Jump to content

Recommended Posts

So, a week or so ago I asked for help because I thought MBAM was malfunctioning, it got solved but I also discovered that the threath scan isn't a full scan, so I did a custom scan to search for viruses in all my hard drive.

It discovered five PUPs (and the guy who was helping me noticed another one called FXWebPlayer, but that scan didn't detect it for some reason, so it stills on my PC).

I'll leave here the FRST logs and the MBAM one that detected the PUPs, all five of them are quarantined.

Also, sorry if my English is bad.

If anything more is needed to help me, tell me and I'll reply with the thing needed the fastest posible.

Thanks in advance.

Addition.txt

FRST.txt

mbam full scan.txt

Link to post
Share on other sites
  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
 

Link to post
Share on other sites

 

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

 

 

 

 

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)

 

STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

 

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02

Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

 

 

 

First of all, thanks for helping me.

About the cracked software, cracks an all that, it's from my previous computer, when I upgraded from XP to Windows 7 it created a folder called Program Files, I have two Program Files on my PC, I'll include an image so you can see.

The problem is that when I tried to delete that folder, it deleted some folders, but some others remained, it said something like I hadn't permission to do that or something like that, I did it as an administrator.

In another forum the guy who is helping me has gave me a pair of commands for the CMD that will give me permission to delete that folder, anyways he warned me that deleting that folder could be dangerous, as maybe some programs might be still using it, plus that in the instructions tells that I shouldn't delete/unistall any programs, I'll leave the folder there and I'll delete it when I'm over with this PUP thing, seriously, I really want to delete that folder, it occupies like 60 GB.

However, back to the important, while installing Erunt, I couldn't find an option to not adding an Entry to the Startup folder, do I need to just leave it in blank or I need to do something more that I'm not seeing?

post-191765-0-79938500-1441548280_thumb.

Link to post
Share on other sites
  • Root Admin

For now just ignore the ERUNT error and do the following.

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

For now just ignore the ERUNT error and do the following.

 

Please go ahead and run through the following steps and post back the logs when ready.

 

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

Alright, sorry that it took too long, here you have all the logs.

Also, I deleted all the cracked/pirated software I could find out of the old Program Files folder, as I said, I want to delete that folder later, but if you tell me that I can delete that folder without problems, I'll do it and I think that will be it.

And, a question, can I install Windows updates or they're included on the rule of "Don't download, install/unistall any programs or modify the registry"?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Home Premium x86
Ran by PAQUITO on 09/09/2015 at 17:13:00,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\PAQUITO\AppData\Roaming\speedrunnerslog.txt
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\PAQUITO\AppData\Roaming\convert audio free
Successfully deleted: [Folder] C:\Users\PAQUITO\AppData\Roaming\new version available
Successfully deleted: [Folder] C:\Users\PAQUITO\AppData\Roaming\3909
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\PAQUITO\AppData\Roaming\mozilla\firefox\profiles\jagjklbn.default\minidumps [1 files]
 
