Jump to content

Virus in boot sector?


Recommended Posts

Hi,

Im no computer genious so i signed up  hoping to have some enlightment. I recently noticed that mi desktop CPU was taking much longer to start up. The booting process was slower so I decided to clean up using Glary Utilities software. Im running windows 7 in an Asus mother board. I also noticed that the HDD led indicator was on the entire time, so i checked all running process and found that System Idle Process is up to 90. Read a few blogs and found out that this could be a virus, but most of the blogs pointed to a crawler wich could be found in the uninstall program list, but not this one.

 I tried everything, Antivirus, malaware detector, anti spam, i tried shutting down all the start up tasks but nothing. Funny thing is, i noticed the CPU boots twice, it boots normaly but right before the windows welcome screen apears it boots again. This second boot takes longer and thats when the HDD indicator goes on and it dosent even blink.

Its driving me crazy. Any ideas??

Thanks!

 

 

 

Link to post
Share on other sites

Hello and :welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

Thank U so much!

Ran the Farbar Recovery Scan Tool

here are the results

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016
Ran by Pelon (administrator) on EQUIPO_3 (17-05-2016 16:43:53)
Running from C:\Users\Pelon\Desktop
Loaded Profiles: Pelon & UpdatusUser (Available Profiles: Pelon & UpdatusUser & Juli)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\Pelon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1675142385-12572573-2060317242-1000\...\Run: [Dropbox Update] => C:\Users\Pelon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1675142385-12572573-2060317242-1000\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-30] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-02-11] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
Startup: C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Pelon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk /p \??\C:autocheck autochk *  sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 validation.sls.microsoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{6749F76F-0928-4B8E-A41E-4A4155DA36CE}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{B36D5D63-9A2B-43C8-8F41-A3D6076E8238}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1675142385-12572573-2060317242-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.mx/?gfe_rd=cr&ei=fyYjVP2nNcWBqAaTsYCIAg&gws_rd=ssl
HKU\S-1-5-21-1675142385-12572573-2060317242-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://prodigy.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = 
SearchScopes: HKU\S-1-5-21-1675142385-12572573-2060317242-1000 -> {0E1B6E65-3D36-410D-AB33-CD7FCC7733D3} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-09] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-09] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-09] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-09] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)

