009_d3dx10_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0136301 _____ () C:\Program Files\Aug2009_d3dx11_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0105044 _____ () C:\Program Files\Aug2009_d3dx11_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0930116 _____ () C:\Program Files\Aug2009_d3dx9_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0728456 _____ () C:\Program Files\Aug2009_d3dx9_42_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122408 _____ () C:\Program Files\Aug2009_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093106 _____ () C:\Program Files\Aug2009_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273264 _____ () C:\Program Files\Aug2009_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0272642 _____ () C:\Program Files\Aug2009_XAudio_x86.cab
2015-10-13 20:13 - 2015-10-13 20:21 - 0000025 _____ () C:\Program Files\CfgInternet.ini
2015-10-13 20:21 - 2015-10-13 20:21 - 0009334 _____ () C:\Program Files\CfgMenu10.chg
2015-12-17 10:38 - 2015-12-17 10:38 - 0927824 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2014-05-09 18:16 - 2000-07-17 10:58 - 0024576 _____ (SUNAT) C:\Program Files\Compacta.exe
2015-10-13 20:04 - 2015-10-13 20:21 - 0000598 _____ () C:\Program Files\ContaSOL.ini
2015-04-30 06:24 - 2015-04-30 06:26 - 0000000 _____ () C:\Program Files\DebugLog.txt
2010-06-02 05:22 - 2010-06-02 05:22 - 1357976 _____ () C:\Program Files\Dec2005_d3dx9_28_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1079456 _____ () C:\Program Files\Dec2005_d3dx9_28_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0212807 _____ () C:\Program Files\DEC2006_d3dx10_00_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0191720 _____ () C:\Program Files\DEC2006_d3dx10_00_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1571154 _____ () C:\Program Files\DEC2006_d3dx9_32_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1574376 _____ () C:\Program Files\DEC2006_d3dx9_32_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0192475 _____ () C:\Program Files\DEC2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0145599 _____ () C:\Program Files\DEC2006_XACT_x86.cab
2011-03-30 11:40 - 2011-03-30 11:40 - 0095576 _____ (Microsoft Corporation) C:\Program Files\DSETUP.dll
2011-03-30 11:40 - 2011-03-30 11:40 - 1566040 _____ () C:\Program Files\dsetup32.dll
2011-03-30 11:40 - 2011-03-30 11:40 - 0044624 _____ () C:\Program Files\dxdllreg_x86.cab
2011-03-30 11:40 - 2011-03-30 11:40 - 0517976 _____ () C:\Program Files\DXSETUP.exe
2011-03-30 11:40 - 2011-03-30 11:40 - 0097152 _____ () C:\Program Files\dxupdate.cab
2014-05-09 18:16 - 2003-01-06 10:07 - 0016848 _____ () C:\Program Files\error_.txt
2014-05-09 18:16 - 2005-02-03 16:29 - 0114688 _____ (S U N A T) C:\Program Files\Exonera.exe
2010-06-02 05:22 - 2010-06-02 05:22 - 1247499 _____ () C:\Program Files\Feb2005_d3dx9_24_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1013225 _____ () C:\Program Files\Feb2005_d3dx9_24_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1362796 _____ () C:\Program Files\Feb2006_d3dx9_29_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1084720 _____ () C:\Program Files\Feb2006_d3dx9_29_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0178359 _____ () C:\Program Files\Feb2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0132409 _____ () C:\Program Files\Feb2006_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0194675 _____ () C:\Program Files\FEB2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0147983 _____ () C:\Program Files\FEB2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054678 _____ () C:\Program Files\Feb2010_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0020713 _____ () C:\Program Files\Feb2010_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122446 _____ () C:\Program Files\Feb2010_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093180 _____ () C:\Program Files\Feb2010_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0276960 _____ () C:\Program Files\Feb2010_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0277191 _____ () C:\Program Files\Feb2010_XAudio_x86.cab
2015-10-13 20:13 - 2015-10-13 20:13 - 0000052 _____ () C:\Program Files\InicioSesion.ini
2010-06-02 05:22 - 2010-06-02 05:22 - 1336002 _____ () C:\Program Files\Jun2005_d3dx9_26_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1064925 _____ () C:\Program Files\Jun2005_d3dx9_26_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0180785 _____ () C:\Program Files\JUN2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0133671 _____ () C:\Program Files\JUN2006_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0699044 _____ () C:\Program Files\JUN2007_d3dx10_34_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0698472 _____ () C:\Program Files\JUN2007_d3dx10_34_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1607774 _____ () C:\Program Files\JUN2007_d3dx9_34_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1607286 _____ () C:\Program Files\JUN2007_d3dx9_34_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0197122 _____ () C:\Program Files\JUN2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0152909 _____ () C:\Program Files\JUN2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0867828 _____ () C:\Program Files\JUN2008_d3dx10_38_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0849919 _____ () C:\Program Files\JUN2008_d3dx10_38_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1792608 _____ () C:\Program Files\JUN2008_d3dx9_38_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1463878 _____ () C:\Program Files\JUN2008_d3dx9_38_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0055154 _____ () C:\Program Files\JUN2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021905 _____ () C:\Program Files\JUN2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121054 _____ () C:\Program Files\JUN2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093128 _____ () C:\Program Files\JUN2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0269628 _____ () C:\Program Files\JUN2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0269024 _____ () C:\Program Files\JUN2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0944460 _____ () C:\Program Files\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0931471 _____ () C:\Program Files\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0752783 _____ () C:\Program Files\Jun2010_d3dcsx_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0762188 _____ () C:\Program Files\Jun2010_d3dcsx_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0235955 _____ () C:\Program Files\Jun2010_d3dx10_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0197283 _____ () C:\Program Files\Jun2010_d3dx10_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0138205 _____ () C:\Program Files\Jun2010_d3dx11_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0109445 _____ () C:\Program Files\Jun2010_d3dx11_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0937246 _____ () C:\Program Files\Jun2010_d3dx9_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0768036 _____ () C:\Program Files\Jun2010_d3dx9_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0124596 _____ () C:\Program Files\Jun2010_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093686 _____ () C:\Program Files\Jun2010_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0277338 _____ () C:\Program Files\Jun2010_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0278060 _____ () C:\Program Files\Jun2010_XAudio_x86.cab
2014-05-09 18:16 - 2002-01-22 10:14 - 0000969 _____ () C:\Program Files\Leeme.txt
2010-06-02 05:22 - 2010-06-02 05:22 - 0844884 _____ () C:\Program Files\Mar2008_d3dx10_37_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0818260 _____ () C:\Program Files\Mar2008_d3dx10_37_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1769862 _____ () C:\Program Files\Mar2008_d3dx9_37_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1443282 _____ () C:\Program Files\Mar2008_d3dx9_37_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0055058 _____ () C:\Program Files\Mar2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021867 _____ () C:\Program Files\Mar2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122336 _____ () C:\Program Files\Mar2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093734 _____ () C:\Program Files\Mar2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0251194 _____ () C:\Program Files\Mar2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0226250 _____ () C:\Program Files\Mar2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1067160 _____ () C:\Program Files\Mar2009_d3dx10_41_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1040745 _____ () C:\Program Files\Mar2009_d3dx10_41_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1973702 _____ () C:\Program Files\Mar2009_d3dx9_41_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1612446 _____ () C:\Program Files\Mar2009_d3dx9_41_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054600 _____ () C:\Program Files\Mar2009_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021298 _____ () C:\Program Files\Mar2009_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121506 _____ () C:\Program Files\Mar2009_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0092740 _____ () C:\Program Files\Mar2009_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0275044 _____ () C:\Program Files\Mar2009_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273018 _____ () C:\Program Files\Mar2009_XAudio_x86.cab
2014-05-09 18:37 - 2016-10-22 13:50 - 0000074 _____ () C:\Program Files\Mens.txt
2014-05-09 18:16 - 2016-01-19 14:56 - 0004920 _____ () C:\Program Files\MENU_PM.txt
2010-06-02 05:22 - 2010-06-02 05:22 - 0864600 _____ () C:\Program Files\Nov2007_d3dx10_36_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0803884 _____ () C:\Program Files\Nov2007_d3dx10_36_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1802058 _____ () C:\Program Files\Nov2007_d3dx9_36_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1709360 _____ () C:\Program Files\Nov2007_d3dx9_36_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0046144 _____ () C:\Program Files\NOV2007_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0018496 _____ () C:\Program Files\NOV2007_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0196762 _____ () C:\Program Files\NOV2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0148264 _____ () C:\Program Files\NOV2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0994154 _____ () C:\Program Files\Nov2008_d3dx10_40_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0965421 _____ () C:\Program Files\Nov2008_d3dx10_40_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1906878 _____ () C:\Program Files\Nov2008_d3dx9_40_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1550796 _____ () C:\Program Files\Nov2008_d3dx9_40_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054522 _____ () C:\Program Files\Nov2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021851 _____ () C:\Program Files\Nov2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121794 _____ () C:\Program Files\Nov2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0092684 _____ () C:\Program Files\Nov2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273960 _____ () C:\Program Files\Nov2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0272611 _____ () C:\Program Files\Nov2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0086037 _____ () C:\Program Files\Oct2005_xinput_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0045359 _____ () C:\Program Files\Oct2005_xinput_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1412902 _____ () C:\Program Files\OCT2006_d3dx9_31_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1127217 _____ () C:\Program Files\OCT2006_d3dx9_31_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0182361 _____ () C:\Program Files\OCT2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0138017 _____ () C:\Program Files\OCT2006_XACT_x86.cab
2014-05-09 18:16 - 2011-02-14 11:22 - 0897024 _____ (S U N A T) C:\Program Files\pdt00.exe
2014-05-09 18:16 - 2000-01-13 13:34 - 0086016 _____ (S U N A T) C:\Program Files\PDTActPa.exe
2015-10-27 09:36 - 2015-10-27 09:36 - 0076168 _____ () C:\Program Files\PDTBACKUP2015102700000000000.ZIP
2014-05-09 18:16 - 2013-05-31 13:55 - 0507904 _____ (S U N A T) C:\Program Files\PDTEnvio.exe
2014-05-09 18:16 - 2013-05-06 17:26 - 0221184 _____ (S U N A T) C:\Program Files\PDTRegDe.exe
2014-05-09 18:16 - 2002-12-06 13:28 - 0000277 _____ () C:\Program Files\Pm000.INI
2014-05-09 18:16 - 1999-07-05 18:32 - 0077824 _____ () C:\Program Files\pm000.mdw
2014-05-09 18:16 - 2007-03-02 10:37 - 1093632 _____ (SUNAT) C:\Program Files\pmModDoc.exe
2014-05-09 18:16 - 2004-12-15 10:16 - 0098304 _____ (SUNAT) C:\Program Files\pmModEPS.exe
2014-05-09 18:16 - 2011-01-03 08:24 - 1638400 _____ (SUNAT) C:\Program Files\pmTraDer.exe
2014-05-09 18:16 - 2013-06-10 14:00 - 0020480 _____ (SUNAT) C:\Program Files\Repara.exe
2014-05-09 18:16 - 2011-01-28 08:42 - 0125738 _____ () C:\Program Files\SUNATPDT.HLP
2016-10-22 13:51 - 2016-10-22 13:51 - 8749056 _____ () C:\Program Files\SUNATPDT.MDB
2016-03-18 11:42 - 2016-03-18 11:42 - 0000214 _____ () C:\Program Files\Trace.txt
2015-10-13 20:04 - 2015-10-13 20:10 - 0000167 _____ () C:\Program Files\Ubicaciones.ini
2016-06-06 19:08 - 2016-06-06 19:08 - 0000034 _____ () C:\Program Files\Common Files\9E3EC1B1.zq
2015-06-10 00:35 - 2015-12-09 00:46 - 0000034 _____ () C:\Users\Quadcore\AppData\Roaming\AdobeWLCMCache.dat
2015-05-24 00:07 - 2013-07-21 21:59 - 0012005 _____ () C:\Users\Quadcore\AppData\Roaming\alsoft.ini
2015-10-16 03:41 - 2016-10-31 05:20 - 0000132 _____ () C:\Users\Quadcore\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2015-03-07 12:49 - 2015-07-17 22:38 - 0000385 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Desktop.Exception.log
2015-03-07 12:46 - 2016-06-21 11:31 - 0002009 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-03-07 12:49 - 2015-07-17 22:38 - 0000385 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-04-21 11:22 - 2015-07-17 22:38 - 0000154 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Transcoder.Exception.log
2015-05-03 17:56 - 2015-05-03 17:56 - 0000099 _____ () C:\Users\Quadcore\AppData\Roaming\settings.xml
2015-04-21 11:22 - 2016-10-22 02:32 - 0024064 _____ () C:\Users\Quadcore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-28 17:51 - 2015-02-28 17:51 - 0000001 _____ () C:\Users\Quadcore\AppData\Local\llftool.4.30.agreement
2015-05-04 17:17 - 2015-05-04 17:17 - 0000218 _____ () C:\Users\Quadcore\AppData\Local\recently-used.xbel
2013-11-01 14:13 - 2016-10-31 07:01 - 0007614 _____ () C:\Users\Quadcore\AppData\Local\Resmon.ResmonCfg
2016-03-15 22:02 - 2016-01-15 22:02 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Quadcore\ntuserdirect_MyManager.dat
 