 
 
~~~ Chrome
 
 
[C:\Users\PAQUITO\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\PAQUITO\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\PAQUITO\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\PAQUITO\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/09/2015 at 17:14:54,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v5.005 - Registro generado 09/09/2015 en 17:22:10
# Actualizado 31/08/2015 por Xplode
# Base de datos : 2015-09-08.2 [servidor]
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (x86)
# Nombre de usuario : PAQUITO - PAQUITO-PC
# Ejecutado desde : C:\Users\PAQUITO\Desktop\adwcleaner_5.005.exe
# Opción : Escanear
 
***** [ Servicios ] *****
 
 
***** [ Carpetas ] *****
 
 
***** [ Archivos ] *****
 
 
***** [ Accesos directos ] *****
 
 
***** [ Tareas programadas ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores Web ] *****
 
 
*************************
 
C:\AdwCleaner[C4].txt - [1054 bytes] - [17/08/2015 23:04:54]
C:\AdwCleaner[C5].txt - [1692 bytes] - [25/08/2015 20:06:33]
C:\AdwCleaner[s68].txt - [896 bytes] - [17/08/2015 23:03:08]
C:\AdwCleaner[s69].txt - [900 bytes] - [17/08/2015 23:18:07]
C:\AdwCleaner[s70].txt - [963 bytes] - [18/08/2015 14:17:13]
C:\AdwCleaner[s71].txt - [1026 bytes] - [19/08/2015 15:34:13]
C:\AdwCleaner[s72].txt - [1091 bytes] - [19/08/2015 20:15:22]
C:\AdwCleaner[s73].txt - [1155 bytes] - [19/08/2015 23:49:37]
C:\AdwCleaner[s74].txt - [1220 bytes] - [20/08/2015 20:08:06]
C:\AdwCleaner[s75].txt - [1284 bytes] - [21/08/2015 23:36:50]
C:\AdwCleaner[s76].txt - [1348 bytes] - [22/08/2015 18:35:06]
C:\AdwCleaner[s77].txt - [1412 bytes] - [22/08/2015 20:16:05]
C:\AdwCleaner[s78].txt - [1590 bytes] - [25/08/2015 20:05:29]
C:\AdwCleaner[s79].txt - [1603 bytes] - [25/08/2015 20:18:06]
C:\AdwCleaner[s80].txt - [1667 bytes] - [25/08/2015 20:27:12]
C:\AdwCleaner[s81].txt - [1731 bytes] - [28/08/2015 16:16:33]
C:\AdwCleaner[s82].txt - [1795 bytes] - [28/08/2015 21:10:46]
C:\AdwCleanerDebug.txt - [55 bytes] - [06/12/2014 13:13:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s87].txt - [1774 bytes] ##########
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Fecha del análisis: 09/09/2015
Hora del análisis: 17:24
Archivo de registro: mbam log.txt
Administrador: Sí
 
Versión: 2.1.8.1057
Base de datos de malwares: v2015.09.09.05
Base de datos de rootkits: v2015.08.16.01
Licencia: Gratis
Protección contra el malware: Desactivado
Protección contra sitios web maliciosos: Desactivado
Autoprotección: Desactivado
 
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: PAQUITO
 
Tipo de análisis: Análisis de amenazas
Resultado: Completado
Objetos analizados: 315672
Tiempo transcurrido: 16 min, 42 seg
 
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Activado
PUM: Activado
 
Procesos: 0
(No hay elementos maliciosos detectados)
 
Módulos: 0
(No hay elementos maliciosos detectados)
 
Claves del registro: 0
(No hay elementos maliciosos detectados)
 
Valores del registro: 0
(No hay elementos maliciosos detectados)
 
Datos del registro: 0
(No hay elementos maliciosos detectados)
 
Carpetas: 0
(No hay elementos maliciosos detectados)
 
Archivos: 0
(No hay elementos maliciosos detectados)
 
Sectores físicos: 0
(No hay elementos maliciosos detectados)
 
 
(end)
 
 
C:\Users\PAQUITO\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\PAQUITO\Downloads\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\PAQUITO\Downloads\ccsetup504.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\PAQUITO\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\PAQUITO\Downloads\ccsetup507.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\PAQUITO\Downloads\ccsetup508.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\PAQUITO\Downloads\ccsetup509.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

FRST.txt

Addition.txt

Link to post
Share on other sites
  • Root Admin

Windows Search is crashing. Please try to visit the Microsoft Fixit Center and run their tool to try to fix Windows Search.

https://support.microsoft.com/en-us/mats/windows_search

Full link to English site: https://support.microsoft.com/en-us/mats/windows_search/en-us

Then run the following.

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.
Next:

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
Link to post
Share on other sites

Alright, so, I ran the Microsoft Fix it tool and it didn't detect anything, it might be because on my previous thread I alredy did that, I'll leave the link to the thread here, it might have been a good idea to do it since the begining.

https://forums.malwarebytes.org/index.php?/topic/172079-malwarebytes-taking-less-time-to-do-a-scan-than-normally-does/

Also, I runned TFC and it didn't asked me to restart, I will keep the program as by the logs, it seems that something fishy is going on with CCleaner and I use that program to clean up the tempory files.

And a question that in part I alredy suposse the answer, I shouldn't install Java again right?, even after we finish with the malware removal.

And here is the JavaRa log.

 

JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Fri Sep 11 18:31:03 2015
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
 
Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
 
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
 
Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
 
Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 
Found and removed: SOFTWARE\JavaSoft
 
Found and removed: SOFTWARE\JreMetrics
 
Found and removed: SOFTWARE\Classes\JavaPlugin.10512
 
------------------------------------
 
Finished reporting.
 
Link to post
Share on other sites
  • Root Admin

Sorry for the delay. Please restart the computer 2 times. Then run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs when ready.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

Link to post
Share on other sites

Sorry for the delay. Please restart the computer 2 times. Then run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs when ready.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.

 

 

Alright, done, but read this is important.

So, something weird is happenning in my PC, Skype keeps changing to absent when I restart the PC, and after a blackout that caught me with the PC on, when I turned the PC on back again, all my bookmarks from Chrome dissapeared, and there was no desktop backgroung.

I needed to restore the bookmark file to an older version (now I have a backup of it) and the desktop thing got solved after a restart.

Do you have any idea why could have happen?

 

Here you have the logs now.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-09-2015
Ran by PAQUITO (administrator) on PAQUITO-PC (15-09-2015 20:52:27)
Running from C:\Users\PAQUITO\Desktop
Loaded Profiles: PAQUITO (Available Profiles: PAQUITO)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Electronic Arts) C:\Program Files\Origin\Origin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-18] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3638256 2015-09-02] (Electronic Arts)
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-07-31] (SUPERAntiSpyware)
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\Run: [Dropbox Update] => C:\Users\PAQUITO\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-04-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\PAQUITO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 62.81.16.164 62.81.16.213
Tcpip\..\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E}: [DhcpNameServer] 62.81.16.164 62.81.16.213
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://es.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\PAQUITO\AppData\Roaming\Mozilla\Firefox\Profiles\jagjklbn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @fxinteractive.com/fxplanet -> C:\ProgramData\FXWebPlayer\npfxplanet.dll [2014-06-29] (FX Interactive)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1362683625-464017601-2693293631-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PAQUITO\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.youtube.com/feed/subscriptions#password
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-08-31]
CHR Extension: (Google Drive) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (YouTube) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-12]
CHR Extension: (Adblock Plus) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-12]
CHR Extension: (Búsqueda de Google) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (Myinstants) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggacdedkdoacbemcilniodecinpfkgi [2014-08-31]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Avast Online Security) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-19]
CHR Extension: (Don't Starve) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc [2014-08-31]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-06]
CHR Extension: (Little Alchemy) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-08-31]
CHR Extension: (Google Play) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-08-31]
CHR Extension: (Instant Sounds) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgiigejdempgibflnpfbimpgjhpofpj [2014-08-31]
CHR Extension: (Plants vs Zombies) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-08-31]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12]
CHR Extension: (Gmail) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [921208 2015-08-18] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-18] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4305016 2015-08-18] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2057736 2015-09-02] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl9649a20d; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC42523C-DB69-478A-862C-11C75DE16951}\MpKsl9649a20d.sys [39168 2015-09-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18552 2015-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44840 2015-08-11] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 eapihdrv; \??\C:\Users\PAQUITO\AppData\Local\Temp\ehdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-15 20:52 - 2015-09-15 20:53 - 00015172 _____ C:\Users\PAQUITO\Desktop\FRST.txt
2015-09-15 16:23 - 2015-09-15 19:40 - 00000291 _____ C:\Users\PAQUITO\Documents\sorteo.txt
2015-09-14 14:50 - 2015-09-14 14:50 - 00001491 _____ C:\Users\PAQUITO\AppData\Local\recently-used.xbel
2015-09-13 20:17 - 2015-09-13 20:17 - 01660416 _____ C:\Users\PAQUITO\Downloads\adwcleaner_5.007.exe
2015-09-13 18:19 - 2015-09-13 18:19 - 00000431 _____ C:\Users\PAQUITO\Documents\nuclear error.txt
2015-09-13 15:18 - 2015-09-13 15:18 - 00000204 _____ C:\Users\PAQUITO\Documents\problema rpg maker.txt
2015-09-11 18:31 - 2015-09-11 18:31 - 00003958 _____ C:\JavaRa.log
2015-09-11 17:03 - 2015-09-11 17:03 - 00347816 _____ (Microsoft Corporation) C:\Users\PAQUITO\Downloads\MicrosoftFixit.Search.RNP.199364116432200249.6.2.Run.exe
2015-09-09 19:46 - 2015-09-11 18:39 - 00000000 ____D C:\Users\PAQUITO\Desktop\logs foro mbam
2015-09-09 17:46 - 2015-09-09 17:46 - 02870984 _____ (ESET) C:\Users\PAQUITO\Downloads\esetsmartinstaller_enu.exe
2015-09-09 17:09 - 2015-09-09 17:09 - 294222448 _____ C:\Users\PAQUITO\Documents\registro copia mbam.reg
2015-09-09 16:31 - 2015-09-09 16:31 - 01799392 _____ (Malwarebytes Corporation) C:\Users\PAQUITO\Downloads\JRT.exe
2015-09-09 15:32 - 2015-09-09 15:32 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\PAQUITO\Downloads\rkill.exe
2015-09-09 14:34 - 2015-08-05 19:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 14:34 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 14:34 - 2015-08-05 19:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 14:34 - 2015-08-04 19:59 - 03995584 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-09 14:34 - 2015-08-04 19:59 - 03939776 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 14:34 - 2015-08-04 19:55 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 14:34 - 2015-08-04 19:52 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 14:34 - 2015-08-04 19:51 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 14:33 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 14:33 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 14:33 - 2015-09-02 04:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 14:33 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 14:33 - 2015-09-02 03:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 14:33 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 14:33 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 14:33 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 14:33 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 14:33 - 2015-08-15 07:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 14:33 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 14:33 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 14:33 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 14:33 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 14:33 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 14:33 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 14:33 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 14:33 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 14:33 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 14:33 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 14:33 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 14:33 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 14:33 - 2015-08-15 07:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 14:33 - 2015-08-15 07:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 14:33 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 14:33 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 14:33 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 14:33 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 14:33 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 14:33 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 14:33 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 14:33 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 14:33 - 2015-08-15 07:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 14:33 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 14:33 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 14:33 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 14:33 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 14:33 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 14:33 - 2015-08-04 19:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 14:33 - 2015-08-04 19:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 14:33 - 2015-08-04 19:52 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 14:33 - 2015-08-04 19:52 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 14:33 - 2015-08-04 19:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 14:33 - 2015-08-04 19:51 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 14:33 - 2015-08-04 19:51 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 14:33 - 2015-08-04 19:51 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 14:33 - 2015-08-04 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 14:33 - 2015-08-04 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 14:33 - 2015-08-04 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 14:33 - 2015-08-04 19:43 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 14:33 - 2015-08-04 18:58 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 14:33 - 2015-08-04 18:46 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 14:33 - 2015-08-04 18:45 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 14:33 - 2015-08-04 18:45 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-06 17:38 - 2015-09-06 17:38 - 18779208 _____ C:\Users\PAQUITO\Downloads\RogueKiller (7).exe
2015-09-06 15:46 - 2015-09-06 15:47 - 00791393 _____ (Lars Hederer ) C:\Users\PAQUITO\Downloads\erunt-setup.exe
2015-09-05 14:31 - 2015-08-26 19:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-05 14:31 - 2015-08-26 19:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-05 14:31 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-05 14:31 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-05 14:31 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-05 14:31 - 2015-08-26 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-05 14:31 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-05 14:31 - 2015-08-26 19:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-05 14:31 - 2015-08-26 19:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-05 14:31 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-05 14:31 - 2015-08-26 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-04 14:27 - 2015-09-04 14:27 - 00000000 ____D C:\Users\PAQUITO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-02 20:39 - 2015-09-02 20:39 - 00000450 _____ C:\Users\PAQUITO\Documents\cc_20150902_203913.reg
2015-09-02 20:36 - 2015-09-02 20:36 - 01654272 _____ C:\Users\PAQUITO\Downloads\adwcleaner_5.005.exe
2015-09-02 20:29 - 2015-09-02 20:29 - 00002054 _____ C:\Users\PAQUITO\Documents\mbam full scan.txt
2015-09-02 20:18 - 2015-09-02 20:18 - 00001313 _____ C:\mbam full scan.txt
2015-09-02 16:08 - 2015-09-02 16:08 - 00003728 ____N C:\bootsqm.dat
2015-09-02 13:37 - 2015-09-02 13:37 - 00347816 _____ (Microsoft Corporation) C:\Users\PAQUITO\Downloads\MicrosoftFixit.Search.RNP.199364116432200249.3.1.Run.exe
2015-09-02 13:32 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-02 13:32 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-02 13:32 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-02 13:32 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-29 20:07 - 2015-09-01 20:21 - 00000000 ____D C:\Users\PAQUITO\AppData\Local\Fingered
2015-08-28 21:10 - 2015-08-28 21:11 - 00001795 _____ C:\AdwCleaner[s82].txt
2015-08-28 16:16 - 2015-08-28 16:17 - 00001731 _____ C:\AdwCleaner[s81].txt
2015-08-28 16:16 - 2015-08-28 16:16 - 00001048 _____ C:\Users\PAQUITO\Documents\cc_20150828_161608.reg
2015-08-28 16:09 - 2015-09-13 20:20 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-28 16:08 - 2015-08-28 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-28 16:08 - 2015-08-28 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-28 16:08 - 2015-08-28 16:08 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-28 16:08 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-28 16:08 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-28 16:08 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-28 16:04 - 2015-09-03 13:27 - 00016146 _____ C:\Windows\PFRO.log
2015-08-28 11:41 - 2015-08-28 11:41 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-28 11:41 - 2015-08-28 11:41 - 00000000 ___RD C:\Program Files\Skype
2015-08-28 11:41 - 2015-08-28 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-28 11:41 - 2015-08-28 11:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-25 21:53 - 2015-08-25 21:53 - 18772040 _____ C:\Users\PAQUITO\Downloads\RogueKiller (6).exe
2015-08-25 20:27 - 2015-08-25 20:27 - 00001667 _____ C:\AdwCleaner[s80].txt
2015-08-25 20:18 - 2015-08-25 20:18 - 00001603 _____ C:\AdwCleaner[s79].txt
2015-08-25 20:17 - 2015-08-25 20:17 - 00000448 _____ C:\Users\PAQUITO\Documents\cc_20150825_201738.reg
2015-08-25 20:08 - 2015-09-15 20:41 - 00007056 _____ C:\Windows\setupact.log
2015-08-25 20:08 - 2015-08-25 20:08 - 00000000 _____ C:\Windows\setuperr.log
2015-08-25 20:06 - 2015-08-25 20:06 - 00001692 _____ C:\AdwCleaner[C5].txt
2015-08-25 20:05 - 2015-08-25 20:06 - 00001590 _____ C:\AdwCleaner[s78].txt
2015-08-25 20:04 - 2015-08-25 20:05 - 00004648 _____ C:\Users\PAQUITO\Documents\cc_20150825_200457.reg
2015-08-25 20:00 - 2015-08-25 20:00 - 06667640 _____ (Piriform Ltd) C:\Users\PAQUITO\Downloads\ccsetup509.exe
2015-08-25 19:59 - 2015-08-25 19:59 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\PAQUITO\Downloads\rkill (2).com
2015-08-25 14:14 - 2015-08-25 14:14 - 00000000 ____D C:\Users\PAQUITO\AppData\Roaming\NVIDIA
2015-08-24 22:50 - 2015-08-17 23:28 - 00606896 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2015-08-24 22:49 - 2015-08-18 01:28 - 04388016 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-08-24 22:49 - 2015-08-18 01:28 - 03062064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2015-08-24 22:49 - 2015-08-18 01:28 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-08-24 22:49 - 2015-08-18 01:28 - 00670512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-08-24 22:49 - 2015-08-18 01:28 - 00375088 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-08-24 22:49 - 2015-08-18 01:28 - 00061744 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-08-24 22:49 - 2015-08-18 00:02 - 05147024 _____ C:\Windows\system32\nvcoproc.bin
2015-08-24 22:48 - 2015-08-18 10:47 - 00060720 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 24200312 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 16128768 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 15294072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 14497568 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 11272048 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 11209376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 10704560 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-08-24 22:45 - 2015-08-18 10:47 - 03987576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 02824176 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 01059504 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234181.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 00912688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234181.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 00907440 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 00895264 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 00869040 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 00162592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2015-08-24 22:45 - 2015-08-18 10:47 - 00028448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 00021015 _____ C:\Windows\system32\nvinfo.pb
2015-08-24 16:31 - 2015-08-24 16:31 - 02187957 _____ C:\Users\PAQUITO\Downloads\musBoss8.ogg
2015-08-24 16:01 - 2015-08-24 16:01 - 69671849 _____ C:\Users\PAQUITO\Downloads\John Cena's 2014 Theme Song - The Time is Now (You Can't See Me).mp4
2015-08-22 22:22 - 2015-08-11 06:55 - 00044840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2015-08-22 20:16 - 2015-08-22 20:17 - 00001412 _____ C:\AdwCleaner[s77].txt
2015-08-22 18:35 - 2015-08-22 18:35 - 00001348 _____ C:\AdwCleaner[s76].txt
2015-08-21 23:36 - 2015-08-21 23:37 - 00001284 _____ C:\AdwCleaner[s75].txt
2015-08-20 20:08 - 2015-08-20 20:08 - 00001220 _____ C:\AdwCleaner[s74].txt
2015-08-19 23:55 - 2015-08-19 23:55 - 00006498 _____ C:\Users\PAQUITO\Documents\cc_20150819_235527.reg
2015-08-19 23:49 - 2015-08-19 23:50 - 00001155 _____ C:\AdwCleaner[s73].txt
2015-08-19 20:15 - 2015-08-19 20:15 - 00001091 _____ C:\AdwCleaner[s72].txt
2015-08-19 15:34 - 2015-08-19 15:34 - 00001026 _____ C:\AdwCleaner[s71].txt
2015-08-19 14:05 - 2015-07-23 01:57 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-08-19 14:05 - 2015-07-23 01:57 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-08-19 14:05 - 2015-07-22 19:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-08-19 14:05 - 2015-07-22 18:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-08-19 14:04 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-19 14:04 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-19 14:04 - 2015-06-25 11:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-08-19 14:04 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-19 14:04 - 2015-06-25 11:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-08-19 14:01 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-08-18 15:31 - 2015-08-18 15:31 - 18758216 _____ C:\Users\PAQUITO\Downloads\RogueKiller (5).exe
2015-08-18 14:17 - 2015-08-18 14:17 - 00000963 _____ C:\AdwCleaner[s70].txt
2015-08-17 23:18 - 2015-08-17 23:18 - 00000900 _____ C:\AdwCleaner[s69].txt
2015-08-17 23:17 - 2015-08-17 23:17 - 00000574 _____ C:\Users\PAQUITO\Documents\cc_20150817_231738.reg
2015-08-17 23:04 - 2015-08-17 23:04 - 00001054 _____ C:\AdwCleaner[C4].txt
2015-08-17 23:03 - 2015-08-17 23:03 - 00000896 _____ C:\AdwCleaner[s68].txt
2015-08-17 23:00 - 2015-08-17 23:00 - 00013004 _____ C:\Users\PAQUITO\Documents\cc_20150817_230032.reg
2015-08-17 22:56 - 2015-08-17 22:56 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\PAQUITO\Downloads\rkill (1).com
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-15 20:52 - 2015-07-16 11:02 - 00000000 ____D C:\FRST
2015-09-15 20:51 - 2015-07-16 11:01 - 01695232 _____ (Farbar) C:\Users\PAQUITO\Desktop\FRST.exe
2015-09-15 20:51 - 2014-04-12 19:31 - 00000000 ____D C:\Users\PAQUITO\AppData\Roaming\Skype
2015-09-15 20:49 - 2009-07-14 06:34 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-15 20:49 - 2009-07-14 06:34 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-15 20:45 - 2014-04-12 19:14 - 00000000 ____D C:\Program Files\Steam
2015-09-15 20:44 - 2014-04-12 18:19 - 01738065 _____ C:\Windows\WindowsUpdate.log
2015-09-15 20:42 - 2014-04-12 18:42 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-15 20:41 - 2014-08-31 17:57 - 00000000 ___RD C:\Users\PAQUITO\Dropbox
2015-09-15 20:41 - 2014-08-31 17:53 - 00000000 ____D C:\Users\PAQUITO\AppData\Roaming\Dropbox
2015-09-15 20:41 - 2014-07-31 23:56 - 00000000 ____D C:\ProgramData\Origin
2015-09-15 20:41 - 2014-04-12 18:42 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-15 20:41 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-15 20:40 - 2014-04-12 19:29 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-15 20:17 - 2015-06-18 11:05 - 00001010 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1362683625-464017601-2693293631-1001UA.job
2015-09-15 20:01 - 2014-04-12 18:42 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-15 16:14 - 2014-04-12 19:14 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-09-14 14:50 - 2015-06-02 21:27 - 00000000 ____D C:\Users\PAQUITO\AppData\Local\gtk-2.0
2015-09-14 14:50 - 2015-05-08 16:30 - 00000000 ____D C:\Users\PAQUITO\.gimp-2.8
2015-09-13 20:18 - 2015-04-19 11:35 - 00000000 ____D C:\AdwCleaner
2015-09-13 13:28 - 2015-01-26 16:37 - 00000000 ____D C:\Users\PAQUITO\AppData\Roaming\vlc
2015-09-13 13:28 - 2015-01-03 16:16 - 00000000 ____D C:\Users\PAQUITO\AppData\Local\nuclearthrone
2015-09-13 12:40 - 2014-04-12 18:42 - 00000000 ____D C:\Users\PAQUITO\AppData\Local\Google
2015-09-11 18:39 - 2014-06-02 13:53 - 00000000 ___RD C:\Users\PAQUITO\Desktop\Carpetas
2015-09-11 18:28 - 2014-10-17 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-11 16:57 - 2014-04-12 19:22 - 00000000 ____D C:\Users\PAQUITO\AppData\Roaming\.minecraft
2015-09-10 13:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-09-10 12:55 - 2009-07-14 06:33 - 00287736 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 00:37 - 2009-07-14 11:08 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 23:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 23:47 - 2014-04-13 12:25 - 00000000 ____D C:\Windows\system32\MRT
2015-09-08 20:27 - 2015-08-12 20:07 - 00000000 ____D C:\Users\PAQUITO\AppData\Local\CrashDumps
2015-09-07 12:17 - 2015-06-18 11:05 - 00000958 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1362683625-464017601-2693293631-1001Core.job
2015-09-06 17:39 - 2015-07-12 14:44 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-06 15:42 - 2013-07-19 18:05 - 00000000 ___RD C:\Archivos de programa
2015-09-05 14:33 - 2014-04-12 18:40 - 01678218 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-03 23:43 - 2014-04-12 18:44 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-02 16:09 - 2015-07-26 00:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-02 13:25 - 2014-07-31 23:56 - 00000000 ____D C:\Program Files\Origin
2015-08-28 11:41 - 2014-04-12 19:31 - 00000000 ____D C:\ProgramData\Skype
2015-08-26 18:36 - 2014-04-13 12:25 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-25 20:02 - 2014-09-02 12:04 - 00000000 ____D C:\Program Files\CCleaner
2015-08-24 22:50 - 2014-04-12 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-24 22:48 - 2014-04-12 20:04 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-24 22:48 - 2014-04-12 19:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-24 22:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2015-08-19 20:52 - 2014-12-26 20:43 - 00000000 ____D C:\Users\PAQUITO\AppData\Local\Gods_Will_Be_Watching
2015-08-18 01:30 - 2014-06-14 11:43 - 01316184 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2015-08-18 01:30 - 2014-05-16 19:52 - 01423120 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2015-08-16 19:08 - 2015-08-15 19:50 - 00006501 _____ C:\Users\PAQUITO\Documents\LISA The translation.txt
 
==================== Files in the root of some directories =======
 
2014-12-20 17:47 - 2014-12-20 17:43 - 0012005 _____ () C:\Users\PAQUITO\AppData\Roaming\alsoft.ini
2014-06-02 19:46 - 2014-06-02 19:47 - 0033792 ___SH () C:\Users\PAQUITO\AppData\Roaming\Thumbs.db
2015-09-14 14:50 - 2015-09-14 14:50 - 0001491 _____ () C:\Users\PAQUITO\AppData\Local\recently-used.xbel
2014-04-12 18:51 - 2014-04-12 18:58 - 0000742 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\PAQUITO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpln0wls.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-11 14:20
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-09-2015
Ran by PAQUITO (2015-09-15 20:54:07)
Running from C:\Users\PAQUITO\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2014-04-12 16:37:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1362683625-464017601-2693293631-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1362683625-464017601-2693293631-1002 - Limited - Enabled)
Invitado (S-1-5-21-1362683625-464017601-2693293631-501 - Limited - Disabled)
PAQUITO (S-1-5-21-1362683625-464017601-2693293631-1001 - Administrator - Enabled) => C:\Users\PAQUITO
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Actualización de NVIDIA 2.5.13.6 (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
AdVenture Capitalist (HKLM\...\Steam App 346900) (Version:  - Hyper Hippo Games)
Antichamber (HKLM\...\Steam App 219890) (Version:  - Alexander Bruce)
Awesomenauts (HKLM\...\Steam App 204300) (Version:  - Ronimo Games)
Broforce (HKLM\...\Steam App 274190) (Version:  - Free Lives)
Cave Story Deluxe version 1.14 (HKLM\...\Cave Story Deluxe_is1) (Version: 1.14 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
DJ_AIO_06_F2400_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
Dropbox (HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Eternal Damnation: A Postal 2 Modification (HKLM\...\Eternal Damnation: A Postal 2 Modification) (Version:  - )
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fingered (HKLM\...\Steam App 384360) (Version:  - Edmund McMillen)
FXWebPlayer (HKLM\...\FXWebPlayer) (Version:  - FX Interactive) <==== ATTENTION
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Gods Will Be Watching (HKLM\...\Steam App 274290) (Version:  - Deconstructeam)
GOG.com Downloader version 3.6.0 (HKLM\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Hotline Miami (HKLM\...\Steam App 219150) (Version:  - Dennaton Games)
Hotline Miami 2: Wrong Number (HKLM\...\Steam App 274170) (Version:  - Dennaton Games)
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
Malwarebytes Anti-Malware versión 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 29.0 (x86 es-ES) (HKLM\...\Mozilla Firefox 29.0 (x86 es-ES)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-a8e082a9-70cb-4e3e-b25b-c497bca908a9) (Version:  - Epic Games, Inc.)
Nuclear Throne (HKLM\...\Steam App 242680) (Version:  - Vlambeer)
NVIDIA Controlador de 3D Vision 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.81 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.13.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.13.6 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM\...\{556A5D7B-54F4-4D0D-8114-742A60105CDC}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
Panel de control de NVIDIA 341.81 (Version: 341.81 - NVIDIA Corporation) Hidden
Paranautical Activity: Deluxe Atonement Edition (HKLM\...\Steam App 250580) (Version:  - Digerati Distribution)
Plants vs. Zombies: Game of the Year (HKLM\...\Steam App 3590) (Version:  - PopCap Games, Inc.)
POSTAL (HKLM\...\Steam App 232770) (Version:  - Running With Scissors)
Risk of Rain (HKLM\...\Steam App 248820) (Version:  - )
Rockstar Games Social Club (HKLM\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Rogue Legacy (HKLM\...\Steam App 241600) (Version:  - Cellar Door Games)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