 
Some content of TEMP:
====================
C:\Users\Quadcore\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Quadcore\AppData\Local\Temp\BSvcUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-27 15:10
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:32 PM

Posted 04 November 2016 - 10:40 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.


p.s.
Delete your version of the Farbar tool.
Please update the Farbar tool and post fresh FRST and Addition.txt files for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.

#3 laise91

laise91
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 04 November 2016 - 06:37 PM

 
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Quadcore on 04/11/2016 at 17:02:12.38.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Quadcore\Desktop\zoek.exe    [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
04/11/2016 05:38:54 p.m. Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Program Files\GRETECH deleted successfully
C:\Program Files\Hi-Rez Studios deleted successfully
C:\Program Files\LibraryApps deleted successfully
C:\Program Files\paint.net deleted successfully
C:\Program Files\Common Files\Merge Modules deleted successfully
C:\Program Files\Common Files\SWF Studio deleted successfully
C:\PROGRA~2\ALM deleted successfully
C:\PROGRA~2\Hi-Rez Studios deleted successfully
C:\PROGRA~2\RegRun deleted successfully
C:\Users\Quadcore\AppData\Roaming\iolo deleted successfully
C:\Users\Quadcore\AppData\Roaming\QuickScan deleted successfully
C:\Users\Quadcore\AppData\Roaming\Searchult deleted successfully
C:\Users\Quadcore\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Quadcore\AppData\Local\EmieSiteList deleted successfully
C:\Users\Quadcore\AppData\Local\EmieUserList deleted successfully
C:\Users\Quadcore\AppData\Local\mbysv3UW55Wv deleted successfully
C:\Users\Quadcore\AppData\Local\PACE Anti-Piracy deleted successfully
C:\Users\Quadcore\AppData\Local\Skype deleted successfully
C:\Users\Quadcore\AppData\Local\WMTools Downloaded Files deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Remotr Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Remotr Service deleted successfully
 
==== Batch Command(s) Run By Tool======================
 
 
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
 
 
==== Deleting Files \ Folders ======================
 
C:\Program Files\GRETECH not found
C:\Program Files\Hi-Rez Studios not found
C:\Program Files\LibraryApps not found
C:\Program Files\paint.net not found
C:\Program Files\Archivos comunes deleted
C:\Users\Quadcore\AppData\Local\paint.net deleted
C:\Users\Quadcore\AppData\Roaming\Unity deleted
C:\Program Files\Steam deleted
C:\PROGRA~2\DivX deleted
C:\extensions deleted
C:\install.exe deleted
C:\PhotoScape_V3.6.2.exe deleted
C:\SkypeSetup.exe deleted
C:\Users\Quadcore\AppData\Roaming\alsoft.ini deleted
C:\Users\Quadcore\AppData\Roaming\Rim.Desktop.Exception.log deleted
C:\Users\Quadcore\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deleted
C:\Users\Quadcore\AppData\Roaming\Rim.DesktopHelper.Exception.log deleted
C:\Users\Quadcore\AppData\Roaming\Rim.Transcoder.Exception.log deleted
C:\Users\Quadcore\AppData\Roaming\Thinstall deleted
C:\PROGRA~2\hash.dat deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Quadcore\AppData\Local\Unity deleted
C:\Windows\system32\config\systemprofile\AppData\Local\LavasoftTcpService deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Users\Quadcore\AppData\LocalLow\Unity deleted
C:\Windows\System32\mfs1B6B.tmp deleted
C:\Windows\System32\mfs24F8.tmp deleted
C:\Windows\System32\mfs253.tmp deleted
C:\Windows\System32\mfs265D.tmp deleted
C:\Windows\System32\mfs29A7.tmp deleted
C:\Windows\System32\mfs2B6E.tmp deleted
C:\Windows\System32\mfs2BF7.tmp deleted
C:\Windows\System32\mfs2D81.tmp deleted
C:\Windows\System32\mfs3128.tmp deleted
C:\Windows\System32\mfs3230.tmp deleted
C:\Windows\System32\mfs35F5.tmp deleted
C:\Windows\System32\mfs3E65.tmp deleted
C:\Windows\System32\mfs3EC5.tmp deleted
C:\Windows\System32\mfs3FD.tmp deleted
C:\Windows\System32\mfs439.tmp deleted
C:\Windows\System32\mfs4809.tmp deleted
C:\Windows\System32\mfs482.tmp deleted
C:\Windows\System32\mfs49D5.tmp deleted
C:\Windows\System32\mfs4C17.tmp deleted
C:\Windows\System32\mfs4F08.tmp deleted
C:\Windows\System32\mfs51AC.tmp deleted
C:\Windows\System32\mfs54E9.tmp deleted
C:\Windows\System32\mfs563C.tmp deleted
C:\Windows\System32\mfs5A8A.tmp deleted
C:\Windows\System32\mfs5E28.tmp deleted
C:\Windows\System32\mfs64C.tmp deleted
C:\Windows\System32\mfs65.tmp deleted
C:\Windows\System32\mfs67FA.tmp deleted
C:\Windows\System32\mfs6BA4.tmp deleted
C:\Windows\System32\mfs6F97.tmp deleted
C:\Windows\System32\mfs6FE2.tmp deleted
C:\Windows\System32\mfs7AA6.tmp deleted
C:\Windows\System32\mfs8065.tmp deleted
C:\Windows\System32\mfs838.tmp deleted
C:\Windows\System32\mfs8516.tmp deleted
C:\Windows\System32\mfs869A.tmp deleted
C:\Windows\System32\mfs89DC.tmp deleted
C:\Windows\System32\mfs8A4D.tmp deleted
C:\Windows\System32\mfs9623.tmp deleted
C:\Windows\System32\mfs96C0.tmp deleted
C:\Windows\System32\mfs9EC9.tmp deleted
C:\Windows\System32\mfsA454.tmp deleted
C:\Windows\System32\mfsA61D.tmp deleted
C:\Windows\System32\mfsA662.tmp deleted
C:\Windows\System32\mfsA9C5.tmp deleted
C:\Windows\System32\mfsAE33.tmp deleted
C:\Windows\System32\mfsB2F.tmp deleted
C:\Windows\System32\mfsB446.tmp deleted
C:\Windows\System32\mfsB780.tmp deleted
C:\Windows\System32\mfsBF9C.tmp deleted
C:\Windows\System32\mfsBFAE.tmp deleted
C:\Windows\System32\mfsC09C.tmp deleted
C:\Windows\System32\mfsC1.tmp deleted
C:\Windows\System32\mfsC3A.tmp deleted
C:\Windows\System32\mfsD127.tmp deleted
C:\Windows\System32\mfsD3D3.tmp deleted
C:\Windows\System32\mfsDBA6.tmp deleted
C:\Windows\System32\mfsE713.tmp deleted
C:\Windows\System32\mfsE8FB.tmp deleted
C:\Windows\System32\mfsEBD.tmp deleted
C:\Windows\System32\mfsEF3D.tmp deleted
C:\Windows\System32\mfsF359.tmp deleted
C:\Windows\System32\mfsFD48.tmp deleted
"C:\Users\Quadcore\AppData\Roaming\Tunngle\Local.key" deleted
"C:\Users\Quadcore\AppData\Roaming\Tunngle\Local.pub" deleted
"C:\Users\Quadcore\AppData\Roaming\Tunngle" deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [28/11/2014 12:04 p.m.]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"MFVersion"="MF38.0.5 (x86 es-ES)" []
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
fcfenmboojpjinhpgggodefccipikbpd - No path found[]
 
Pixlr Touch Up - Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig
Chrome Media Router - Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Chromium Fix ======================
 
C:\Users\Quadcore\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage deleted successfully
C:\Users\Quadcore\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{3E9B3460-CE53-422B-B912-82C0D64413F9}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
HKCU\SearchScopes\{26088229-6C0E-4236-8EDE-204B5E11713F} - http://www.youtube.com/results?search_query={searchTerms}
 
==== Reset Google Chrome ======================
 
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Quadcore\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Quadcore\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Quadcore\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Reset IE Proxy ======================
 
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:8080;https=127.0.0.1:8080"
"ProxyEnable"=dword:00000001
 
Value(s) after fix:
"ProxyEnable"=dword:00000000
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TVWiz deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rUpdater1 deleted successfully
 