Skullgirls (HKLM\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SpeedRunners (HKLM\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spelunky (HKLM\...\Steam App 239350) (Version:  - )
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Super Hexagon (HKLM\...\Steam App 221640) (Version:  - Terry Cavanagh)
Super Meat Boy (HKLM\...\Steam App 40800) (Version:  - Team Meat)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
System Requirements Lab CYRI (HKLM\...\{705216C1-BA52-4B16-AFE4-4143B340D62D}) (Version: 6.0.12.6 - Husdawg, LLC)
System Shock 2 (HKLM\...\Steam App 238210) (Version:  - Irrational Games)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VVVVVV (HKLM\...\Steam App 70300) (Version:  - Terry Cavanagh)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\PAQUITO\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
09-09-2015 14:50:42 Windows Update
09-09-2015 17:13:01 JRT Pre-Junkware Removal
09-09-2015 17:18:49 JRT Pre-Junkware Removal
09-09-2015 23:35:07 Windows Update
11-09-2015 18:26:35 java
11-09-2015 18:28:09 Removed Java 8 Update 31
13-09-2015 12:39:00 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4C59BA02-C472-4760-B70E-9486C3254D0B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1362683625-464017601-2693293631-1001Core => C:\Users\PAQUITO\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {53537530-1CD1-48F5-815A-35AE21692291} - System32\Tasks\{0F3A3F89-9294-4999-B043-C75212D8ECB5} => pcalua.exe -a "C:\Users\PAQUITO\Downloads\Tron v6.1.4 (2015-04-09).exe"
Task: {58CC5537-3F87-4CE7-9F8C-833CD7382866} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {85FE84C6-4E5F-42F2-83D7-ACA29C61AB97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {9348543A-8792-4ECF-86A2-4F4ADB6FAEEB} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {A59153D0-3479-4CF5-8082-0F5CB96566B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {B57BC046-B9DC-4C69-BDDD-3C10107F8521} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F0D1DA5A-9DEE-405B-B791-69E00489B786} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1362683625-464017601-2693293631-1001UA => C:\Users\PAQUITO\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1362683625-464017601-2693293631-1001Core.job => C:\Users\PAQUITO\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1362683625-464017601-2693293631-1001UA.job => C:\Users\PAQUITO\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-24 22:49 - 2015-08-18 01:28 - 00106800 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-03-30 22:21 - 2015-08-18 01:31 - 00011896 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2014-07-31 23:57 - 2015-09-02 13:23 - 01016832 _____ () C:\Program Files\Origin\platforms\qwindows.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00028160 _____ () C:\Program Files\Origin\imageformats\qgif.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00029696 _____ () C:\Program Files\Origin\imageformats\qico.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00256000 _____ () C:\Program Files\Origin\imageformats\qjpeg.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00266240 _____ () C:\Program Files\Origin\imageformats\qmng.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00023552 _____ () C:\Program Files\Origin\imageformats\qtga.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00346112 _____ () C:\Program Files\Origin\imageformats\qtiff.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00023552 _____ () C:\Program Files\Origin\imageformats\qwbmp.dll
2014-07-31 23:57 - 2015-09-02 13:23 - 00243200 _____ () C:\Program Files\Origin\mediaservice\wmfengine.dll
2015-09-15 20:41 - 2015-09-15 20:41 - 00071168 _____ () c:\users\paquito\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpln0wls.dll
2015-08-11 14:12 - 2015-08-05 07:26 - 00012800 _____ () C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-08-11 14:12 - 2015-08-05 07:26 - 00779776 _____ () C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-11 14:12 - 2015-08-05 07:26 - 00056320 _____ () C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-08-11 14:12 - 2015-08-05 07:26 - 00012288 _____ () C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-04-12 19:15 - 2015-08-29 00:17 - 00778240 _____ () C:\Program Files\Steam\SDL2.dll
2014-12-02 23:04 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files\Steam\v8.dll
2014-12-02 23:04 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files\Steam\icui18n.dll
2014-12-02 23:04 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files\Steam\icuuc.dll
2014-05-21 21:48 - 2015-09-15 00:17 - 02422464 _____ () C:\Program Files\Steam\video.dll
2014-08-29 11:11 - 2015-08-29 00:17 - 02561024 _____ () C:\Program Files\Steam\libavcodec-56.dll
2014-08-29 11:11 - 2015-08-29 00:17 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2014-08-29 11:11 - 2015-08-29 00:17 - 00491008 _____ () C:\Program Files\Steam\libavformat-56.dll
2014-08-29 11:11 - 2015-08-29 00:17 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2014-08-29 11:11 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2014-04-12 19:15 - 2015-09-15 00:17 - 00704192 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2015-07-07 00:09 - 2015-09-14 22:20 - 00193536 _____ () C:\Program Files\Steam\bin\openvr_api.dll
2014-04-12 19:15 - 2015-09-10 00:17 - 44930440 _____ () C:\Program Files\Steam\bin\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PAQUITO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.81.16.164 - 62.81.16.213
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C6D239FE-AF2A-4505-9005-DE850D30341E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{782C16B1-5B02-4559-8AE0-626F4D3BD2CE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{97456D34-1C4C-4FEC-B50B-A459F267D654}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B563A1B6-634F-4E17-960B-535E4F6F321A}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{BD18B4FC-B780-4D03-A6D8-B45B25EAB654}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{0DAE37B5-3BB4-4E7B-9320-9A0E819DCA20}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{14E59313-DFCB-4D86-B228-72021253A1C5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{2A4D34DE-CC5C-4A0D-8A46-2B0EEED79307}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7084780F-F106-4BD6-A21A-F43E4D9EED6A}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FD7F0CB2-65FB-4120-B985-37338AC5A44C}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B3FFFA5B-5931-4C67-8178-30EC10C94E3B}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6A976C9C-8849-47F1-8B6E-FCA1F7F7B957}] => (Allow) C:\Program Files\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{3E34771F-39B7-467A-A5CE-F8F9D2DA0629}] => (Allow) C:\Program Files\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{4E6D7DA5-A1F1-420A-9165-547375DFC7A2}] => (Allow) C:\Program Files\Steam\SteamApps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{5B3D46F3-9559-46D6-8399-5460D8DF53D0}] => (Allow) C:\Program Files\Steam\SteamApps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{6592EC13-BE95-4470-B8A4-59878DDF291E}] => (Allow) C:\Program Files\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{1EAC89C9-0F12-4F0A-9185-DD543016A9E8}] => (Allow) C:\Program Files\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{6BFDAF51-A0D6-455B-99F8-F3B3D39F800C}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{02480686-C48E-4310-B70C-36F194C10035}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{8F164CDA-6B79-461F-8A56-6E395AFA44AF}] => (Allow) C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{868E3B45-1BCC-4327-AD5E-71EACFF65362}] => (Allow) C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3FFC8AD6-BAB9-4DBA-91F7-A0F3B15F0FA7}] => (Allow) C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5B219310-AACF-4DAB-867E-BF93ADDE8807}] => (Allow) C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D8E79C63-BC59-4ABF-A496-7F73133D13BE}] => (Allow) C:\Program Files\Steam\SteamApps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{CD95C950-270D-4DDF-9B68-7D7DD1D03B7F}] => (Allow) C:\Program Files\Steam\SteamApps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{F33E5B60-9D14-40C5-AB59-777C8467BA70}] => (Allow) C:\Program Files\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A939FDFE-2873-4B01-A174-1254CF0A0398}] => (Allow) C:\Program Files\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{291A1A64-5B99-40C2-BDF8-334D1AA31B79}] => (Allow) C:\Program Files\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{B999B29E-B8D6-4829-994B-10495637F7C1}] => (Allow) C:\Program Files\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{118D41C8-054A-41AC-85DB-8F0FBA1584D4}] => (Allow) C:\Program Files\Steam\SteamApps\common\Spelunky\Spelunky.exe
FirewallRules: [{97660F2E-5127-4D54-B698-610C0AD41748}] => (Allow) C:\Program Files\Steam\SteamApps\common\Spelunky\Spelunky.exe
FirewallRules: [{1CA8668F-13AD-4AFD-92B4-5FDE8E338B72}] => (Allow) C:\Program Files\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{54BE1CE8-1D5F-4172-A215-53A5DFE10B3F}] => (Allow) C:\Program Files\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{BAA29141-DEE5-4EF3-A8AE-12ED5444C31F}] => (Allow) C:\Program Files\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{434C2DB4-82D0-4886-A3A7-C94012E920A1}] => (Allow) C:\Program Files\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{019E983A-C6FC-4437-83B1-5C2399EABDD3}] => (Allow) C:\Program Files\Steam\SteamApps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{1C0E0CE3-B20C-4BC7-8BD3-F6AADD08B849}] => (Allow) C:\Program Files\Steam\SteamApps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{A1C06C6C-7C56-43AA-8AF1-6500E450AC08}] => (Allow) C:\Program Files\Steam\SteamApps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{22BB4F6C-149B-4A5D-8976-28C7A1285637}] => (Allow) C:\Program Files\Steam\SteamApps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{DC4232EA-E261-4B68-B731-1003F82A5033}] => (Allow) C:\Program Files\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{B957B4FC-7822-4937-8F09-BF6BEB05EF9B}] => (Allow) C:\Program Files\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{EC3E884F-8CD1-4BF9-A272-FDDF2A621A18}] => (Allow) C:\Program Files\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{9A63DCA3-8EF7-42FE-822B-F47DD6E3112C}] => (Allow) C:\Program Files\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{90292AB3-D8D3-4864-8D75-0446F46D14D2}] => (Allow) C:\Program Files\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{A70113C8-4758-4D9E-950E-704CE7EEFED0}] => (Allow) C:\Program Files\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [TCP Query User{D5AAC88F-E731-441C-AEA0-E891786044C2}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [uDP Query User{055A90C6-6205-41AC-AF78-42817997B153}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{80C867FC-BEE8-47B9-9750-02EFEE8D2CFC}] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{C088BDAE-06F8-4991-B14A-B41F11D69F01}] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{79EADB85-35D2-44CA-BF47-4CEF70B302CE}] => (Allow) C:\Program Files\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{2E30FB93-5883-4FC8-8FA8-253ABEE6175B}] => (Allow) C:\Program Files\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{7AA5FE00-0DB4-4D63-A2C6-8D21B2956499}] => (Allow) C:\Program Files\Steam\SteamApps\common\Gods Will Be Watching\gwbw.exe
FirewallRules: [{8BA6756F-B7A4-42B0-97B5-F9E810881AF8}] => (Allow) C:\Program Files\Steam\SteamApps\common\Gods Will Be Watching\gwbw.exe
FirewallRules: [{B4428587-44B8-4276-B580-8AE4C6E47D3D}] => (Allow) C:\Program Files\Steam\SteamApps\common\Broforce\Broforce_beta.exe
FirewallRules: [{E60CE7C3-C7DD-4018-A752-FCE9B1C65E78}] => (Allow) C:\Program Files\Steam\SteamApps\common\Broforce\Broforce_beta.exe
FirewallRules: [{ED6FF41A-2152-4A8F-91AC-96C647ADFA32}] => (Allow) C:\Program Files\Steam\SteamApps\common\POSTAL1\Postal Plus.exe
FirewallRules: [{3C77B70A-97DD-4C56-8178-3CB7B0BAC668}] => (Allow) C:\Program Files\Steam\SteamApps\common\POSTAL1\Postal Plus.exe
FirewallRules: [{90DE94D5-E07F-4C4C-A677-0CE3712CB9AF}] => (Allow) C:\Program Files\Steam\SteamApps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{30D36BB1-6EAF-4757-879A-A1EFC25C3A79}] => (Allow) C:\Program Files\Steam\SteamApps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{F90A6EBF-8F20-426C-B650-712428B4FA51}] => (Allow) C:\Program Files\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{19A53B90-2FB9-4D74-BE30-B1BB89088B4C}] => (Allow) C:\Program Files\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{3EC159B4-AB34-4619-B3F7-056BC72227D2}] => (Allow) C:\Program Files\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{09502355-5647-4DEC-9904-97A5E2773DA3}] => (Allow) C:\Program Files\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{AA98B385-3D18-42EE-BB8E-66AA5FA3732B}] => (Allow) C:\Program Files\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{840535DF-8571-4636-BB12-38F81F7BAE27}] => (Allow) C:\Program Files\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{56E3F44C-2285-40A1-A1CB-77FB60365C1B}] => (Allow) C:\Program Files\Steam\SteamApps\common\ParanauticalActivity\Paranautical Activity.exe
FirewallRules: [{53FBC451-8F07-4DCC-A635-29E686DE4DCC}] => (Allow) C:\Program Files\Steam\SteamApps\common\ParanauticalActivity\Paranautical Activity.exe
FirewallRules: [{2D6A7EAA-8639-49E6-8C49-1A93985C22D0}] => (Allow) C:\Program Files\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{C2194A3A-515E-47F1-9C34-E40A7DDE7BCA}] => (Allow) C:\Program Files\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [TCP Query User{FD100ED6-0372-431F-994F-0CB9AE223D82}C:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Block) C:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [uDP Query User{8C61640C-2E47-4453-B5A8-0374CC4A2006}C:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Block) C:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{C9A217E7-9588-449E-B938-F07A7B8C0B88}] => (Allow) C:\Program Files\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{ED04AC92-CE58-4ED1-8F25-254695509E1C}] => (Allow) C:\Program Files\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{12EE8E72-BF06-46E7-842F-A23E22661E09}] => (Allow) C:\Program Files\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{FE23C47B-91DA-413E-94F1-1CDDBA7C7370}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [uDP Query User{67B02DEE-E451-4060-BE43-0F397A14ADD8}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{5D3FC6FB-4B9B-42AF-8C76-3F99D4ABA1C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EA1B14CE-1ED2-4C00-B0B7-A86229674F47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9AECBEBE-5A37-4766-BDFB-4D691C054248}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{173498BD-CDC9-4A9E-8A0B-D7D0ACC8488F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{09139479-F9C2-443B-9F25-6514195721AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2ADB2A32-6C61-4D28-9FC7-19D3F68A52F8}] => (Allow) C:\Program Files\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E7C28BE5-0AA1-48C0-8C21-2E0B27A0D80A}] => (Allow) C:\Program Files\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{43E2B60D-4360-459C-ABED-44EAD83A6E98}] => (Allow) C:\Program Files\Steam\SteamApps\common\Fingered\nw.exe
FirewallRules: [{290000B6-0CFF-4C05-A8F2-3F0BA01A8C5F}] => (Allow) C:\Program Files\Steam\SteamApps\common\Fingered\nw.exe
FirewallRules: [{98F2D1D5-6628-4790-BEE4-AE1DE72C3FD5}] => (Allow) C:\Program Files\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{11028AD5-E1B1-4D74-90A4-C650141C3503}] => (Allow) C:\Program Files\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{97E76747-41E7-433B-8AEB-C7060F3DA6F1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (3756) WebCacheLocal: Al intentar leer en el archivo "C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 262144 (0x0000000000040000) 32768 (0x00008000) bytes se produjo el error de sistema 8 (0x00000008) después de DllHost0 segundos: "Espacio de almacenamiento insuficiente para procesar este comando. ". La operación de lectura se cerrará con el error -1011 (0xfffffc0d). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
 
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (3756) WebCacheLocal: Al intentar leer en el archivo "C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 196608 (0x0000000000030000) 32768 (0x00008000) bytes se produjo el error de sistema 8 (0x00000008) después de DllHost0 segundos: "Espacio de almacenamiento insuficiente para procesar este comando. ". La operación de lectura se cerrará con el error -1011 (0xfffffc0d). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
 
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (3756) WebCacheLocal: Al intentar leer en el archivo "C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 163840 (0x0000000000028000) 32768 (0x00008000) bytes se produjo el error de sistema 8 (0x00000008) después de DllHost0 segundos: "Espacio de almacenamiento insuficiente para procesar este comando. ". La operación de lectura se cerrará con el error -1011 (0xfffffc0d). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
 
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 412) (User: )
Description: DllHost (3756) WebCacheLocal: No se puede leer el encabezado del archivo de registro C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error -1011.
 
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (3756) WebCacheLocal: Al intentar leer en el archivo "C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\V01.log", en la posición 0 (0x0000000000000000) 4096 (0x00001000) bytes se produjo el error de sistema 8 (0x00000008) después de DllHost0 segundos: "Espacio de almacenamiento insuficiente para procesar este comando. ". La operación de lectura se cerrará con el error -1011 (0xfffffc0d). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
 
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 412) (User: )
Description: DllHost (3756) WebCacheLocal: No se puede leer el encabezado del archivo de registro C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error -1011.
 
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (3756) WebCacheLocal: Al intentar leer en el archivo "C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\V01.log", en la posición 0 (0x0000000000000000) 4096 (0x00001000) bytes se produjo el error de sistema 8 (0x00000008) después de DllHost0 segundos: "Espacio de almacenamiento insuficiente para procesar este comando. ". La operación de lectura se cerrará con el error -1011 (0xfffffc0d). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
 
Error: (09/13/2015 08:42:59 PM) (Source: ESENT) (EventID: 454) (User: )
Description: DllHost (3756) WebCacheLocal: Error inesperado al recuperar o restaurar la base de datos -1011.
 
Error: (09/13/2015 08:42:59 PM) (Source: ESENT) (EventID: 408) (User: )
Description: DllHost (3756) WebCacheLocal: No se puede escribir en el registro C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error -1011 (0xfffffc0d).
 
Error: (09/13/2015 08:42:59 PM) (Source: ESENT) (EventID: 482) (User: )
Description: DllHost (3756) WebCacheLocal: Al intentar escribir en el archivo "C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\V01.log", en la posición 450560 (0x000000000006e000) 4096 (0x00001000) bytes se produjo el error de sistema 8 (0x00000008) después de DllHost0 segundos: "Espacio de almacenamiento insuficiente para procesar este comando. ". La operación de escritura se cerrará con el error -1011 (0xfffffc0d). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
 
 
System errors:
=============
Error: (09/15/2015 07:44:31 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
Error: (09/15/2015 07:44:30 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
Error: (09/15/2015 07:44:30 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
Error: (09/15/2015 04:07:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 14:44:07 del ‎15/‎09/‎2015 resultó inesperado.
 
Error: (09/15/2015 02:44:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Steam Client Service no pudo iniciarse debido al siguiente error: 
%%1053
 
Error: (09/15/2015 02:44:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Steam Client Service.
 
Error: (09/15/2015 02:40:42 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
Error: (09/13/2015 09:00:32 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
Error: (09/13/2015 08:59:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (09/12/2015 01:59:45 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon II X2 250 Processor
Percentage of memory in use: 35%
Total physical RAM: 3583.3 MB
Available physical RAM: 2307.98 MB
Total Virtual: 7164.93 MB
Available Virtual: 5455.44 MB
 
==================== Drives ================================
 
Drive c: (STEVEN) (Fixed) (Total:465.75 GB) (Free:290.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: 84718471)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9FD09FD0)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
I think I pasted the entire logs, if something is missing, I'll post them back again if necessary.
Link to post
Share on other sites
  • Root Admin

Your logs seem to indicate that you're having an issue possibly with the hard disk. Let's do a full disk check and see if that helps to correct it or not.

 

 

Attempting to read the file "C: \ Users \ PAQUITO \ AppData \ Local \ Microsoft \ Windows \ WebCache \ WebCacheV01.dat" in position 196608 (0x0000000000030000) 32768 (0x00008000) bytes error occurred System 8 (0x00000008 ) DllHost0 seconds after "insufficient space storage to process this command.". The read operation will fail with error -1011 (0xfffffc0d). If the error persists, the file may be damaged and may need to restore from a previous backup.

 

 

Please click on Start and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator" then type in the following.

 

CHKDSK   C:   /R

 

Then it will say it cannot lock the drive. Press the Y key and then the Enter key and restart the computer and let the disk check run. When that's done then restart the computer again 2 more times and run FRST again and make sure to place a check mark in the Additions.txt check box and post back both new logs.

 

As for your Java question yes you're correct. If at all possible and you can get along without installing Java that would be the best choice. If you really have to have it then make sure you keep it up to date.

 

As for the power outage thing it's difficult to say it could be due to the disk issue I mentioned or it could possibly be due to a corrupted user profile. Try the disk check and the reboots and new scan and we'll see what else we find.

 

Thanks

Link to post
Share on other sites

Your logs seem to indicate that you're having an issue possibly with the hard disk. Let's do a full disk check and see if that helps to correct it or not.

 

 

Attempting to read the file "C: \ Users \ PAQUITO \ AppData \ Local \ Microsoft \ Windows \ WebCache \ WebCacheV01.dat" in position 196608 (0x0000000000030000) 32768 (0x00008000) bytes error occurred System 8 (0x00000008 ) DllHost0 seconds after "insufficient space storage to process this command.". The read operation will fail with error -1011 (0xfffffc0d). If the error persists, the file may be damaged and may need to restore from a previous backup.

 

 

Please click on Start and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator" then type in the following.

 

CHKDSK   C:   /R

 

Then it will say it cannot lock the drive. Press the Y key and then the Enter key and restart the computer and let the disk check run. When that's done then restart the computer again 2 more times and run FRST again and make sure to place a check mark in the Additions.txt check box and post back both new logs.

 

As for your Java question yes you're correct. If at all possible and you can get along without installing Java that would be the best choice. If you really have to have it then make sure you keep it up to date.

 

As for the power outage thing it's difficult to say it could be due to the disk issue I mentioned or it could possibly be due to a corrupted user profile. Try the disk check and the reboots and new scan and we'll see what else we find.

 

Thanks

So, I did the CHKDSK thing and it seems it didn't found anything.

Also, today Microsoft Security Essentials detected this, I'm going to delete it right now, sorry if I shouldn't.

Also, I did a RogueKiller scan (sorry for not obeying the 'no scans' rule, but it was necesary) because of that and it detected this in the registry too, I'll leave the log here if you want to see it (the DNS part is okay, it coincides with my country's DNS), but I'm going to delete it too right now probably.

For the last part, Sjype has been crashing a lot lately due to a E/S error, I did Skype's official solution and it didn't work.

And finally here are the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-09-2015
Ran by PAQUITO (administrator) on PAQUITO-PC (18-09-2015 18:16:18)
Running from C:\Users\PAQUITO\Desktop
Loaded Profiles: PAQUITO (Available Profiles: PAQUITO)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Electronic Arts) C:\Program Files\Origin\Origin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-18] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3638256 2015-09-02] (Electronic Arts)
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6815512 2015-07-31] (SUPERAntiSpyware)
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\Run: [Dropbox Update] => C:\Users\PAQUITO\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-04-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\PAQUITO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 62.81.16.164 62.81.16.213
Tcpip\..\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E}: [DhcpNameServer] 62.81.16.164 62.81.16.213
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://es.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\PAQUITO\AppData\Roaming\Mozilla\Firefox\Profiles\jagjklbn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @fxinteractive.com/fxplanet -> C:\ProgramData\FXWebPlayer\npfxplanet.dll [2014-06-29] (FX Interactive)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1362683625-464017601-2693293631-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PAQUITO\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.youtube.com/feed/subscriptions#password
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.93\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.93\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-08-31]
CHR Extension: (Google Drive) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (YouTube) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-12]
CHR Extension: (Adblock Plus) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-12]
CHR Extension: (Búsqueda de Google) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (Myinstants) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggacdedkdoacbemcilniodecinpfkgi [2014-08-31]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Avast Online Security) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-19]
CHR Extension: (Don't Starve) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc [2014-08-31]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-06]
CHR Extension: (Little Alchemy) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-08-31]
CHR Extension: (Google Play) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-08-31]
CHR Extension: (Instant Sounds) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgiigejdempgibflnpfbimpgjhpofpj [2014-08-31]
CHR Extension: (Plants vs Zombies) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-08-31]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12]
CHR Extension: (Gmail) - C:\Users\PAQUITO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [921208 2015-08-18] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-18] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4305016 2015-08-18] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2057736 2015-09-02] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKslc2605f78; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F35EF4A-421F-4F47-873D-86A76C18A216}\MpKslc2605f78.sys [39168 2015-09-18] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18552 2015-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44840 2015-08-11] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 eapihdrv; \??\C:\Users\PAQUITO\AppData\Local\Temp\ehdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-18 18:16 - 2015-09-18 18:17 - 00015105 _____ C:\Users\PAQUITO\Desktop\FRST.txt
2015-09-16 15:17 - 2015-08-05 19:44 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-16 15:17 - 2015-08-05 19:44 - 00068952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-16 15:17 - 2015-08-05 19:37 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-16 15:17 - 2015-08-05 19:37 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-16 15:17 - 2015-08-05 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-16 15:17 - 2015-08-05 19:37 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-16 15:17 - 2015-08-05 19:37 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-16 15:17 - 2015-08-05 19:37 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-16 15:17 - 2015-08-05 19:37 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-16 15:17 - 2015-08-05 19:37 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-09-16 15:17 - 2015-08-05 19:37 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-16 15:17 - 2015-08-05 19:36 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-16 15:17 - 2015-08-05 18:32 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-16 15:17 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-09-16 15:17 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-09-16 15:16 - 2015-08-05 19:37 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-16 15:16 - 2015-08-05 19:37 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-16 15:16 - 2015-08-05 19:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-16 15:16 - 2015-08-05 19:37 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-16 15:16 - 2015-08-05 19:37 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-16 15:16 - 2015-08-05 19:37 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-09-16 15:16 - 2015-08-05 19:36 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-16 15:16 - 2015-08-05 19:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-16 15:16 - 2015-08-05 19:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-16 15:16 - 2015-08-05 19:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-16 15:16 - 2015-08-05 18:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-09-16 15:16 - 2015-08-05 18:33 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-16 15:16 - 2015-08-05 18:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-15 16:23 - 2015-09-16 19:21 - 00000342 _____ C:\Users\PAQUITO\Documents\sorteo.txt
2015-09-14 14:50 - 2015-09-14 14:50 - 00001491 _____ C:\Users\PAQUITO\AppData\Local\recently-used.xbel
2015-09-13 20:17 - 2015-09-13 20:17 - 01660416 _____ C:\Users\PAQUITO\Downloads\adwcleaner_5.007.exe
2015-09-13 18:19 - 2015-09-13 18:19 - 00000431 _____ C:\Users\PAQUITO\Documents\nuclear error.txt
2015-09-13 15:18 - 2015-09-13 15:18 - 00000204 _____ C:\Users\PAQUITO\Documents\problema rpg maker.txt
2015-09-11 18:31 - 2015-09-11 18:31 - 00003958 _____ C:\JavaRa.log
2015-09-11 17:03 - 2015-09-11 17:03 - 00347816 _____ (Microsoft Corporation) C:\Users\PAQUITO\Downloads\MicrosoftFixit.Search.RNP.199364116432200249.6.2.Run.exe
2015-09-09 19:46 - 2015-09-15 21:08 - 00000000 ____D C:\Users\PAQUITO\Desktop\logs foro mbam
2015-09-09 17:46 - 2015-09-09 17:46 - 02870984 _____ (ESET) C:\Users\PAQUITO\Downloads\esetsmartinstaller_enu.exe
2015-09-09 17:09 - 2015-09-09 17:09 - 294222448 _____ C:\Users\PAQUITO\Documents\registro copia mbam.reg
2015-09-09 16:31 - 2015-09-09 16:31 - 01799392 _____ (Malwarebytes Corporation) C:\Users\PAQUITO\Downloads\JRT.exe
2015-09-09 15:32 - 2015-09-09 15:32 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\PAQUITO\Downloads\rkill.exe