==== Empty IE Cache ======================
 
C:\Users\Quadcore\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Quadcore\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Quadcore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Quadcore\AppData\Local\Mozilla\Firefox\Profiles\rg57wkzr.default-1464210550442\cache2 emptied successfully
C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\rg57wkzr.default-1464210550442\storage\default\https+++twitter.com\cache emptied successfully
C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\rg57wkzr.default-1464210550442\storage\default\https+++www.google.com.pe\cache emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Quadcore\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=20956 folders=3282 2714241155 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\MSSQLSERVER\AppData\Local\Temp emptied successfully
C:\Users\Quadcore\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-11-2016
Ran by Quadcore (administrator) on QUADCORE-PC (04-11-2016 17:05:34)
Running from C:\Users\Quadcore\Desktop
Loaded Profiles: Quadcore & MSSQLSERVER (Available Profiles: Quadcore & MSSQLSERVER)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Allway Sync\Bin\SyncService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(skype.cog.cc) C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
(Microsoft Corporation) C:\Program Files\XBox\XBLive.exe
(FNet Co., Ltd.) C:\Program Files\XFastUSB\XFastUsb.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Sony) C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe
(© 2015 Microsoft Corporation) C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Spotify Ltd) C:\Users\Quadcore\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Nico Mak Computing) C:\Program Files\WinZip\WZUpdateNotifier.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAHWindow32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Opera Software) C:\Program Files\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files\Opera\41.0.2353.46\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files\Opera\41.0.2353.46\opera.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(Opera Software) C:\Program Files\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files\Opera\41.0.2353.46\opera.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Opera Software) C:\Program Files\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files\Opera\41.0.2353.46\opera.exe
(Opera Software) C:\Program Files\Opera\41.0.2353.46\opera.exe
() C:\Users\Quadcore\Desktop\zoek.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Opera Software) C:\Program Files\Opera\41.0.2353.46\opera.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XFastUSB] => C:\Program Files\XFastUSB\XFastUsb.exe [5019360 2013-10-21] (FNet Co., Ltd.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2687160 2015-11-02] (Sony Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe [2062208 2016-05-26] (Sony)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [BingSvc] => C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [Spotify Web Helper] => C:\Users\Quadcore\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-10-28] (Spotify Ltd)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [Spotify] => C:\Users\Quadcore\AppData\Roaming\Spotify\Spotify.exe [7039088 2016-10-28] (Spotify Ltd)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Actualizar notificador.lnk [2016-03-09]
ShortcutTarget: Actualizar notificador.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-03-09]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-10-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-03-09]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2016-10-27]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-2172032273-4216305309-2282011400-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2172032273-4216305309-2282011400-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [S-1-5-21-2172032273-4216305309-2282011400-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{65E7732C-210E-4982-9E63-875A696B639C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68DA50CA-CA0E-42F3-9037-EB8AC6FA2325}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{B92CF5C4-CB1D-40F5-99AD-EC1FFA3A51D3}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.pe/
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> DefaultScope {3E9B3460-CE53-422B-B912-82C0D64413F9} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {26088229-6C0E-4236-8EDE-204B5E11713F} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {3E9B3460-CE53-422B-B912-82C0D64413F9} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://espanol.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10270__160620__yaie&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\Nueva carpeta\bin\ssv.dll [2015-11-10] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\Nueva carpeta\bin\jp2ssv.dll [2015-11-10] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\rg57wkzr.default-1464210550442 [2016-11-04]
FF NewTab: Mozilla\Firefox\Profiles\rg57wkzr.default-1464210550442 -> hxxps://espanol.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10270__160620__yaff
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\rg57wkzr.default-1464210550442 -> Yahoo®
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\rg57wkzr.default-1464210550442 -> Yahoo®
FF Homepage: Mozilla\Firefox\Profiles\rg57wkzr.default-1464210550442 -> hxxps://espanol.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10270__160620__yaff
FF SearchPlugin: C:\Users\Quadcore\AppData\Roaming\Mozilla\Firefox\Profiles\rg57wkzr.default-1464210550442\searchplugins\yahoo-lavasoft.xml [2016-06-20]
FF Extension: (Skype) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-28] [not signed]
FF HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\Nueva carpeta\bin\dtplugin\npDeployJava1.dll [2015-11-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\Nueva carpeta\bin\plugin2\npjp2.dll [2015-11-10] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @raidcall.en/RCplugin -> C:\Users\Quadcore\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin: @raidcall.tw/RCplugin -> C:\Users\Quadcore\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2172032273-4216305309-2282011400-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Quadcore\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )
FF Plugin HKU\S-1-5-21-2172032273-4216305309-2282011400-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Quadcore\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-02-19] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2172032273-4216305309-2282011400-1000: SkypePlugin -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=es-es
CHR StartupUrls: Default -> "hxxps://www.google.com.pe/?gfe_rd=cr&ei=RWYOWISeJoew8weUpKywDQ"
CHR DefaultSearchKeyword: Default -> google.com.pe
CHR Profile: C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default [2016-11-04]
CHR Extension: (Google Docs) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-20]
CHR Extension: (Google Drive) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-20]
CHR Extension: (YouTube) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-20]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-20]
CHR Extension: (Pixlr Touch Up) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2016-07-12]
CHR Extension: (Creately - Diagramas y colaboración) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\mehmcgkakgfcibfkeofncglipefjcfnn [2016-06-27]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-20]
CHR Extension: (Gmail) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-20]
CHR Extension: (Chrome Media Router) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1023728 2015-03-31] (Disc Soft Ltd)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [272136 2016-10-13] (McAfee, Inc.)
R2 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [206424 2012-02-11] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3568840 2015-08-16] (INCA Internet Co., Ltd.)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [495800 2015-11-02] (Sony Corporation)
R2 SkypeUpdateEx; C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe [172464 2016-06-08] (skype.cog.cc)
S4 SQLSERVERAGENT; c:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [438360 2012-02-11] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [45800 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [2121728 2016-05-27] (Microsoft Corporation) [File not signed]
R2 XBox; C:\Program Files\XBox\XBLive.exe [4992952 2016-05-25] (Microsoft Corporation)
S2 Remotr Service; C:\Program Files\Remotr\RemotrService.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\Users\Quadcore\LUIS ADOLFO\Nueva carpeta (SACADA DEK DESKTOP)\bin\a2ddax86.sys [22056 2015-04-27] (Emsisoft GmbH)
S3 cleanhlp; C:\Users\Quadcore\LUIS ADOLFO\Nueva carpeta (SACADA DEK DESKTOP)\bin\cleanhlp32.sys [50200 2015-04-27] (Emsisoft GmbH)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2015-04-28] (Disc Soft Ltd)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29760 2016-10-08] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2013-10-21] (FNet Co., Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-08-06] (LogMeIn, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [67184 2013-10-21] (Atheros Communications, Inc.)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [268888 2012-02-11] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corporation                           )
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [33024 2013-05-19] (Scarlet.Crush Productions)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2015-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1801328 2011-02-17] (VIA Technologies, Inc.)
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-04 17:05 - 2016-11-04 17:07 - 00024653 _____ C:\Users\Quadcore\Desktop\FRST.txt
2016-11-04 17:03 - 2016-11-04 17:03 - 01759744 _____ (Farbar) C:\Users\Quadcore\Desktop\FRST.exe
2016-11-04 17:01 - 2016-11-04 17:01 - 00000002 _____ C:\runcheck.txt
2016-11-04 17:01 - 2016-11-04 17:01 - 00000000 ____D C:\zoek_backup
2016-11-04 16:59 - 2016-11-04 16:59 - 01309184 _____ C:\Users\Quadcore\Desktop\zoek.exe
2016-11-04 08:51 - 2016-11-04 08:51 - 00001007 _____ C:\Users\Quadcore\Desktop\MED_PERU - Acceso directo (2).lnk
2016-11-02 22:29 - 2016-11-02 22:29 - 00001081 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2016-11-02 22:29 - 2016-11-02 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2016-11-02 22:29 - 2016-11-02 22:29 - 00000000 ____D C:\Program Files\Runtime Software
2016-11-01 02:35 - 2016-11-01 03:03 - 00002654 _____ C:\Users\Quadcore\Desktop\Rkill.txt
2016-11-01 02:35 - 2016-11-01 03:02 - 00000000 ____D C:\Users\Quadcore\Desktop\rkill
2016-11-01 01:14 - 2016-11-01 02:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-01 01:12 - 2016-11-01 02:09 - 00000000 ____D C:\Users\Quadcore\Desktop\mbar
2016-10-28 12:27 - 2016-10-28 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-10-27 02:10 - 2016-10-27 02:10 - 00163606 _____ C:\Users\Quadcore\Desktop\NUEVA 12SEPTGT GOLD.rar
2016-10-22 14:21 - 2016-10-22 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUNAT
2016-10-22 13:51 - 2016-10-22 13:51 - 08749056 _____ C:\Program Files\SUNATPDT.MDB
2016-10-20 18:00 - 2016-10-20 18:31 - 00000000 ____D C:\Users\Quadcore\Downloads\Band.of.Outsiders.[Bande.a.part].1964.DVDRip.H264.AAC.Gopo
2016-10-09 19:16 - 2016-11-03 18:59 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-10-08 22:43 - 2016-10-08 22:44 - 00000000 ____D C:\Users\Quadcore\Downloads\Rake (2010) - Season 1
2016-10-08 22:39 - 2016-10-20 17:54 - 00000000 ____D C:\Users\Quadcore\AppData\LocalLow\uTorrent
2016-10-07 22:11 - 2016-11-02 08:17 - 00000000 ____D C:\Users\MSSQLSERVER
2016-10-07 22:11 - 2016-10-07 22:11 - 00000020 ___SH C:\Users\MSSQLSERVER\ntuser.ini
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\Reciente
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\Plantillas
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\Mis documentos
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\Menú Inicio
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\Impresoras
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\Entorno de red
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\Documents\Mis vídeos
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\Documents\Mis imágenes
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\Documents\Mi música
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\Datos de programa
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\Configuración local
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\AppData\Local\Historial
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\AppData\Local\Datos de programa
2016-10-07 22:11 - 2016-10-07 22:11 - 00000000 _SHDL C:\Users\MSSQLSERVER\AppData\Local\Archivos temporales de Internet
2016-10-07 22:11 - 2015-10-10 23:08 - 00000000 ____D C:\Users\MSSQLSERVER\AppData\Roaming\Macromedia
2016-10-07 22:11 - 2015-05-10 05:24 - 00000000 ____D C:\Users\MSSQLSERVER\Documents\Visual Studio 2008
2016-10-07 22:11 - 2015-05-09 17:23 - 00000000 ____D C:\Users\MSSQLSERVER\AppData\Local\Microsoft Help
2016-10-07 22:11 - 2012-02-11 10:02 - 00045656 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL11.MSSQLSERVER-sqlagtctr.dll
2016-10-07 22:11 - 2010-11-20 19:38 - 00000000 ____D C:\Users\MSSQLSERVER\AppData\Roaming\Media Center Programs
2016-10-07 22:10 - 2012-02-11 10:03 - 00082520 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQLSERVER-sqlctr11.0.2100.60.dll
2016-10-07 22:09 - 2012-02-11 10:08 - 00147032 _____ (Microsoft Corporation) C:\Windows\system32\hadrres.dll
2016-10-07 22:09 - 2012-02-11 10:08 - 00069208 _____ (Microsoft Corporation) C:\Windows\system32\fssres.dll
2016-10-07 22:01 - 2016-10-07 22:01 - 00000000 ____D C:\Users\Quadcore\Documents\Visual Studio 2010
2016-10-07 21:56 - 2016-10-07 21:57 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2016-10-07 21:47 - 2016-10-07 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2016-10-06 12:44 - 2016-10-06 12:44 - 00909326 _____ C:\Users\Quadcore\Documents\ECO_Ses7_Rojas Peña Andrea Alexandra.pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-04 17:05 - 2015-04-27 15:16 - 00000000 ____D C:\FRST
2016-11-04 16:56 - 2016-06-20 20:48 - 00001024 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-04 16:08 - 2016-02-16 16:59 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-04 15:31 - 2016-03-18 09:16 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-11-04 08:52 - 2015-12-02 04:06 - 00000000 ____D C:\Users\Quadcore\Desktop\tallervanessanoborrar
2016-11-04 07:51 - 2016-08-21 01:33 - 00000000 ____D C:\Users\Quadcore\AppData\Local\Spotify
2016-11-04 07:11 - 2009-07-13 23:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-04 07:11 - 2009-07-13 23:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-04 07:09 - 2016-08-21 01:30 - 00000000 ____D C:\Users\Quadcore\AppData\Roaming\Spotify
2016-11-04 07:04 - 2016-06-20 20:48 - 00001020 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-04 07:01 - 2015-12-11 19:28 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-11-04 07:01 - 2013-12-03 17:51 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-11-04 07:01 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-03 09:45 - 2016-06-24 16:16 - 00002026 _____ C:\Users\Public\Desktop\Git Bash.lnk
2016-11-03 09:45 - 2016-04-16 23:25 - 00001100 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-02 19:07 - 2016-04-14 21:27 - 00000000 ____D C:\Users\Quadcore\AppData\LocalLow\DefaultCompany
2016-11-02 19:07 - 2015-05-04 13:35 - 00000000 ____D C:\ProgramData\Unity
2016-11-02 16:39 - 2014-01-12 14:30 - 00000000 ____D C:\Users\Quadcore\MED_PERU
2016-11-02 16:39 - 2013-10-21 09:20 - 00000000 ____D C:\Users\Quadcore\JACQUELINE
2016-11-02 16:39 - 2013-09-27 16:25 - 00000000 ____D C:\Users\Quadcore
2016-11-02 13:51 - 2014-04-24 14:11 - 00000000 ____D C:\Users\Quadcore\LUIS ADOLFO
2016-11-02 08:34 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2016-11-01 12:55 - 2015-11-09 15:11 - 00000000 ____D C:\Program Files\RegSeeker
2016-11-01 12:51 - 2015-03-23 00:16 - 00000000 ____D C:\Users\Quadcore\Pendrive Rojo MEDRILLCA
2016-11-01 12:40 - 2013-10-21 10:06 - 00000000 ____D C:\Users\Quadcore\AppData\Local\ElevatedDiagnostics
2016-11-01 03:00 - 2016-09-03 21:46 - 00000000 ____D C:\ProgramData\Remotr
2016-11-01 02:08 - 2015-10-28 09:12 - 00000000 ____D C:\ProgramData\System32
2016-11-01 01:14 - 2014-12-15 18:10 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-01 01:12 - 2014-12-15 18:10 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-31 07:01 - 2013-11-01 14:13 - 00007614 _____ C:\Users\Quadcore\AppData\Local\Resmon.ResmonCfg
2016-10-31 05:20 - 2015-10-16 03:41 - 00000132 _____ C:\Users\Quadcore\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2016-10-28 19:04 - 2013-10-21 10:04 - 00000000 ____D C:\Users\Quadcore\AppData\Local\Google
2016-10-28 12:27 - 2016-02-16 16:59 - 00002045 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-10-28 12:27 - 2014-10-17 12:01 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-10-28 10:33 - 2013-10-21 09:30 - 00000000 ___RD C:\Users\Quadcore\VANESSA
2016-10-27 11:38 - 2016-03-21 16:26 - 00198785 _____ C:\Users\Quadcore\Documents\OneNotePort
2016-10-27 10:36 - 2015-05-03 17:12 - 00000000 ____D C:\Program Files\Opera
2016-10-26 21:26 - 2016-07-25 20:23 - 00000000 ___RD C:\Users\Quadcore\Desktop\chino
2016-10-26 18:08 - 2016-02-16 16:59 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-26 18:08 - 2016-02-16 16:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-26 18:08 - 2014-03-13 13:47 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-24 09:14 - 2014-11-17 20:41 - 00000000 ___RD C:\Program Files\Skype
2016-10-24 03:01 - 2016-06-20 20:50 - 00002169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 02:19 - 2013-10-26 15:52 - 00000000 ____D C:\Users\Quadcore\AppData\Roaming\Adobe
2016-10-23 01:43 - 2015-09-23 03:55 - 00000000 ____D C:\Program Files\TeamViewer
2016-10-22 13:51 - 2016-02-04 17:10 - 00000000 ____D C:\Program Files\TMP
2016-10-22 13:51 - 2016-01-31 01:15 - 00000000 ____D C:\Users\Quadcore\AppData\Local\CrashDumps
2016-10-22 13:51 - 2014-05-09 18:16 - 00000356 _____ C:\Windows\Pm000.INI
2016-10-22 13:51 - 2014-05-09 18:16 - 00000000 ____D C:\Program Files\0621
2016-10-22 13:50 - 2014-05-09 18:37 - 00000074 _____ C:\Program Files\Mens.txt
2016-10-22 03:46 - 2013-10-21 10:06 - 00000000 ____D C:\Users\Quadcore\AppData\Roaming\Skype
2016-10-22 02:32 - 2015-04-21 11:22 - 00024064 _____ C:\Users\Quadcore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-22 01:14 - 2016-01-19 04:23 - 00000000 ____D C:\Users\Quadcore\AppData\Roaming\vlc
2016-10-21 02:43 - 2014-11-19 18:28 - 00000000 ____D C:\Users\Quadcore\AppData\Roaming\uTorrent
2016-10-17 20:33 - 2010-11-20 19:30 - 00903462 _____ C:\Windows\system32\perfh00A.dat
2016-10-17 20:33 - 2010-11-20 19:30 - 00218722 _____ C:\Windows\system32\perfc00A.dat
2016-10-17 20:33 - 2010-11-20 16:01 - 02116490 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-17 20:33 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-10-11 14:06 - 2013-10-21 09:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-10-08 19:09 - 2013-10-21 13:46 - 00029760 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETTBOH_305.SYS
2016-10-07 22:07 - 2013-10-21 13:53 - 00000000 ____D C:\Program Files\Microsoft Office
2016-10-07 22:07 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-10-07 22:05 - 2013-10-21 13:56 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-10-07 22:01 - 2015-04-19 11:27 - 00000000 ____D C:\Windows\system32\1033
2016-10-07 21:53 - 2015-09-16 05:38 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2016-10-07 20:16 - 2016-06-15 20:09 - 00000000 ____D C:\Users\Quadcore\AppData\Local\Microsoft_Corporation
2016-10-06 21:44 - 2015-06-18 22:01 - 00000000 ____D C:\Users\Quadcore\Documents\Archivos de Outlook
 
==================== Files in the root of some directories =======
 
2014-06-10 13:43 - 2014-06-10 13:43 - 0008237 _____ () C:\Program Files\062120140401LA53F2330841H4FGF18FAA3CLD303BEGBHKCBA60I679.ZIP
2014-11-10 20:55 - 2014-11-10 20:55 - 0007975 _____ () C:\Program Files\062120141001I23EH13LFGHM7H625K51FJ6CLD303BEGBHKCBA60ACCC.ZIP
2015-01-09 20:17 - 2015-01-09 20:17 - 0007989 _____ () C:\Program Files\06212014120043A0A0FHGBJ00L537E6D1D5CLD303BEGBHKCBA60ACCC.ZIP
2015-11-02 09:48 - 2015-11-02 09:48 - 0008045 _____ () C:\Program Files\062120150900F5K199G61A8F4N1G4988M7NC70303BEGBHKCBA60ACCC.ZIP
2015-10-12 10:13 - 2015-10-12 10:13 - 0008040 _____ () C:\Program Files\06212015090E050111AHF32C6GIIF0LCA9NC70303BEGBHKCBA60ACCC.ZIP
2015-12-09 21:36 - 2015-12-09 21:36 - 0008061 _____ () C:\Program Files\06212015110M891670CJKC635DF75195EDEC70303BEGBHKCBA60ACCC.ZIP
2016-01-28 11:14 - 2016-01-28 11:14 - 0008278 _____ () C:\Program Files\062120151200INCL4H1HIKBG3D9L1IB20D4C70303BEGBHKCBA60ACCC.ZIP
2016-03-20 10:46 - 2016-03-20 10:55 - 0008363 _____ () C:\Program Files\0621201601003622NK5IDNJI15I5JDDJ34GC70303BEGBHKCBA60ACCC.ZIP
2016-04-21 20:50 - 2016-04-21 20:50 - 0008004 _____ () C:\Program Files\06212016030BIHC691KFGJ3F1A259K6N2MEC70303BEGBHKCBA60ACCC.ZIP
2016-06-21 18:50 - 2016-06-21 18:50 - 0008017 _____ () C:\Program Files\06212016050KLGKHI5LG61I028CD7B6NKD1C70303BEGBHKCBA60ACCC.ZIP
2016-09-20 18:24 - 2016-09-20 18:24 - 0007977 _____ () C:\Program Files\0621201608005KKCE0A4BCEIB557KE0DM76C70303BEGBHKCBA60ACCC.ZIP
2016-09-20 18:28 - 2016-09-20 18:28 - 0007980 _____ () C:\Program Files\06212016080195C519K5109MJ51IDDE8G1KC70303BEGBHKCBA60ACCC.ZIP
2014-05-09 18:16 - 2013-06-10 15:24 - 0040960 _____ (SUNAT) C:\Program Files\20530.exe
2015-10-13 20:11 - 2015-10-13 20:11 - 0000058 _____ () C:\Program Files\Actualizaciones.ini
2010-06-02 05:21 - 2010-06-02 05:21 - 1347354 _____ () C:\Program Files\Apr2005_d3dx9_25_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1078962 _____ () C:\Program Files\Apr2005_d3dx9_25_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1397830 _____ () C:\Program Files\Apr2006_d3dx9_30_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1115221 _____ () C:\Program Files\Apr2006_d3dx9_30_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0916430 _____ () C:\Program Files\Apr2006_MDX1_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 4162630 _____ () C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0179133 _____ () C:\Program Files\Apr2006_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0133103 _____ () C:\Program Files\Apr2006_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0087101 _____ () C:\Program Files\Apr2006_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0046010 _____ () C:\Program Files\Apr2006_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0698612 _____ () C:\Program Files\APR2007_d3dx10_33_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0695865 _____ () C:\Program Files\APR2007_d3dx10_33_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1607358 _____ () C:\Program Files\APR2007_d3dx9_33_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1606039 _____ () C:\Program Files\APR2007_d3dx9_33_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0195766 _____ () C:\Program Files\APR2007_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0151225 _____ () C:\Program Files\APR2007_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0096817 _____ () C:\Program Files\APR2007_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0053302 _____ () C:\Program Files\APR2007_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1350542 _____ () C:\Program Files\Aug2005_d3dx9_27_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1077644 _____ () C:\Program Files\Aug2005_d3dx9_27_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0182903 _____ () C:\Program Files\AUG2006_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0137235 _____ () C:\Program Files\AUG2006_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0087142 _____ () C:\Program Files\AUG2006_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0046058 _____ () C:\Program Files\AUG2006_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0852286 _____ () C:\Program Files\AUG2007_d3dx10_35_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0796867 _____ () C:\Program Files\AUG2007_d3dx10_35_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1800160 _____ () C:\Program Files\AUG2007_d3dx9_35_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1708152 _____ () C:\Program Files\AUG2007_d3dx9_35_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0198096 _____ () C:\Program Files\AUG2007_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0153012 _____ () C:\Program Files\AUG2007_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0867612 _____ () C:\Program Files\Aug2008_d3dx10_39_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0849167 _____ () C:\Program Files\Aug2008_d3dx10_39_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1794084 _____ () C:\Program Files\Aug2008_d3dx9_39_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1464672 _____ () C:\Program Files\Aug2008_d3dx9_39_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0121772 _____ () C:\Program Files\Aug2008_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0092996 _____ () C:\Program Files\Aug2008_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0271412 _____ () C:\Program Files\Aug2008_XAudio_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0271038 _____ () C:\Program Files\Aug2008_XAudio_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0919044 _____ () C:\Program Files\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0900598 _____ () C:\Program Files\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 3112111 _____ () C:\Program Files\Aug2009_d3dcsx_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 3319740 _____ () C:\Program Files\Aug2009_d3dcsx_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0232635 _____ () C:\Program Files\Aug2009_d3dx10_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0192131 _____ () C:\Program Files\Aug2009_d3dx10_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0136301 _____ () C:\Program Files\Aug2009_d3dx11_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0105044 _____ () C:\Program Files\Aug2009_d3dx11_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0930116 _____ () C:\Program Files\Aug2009_d3dx9_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0728456 _____ () C:\Program Files\Aug2009_d3dx9_42_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122408 _____ () C:\Program Files\Aug2009_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093106 _____ () C:\Program Files\Aug2009_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273264 _____ () C:\Program Files\Aug2009_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0272642 _____ () C:\Program Files\Aug2009_XAudio_x86.cab
2015-10-13 20:13 - 2015-10-13 20:21 - 0000025 _____ () C:\Program Files\CfgInternet.ini
2015-10-13 20:21 - 2015-10-13 20:21 - 0009334 _____ () C:\Program Files\CfgMenu10.chg
2015-12-17 10:38 - 2015-12-17 10:38 - 0927824 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2014-05-09 18:16 - 2000-07-17 10:58 - 0024576 _____ (SUNAT) C:\Program Files\Compacta.exe
2015-10-13 20:04 - 2015-10-13 20:21 - 0000598 _____ () C:\Program Files\ContaSOL.ini
2015-04-30 06:24 - 2015-04-30 06:26 - 0000000 _____ () C:\Program Files\DebugLog.txt
2010-06-02 05:22 - 2010-06-02 05:22 - 1357976 _____ () C:\Program Files\Dec2005_d3dx9_28_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1079456 _____ () C:\Program Files\Dec2005_d3dx9_28_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0212807 _____ () C:\Program Files\DEC2006_d3dx10_00_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0191720 _____ () C:\Program Files\DEC2006_d3dx10_00_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1571154 _____ () C:\Program Files\DEC2006_d3dx9_32_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1574376 _____ () C:\Program Files\DEC2006_d3dx9_32_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0192475 _____ () C:\Program Files\DEC2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0145599 _____ () C:\Program Files\DEC2006_XACT_x86.cab
2011-03-30 11:40 - 2011-03-30 11:40 - 0095576 _____ (Microsoft Corporation) C:\Program Files\DSETUP.dll
2011-03-30 11:40 - 2011-03-30 11:40 - 1566040 _____ () C:\Program Files\dsetup32.dll
2011-03-30 11:40 - 2011-03-30 11:40 - 0044624 _____ () C:\Program Files\dxdllreg_x86.cab
2011-03-30 11:40 - 2011-03-30 11:40 - 0517976 _____ () C:\Program Files\DXSETUP.exe
2011-03-30 11:40 - 2011-03-30 11:40 - 0097152 _____ () C:\Program Files\dxupdate.cab
2014-05-09 18:16 - 2003-01-06 10:07 - 0016848 _____ () C:\Program Files\error_.txt
2014-05-09 18:16 - 2005-02-03 16:29 - 0114688 _____ (S U N A T) C:\Program Files\Exonera.exe
2010-06-02 05:22 - 2010-06-02 05:22 - 1247499 _____ () C:\Program Files\Feb2005_d3dx9_24_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1013225 _____ () C:\Program Files\Feb2005_d3dx9_24_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1362796 _____ () C:\Program Files\Feb2006_d3dx9_29_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1084720 _____ () C:\Program Files\Feb2006_d3dx9_29_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0178359 _____ () C:\Program Files\Feb2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0132409 _____ () C:\Program Files\Feb2006_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0194675 _____ () C:\Program Files\FEB2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0147983 _____ () C:\Program Files\FEB2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054678 _____ () C:\Program Files\Feb2010_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0020713 _____ () C:\Program Files\Feb2010_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122446 _____ () C:\Program Files\Feb2010_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093180 _____ () C:\Program Files\Feb2010_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0276960 _____ () C:\Program Files\Feb2010_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0277191 _____ () C:\Program Files\Feb2010_XAudio_x86.cab
2015-10-13 20:13 - 2015-10-13 20:13 - 0000052 _____ () C:\Program Files\InicioSesion.ini