2015-09-09 14:34 - 2015-08-05 19:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 14:34 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 14:34 - 2015-08-05 19:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 14:34 - 2015-08-04 19:59 - 03995584 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-09 14:34 - 2015-08-04 19:59 - 03939776 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 14:34 - 2015-08-04 19:55 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 14:34 - 2015-08-04 19:51 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 14:33 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 14:33 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 14:33 - 2015-09-02 04:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 14:33 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 14:33 - 2015-09-02 03:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 14:33 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 14:33 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 14:33 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 14:33 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 14:33 - 2015-08-15 07:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 14:33 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 14:33 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 14:33 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 14:33 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 14:33 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 14:33 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 14:33 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 14:33 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 14:33 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 14:33 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 14:33 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 14:33 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 14:33 - 2015-08-15 07:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 14:33 - 2015-08-15 07:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 14:33 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 14:33 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 14:33 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 14:33 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 14:33 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 14:33 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 14:33 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 14:33 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 14:33 - 2015-08-15 07:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 14:33 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 14:33 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 14:33 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 14:33 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 14:33 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 14:33 - 2015-08-04 19:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 14:33 - 2015-08-04 19:52 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 14:33 - 2015-08-04 19:52 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 14:33 - 2015-08-04 19:51 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 14:33 - 2015-08-04 19:43 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 14:33 - 2015-08-04 18:58 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-06 17:38 - 2015-09-06 17:38 - 18779208 _____ C:\Users\PAQUITO\Downloads\RogueKiller (7).exe
2015-09-06 15:46 - 2015-09-06 15:47 - 00791393 _____ (Lars Hederer ) C:\Users\PAQUITO\Downloads\erunt-setup.exe
2015-09-05 14:31 - 2015-08-26 19:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-05 14:31 - 2015-08-26 19:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-05 14:31 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-05 14:31 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-05 14:31 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-05 14:31 - 2015-08-26 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-05 14:31 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-05 14:31 - 2015-08-26 19:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-05 14:31 - 2015-08-26 19:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-05 14:31 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-05 14:31 - 2015-08-26 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-04 14:27 - 2015-09-04 14:27 - 00000000 ____D C:\Users\PAQUITO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-02 20:39 - 2015-09-02 20:39 - 00000450 _____ C:\Users\PAQUITO\Documents\cc_20150902_203913.reg
2015-09-02 20:36 - 2015-09-02 20:36 - 01654272 _____ C:\Users\PAQUITO\Downloads\adwcleaner_5.005.exe
2015-09-02 20:29 - 2015-09-02 20:29 - 00002054 _____ C:\Users\PAQUITO\Documents\mbam full scan.txt
2015-09-02 20:18 - 2015-09-02 20:18 - 00001313 _____ C:\mbam full scan.txt
2015-09-02 16:08 - 2015-09-02 16:08 - 00007272 ____N C:\bootsqm.dat
2015-09-02 13:37 - 2015-09-02 13:37 - 00347816 _____ (Microsoft Corporation) C:\Users\PAQUITO\Downloads\MicrosoftFixit.Search.RNP.199364116432200249.3.1.Run.exe
2015-09-02 13:32 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-02 13:32 - 2015-08-27 19:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-02 13:32 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-02 13:32 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-29 20:07 - 2015-09-01 20:21 - 00000000 ____D C:\Users\PAQUITO\AppData\Local\Fingered
2015-08-28 21:10 - 2015-08-28 21:11 - 00001795 _____ C:\AdwCleaner[s82].txt
2015-08-28 16:16 - 2015-08-28 16:17 - 00001731 _____ C:\AdwCleaner[s81].txt
2015-08-28 16:16 - 2015-08-28 16:16 - 00001048 _____ C:\Users\PAQUITO\Documents\cc_20150828_161608.reg
2015-08-28 16:09 - 2015-09-16 17:47 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-28 16:08 - 2015-08-28 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-28 16:08 - 2015-08-28 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-28 16:08 - 2015-08-28 16:08 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-28 16:08 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-28 16:08 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-28 16:08 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-28 16:04 - 2015-09-03 13:27 - 00016146 _____ C:\Windows\PFRO.log
2015-08-28 11:41 - 2015-08-28 11:41 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-28 11:41 - 2015-08-28 11:41 - 00000000 ___RD C:\Program Files\Skype
2015-08-28 11:41 - 2015-08-28 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-28 11:41 - 2015-08-28 11:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-25 21:53 - 2015-08-25 21:53 - 18772040 _____ C:\Users\PAQUITO\Downloads\RogueKiller (6).exe
2015-08-25 20:27 - 2015-08-25 20:27 - 00001667 _____ C:\AdwCleaner[s80].txt
2015-08-25 20:18 - 2015-08-25 20:18 - 00001603 _____ C:\AdwCleaner[s79].txt
2015-08-25 20:17 - 2015-08-25 20:17 - 00000448 _____ C:\Users\PAQUITO\Documents\cc_20150825_201738.reg
2015-08-25 20:08 - 2015-09-18 18:12 - 00008568 _____ C:\Windows\setupact.log
2015-08-25 20:08 - 2015-08-25 20:08 - 00000000 _____ C:\Windows\setuperr.log
2015-08-25 20:06 - 2015-08-25 20:06 - 00001692 _____ C:\AdwCleaner[C5].txt
2015-08-25 20:05 - 2015-08-25 20:06 - 00001590 _____ C:\AdwCleaner[s78].txt
2015-08-25 20:04 - 2015-08-25 20:05 - 00004648 _____ C:\Users\PAQUITO\Documents\cc_20150825_200457.reg
2015-08-25 20:00 - 2015-08-25 20:00 - 06667640 _____ (Piriform Ltd) C:\Users\PAQUITO\Downloads\ccsetup509.exe
2015-08-25 19:59 - 2015-08-25 19:59 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\PAQUITO\Downloads\rkill (2).com
2015-08-25 14:14 - 2015-08-25 14:14 - 00000000 ____D C:\Users\PAQUITO\AppData\Roaming\NVIDIA
2015-08-24 22:50 - 2015-08-17 23:28 - 00606896 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2015-08-24 22:49 - 2015-08-18 01:28 - 04388016 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-08-24 22:49 - 2015-08-18 01:28 - 03062064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2015-08-24 22:49 - 2015-08-18 01:28 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-08-24 22:49 - 2015-08-18 01:28 - 00670512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-08-24 22:49 - 2015-08-18 01:28 - 00375088 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-08-24 22:49 - 2015-08-18 01:28 - 00061744 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-08-24 22:49 - 2015-08-18 00:02 - 05147024 _____ C:\Windows\system32\nvcoproc.bin
2015-08-24 22:48 - 2015-08-18 10:47 - 00060720 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 24200312 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 16128768 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 15294072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 14497568 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 11272048 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 11209376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 10704560 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-08-24 22:45 - 2015-08-18 10:47 - 03987576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 02824176 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 01059504 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234181.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 00912688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234181.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 00907440 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 00895264 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 00869040 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 00162592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2015-08-24 22:45 - 2015-08-18 10:47 - 00028448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2015-08-24 22:45 - 2015-08-18 10:47 - 00021015 _____ C:\Windows\system32\nvinfo.pb
2015-08-24 16:31 - 2015-08-24 16:31 - 02187957 _____ C:\Users\PAQUITO\Downloads\musBoss8.ogg
2015-08-24 16:01 - 2015-08-24 16:01 - 69671849 _____ C:\Users\PAQUITO\Downloads\John Cena's 2014 Theme Song - The Time is Now (You Can't See Me).mp4
2015-08-22 22:22 - 2015-08-11 06:55 - 00044840 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2015-08-22 20:16 - 2015-08-22 20:17 - 00001412 _____ C:\AdwCleaner[s77].txt
2015-08-22 18:35 - 2015-08-22 18:35 - 00001348 _____ C:\AdwCleaner[s76].txt
2015-08-21 23:36 - 2015-08-21 23:37 - 00001284 _____ C:\AdwCleaner[s75].txt
2015-08-20 20:08 - 2015-08-20 20:08 - 00001220 _____ C:\AdwCleaner[s74].txt
2015-08-19 23:55 - 2015-08-19 23:55 - 00006498 _____ C:\Users\PAQUITO\Documents\cc_20150819_235527.reg
2015-08-19 23:49 - 2015-08-19 23:50 - 00001155 _____ C:\AdwCleaner[s73].txt
2015-08-19 20:15 - 2015-08-19 20:15 - 00001091 _____ C:\AdwCleaner[s72].txt
2015-08-19 15:34 - 2015-08-19 15:34 - 00001026 _____ C:\AdwCleaner[s71].txt
2015-08-19 14:05 - 2015-07-23 01:57 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-08-19 14:05 - 2015-07-23 01:57 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-08-19 14:05 - 2015-07-22 19:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-08-19 14:05 - 2015-07-22 18:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-08-19 14:04 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-19 14:04 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-19 14:04 - 2015-06-25 11:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-08-19 14:04 - 2015-06-25 11:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-19 14:04 - 2015-06-25 11:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-08-19 14:01 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-18 18:17 - 2015-06-18 11:05 - 00001010 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1362683625-464017601-2693293631-1001UA.job
2015-09-18 18:16 - 2015-07-16 11:02 - 00000000 ____D C:\FRST
2015-09-18 18:15 - 2014-04-12 18:19 - 01971662 _____ C:\Windows\WindowsUpdate.log
2015-09-18 18:14 - 2014-04-12 19:14 - 00000000 ____D C:\Program Files\Steam
2015-09-18 18:13 - 2014-04-12 19:31 - 00000000 ____D C:\Users\PAQUITO\AppData\Roaming\Skype
2015-09-18 18:12 - 2014-08-31 17:57 - 00000000 ___RD C:\Users\PAQUITO\Dropbox
2015-09-18 18:12 - 2014-08-31 17:53 - 00000000 ____D C:\Users\PAQUITO\AppData\Roaming\Dropbox
2015-09-18 18:12 - 2014-07-31 23:56 - 00000000 ____D C:\ProgramData\Origin
2015-09-18 18:12 - 2014-04-12 18:42 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-18 18:12 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-18 18:11 - 2014-04-12 19:29 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-18 18:11 - 2009-07-14 06:34 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-18 18:11 - 2009-07-14 06:34 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-18 18:01 - 2014-04-12 18:42 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-18 17:59 - 2014-04-12 19:14 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-09-18 14:49 - 2014-04-12 18:42 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-17 20:52 - 2014-04-12 18:44 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-16 17:45 - 2015-04-19 11:35 - 00000000 ____D C:\AdwCleaner
2015-09-16 17:39 - 2014-04-12 18:40 - 01678218 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-16 17:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-09-15 20:51 - 2015-07-16 11:01 - 01695232 _____ (Farbar) C:\Users\PAQUITO\Desktop\FRST.exe
2015-09-14 14:50 - 2015-06-02 21:27 - 00000000 ____D C:\Users\PAQUITO\AppData\Local\gtk-2.0
2015-09-14 14:50 - 2015-05-08 16:30 - 00000000 ____D C:\Users\PAQUITO\.gimp-2.8
2015-09-13 13:28 - 2015-01-26 16:37 - 00000000 ____D C:\Users\PAQUITO\AppData\Roaming\vlc
2015-09-13 13:28 - 2015-01-03 16:16 - 00000000 ____D C:\Users\PAQUITO\AppData\Local\nuclearthrone
2015-09-13 12:40 - 2014-04-12 18:42 - 00000000 ____D C:\Users\PAQUITO\AppData\Local\Google
2015-09-11 18:39 - 2014-06-02 13:53 - 00000000 ___RD C:\Users\PAQUITO\Desktop\Carpetas
2015-09-11 18:28 - 2014-10-17 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-11 16:57 - 2014-04-12 19:22 - 00000000 ____D C:\Users\PAQUITO\AppData\Roaming\.minecraft
2015-09-10 12:55 - 2009-07-14 06:33 - 00287736 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 00:37 - 2009-07-14 11:08 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 23:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 23:47 - 2014-04-13 12:25 - 00000000 ____D C:\Windows\system32\MRT
2015-09-08 20:27 - 2015-08-12 20:07 - 00000000 ____D C:\Users\PAQUITO\AppData\Local\CrashDumps
2015-09-07 12:17 - 2015-06-18 11:05 - 00000958 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1362683625-464017601-2693293631-1001Core.job
2015-09-06 17:39 - 2015-07-12 14:44 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-06 15:42 - 2013-07-19 18:05 - 00000000 ___RD C:\Archivos de programa
2015-09-02 16:09 - 2015-07-26 00:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-02 13:25 - 2014-07-31 23:56 - 00000000 ____D C:\Program Files\Origin
2015-08-28 11:41 - 2014-04-12 19:31 - 00000000 ____D C:\ProgramData\Skype
2015-08-26 18:36 - 2014-04-13 12:25 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-25 20:02 - 2014-09-02 12:04 - 00000000 ____D C:\Program Files\CCleaner
2015-08-24 22:50 - 2014-04-12 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-24 22:48 - 2014-04-12 20:04 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-24 22:48 - 2014-04-12 19:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-24 22:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2015-08-19 20:52 - 2014-12-26 20:43 - 00000000 ____D C:\Users\PAQUITO\AppData\Local\Gods_Will_Be_Watching
 
==================== Files in the root of some directories =======
 
2014-12-20 17:47 - 2014-12-20 17:43 - 0012005 _____ () C:\Users\PAQUITO\AppData\Roaming\alsoft.ini
2014-06-02 19:46 - 2014-06-02 19:47 - 0033792 ___SH () C:\Users\PAQUITO\AppData\Roaming\Thumbs.db
2015-09-14 14:50 - 2015-09-14 14:50 - 0001491 _____ () C:\Users\PAQUITO\AppData\Local\recently-used.xbel
2014-04-12 18:51 - 2014-04-12 18:58 - 0000742 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\PAQUITO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1qym1h.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-11 14:20
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-09-2015
Ran by PAQUITO (2015-09-18 18:17:55)
Running from C:\Users\PAQUITO\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2014-04-12 16:37:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1362683625-464017601-2693293631-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1362683625-464017601-2693293631-1002 - Limited - Enabled)
Invitado (S-1-5-21-1362683625-464017601-2693293631-501 - Limited - Disabled)
PAQUITO (S-1-5-21-1362683625-464017601-2693293631-1001 - Administrator - Enabled) => C:\Users\PAQUITO
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Actualización de NVIDIA 2.5.13.6 (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
AdVenture Capitalist (HKLM\...\Steam App 346900) (Version:  - Hyper Hippo Games)
Antichamber (HKLM\...\Steam App 219890) (Version:  - Alexander Bruce)
Awesomenauts (HKLM\...\Steam App 204300) (Version:  - Ronimo Games)
Broforce (HKLM\...\Steam App 274190) (Version:  - Free Lives)
Cave Story Deluxe version 1.14 (HKLM\...\Cave Story Deluxe_is1) (Version: 1.14 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
DJ_AIO_06_F2400_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
Dropbox (HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Eternal Damnation: A Postal 2 Modification (HKLM\...\Eternal Damnation: A Postal 2 Modification) (Version:  - )
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fingered (HKLM\...\Steam App 384360) (Version:  - Edmund McMillen)
FXWebPlayer (HKLM\...\FXWebPlayer) (Version:  - FX Interactive) <==== ATTENTION
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Gods Will Be Watching (HKLM\...\Steam App 274290) (Version:  - Deconstructeam)
GOG.com Downloader version 3.6.0 (HKLM\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Hotline Miami (HKLM\...\Steam App 219150) (Version:  - Dennaton Games)
Hotline Miami 2: Wrong Number (HKLM\...\Steam App 274170) (Version:  - Dennaton Games)
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
Malwarebytes Anti-Malware versión 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 29.0 (x86 es-ES) (HKLM\...\Mozilla Firefox 29.0 (x86 es-ES)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-a8e082a9-70cb-4e3e-b25b-c497bca908a9) (Version:  - Epic Games, Inc.)
Nuclear Throne (HKLM\...\Steam App 242680) (Version:  - Vlambeer)
NVIDIA Controlador de 3D Vision 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.81 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.13.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.13.6 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM\...\{556A5D7B-54F4-4D0D-8114-742A60105CDC}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
Panel de control de NVIDIA 341.81 (Version: 341.81 - NVIDIA Corporation) Hidden
Paranautical Activity: Deluxe Atonement Edition (HKLM\...\Steam App 250580) (Version:  - Digerati Distribution)
Plants vs. Zombies: Game of the Year (HKLM\...\Steam App 3590) (Version:  - PopCap Games, Inc.)
POSTAL (HKLM\...\Steam App 232770) (Version:  - Running With Scissors)
Risk of Rain (HKLM\...\Steam App 248820) (Version:  - )
Rockstar Games Social Club (HKLM\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Rogue Legacy (HKLM\...\Steam App 241600) (Version:  - Cellar Door Games)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
Skullgirls (HKLM\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SpeedRunners (HKLM\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spelunky (HKLM\...\Steam App 239350) (Version:  - )
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Super Hexagon (HKLM\...\Steam App 221640) (Version:  - Terry Cavanagh)
Super Meat Boy (HKLM\...\Steam App 40800) (Version:  - Team Meat)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
System Requirements Lab CYRI (HKLM\...\{705216C1-BA52-4B16-AFE4-4143B340D62D}) (Version: 6.0.12.6 - Husdawg, LLC)
System Shock 2 (HKLM\...\Steam App 238210) (Version:  - Irrational Games)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1362683625-464017601-2693293631-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VVVVVV (HKLM\...\Steam App 70300) (Version:  - Terry Cavanagh)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\PAQUITO\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1362683625-464017601-2693293631-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\PAQUITO\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
09-09-2015 14:50:42 Windows Update
09-09-2015 17:13:01 JRT Pre-Junkware Removal
09-09-2015 17:18:49 JRT Pre-Junkware Removal
09-09-2015 23:35:07 Windows Update
11-09-2015 18:26:35 java
11-09-2015 18:28:09 Removed Java 8 Update 31
13-09-2015 12:39:00 Windows Update
16-09-2015 15:17:17 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4C59BA02-C472-4760-B70E-9486C3254D0B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1362683625-464017601-2693293631-1001Core => C:\Users\PAQUITO\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {53537530-1CD1-48F5-815A-35AE21692291} - System32\Tasks\{0F3A3F89-9294-4999-B043-C75212D8ECB5} => pcalua.exe -a "C:\Users\PAQUITO\Downloads\Tron v6.1.4 (2015-04-09).exe"
Task: {58CC5537-3F87-4CE7-9F8C-833CD7382866} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {85FE84C6-4E5F-42F2-83D7-ACA29C61AB97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {9348543A-8792-4ECF-86A2-4F4ADB6FAEEB} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {A59153D0-3479-4CF5-8082-0F5CB96566B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {B57BC046-B9DC-4C69-BDDD-3C10107F8521} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F0D1DA5A-9DEE-405B-B791-69E00489B786} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1362683625-464017601-2693293631-1001UA => C:\Users\PAQUITO\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1362683625-464017601-2693293631-1001Core.job => C:\Users\PAQUITO\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1362683625-464017601-2693293631-1001UA.job => C:\Users\PAQUITO\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-24 22:49 - 2015-08-18 01:28 - 00106800 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-03-30 22:21 - 2015-08-18 01:31 - 00011896 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2014-07-31 23:57 - 2015-09-02 13:23 - 01016832 _____ () C:\Program Files\Origin\platforms\qwindows.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00028160 _____ () C:\Program Files\Origin\imageformats\qgif.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00029696 _____ () C:\Program Files\Origin\imageformats\qico.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00256000 _____ () C:\Program Files\Origin\imageformats\qjpeg.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00266240 _____ () C:\Program Files\Origin\imageformats\qmng.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00023552 _____ () C:\Program Files\Origin\imageformats\qtga.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00346112 _____ () C:\Program Files\Origin\imageformats\qtiff.dll
2014-07-31 23:56 - 2015-09-02 13:23 - 00023552 _____ () C:\Program Files\Origin\imageformats\qwbmp.dll
2014-07-31 23:57 - 2015-09-02 13:23 - 00243200 _____ () C:\Program Files\Origin\mediaservice\wmfengine.dll
2015-09-18 18:12 - 2015-09-18 18:12 - 00071168 _____ () c:\users\paquito\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1qym1h.dll
2015-08-11 14:12 - 2015-08-05 07:26 - 00012800 _____ () C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-08-11 14:12 - 2015-08-05 07:26 - 00779776 _____ () C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-11 14:12 - 2015-08-05 07:26 - 00056320 _____ () C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-08-11 14:12 - 2015-08-05 07:26 - 00012288 _____ () C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-04-12 19:15 - 2015-08-29 00:17 - 00778240 _____ () C:\Program Files\Steam\SDL2.dll
2014-12-02 23:04 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files\Steam\v8.dll
2014-12-02 23:04 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files\Steam\icui18n.dll
2014-12-02 23:04 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files\Steam\icuuc.dll
2014-05-21 21:48 - 2015-09-18 02:43 - 02422464 _____ () C:\Program Files\Steam\video.dll
2014-08-29 11:11 - 2015-08-29 00:17 - 02561024 _____ () C:\Program Files\Steam\libavcodec-56.dll
2014-08-29 11:11 - 2015-08-29 00:17 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2014-08-29 11:11 - 2015-08-29 00:17 - 00491008 _____ () C:\Program Files\Steam\libavformat-56.dll
2014-08-29 11:11 - 2015-08-29 00:17 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2014-08-29 11:11 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2014-04-12 19:15 - 2015-09-18 02:43 - 00704192 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2015-07-07 00:09 - 2015-09-14 22:20 - 00193536 _____ () C:\Program Files\Steam\bin\openvr_api.dll
2014-04-12 19:15 - 2015-09-10 00:17 - 44930440 _____ () C:\Program Files\Steam\bin\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1362683625-464017601-2693293631-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PAQUITO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.81.16.164 - 62.81.16.213
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C6D239FE-AF2A-4505-9005-DE850D30341E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{782C16B1-5B02-4559-8AE0-626F4D3BD2CE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{97456D34-1C4C-4FEC-B50B-A459F267D654}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B563A1B6-634F-4E17-960B-535E4F6F321A}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{BD18B4FC-B780-4D03-A6D8-B45B25EAB654}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{0DAE37B5-3BB4-4E7B-9320-9A0E819DCA20}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{14E59313-DFCB-4D86-B228-72021253A1C5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{2A4D34DE-CC5C-4A0D-8A46-2B0EEED79307}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7084780F-F106-4BD6-A21A-F43E4D9EED6A}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FD7F0CB2-65FB-4120-B985-37338AC5A44C}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B3FFFA5B-5931-4C67-8178-30EC10C94E3B}] => (Allow) C:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6A976C9C-8849-47F1-8B6E-FCA1F7F7B957}] => (Allow) C:\Program Files\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{3E34771F-39B7-467A-A5CE-F8F9D2DA0629}] => (Allow) C:\Program Files\Steam\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{4E6D7DA5-A1F1-420A-9165-547375DFC7A2}] => (Allow) C:\Program Files\Steam\SteamApps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{5B3D46F3-9559-46D6-8399-5460D8DF53D0}] => (Allow) C:\Program Files\Steam\SteamApps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{6592EC13-BE95-4470-B8A4-59878DDF291E}] => (Allow) C:\Program Files\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{1EAC89C9-0F12-4F0A-9185-DD543016A9E8}] => (Allow) C:\Program Files\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{6BFDAF51-A0D6-455B-99F8-F3B3D39F800C}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{02480686-C48E-4310-B70C-36F194C10035}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{8F164CDA-6B79-461F-8A56-6E395AFA44AF}] => (Allow) C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{868E3B45-1BCC-4327-AD5E-71EACFF65362}] => (Allow) C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3FFC8AD6-BAB9-4DBA-91F7-A0F3B15F0FA7}] => (Allow) C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5B219310-AACF-4DAB-867E-BF93ADDE8807}] => (Allow) C:\Users\PAQUITO\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D8E79C63-BC59-4ABF-A496-7F73133D13BE}] => (Allow) C:\Program Files\Steam\SteamApps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{CD95C950-270D-4DDF-9B68-7D7DD1D03B7F}] => (Allow) C:\Program Files\Steam\SteamApps\common\The Binding of Isaac Rebirth\isaac-ng.exe
FirewallRules: [{F33E5B60-9D14-40C5-AB59-777C8467BA70}] => (Allow) C:\Program Files\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A939FDFE-2873-4B01-A174-1254CF0A0398}] => (Allow) C:\Program Files\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{291A1A64-5B99-40C2-BDF8-334D1AA31B79}] => (Allow) C:\Program Files\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{B999B29E-B8D6-4829-994B-10495637F7C1}] => (Allow) C:\Program Files\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{118D41C8-054A-41AC-85DB-8F0FBA1584D4}] => (Allow) C:\Program Files\Steam\SteamApps\common\Spelunky\Spelunky.exe
FirewallRules: [{97660F2E-5127-4D54-B698-610C0AD41748}] => (Allow) C:\Program Files\Steam\SteamApps\common\Spelunky\Spelunky.exe
FirewallRules: [{1CA8668F-13AD-4AFD-92B4-5FDE8E338B72}] => (Allow) C:\Program Files\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{54BE1CE8-1D5F-4172-A215-53A5DFE10B3F}] => (Allow) C:\Program Files\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{BAA29141-DEE5-4EF3-A8AE-12ED5444C31F}] => (Allow) C:\Program Files\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{434C2DB4-82D0-4886-A3A7-C94012E920A1}] => (Allow) C:\Program Files\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{019E983A-C6FC-4437-83B1-5C2399EABDD3}] => (Allow) C:\Program Files\Steam\SteamApps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{1C0E0CE3-B20C-4BC7-8BD3-F6AADD08B849}] => (Allow) C:\Program Files\Steam\SteamApps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{A1C06C6C-7C56-43AA-8AF1-6500E450AC08}] => (Allow) C:\Program Files\Steam\SteamApps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{22BB4F6C-149B-4A5D-8976-28C7A1285637}] => (Allow) C:\Program Files\Steam\SteamApps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{DC4232EA-E261-4B68-B731-1003F82A5033}] => (Allow) C:\Program Files\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{B957B4FC-7822-4937-8F09-BF6BEB05EF9B}] => (Allow) C:\Program Files\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{EC3E884F-8CD1-4BF9-A272-FDDF2A621A18}] => (Allow) C:\Program Files\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{9A63DCA3-8EF7-42FE-822B-F47DD6E3112C}] => (Allow) C:\Program Files\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{90292AB3-D8D3-4864-8D75-0446F46D14D2}] => (Allow) C:\Program Files\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{A70113C8-4758-4D9E-950E-704CE7EEFED0}] => (Allow) C:\Program Files\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [TCP Query User{D5AAC88F-E731-441C-AEA0-E891786044C2}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [uDP Query User{055A90C6-6205-41AC-AF78-42817997B153}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{80C867FC-BEE8-47B9-9750-02EFEE8D2CFC}] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{C088BDAE-06F8-4991-B14A-B41F11D69F01}] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{79EADB85-35D2-44CA-BF47-4CEF70B302CE}] => (Allow) C:\Program Files\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{2E30FB93-5883-4FC8-8FA8-253ABEE6175B}] => (Allow) C:\Program Files\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{7AA5FE00-0DB4-4D63-A2C6-8D21B2956499}] => (Allow) C:\Program Files\Steam\SteamApps\common\Gods Will Be Watching\gwbw.exe
FirewallRules: [{8BA6756F-B7A4-42B0-97B5-F9E810881AF8}] => (Allow) C:\Program Files\Steam\SteamApps\common\Gods Will Be Watching\gwbw.exe
FirewallRules: [{B4428587-44B8-4276-B580-8AE4C6E47D3D}] => (Allow) C:\Program Files\Steam\SteamApps\common\Broforce\Broforce_beta.exe
FirewallRules: [{E60CE7C3-C7DD-4018-A752-FCE9B1C65E78}] => (Allow) C:\Program Files\Steam\SteamApps\common\Broforce\Broforce_beta.exe
FirewallRules: [{ED6FF41A-2152-4A8F-91AC-96C647ADFA32}] => (Allow) C:\Program Files\Steam\SteamApps\common\POSTAL1\Postal Plus.exe
FirewallRules: [{3C77B70A-97DD-4C56-8178-3CB7B0BAC668}] => (Allow) C:\Program Files\Steam\SteamApps\common\POSTAL1\Postal Plus.exe
FirewallRules: [{90DE94D5-E07F-4C4C-A677-0CE3712CB9AF}] => (Allow) C:\Program Files\Steam\SteamApps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{30D36BB1-6EAF-4757-879A-A1EFC25C3A79}] => (Allow) C:\Program Files\Steam\SteamApps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{F90A6EBF-8F20-426C-B650-712428B4FA51}] => (Allow) C:\Program Files\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{19A53B90-2FB9-4D74-BE30-B1BB89088B4C}] => (Allow) C:\Program Files\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{3EC159B4-AB34-4619-B3F7-056BC72227D2}] => (Allow) C:\Program Files\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{09502355-5647-4DEC-9904-97A5E2773DA3}] => (Allow) C:\Program Files\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{AA98B385-3D18-42EE-BB8E-66AA5FA3732B}] => (Allow) C:\Program Files\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{840535DF-8571-4636-BB12-38F81F7BAE27}] => (Allow) C:\Program Files\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{56E3F44C-2285-40A1-A1CB-77FB60365C1B}] => (Allow) C:\Program Files\Steam\SteamApps\common\ParanauticalActivity\Paranautical Activity.exe
FirewallRules: [{53FBC451-8F07-4DCC-A635-29E686DE4DCC}] => (Allow) C:\Program Files\Steam\SteamApps\common\ParanauticalActivity\Paranautical Activity.exe