2010-06-02 05:22 - 2010-06-02 05:22 - 1336002 _____ () C:\Program Files\Jun2005_d3dx9_26_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1064925 _____ () C:\Program Files\Jun2005_d3dx9_26_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0180785 _____ () C:\Program Files\JUN2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0133671 _____ () C:\Program Files\JUN2006_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0699044 _____ () C:\Program Files\JUN2007_d3dx10_34_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0698472 _____ () C:\Program Files\JUN2007_d3dx10_34_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1607774 _____ () C:\Program Files\JUN2007_d3dx9_34_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1607286 _____ () C:\Program Files\JUN2007_d3dx9_34_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0197122 _____ () C:\Program Files\JUN2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0152909 _____ () C:\Program Files\JUN2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0867828 _____ () C:\Program Files\JUN2008_d3dx10_38_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0849919 _____ () C:\Program Files\JUN2008_d3dx10_38_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1792608 _____ () C:\Program Files\JUN2008_d3dx9_38_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1463878 _____ () C:\Program Files\JUN2008_d3dx9_38_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0055154 _____ () C:\Program Files\JUN2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021905 _____ () C:\Program Files\JUN2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121054 _____ () C:\Program Files\JUN2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093128 _____ () C:\Program Files\JUN2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0269628 _____ () C:\Program Files\JUN2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0269024 _____ () C:\Program Files\JUN2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0944460 _____ () C:\Program Files\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0931471 _____ () C:\Program Files\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0752783 _____ () C:\Program Files\Jun2010_d3dcsx_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0762188 _____ () C:\Program Files\Jun2010_d3dcsx_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0235955 _____ () C:\Program Files\Jun2010_d3dx10_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0197283 _____ () C:\Program Files\Jun2010_d3dx10_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0138205 _____ () C:\Program Files\Jun2010_d3dx11_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0109445 _____ () C:\Program Files\Jun2010_d3dx11_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0937246 _____ () C:\Program Files\Jun2010_d3dx9_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0768036 _____ () C:\Program Files\Jun2010_d3dx9_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0124596 _____ () C:\Program Files\Jun2010_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093686 _____ () C:\Program Files\Jun2010_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0277338 _____ () C:\Program Files\Jun2010_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0278060 _____ () C:\Program Files\Jun2010_XAudio_x86.cab
2014-05-09 18:16 - 2002-01-22 10:14 - 0000969 _____ () C:\Program Files\Leeme.txt
2010-06-02 05:22 - 2010-06-02 05:22 - 0844884 _____ () C:\Program Files\Mar2008_d3dx10_37_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0818260 _____ () C:\Program Files\Mar2008_d3dx10_37_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1769862 _____ () C:\Program Files\Mar2008_d3dx9_37_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1443282 _____ () C:\Program Files\Mar2008_d3dx9_37_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0055058 _____ () C:\Program Files\Mar2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021867 _____ () C:\Program Files\Mar2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122336 _____ () C:\Program Files\Mar2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093734 _____ () C:\Program Files\Mar2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0251194 _____ () C:\Program Files\Mar2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0226250 _____ () C:\Program Files\Mar2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1067160 _____ () C:\Program Files\Mar2009_d3dx10_41_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1040745 _____ () C:\Program Files\Mar2009_d3dx10_41_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1973702 _____ () C:\Program Files\Mar2009_d3dx9_41_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1612446 _____ () C:\Program Files\Mar2009_d3dx9_41_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054600 _____ () C:\Program Files\Mar2009_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021298 _____ () C:\Program Files\Mar2009_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121506 _____ () C:\Program Files\Mar2009_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0092740 _____ () C:\Program Files\Mar2009_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0275044 _____ () C:\Program Files\Mar2009_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273018 _____ () C:\Program Files\Mar2009_XAudio_x86.cab
2014-05-09 18:37 - 2016-10-22 13:50 - 0000074 _____ () C:\Program Files\Mens.txt
2014-05-09 18:16 - 2016-01-19 14:56 - 0004920 _____ () C:\Program Files\MENU_PM.txt
2010-06-02 05:22 - 2010-06-02 05:22 - 0864600 _____ () C:\Program Files\Nov2007_d3dx10_36_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0803884 _____ () C:\Program Files\Nov2007_d3dx10_36_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1802058 _____ () C:\Program Files\Nov2007_d3dx9_36_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1709360 _____ () C:\Program Files\Nov2007_d3dx9_36_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0046144 _____ () C:\Program Files\NOV2007_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0018496 _____ () C:\Program Files\NOV2007_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0196762 _____ () C:\Program Files\NOV2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0148264 _____ () C:\Program Files\NOV2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0994154 _____ () C:\Program Files\Nov2008_d3dx10_40_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0965421 _____ () C:\Program Files\Nov2008_d3dx10_40_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1906878 _____ () C:\Program Files\Nov2008_d3dx9_40_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1550796 _____ () C:\Program Files\Nov2008_d3dx9_40_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054522 _____ () C:\Program Files\Nov2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021851 _____ () C:\Program Files\Nov2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121794 _____ () C:\Program Files\Nov2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0092684 _____ () C:\Program Files\Nov2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273960 _____ () C:\Program Files\Nov2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0272611 _____ () C:\Program Files\Nov2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0086037 _____ () C:\Program Files\Oct2005_xinput_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0045359 _____ () C:\Program Files\Oct2005_xinput_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1412902 _____ () C:\Program Files\OCT2006_d3dx9_31_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1127217 _____ () C:\Program Files\OCT2006_d3dx9_31_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0182361 _____ () C:\Program Files\OCT2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0138017 _____ () C:\Program Files\OCT2006_XACT_x86.cab
2014-05-09 18:16 - 2011-02-14 11:22 - 0897024 _____ (S U N A T) C:\Program Files\pdt00.exe
2014-05-09 18:16 - 2000-01-13 13:34 - 0086016 _____ (S U N A T) C:\Program Files\PDTActPa.exe
2015-10-27 09:36 - 2015-10-27 09:36 - 0076168 _____ () C:\Program Files\PDTBACKUP2015102700000000000.ZIP
2014-05-09 18:16 - 2013-05-31 13:55 - 0507904 _____ (S U N A T) C:\Program Files\PDTEnvio.exe
2014-05-09 18:16 - 2013-05-06 17:26 - 0221184 _____ (S U N A T) C:\Program Files\PDTRegDe.exe
2014-05-09 18:16 - 2002-12-06 13:28 - 0000277 _____ () C:\Program Files\Pm000.INI
2014-05-09 18:16 - 1999-07-05 18:32 - 0077824 _____ () C:\Program Files\pm000.mdw
2014-05-09 18:16 - 2007-03-02 10:37 - 1093632 _____ (SUNAT) C:\Program Files\pmModDoc.exe
2014-05-09 18:16 - 2004-12-15 10:16 - 0098304 _____ (SUNAT) C:\Program Files\pmModEPS.exe
2014-05-09 18:16 - 2011-01-03 08:24 - 1638400 _____ (SUNAT) C:\Program Files\pmTraDer.exe
2014-05-09 18:16 - 2013-06-10 14:00 - 0020480 _____ (SUNAT) C:\Program Files\Repara.exe
2014-05-09 18:16 - 2011-01-28 08:42 - 0125738 _____ () C:\Program Files\SUNATPDT.HLP
2016-10-22 13:51 - 2016-10-22 13:51 - 8749056 _____ () C:\Program Files\SUNATPDT.MDB
2016-03-18 11:42 - 2016-03-18 11:42 - 0000214 _____ () C:\Program Files\Trace.txt
2015-10-13 20:04 - 2015-10-13 20:10 - 0000167 _____ () C:\Program Files\Ubicaciones.ini
2016-06-06 19:08 - 2016-06-06 19:08 - 0000034 _____ () C:\Program Files\Common Files\9E3EC1B1.zq
2015-06-10 00:35 - 2015-12-09 00:46 - 0000034 _____ () C:\Users\Quadcore\AppData\Roaming\AdobeWLCMCache.dat
2015-05-24 00:07 - 2013-07-21 21:59 - 0012005 _____ () C:\Users\Quadcore\AppData\Roaming\alsoft.ini
2015-10-16 03:41 - 2016-10-31 05:20 - 0000132 _____ () C:\Users\Quadcore\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2015-03-07 12:49 - 2015-07-17 22:38 - 0000385 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Desktop.Exception.log
2015-03-07 12:46 - 2016-06-21 11:31 - 0002009 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-03-07 12:49 - 2015-07-17 22:38 - 0000385 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-04-21 11:22 - 2015-07-17 22:38 - 0000154 _____ () C:\Users\Quadcore\AppData\Roaming\Rim.Transcoder.Exception.log
2015-05-03 17:56 - 2015-05-03 17:56 - 0000099 _____ () C:\Users\Quadcore\AppData\Roaming\settings.xml
2015-04-21 11:22 - 2016-10-22 02:32 - 0024064 _____ () C:\Users\Quadcore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-28 17:51 - 2015-02-28 17:51 - 0000001 _____ () C:\Users\Quadcore\AppData\Local\llftool.4.30.agreement
2015-05-04 17:17 - 2015-05-04 17:17 - 0000218 _____ () C:\Users\Quadcore\AppData\Local\recently-used.xbel
2013-11-01 14:13 - 2016-10-31 07:01 - 0007614 _____ () C:\Users\Quadcore\AppData\Local\Resmon.ResmonCfg
2016-03-15 22:02 - 2016-01-15 22:02 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Quadcore\ntuserdirect_MyManager.dat
 