FirewallRules: [{2D6A7EAA-8639-49E6-8C49-1A93985C22D0}] => (Allow) C:\Program Files\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{C2194A3A-515E-47F1-9C34-E40A7DDE7BCA}] => (Allow) C:\Program Files\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [TCP Query User{FD100ED6-0372-431F-994F-0CB9AE223D82}C:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Block) C:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [uDP Query User{8C61640C-2E47-4453-B5A8-0374CC4A2006}C:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Block) C:\program files\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{C9A217E7-9588-449E-B938-F07A7B8C0B88}] => (Allow) C:\Program Files\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{ED04AC92-CE58-4ED1-8F25-254695509E1C}] => (Allow) C:\Program Files\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{12EE8E72-BF06-46E7-842F-A23E22661E09}] => (Allow) C:\Program Files\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{FE23C47B-91DA-413E-94F1-1CDDBA7C7370}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [uDP Query User{67B02DEE-E451-4060-BE43-0F397A14ADD8}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{5D3FC6FB-4B9B-42AF-8C76-3F99D4ABA1C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EA1B14CE-1ED2-4C00-B0B7-A86229674F47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9AECBEBE-5A37-4766-BDFB-4D691C054248}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{173498BD-CDC9-4A9E-8A0B-D7D0ACC8488F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{09139479-F9C2-443B-9F25-6514195721AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2ADB2A32-6C61-4D28-9FC7-19D3F68A52F8}] => (Allow) C:\Program Files\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E7C28BE5-0AA1-48C0-8C21-2E0B27A0D80A}] => (Allow) C:\Program Files\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{43E2B60D-4360-459C-ABED-44EAD83A6E98}] => (Allow) C:\Program Files\Steam\SteamApps\common\Fingered\nw.exe
FirewallRules: [{290000B6-0CFF-4C05-A8F2-3F0BA01A8C5F}] => (Allow) C:\Program Files\Steam\SteamApps\common\Fingered\nw.exe
FirewallRules: [{98F2D1D5-6628-4790-BEE4-AE1DE72C3FD5}] => (Allow) C:\Program Files\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{11028AD5-E1B1-4D74-90A4-C650141C3503}] => (Allow) C:\Program Files\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{5DAB7921-6ECD-4B0F-AD1D-48F6DD320137}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (3756) WebCacheLocal: Al intentar leer en el archivo "C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 262144 (0x0000000000040000) 32768 (0x00008000) bytes se produjo el error de sistema 8 (0x00000008) después de DllHost0 segundos: "Espacio de almacenamiento insuficiente para procesar este comando. ". La operación de lectura se cerrará con el error -1011 (0xfffffc0d). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
 
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (3756) WebCacheLocal: Al intentar leer en el archivo "C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 196608 (0x0000000000030000) 32768 (0x00008000) bytes se produjo el error de sistema 8 (0x00000008) después de DllHost0 segundos: "Espacio de almacenamiento insuficiente para procesar este comando. ". La operación de lectura se cerrará con el error -1011 (0xfffffc0d). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
 
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (3756) WebCacheLocal: Al intentar leer en el archivo "C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 163840 (0x0000000000028000) 32768 (0x00008000) bytes se produjo el error de sistema 8 (0x00000008) después de DllHost0 segundos: "Espacio de almacenamiento insuficiente para procesar este comando. ". La operación de lectura se cerrará con el error -1011 (0xfffffc0d). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
 
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 412) (User: )
Description: DllHost (3756) WebCacheLocal: No se puede leer el encabezado del archivo de registro C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error -1011.
 
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (3756) WebCacheLocal: Al intentar leer en el archivo "C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\V01.log", en la posición 0 (0x0000000000000000) 4096 (0x00001000) bytes se produjo el error de sistema 8 (0x00000008) después de DllHost0 segundos: "Espacio de almacenamiento insuficiente para procesar este comando. ". La operación de lectura se cerrará con el error -1011 (0xfffffc0d). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
 
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 412) (User: )
Description: DllHost (3756) WebCacheLocal: No se puede leer el encabezado del archivo de registro C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error -1011.
 
Error: (09/13/2015 08:43:00 PM) (Source: ESENT) (EventID: 481) (User: )
Description: DllHost (3756) WebCacheLocal: Al intentar leer en el archivo "C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\V01.log", en la posición 0 (0x0000000000000000) 4096 (0x00001000) bytes se produjo el error de sistema 8 (0x00000008) después de DllHost0 segundos: "Espacio de almacenamiento insuficiente para procesar este comando. ". La operación de lectura se cerrará con el error -1011 (0xfffffc0d). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
 
Error: (09/13/2015 08:42:59 PM) (Source: ESENT) (EventID: 454) (User: )
Description: DllHost (3756) WebCacheLocal: Error inesperado al recuperar o restaurar la base de datos -1011.
 
Error: (09/13/2015 08:42:59 PM) (Source: ESENT) (EventID: 408) (User: )
Description: DllHost (3756) WebCacheLocal: No se puede escribir en el registro C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error -1011 (0xfffffc0d).
 
Error: (09/13/2015 08:42:59 PM) (Source: ESENT) (EventID: 482) (User: )
Description: DllHost (3756) WebCacheLocal: Al intentar escribir en el archivo "C:\Users\PAQUITO\AppData\Local\Microsoft\Windows\WebCache\V01.log", en la posición 450560 (0x000000000006e000) 4096 (0x00001000) bytes se produjo el error de sistema 8 (0x00000008) después de DllHost0 segundos: "Espacio de almacenamiento insuficiente para procesar este comando. ". La operación de escritura se cerrará con el error -1011 (0xfffffc0d). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior.
 
 
System errors:
=============
Error: (09/18/2015 06:12:38 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
Error: (09/18/2015 06:12:38 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
Error: (09/18/2015 06:07:41 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
Error: (09/18/2015 06:07:40 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
Error: (09/18/2015 06:07:40 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
Error: (09/18/2015 06:06:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Dispositivo host de UPnP no pudo iniciarse debido al siguiente error: 
%%1069
 
Error: (09/18/2015 06:06:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: El servicio upnphost no se pudo iniciarse como NT AUTHORITY\LocalService con la contraseña configurada actualmente debido al siguiente error: 
%%1352
 
Para asegurarse de que el servicio esté correctamente configurado, use el complemento Servicios en Microsoft Management Console (MMC).
 
Error: (09/18/2015 06:06:19 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error: (09/18/2015 06:03:51 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
Error: (09/18/2015 06:03:51 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Error inesperado. Código de error: D@01010004
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon II X2 250 Processor
Percentage of memory in use: 45%
Total physical RAM: 3583.3 MB
Available physical RAM: 1963.84 MB
Total Virtual: 7164.93 MB
Available Virtual: 5460.71 MB
 
==================== Drives ================================
 
Drive c: (STEVEN) (Fixed) (Total:465.75 GB) (Free:288.82 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: 84718471)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9FD09FD0)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

post-191765-0-15312200-1442605032_thumb.

roguekiller scan txt.txt

Link to post
Share on other sites
  • Root Admin

Reset your browsers as shown below. For your application that keeps having an issue you can try reinstalling it and see if that help or not.

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer

How to reset Internet Explorer settings

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

Start by disabling Sync

How To Delete Your Google Chrome Browser Sync Data

Chrome - Reset browser settings

If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.

Link to post
Share on other sites

Reset your browsers as shown below. For your application that keeps having an issue you can try reinstalling it and see if that help or not.

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer

How to reset Internet Explorer settings

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

Start by disabling Sync

How To Delete Your Google Chrome Browser Sync Data

Chrome - Reset browser settings

If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.

One question, can I make a backup of the bookmarks of Google Chrome to recover them after the reset?

It's because I don't want to loose them if it's possible.

Link to post
Share on other sites

Yes you can make a backup of them.

Alright, while trying to reset my browser some doubts came into my mind:

 

First of all, I reseted Firefox (although as you said me, I will delete it as soon as posible as I don't use it, but Firefox has two programs, the browser and the maintenence server and I don't know if I should delete both or only one of them) and it created a folder called Old Firefox Data (or something like that, as Firefox has created it in Spanish I don't know the exact translation to English), I will keep that folder for now.

Now with Internet Explorer, in the page you linked me to, I want to do the manual reset, but after the video there's more instructions, do I need to follow them too or with doing the intructions that are before the video is enough?

And before reseting Chrome, should I login into some accounts at the state I am right now? I mean, I will need to login into the MBAM forum account, but should I log on into my e-mail?, I check it to know nothing is going wrong with any account, and to know when I got a reply in the thread and I got a phone number linked to the account for security reasons, also, would unistalling the browser reset it directly or would some data remain?, because I think I downloaded Chrome from FileHippo and, well, it was probably not a good idea, so it would be a good idea to download Chrome from the official page now that I'm going to reset it.

Do I need to reset Steam's browser too?, or does resetting Internet Explorer resets that browser too?

And finally, the PUPs that MBAM detected at the beginning that made me start the thread are still on quarantine, should I delete them alredy or should I leave them until you tell me to delete them?

 

Sorry for asking so many questions at once, and thanks.

Link to post
Share on other sites
  • Root Admin

Files in quarantine are not a threat. Typically recommend to keep in there at least a couple weeks to ensure no false positives.

You should download Chrome directly from Google not other sites.

www.google.com/chrome/

You should be able to change the home page for any browsers you're using under system settings.

Link to post
Share on other sites

Files in quarantine are not a threat. Typically recommend to keep in there at least a couple weeks to ensure no false positives.

You should download Chrome directly from Google not other sites.

www.google.com/chrome/

You should be able to change the home page for any browsers you're using under system settings.

Sorry for asking, but, is the automatic reset of Internet Explorer that I can download from https://support.microsoft.com/es-es/kb/923737safe?, since I've hearded of the keylogger on Windows 10 short ago, now I'm kind of untrustful towards Microsoft.

If that's the case, on the manual restoration there's a part that says "How to restore the configuration from Internet Explorer 9", I suposse that with IE 11 I need to follow those intructions and not the previous ones (the ones before the "How to restore the configuration from Internet Explorer 9" part).

Link to post
Share on other sites

There is no keylogger in Windows 10. Completely blown out of proportion about meta data tracking generally used to improve the performance of Windows.

The article should also show you how to manually reset IE as well.

Alright, done, also, is there any way to restore the most visited pages, I forgot two of them and I'll probably remember them at some point, but I don't know when.

Also, while doing the IE restorations this happened.

It says that the solution of Microsoft Fix it couldn't be processed, is that normal?

post-191765-0-17983300-1443459703_thumb.

Link to post
Share on other sites
  • Root Admin

No part of the clean up does clear out all that data. It will rebuild as you visit new sites. If you have specific site you like or visit you should keep a bookmark and not rely on cache to bring it back.

 

How is the computer running now ? Are there still any signs of infection or other issues ?

Link to post
Share on other sites

No part of the clean up does clear out all that data. It will rebuild as you visit new sites. If you have specific site you like or visit you should keep a bookmark and not rely on cache to bring it back.

 

How is the computer running now ? Are there still any signs of infection or other issues ?

For now I think it's running okay, although the Trojan I sended you image of has worried me a bit.

Give me a pair of days to see if anything strange happens and if that's the case I'll tel you.

Also, should I run a complete scan with all the antispyware I have to check if I detect any new infection now that you have more of less finished with this?

Link to post
Share on other sites
  • Root Admin

Not sure what antispyware you're talking about. As long as it's valid known program then should be no harm in using to scan.

I will be leaving for vacation on Thursday so I will probably close your topic tomorrow but if you do continue to have issues you can always create a new topic and have someone else assist you while I'm away or contact the help desk as well.

Thanks

Link to post
Share on other sites

Not sure what antispyware you're talking about. As long as it's valid known program then should be no harm in using to scan.

I will be leaving for vacation on Thursday so I will probably close your topic tomorrow but if you do continue to have issues you can always create a new topic and have someone else assist you while I'm away or contact the help desk as well.

Thanks

Alright, as far as now, the only weird things I've seen is that the volumes at the volume mixer have been reseted to default, and that the folder at #SharedObjects from Flash has changed name again, but the rest seems normal.

Thanks a lot for assisting me all this time.

Link to post
Share on other sites
  • Root Admin

Great looks good and you're welcome.

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

Great looks good and you're welcome.

 

At this time there are no more signs of an infection on your system.

However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.

They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

 

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

 

If there are any other left over Folders, Files, Logs then you can delete them on your own.

 

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.

How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers

How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.

Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

 

The system restoration thing, should I delete it as fast as possible because the infection could come back or I'll should just delete them to avoid using them in a future by mistake?

Also, about the Java thing, I've heard something similar is happening with Flash, should I disable it on my browser too?

And Delfix, I have Rkill, CCleaner, AdwCleaner, Malware Bytes Anti-Malware, Super Anti Spyware! and RogueKiller installed on my PC always, will that tool delete any of those programs? (I also have installed Microsoft Security Essentials, but I doubt that program deletes the only antivirus I have installed).

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.