 
Some files in TEMP:
====================
C:\Users\Quadcore\AppData\Local\Temp\7za.exe
C:\Users\Quadcore\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Quadcore\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Quadcore\AppData\Local\Temp\DaS_21.exe
C:\Users\Quadcore\AppData\Local\Temp\hijackthis.exe
C:\Users\Quadcore\AppData\Local\Temp\NirCmd.exe
C:\Users\Quadcore\AppData\Local\Temp\PEVZ.EXE
C:\Users\Quadcore\AppData\Local\Temp\remove.exe
C:\Users\Quadcore\AppData\Local\Temp\sed.exe
C:\Users\Quadcore\AppData\Local\Temp\shortcut.exe
C:\Users\Quadcore\AppData\Local\Temp\swreg.exe
C:\Users\Quadcore\AppData\Local\Temp\swxcacls.exe
C:\Users\Quadcore\AppData\Local\Temp\wget.exe
C:\Users\Quadcore\AppData\Local\Temp\zoek-delete.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-04 07:21
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-11-2016
Ran by Quadcore (04-11-2016 17:07:57)
Running from C:\Users\Quadcore\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2013-09-27 21:25:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
21311614C1AD4996A56D (S-1-5-21-2172032273-4216305309-2282011400-1053 - Limited - Enabled)
Administrador (S-1-5-21-2172032273-4216305309-2282011400-500 - Administrator - Enabled)
Invitado (S-1-5-21-2172032273-4216305309-2282011400-501 - Limited - Disabled)
Quadcore (S-1-5-21-2172032273-4216305309-2282011400-1000 - Administrator - Enabled) => C:\Users\Quadcore
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: BullGuard Antivirus (Disabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: BullGuard Antispyware (Disabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall (Disabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Aeria Ignite (HKLM\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Antares Auto-Tune Evo RTAS (HKLM\...\{4D68D398-7760-426D-8395-83EE0676FC7E}) (Version: 6.00.0009 - Antares Audio Technologies)
Apple Application Support (32 bits) (HKLM\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (Version: 3.3 - Microsoft Corporation) Hidden
ArcSoft WebCam Companion 4 (HKLM\...\{12450631-3289-40F7-AEC3-F6DCB6E1BDCF}) (Version: 4.0.20.365 - ArcSoft)
Ashampoo Burning Studio 12 v.12.0.1 (HKLM\...\Ashampoo Burning Studio 12_is1) (Version: 12.0.1 - Ashampoo GmbH & Co. KG)
Audacity 2.1.2 (HKLM\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avid Effects (HKLM\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.7 - Avid Technology, Inc.)
Avid HD Driver (x86) (HKLM\...\{01C898E1-38A7-49B1-9398-49E40636E2C5}) (Version: 10.3.7 - Avid Technology, Inc.)
Avid Pro Tools (HKLM\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.7 - Avid Technology, Inc.)
Azure AD Authentication Connected Service (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Dolby Axon - 1.5.1.1 (HKLM\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Dotfuscator and Analytics Community Edition 5.18.1 (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Download Navigator (HKLM\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM\...\{79D0F056-39DE-4FDD-83FD-1554CE2C6443}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM\...\EEPPPlugIn) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Facebook Plug-In (HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
GitHub (HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\5f7eb300e2ea4ebf) (Version: 3.1.1.4 - GitHub, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Guacamelee (Remove Only) (HKLM\...\Guacamelee) (Version:  - )
Guitar Pro 5.2 (HKLM\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{61D7B517-5914-41D4-BD27-927163631227}) (Version: 5.2.2.87 - Apple Inc.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 7 Update 67 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)
K-Lite Codec Pack 4.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.1.0 - )
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware versión 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.)
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
MergeModule_x86 (Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{D9D937B0-E842-4130-9588-B948E876904A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{CEA86648-87FA-4775-8F3B-A57F720BAE85}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{246dcb72-b18c-4ab9-9de9-8a996296b01d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{2EB88B38-A700-411C-B45E-33A5EB81B936}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{825E2AB1-4502-4A51-8C52-D8D3398BE9D2}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (Version: 14.0.23107 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera Stable 41.0.2353.46 (HKLM\...\Opera 41.0.2353.46) (Version: 41.0.2353.46 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x86) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PDT Planilla Electronica - PLAME (HKLM\...\PDTPLAME) (Version: 3.0.5 - UNKNOWN)
PDT Planilla Electronica - PLAME (Version: 3.0.5 - UNKNOWN) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Pixillion, convertidor de archivos de imagen (HKLM\...\Pixillion) (Version: 2.91 - NCH Software)
Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
PlayMemories Home (HKLM\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.0.03.11020 - Sony Corporation)
PMB_ModeEditor (Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (Version: 10.0.03 - Sony Corporation) Hidden
PreEmptive Analytics Visual Studio Components (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Programa de Declaración Telemática (HKLM\...\{A6E23415-7BA4-4CA3-99DA-B7F9D33E1F5B}) (Version:  - )
Project64 1.7 (HKLM\...\Project64 1.7) (Version:  - )
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RaidCall (HKLM\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (Version: 14.0.23107 - Microsoft Corporation) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM\...\{F6C18D35-D3EB-4AEA-B266-C2F11B6DB723}) (Version: 7.12.0.55 - Skype Technologies S.A.)
Skype™ 7.26 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Software Logitech Unifying 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Sound Forge Audio Studio 10.0 (HKLM\...\{BC208D90-4643-11E3-987B-F04DA23A5C58}) (Version: 10.0.252 - Sony)
Spotify (HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Spotify) (Version: 1.0.41.375.g040056ca - Spotify AB)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Super Meat Boy v1.5 (HKLM\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2015 (Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (Version: 14.0.23107 - Microsoft Corporation) Hidden
TP-LINK TL-WN725N_TL-WN723N Controlador (HKLM\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
Unity (32-bit) (HKLM\...\Unity (32-bit)) (Version: 5.3.3f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\UnityWebPlayer) (Version: 5.3.3f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{D8C21FB1-47FD-4CCA-8579-E8EB7FA380B2}) (Version:  - Microsoft)
Utilidad de configuración inalámbrica de TP-LINK (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VIA Administrador de dispositivos de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
VideoPad, software para edición de vídeo (HKLM\...\VideoPad) (Version: 3.88 - NCH Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WavePad, editor de audio (HKLM\...\WavePad) (Version: 6.07 - NCH Software)
WCF Data Services 5.6.4 Runtime (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Phone app for desktop (HKLM\...\{3549ACF5-2BE0-4FCC-8D3A-15B4342DE901}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EE}) (Version: 20.0.11659 - WinZip Computing, S.L. )
XFastUSB (HKLM\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.)
Xperia Companion (HKLM\...\{8f4f39fa-087f-4e5c-84f3-1433ac7389e9}) (Version: 1.2.8.0 - Sony)
Xperia Companion (Version: 1.2.8.0 - Sony) Hidden
Your Application Name (HKLM\...\{AA6EB693-FE08-4515-A991-C74F53AD7D7A}) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{147D75F3-19D5-4810-800D-7F50A02E8B60}\InprocServer32 -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\GatewayActiveX.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Quadcore\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{500D5FFA-40A9-49D6-B07A-1B393727694A}\InprocServer32 -> C:\Windows\system32\digiasio.dll (Avid Technology, Inc.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{7253b364-18c5-555a-4b07-26abb39c9f99}\InprocServer32 -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\EdgeBrokerPS.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{B9BE850C-F3F7-48AD-BB5B-A0CDA0706DB5}\localserver32 -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\GatewayVersion.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Quadcore\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{CD351190-38EC-4BA7-AA4A-11C342ABD724}\localserver32 -> C:\Users\Quadcore\AppData\Local\SkypePlugin\7.12.0.55\PluginHost.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {026167A7-81B7-4F85-84C6-DF8ADB9B9FA9} - System32\Tasks\{A65F4792-8E8B-4229-ADAE-1A17A240EE07} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-26] (SEIKO EPSON CORP.)
Task: {1537BB73-5B4E-4F10-8D02-A2A1FBD86556} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Quadcore-PC-Quadcore Quadcore-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {1EFB3034-7CD6-4CC2-961C-CB60A9EB79CE} - System32\Tasks\{5B79B3D9-0ED7-44E2-B7B6-1EFC05EF68FD} => pcalua.exe -a C:\Users\Quadcore\Desktop\VIDEOSND\Shockwave_Installer_Slim.exe -d C:\Users\Quadcore\Desktop\VIDEOSND
Task: {1EFBE306-A57B-4F82-8FC6-29E557688EE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2040AADC-F9E5-4491-9F25-46C838D1406C} - System32\Tasks\{6456999E-8C68-44F9-B7B6-BA85245BE273} => pcalua.exe -a "C:\Program Files\DIGITEL 3G\uninst.exe"
Task: {25F9E0FE-18A4-4F6F-AEE6-7D867F9184C2} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {360F7E94-1C29-4C96-BEDD-6C57607B6410} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {3C3A90CE-0B08-4CD1-AAA4-BF82C9458E3E} - System32\Tasks\apagate nene => C:\Windows\System32\shutdown.exe [2009-07-13] (Microsoft Corporation)
Task: {4960CC8B-8BB6-4046-ABD8-D09726D28391} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {555193E5-AD42-491F-AEB5-269EA5E0B6AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {5C3B0970-20C9-41A2-A792-F47E77A9E38C} - System32\Tasks\{C75E5B54-B3CE-401E-86B8-BA2B21F91660} => C:\Users\Quadcore\Desktop\GitHubSetup.exe
Task: {5E7FB1C6-EC30-4899-A139-93B185E52879} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-20] (Google Inc.)
Task: {6A59FE04-0A3E-4FF6-8B30-FC21EDF489F3} - System32\Tasks\Opera scheduled Autoupdate 1467582274 => C:\Program Files\Opera\launcher.exe [2016-10-24] (Opera Software)
Task: {7B846188-6138-4355-93C2-86DCE9950233} - System32\Tasks\{EECCAC8D-3900-4A1F-A0D3-509E898E0A8C} => C:\Program Files\pdt00.exe [2011-02-14] (S U N A T)
Task: {855660F8-0DEF-4CBF-B318-7F1C4068527F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {98DCFC0A-3257-42F5-9731-7E667145EB07} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {9A7BFC27-A314-41DC-8F7C-C52D2DDD9E78} - System32\Tasks\{FFB18958-BA9E-4279-9FDB-CF0C17351498} => C:\Users\Quadcore\Desktop\GitHubSetup.exe
Task: {A76203FE-C2DC-4316-8A50-AEC67B2BA139} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B3679B15-EC71-42D4-B3A4-524A7339D173} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-06-20] (Google Inc.)
Task: {C07B3243-1603-4CC9-BFAE-FEEB22BE3272} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {DE74B0BA-40D5-468C-8058-5594ABE44BDF} - System32\Tasks\AdobeAAMUpdater-1.0-Quadcore-PC-Quadcore => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {F855ACC9-F948-4734-B7B9-0457DD2FB83D} - System32\Tasks\{1B5F9C2C-C268-43A7-A882-1B5ADD28E87F} => pcalua.exe -a "C:\Users\Quadcore\MED_PERU\IGV\PROGRAMA TELEMATICO NUEVO\igvrta.exe" -d "C:\Users\Quadcore\MED_PERU\IGV\PROGRAMA TELEMATICO NUEVO"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Opera N Saturday.job => C:\Program Files\Opera\launcher.exe
Task: C:\Windows\Tasks\Opera N Sunday.job => C:\Program Files\Opera\launcher.exe
Task: C:\Windows\Tasks\Opera N.job => C:\Program Files\Opera\launcher.exe
Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe
Task: C:\Windows\Tasks\Software Removal Tool logs upload retry.job => C:\Users\Quadcore\Downloads\software_removal_tool.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Quadcore\JACQUELINE\Mis documentos\Favoritos\Mis documentos web.lnk -> hxxp://latam.msnusers.com/MyWebDocuments
Shortcut: C:\Users\Quadcore\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nchsoftware.com/es/index.html
Shortcut: C:\Users\Quadcore\Documents\data\disco c\Datos\Favoritos\Mis documentos web.lnk -> hxxp://latam.msnusers.com/MyWebDocuments
 
ShortcutWithArgument: C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Pixlr Touch Up.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jklljiahjgoglchglekebfljnmbaleig
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-13 00:39 - 2015-04-13 15:55 - 00182784 _____ () C:\Program Files\Allway Sync\Bin\SyncService.exe
2016-02-13 13:05 - 2016-01-22 13:54 - 00486064 ____N () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
2014-05-01 09:15 - 2014-05-01 09:15 - 00463360 _____ () C:\Users\Quadcore\AppData\Local\MEGAsync\ShellExtX32.dll
2016-02-13 13:04 - 2016-01-28 12:32 - 40523456 ____N () C:\Program Files\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-05 15:24 - 2016-07-05 15:24 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00244536 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-02-13 13:04 - 2016-01-28 12:32 - 01365696 ____N () C:\Program Files\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2016-02-13 13:04 - 2016-01-28 12:32 - 00219328 ____N () C:\Program Files\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2016-02-13 13:04 - 2016-01-22 13:54 - 31420080 ____N () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-01-21 00:22 - 2016-01-21 00:22 - 00124416 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-01-21 00:22 - 2016-01-21 00:22 - 00188416 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-01-21 00:23 - 2016-01-21 00:23 - 00121344 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-01-21 00:23 - 2016-01-21 00:23 - 00129536 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-02-12 10:24 - 2016-02-12 10:24 - 00089280 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin7.dll
2016-01-21 00:22 - 2016-01-21 00:22 - 00081408 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-10-27 10:35 - 2016-10-27 10:12 - 66011856 _____ () C:\Program Files\Opera\41.0.2353.46\opera.dll
2016-10-27 10:35 - 2016-10-27 10:11 - 01888464 _____ () C:\Program Files\Opera\41.0.2353.46\libglesv2.dll
2016-10-27 10:35 - 2016-10-27 10:11 - 00094416 _____ () C:\Program Files\Opera\41.0.2353.46\libegl.dll
2015-10-23 20:00 - 2015-10-23 20:00 - 00586240 _____ () C:\Program Files\WinZip\adxloader.dll
2016-11-04 16:59 - 2016-11-04 16:59 - 01309184 _____ () C:\Users\Quadcore\Desktop\zoek.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Quadcore\Cookies:cyR0Jl4vtf2PvNwP1rY0rn [2584]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\bcp.com.pe -> hxxps://www.bcp.com.pe
IE trusted site: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\gob.ve -> hxxps://www.mppre.gob.ve
IE trusted site: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\google.com.pe -> hxxps://www.google.com.pe
IE trusted site: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\viabcp.com -> hxxps://bcpzonasegura.viabcp.com
IE restricted site: HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\atajitos.com -> hxxp://www.atajitos.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2016-10-28 12:28 - 00000970 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Quadcore\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Utilidad de configuración inalámbrica de TP-LINK.lnk => C:\Windows\pss\Utilidad de configuración inalámbrica de TP-LINK.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPSON Stylus CX4700 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /F "C:\Windows\TEMP\E_S36C.tmp" /EF "HKLM"
MSCONFIG\startupreg: EPSON Stylus CX4700 Series (Copiar 1) => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /F "C:\Windows\TEMP\E_SAE39.tmp" /EF "HKLM"
MSCONFIG\startupreg: EPSON Stylus CX4700 Series c12 => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /F "C:\Windows\TEMP\E_SCFC5.tmp" /EF "HKLM"
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: rUpdater1 => C:\Program Files\rUpdater\rUpdater_agent.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8C897590-EF70-4564-ACEC-D5CB842F3D96}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C1A86759-5BCD-46BF-8E0C-8E121503D48F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{965FC50B-8A1D-45C8-A507-AAFC0F1617A3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6F983658-EF50-40C1-83D9-6EBAE11D306C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D8F04CDA-11B3-47E0-8659-F7B53F81870E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{4508DB02-1700-4B09-8A22-5977E69BA6EE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{F4254BF5-7D45-4F8B-AECD-05A6CD2F513D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{9655445B-CA1F-4E0A-8AE4-B232C37B5EC2}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B1EDB53F-9ED4-48ED-9FF3-86A3F75DE268}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{5E3C65D8-EA95-45DD-9376-0C4A97217FB1}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{3EB2DF51-ACD0-43EF-A3C6-78CA0910859A}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{B7A46E60-1789-4D8F-A29F-B8F7AF11B366}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{CB5BA1E2-6856-4DE2-98F7-4CF4D1C64549}] => (Allow) C:\Program Files\DolbyAxon\Axon.exe
FirewallRules: [{C15CCE0D-2C03-46D4-B9F5-00C2A331A28B}] => (Allow) C:\Program Files\DolbyAxon\Axon.exe
FirewallRules: [{8CF1FB63-592F-4D78-A620-9D94FB895C16}] => (Allow) C:\Users\Quadcore\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{36F987D6-3694-4A91-9BDC-180E6E1F8DF7}] => (Allow) C:\Users\Quadcore\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{CD423028-859F-4F55-8889-018741E26704}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{94B64917-02BD-4B72-968D-2DE4962F0A80}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{94407791-1131-4B7D-9591-A86E7DA10582}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{333D113F-474B-4B2F-9E6E-3706CDBAD732}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [{9B7404C6-4BCE-475D-9BCE-B9A58A9928B3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{976E9E1A-215A-45F1-A876-00B65FFBB229}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9249CB7C-34CB-4335-9F66-84310E7202FC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{28F4E3F6-14AF-445E-9935-9E4216D01732}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{AA8E7530-B9E7-44CD-8533-E55D753A3296}C:\program files\raidcall\raidcall.exe] => (Allow) C:\program files\raidcall\raidcall.exe
FirewallRules: [UDP Query User{9BF86C12-7D94-4587-B83D-D87CDA34E847}C:\program files\raidcall\raidcall.exe] => (Allow) C:\program files\raidcall\raidcall.exe
FirewallRules: [TCP Query User{A0626C51-D1E5-49DA-BA66-09A4B4B0D0FE}F:\juegos\gamepad para ps4\zsnesw.exe] => (Allow) F:\juegos\gamepad para ps4\zsnesw.exe
FirewallRules: [UDP Query User{7F398B33-0407-427C-8C76-0943970B2F12}F:\juegos\gamepad para ps4\zsnesw.exe] => (Allow) F:\juegos\gamepad para ps4\zsnesw.exe
FirewallRules: [TCP Query User{4A83DC87-BA5F-489D-83BD-E1E6528A8F96}F:\juegos\znes9\zsnesw.exe] => (Allow) F:\juegos\znes9\zsnesw.exe
FirewallRules: [UDP Query User{D8C7377B-83B7-4686-A0AF-86C8BF5E6F0A}F:\juegos\znes9\zsnesw.exe] => (Allow) F:\juegos\znes9\zsnesw.exe
FirewallRules: [{AF9D8FBB-F356-4285-8344-1FA6D68B35EC}] => (Block) F:\juegos\znes9\zsnesw.exe
FirewallRules: [{AC8C9B7A-F00A-4DD1-9B72-35862C4F3DEC}] => (Block) F:\juegos\znes9\zsnesw.exe
FirewallRules: [TCP Query User{6C253C8A-7C7F-498C-A1EA-8F4393514DA2}C:\users\quadcore\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\quadcore\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{65C04453-E769-49C8-B721-620A3D2FAEDB}C:\users\quadcore\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\quadcore\appdata\local\akamai\netsession_win.exe
FirewallRules: [{7D1D0884-088D-4412-8320-B25F40A70586}] => (Allow) C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{15C77BB3-A3C5-47FB-8BF8-31E700B28C97}C:\program files\avid\pro tools\protools.exe] => (Allow) C:\program files\avid\pro tools\protools.exe
FirewallRules: [UDP Query User{71AEAAEF-F5DF-4A3B-9E4C-605CE05C2359}C:\program files\avid\pro tools\protools.exe] => (Allow) C:\program files\avid\pro tools\protools.exe
FirewallRules: [{9FFB0033-B670-4430-AFF1-9063CA0E3D32}] => (Block) C:\program files\avid\pro tools\protools.exe
FirewallRules: [{4839BAA5-509E-489F-897B-108A4ED19F8E}] => (Block) C:\program files\avid\pro tools\protools.exe
FirewallRules: [{86C386E6-2D2C-490C-AD2B-467970B3A08E}] => (Allow) C:\Program Files\RaidCall\rcplugin.exe
FirewallRules: [{0729DA14-5AC8-4F20-8877-8D224315BE15}] => (Allow) C:\Program Files\RaidCall\rcplugin.exe
FirewallRules: [TCP Query User{5707E8A3-9335-47B0-B6E2-48670E54B8B5}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{92029D05-4A8E-4B8C-A41B-20563F88EDFB}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [{5EE7A43F-A26A-49E0-B9AD-6C49C7EC9512}] => (Allow) C:\Program Files\Tunngle\TnglCtrl.exe
FirewallRules: [{9F454B6A-9616-4D6D-A98C-DDADB29F4D92}] => (Allow) C:\Program Files\Tunngle\TnglCtrl.exe
FirewallRules: [{B8477BCA-CEAA-44E8-ADEE-1D4C188E6F45}] => (Allow) C:\Program Files\Tunngle\Tunngle.exe
FirewallRules: [{3D476B56-D5FD-4235-84CC-25F9F6763BB9}] => (Allow) C:\Program Files\Tunngle\Tunngle.exe
FirewallRules: [{77A139FD-AA04-4744-91DD-54F546354A25}] => (Allow) C:\Program Files\RaidCall\rcplugin.exe
FirewallRules: [{312FEF74-5C9E-4663-B882-6A20DB09ABD1}] => (Allow) C:\Program Files\RaidCall\rcplugin.exe
FirewallRules: [TCP Query User{E9F73A1E-0A91-459C-932A-6EBC92E75C32}C:\program files\valve\hl.exe] => (Block) C:\program files\valve\hl.exe
FirewallRules: [UDP Query User{EB0B77E4-CE3D-4061-AEC1-FAAA2E3EDB42}C:\program files\valve\hl.exe] => (Block) C:\program files\valve\hl.exe
FirewallRules: [TCP Query User{63C82CB9-F73F-407E-9DBA-D23EA9D97FED}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{AD229737-C290-48E0-A9C1-90F3D2A4339B}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{775F0B7A-8229-46E6-89BD-CAA22E88D16D}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [UDP Query User{FBA10630-7E7C-4B16-B8B0-4CB67E5DC83F}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{5233E65F-5C47-42CF-9A38-628C9F1EC2CF}] => (Allow) C:\Program Files\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{2294E200-0496-4D39-BE32-647964E284C1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{5960F760-9E9C-4081-A036-5325835D609A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{1692ECB2-8372-4986-B479-95A345D8B2C2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F35682EC-D429-425E-8799-9266AC46E40A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F8EBB318-05CA-4BA0-BB0A-79631FF5F79A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A608C856-94C1-46F3-A3AB-3197E1E91BE7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F9E20FF0-7180-41F8-AB26-724683779818}] => (Allow) C:\Program Files\Remotr\RemotrServer.exe
FirewallRules: [{8FE1FB95-113B-412B-BEE1-5FC18AA71FE7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
30-10-2016 18:37:18 Punto de control programado
01-11-2016 02:07:46 Malwarebytes Anti-Rootkit Restore Point
01-11-2016 13:04:24 Removed Microsoft Report Viewer 2012 Runtime
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/04/2016 04:59:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\MAMA2\Downloads\Archivos Instalables Antivirus\Speccy64.exe".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
 
Error: (11/04/2016 04:59:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\MAMA2\Downloads\Archivos Instalables Antivirus\Speccy64.exe".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
 
Error: (11/04/2016 04:14:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: EXCEL.EXE, versión: 15.0.4779.1001, marca de tiempo: 0x564c261b
Nombre del módulo con errores: mso.dll, versión: 15.0.4701.1000, marca de tiempo: 0x54d9bfd6
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x007c0a85
Id. del proceso con errores: 0x14e0
Hora de inicio de la aplicación con errores: 0x01d236e05e587677
Ruta de acceso de la aplicación con errores: C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
Ruta de acceso del módulo con errores: C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
Id. del informe: aef07b84-a2d3-11e6-9c72-bc5ff400a7ec
 
Error: (11/04/2016 08:37:40 AM) (Source: MsiInstaller) (EventID: 1024) (User: Quadcore-PC)
Description: Producto: Microsoft Visual Studio 2010 Shell (Isolated) - ENU - la actualización "KB2251489" no se pudo instalar. Código de error 1603. Windows Installer no puede crear registros para ayudar a solucionar problemas de instalación de paquetes de software. Use el vínculo siguiente para obtener instrucciones sobre la activación de la compatibilidad de registro: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/04/2016 08:37:40 AM) (Source: MsiInstaller) (EventID: 1021) (User: Quadcore-PC)
Description: Producto: Microsoft Visual Studio 2010 Shell (Isolated) - ENU - la actualización "KB983509" no se pudo quitar. Código de error 1603. Windows Installer no puede crear registros para ayudar a solucionar problemas de instalación de paquetes de software. Use el vínculo siguiente para obtener instrucciones sobre la activación de la compatibilidad de registro: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/04/2016 08:37:40 AM) (Source: MsiInstaller) (EventID: 1021) (User: Quadcore-PC)
Description: Producto: Microsoft Visual Studio 2010 Shell (Isolated) - ENU - la actualización "KB983509" no se pudo quitar. Código de error 1603. Windows Installer no puede crear registros para ayudar a solucionar problemas de instalación de paquetes de software. Use el vínculo siguiente para obtener instrucciones sobre la activación de la compatibilidad de registro: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/04/2016 08:37:40 AM) (Source: MsiInstaller) (EventID: 11712) (User: Quadcore-PC)
Description: Product: Microsoft Visual Studio 2010 Shell (Isolated) - ENU -- Error 1712.One or more of the files required to restore your computer to its previous state could not be found.  Restoration will not be possible.
 
Error: (11/04/2016 08:37:12 AM) (Source: MsiInstaller) (EventID: 11706) (User: Quadcore-PC)
Description: Product: Microsoft Visual Studio 2010 Shell (Isolated) - ENU -- Error 1706.An installation package for the product Microsoft Visual Studio 2010 Shell (Isolated) - ENU cannot be found. Try the installation again using a valid copy of the installation package 'vs_setup.msi'.
 
Error: (11/04/2016 07:31:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe".
No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
 
Error: (11/04/2016 07:29:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "c:\program files\runtime software\driveimage xml\vss64.exe".
No se encontró el ensamblado dependiente Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Use sxstrace.exe para obtener un diagnóstico detallado.
 
 
System errors:
=============
Error: (11/04/2016 03:38:36 PM) (Source: Schannel) (EventID: 4108) (User: Quadcore-PC)
Description: El certificado recibido del servidor remoto no se validó correctamente. El código de error es 0x80092012. Error en la solicitud de conexión SSL. Los datos adjuntos contienen el certificado del servidor.
 
Error: (11/04/2016 03:38:36 PM) (Source: Schannel) (EventID: 4120) (User: Quadcore-PC)
Description: Se generó la siguiente alerta irrecuperable: 43. El estado del error interno es 552.
 
Error: (11/04/2016 03:38:27 PM) (Source: Schannel) (EventID: 4108) (User: Quadcore-PC)
Description: El certificado recibido del servidor remoto no se validó correctamente. El código de error es 0x80092012. Error en la solicitud de conexión SSL. Los datos adjuntos contienen el certificado del servidor.
 
Error: (11/04/2016 03:38:27 PM) (Source: Schannel) (EventID: 4120) (User: Quadcore-PC)
Description: Se generó la siguiente alerta irrecuperable: 43. El estado del error interno es 552.
 
Error: (11/04/2016 03:38:22 PM) (Source: Schannel) (EventID: 4108) (User: Quadcore-PC)
Description: El certificado recibido del servidor remoto no se validó correctamente. El código de error es 0x80092012. Error en la solicitud de conexión SSL. Los datos adjuntos contienen el certificado del servidor.
 
Error: (11/04/2016 03:38:22 PM) (Source: Schannel) (EventID: 4120) (User: Quadcore-PC)
Description: Se generó la siguiente alerta irrecuperable: 43. El estado del error interno es 552.
 
Error: (11/04/2016 03:38:20 PM) (Source: Schannel) (EventID: 4108) (User: Quadcore-PC)
Description: El certificado recibido del servidor remoto no se validó correctamente. El código de error es 0x80092012. Error en la solicitud de conexión SSL. Los datos adjuntos contienen el certificado del servidor.
 
Error: (11/04/2016 03:38:20 PM) (Source: Schannel) (EventID: 4120) (User: Quadcore-PC)
Description: Se generó la siguiente alerta irrecuperable: 43. El estado del error interno es 552.
 
Error: (11/04/2016 09:38:14 AM) (Source: Schannel) (EventID: 4108) (User: Quadcore-PC)
Description: El certificado recibido del servidor remoto no se validó correctamente. El código de error es 0x80092012. Error en la solicitud de conexión SSL. Los datos adjuntos contienen el certificado del servidor.
 
Error: (11/04/2016 09:38:14 AM) (Source: Schannel) (EventID: 4120) (User: Quadcore-PC)
Description: Se generó la siguiente alerta irrecuperable: 43. El estado del error interno es 552.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 90%
Total physical RAM: 2013.09 MB
Available physical RAM: 196.12 MB
Total Virtual: 4026.17 MB
Available Virtual: 1308.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:235.83 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3A2E3A2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

The computer stills presenting the problem, and the custom search hasnt dissapeared yet. Also I uploaded the Log from FRST updated.


#4 laise91

laise91
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 04 November 2016 - 06:58 PM

This is from zoek results after reboot. Still presenting the problem in google and the IPconfig.exe command popping out.
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Quadcore\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 04/11/2016 at 18:43:05.05 ======================


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:32 PM

Posted 05 November 2016 - 09:12 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
(Microsoft Corporation) C:\Program Files\XBox\XBLive.exe
(© 2015 Microsoft Corporation) C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [BingSvc] => C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2172032273-4216305309-2282011400-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2172032273-4216305309-2282011400-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [S-1-5-21-2172032273-4216305309-2282011400-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-20]
CHR Extension: (Chrome Media Router) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24]
CHR HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [2121728 2016-05-27] (Microsoft Corporation) [File not signed]
R2 XBox; C:\Program Files\XBox\XBLive.exe [4992952 2016-05-25] (Microsoft Corporation)
Task: {25F9E0FE-18A4-4F6F-AEE6-7D867F9184C2} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
AlternateDataStreams: C:\Users\Quadcore\Cookies:cyR0Jl4vtf2PvNwP1rY0rn [2584]
S2 Remotr Service; C:\Program Files\Remotr\RemotrService.exe [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
C:\ProgramData\Windows Security
C:\Program Files\XBox
C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
C:\Windows\AutoKMS

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
<<<>>>

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 7 Update 67 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)

<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

p.s.
If the IPconfig.exes command is still popping out please post the exact message.

#6 laise91

laise91
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 06 November 2016 - 02:00 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 03-11-2016
Ran by Quadcore (05-11-2016 17:48:29) Run:6
Running from C:\Users\Quadcore\Desktop
Loaded Profiles: Quadcore & MSSQLSERVER (Available Profiles: Quadcore & MSSQLSERVER)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
 
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
(Microsoft Corporation) C:\Program Files\XBox\XBLive.exe
(© 2015 Microsoft Corporation) C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\...\Run: [BingSvc] => C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2172032273-4216305309-2282011400-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2172032273-4216305309-2282011400-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [S-1-5-21-2172032273-4216305309-2282011400-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-20]
CHR Extension: (Chrome Media Router) - C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24]
CHR HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [2121728 2016-05-27] (Microsoft Corporation) [File not signed]
R2 XBox; C:\Program Files\XBox\XBLive.exe [4992952 2016-05-25] (Microsoft Corporation)
Task: {25F9E0FE-18A4-4F6F-AEE6-7D867F9184C2} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
AlternateDataStreams: C:\Users\Quadcore\Cookies:cyR0Jl4vtf2PvNwP1rY0rn [2584]
S2 Remotr Service; C:\Program Files\Remotr\RemotrService.exe [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
C:\ProgramData\Windows Security
C:\Program Files\XBox
C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
C:\Windows\AutoKMS
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= ipconfig /flushdns =========
 
 
Configuraci¢n IP de Windows
 
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Configuraci¢n IP de Windows
 
No se puede realizar ninguna operaci¢n en JACKIEHTK mientras los medios
est‚n desconectados.
 
Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica 2:
 
   Sufijo DNS espec¡fico para la conexi¢n. . : 
   Puerta de enlace predeterminada . . . . . : 
 
Adaptador de Ethernet JACKIEHTK:
 
   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : hitronhub.home
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Configuraci¢n IP de Windows
 
No se puede realizar ninguna operaci¢n en JACKIEHTK mientras los medios
est‚n desconectados.
 
Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica 2:
 
   Sufijo DNS espec¡fico para la conexi¢n. . : hitronhub.home
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.2
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1
 
Adaptador de Ethernet JACKIEHTK:
 
   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : hitronhub.home
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Aceptar
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Aceptar
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset c:\resetlog.txt =========
 
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
No hay valores configurados por el usuario para restablecer.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {97BF5325-B19D-484C-96BD-B4310BC77399}.
{D7B517CE-C83C-481D-88F1-6267B152432B} canceled.
1 out of 2 jobs canceled.
 
========= End of CMD: =========
 
C:\ProgramData\Windows Security\winsecurity.exe
C:\ProgramData\Windows Security\winsecurity.exe => No running process found
C:\Program Files\XBox\XBLive.exe
C:\Program Files\XBox\XBLive.exe => No running process found
C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc\BingSvc.exe => No running process found
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key removed successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
"HKU\S-1-5-21-2172032273-4216305309-2282011400-1000\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => key removed successfully.
WindowsSecurity => service removed successfully.
XBox => service removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{25F9E0FE-18A4-4F6F-AEE6-7D867F9184C2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25F9E0FE-18A4-4F6F-AEE6-7D867F9184C2}" => key removed successfully.
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully..
C:\Users\Quadcore\Cookies => ":cyR0Jl4vtf2PvNwP1rY0rn" ADS removed successfully..
Remotr Service => service not found.
RimUsb => service removed successfully.
C:\ProgramData\Windows Security => moved successfully
C:\Program Files\XBox => moved successfully
C:\Users\Quadcore\AppData\Local\Microsoft\BingSvc => moved successfully
"C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\Quadcore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm" => not found.
C:\Windows\AutoKMS => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13497633 B
Java, Flash, Steam htmlcache => 56696195 B
Windows/system/drivers => 34309 B
Edge => 0 B
Chrome => 218229244 B
Firefox => 20748942 B
Opera => 63768873 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
LocalService => 0 B
NetworkService => 584 B
Quadcore => 48317771 B
Administrador => 0 B
MSSQLSERVER => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 409.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:50:33 ====
 
Thanks, the computer is running well. Ipconfig.exe dissapeared. Thank you so much.
 
Luis


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:32 PM

Posted 06 November 2016 - 02:22 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users