FireFox:
========
FF ProfilePath: C:\Users\Pelon\AppData\Roaming\Mozilla\Firefox\Profiles\4yc9zo8n.default
FF DefaultSearchEngine: V9
FF SearchEngineOrder.1: V9
FF SelectedSearchEngine: V9
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-02-11] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-02-11] (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolibre-mx.xml [2014-11-13]
FF Extension: Greasemonkey - C:\Users\Pelon\AppData\Roaming\Mozilla\Firefox\Profiles\4yc9zo8n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-12-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-16]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://websearch.fixsearch.info/?pid=3187&r=2014/09/01&hid=6650560944111525800&lg=EN&cc=MX&unqvl=61"
CHR Profile: C:\Users\Pelon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Búsqueda de Google) - C:\Users\Pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-11]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\Pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-12]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Gmail) - C:\Users\Pelon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-20] (Avast Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-10-14] (Glarysoft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2014-02-05] ()
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-20] (AVAST Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-20] (Avast Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-17 16:43 - 2016-05-17 16:44 - 00020165 _____ C:\Users\Pelon\Desktop\FRST.txt
2016-05-17 16:43 - 2016-05-17 16:43 - 00000000 ____D C:\FRST
2016-05-17 16:43 - 2016-05-16 15:59 - 02382336 _____ (Farbar) C:\Users\Pelon\Desktop\FRST64.exe
2016-05-17 14:53 - 2016-05-17 14:53 - 00029714 _____ C:\Users\Pelon\Downloads\Comprobante (63).pdf
2016-05-17 14:51 - 2016-05-17 14:51 - 00029704 _____ C:\Users\Pelon\Downloads\Comprobante (62).pdf
2016-05-17 12:35 - 2016-05-13 11:25 - 01610816 _____ (Malwarebytes) C:\Users\Pelon\Desktop\JRT.exe
2016-05-17 12:35 - 2016-05-13 11:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Pelon\Desktop\rkill.exe
2016-05-16 18:18 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-05-16 18:16 - 2016-05-16 19:11 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-16 18:16 - 2016-05-16 18:29 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-16 18:16 - 2016-05-16 18:16 - 00001398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-05-16 18:16 - 2016-05-16 18:16 - 00001386 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-05-16 18:16 - 2016-05-16 18:16 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-05-16 18:16 - 2016-05-16 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-05-16 18:16 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-05-16 18:14 - 2016-05-16 18:15 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Pelon\Downloads\spybot-2.4.exe
2016-05-16 18:11 - 2016-05-16 18:14 - 00404106 _____ C:\TDSSKiller.3.1.0.9_16.05.2016_18.11.48_log.txt
2016-05-16 17:09 - 2016-05-16 18:11 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Pelon\Downloads\tdsskiller.exe
2016-05-16 16:59 - 2016-05-16 16:59 - 00001889 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-05-16 16:59 - 2016-05-16 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-05-16 16:59 - 2015-11-10 13:19 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw437.tmp
2016-05-16 16:59 - 2015-11-10 13:19 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswDFC.tmp
2016-05-16 16:59 - 2015-07-20 12:29 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-05-16 16:59 - 2015-07-20 12:29 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFB2.tmp
2016-05-16 16:59 - 2015-07-20 12:29 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\asw1119.tmp
2016-05-16 16:59 - 2015-07-20 12:29 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\asw763.tmp
2016-05-16 16:59 - 2015-07-20 12:29 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswAAF.tmp
2016-05-16 16:59 - 2015-07-20 12:29 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC56.tmp
2016-05-16 16:59 - 2015-07-20 12:29 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8EA.tmp
2016-05-16 16:59 - 2015-07-20 12:25 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\ngv8E.tmp
2016-05-16 16:19 - 2016-05-17 14:14 - 00000000 ____D C:\Windows\pss
2016-05-16 10:06 - 2016-05-17 16:13 - 00003650 _____ C:\Users\Pelon\Desktop\JRT.txt
2016-05-16 09:59 - 2016-05-17 12:36 - 00002150 _____ C:\Users\Pelon\Desktop\Rkill.txt
2016-05-16 09:37 - 2016-05-16 09:40 - 16276912 _____ C:\Users\Pelon\Downloads\Glary_Utilities_v5.51.0.71.exe
2016-05-16 09:36 - 2016-05-16 09:36 - 00000000 ____D C:\Users\Pelon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-13 17:46 - 2016-05-13 17:46 - 00429087 _____ C:\Users\Juli\Downloads\CHIAPAS 151 OFICINA.pdf
2016-05-13 17:46 - 2016-05-13 17:46 - 00429087 _____ C:\Users\Juli\Desktop\CHIAPAS 151 OFICINA.pdf
2016-05-13 17:45 - 2016-05-13 17:45 - 01353729 _____ C:\Users\Juli\Desktop\ZAC 198 PH VISTA.pdf
2016-05-13 17:43 - 2016-05-13 14:05 - 52259113 _____ C:\Users\Juli\Desktop\estudio PH ESTRCUTURA feb 2016.skb
2016-05-13 17:08 - 2016-05-13 17:08 - 02901255 _____ C:\Users\Juli\Desktop\ZAC 198 PH.pdf
2016-05-13 16:04 - 2016-05-13 18:03 - 53597175 _____ C:\Users\Juli\Desktop\ESTUDIO 03-03.layout
2016-05-13 16:04 - 2016-05-13 17:40 - 53593249 _____ C:\Users\Juli\Desktop\Backup of ESTUDIO 03-03.layout
2016-05-13 14:05 - 2016-05-13 17:44 - 52259113 _____ C:\Users\Juli\Desktop\estudio PH ESTRCUTURA feb 2016.skp
2016-05-12 18:01 - 2016-05-12 18:01 - 00057595 _____ C:\Users\Juli\Desktop\CARP ZAC198.pdf
2016-05-12 14:25 - 2016-05-12 14:25 - 00199791 _____ C:\Users\Juli\Desktop\camellon yucatan prop SEMOVImayo Layout1 carta 3.pdf
2016-05-12 14:24 - 2016-05-12 14:24 - 00487099 _____ C:\Users\Juli\Desktop\camellon yucatan prop SEMOVImayo Layout1 carta 1.pdf
2016-05-12 14:24 - 2016-05-12 14:24 - 00410130 _____ C:\Users\Juli\Desktop\camellon yucatan prop SEMOVImayo Layout1 carta 2.pdf
2016-05-12 14:18 - 2016-05-12 14:18 - 00256956 _____ C:\Users\Juli\Desktop\camellon yucatan prop SEMOVImayo Layout1 (3).pdf
2016-05-12 14:17 - 2016-05-12 14:17 - 00488204 _____ C:\Users\Juli\Desktop\camellon yucatan prop SEMOVImayo Layout1 (2).pdf
2016-05-12 14:16 - 2016-05-12 14:16 - 00575820 _____ C:\Users\Juli\Desktop\camellon yucatan prop SEMOVImayo Layout1 (1).pdf
2016-05-12 13:09 - 2016-05-12 13:09 - 00000000 ____D C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-12 08:39 - 2016-05-09 00:23 - 00033976 ____N C:\Users\Pelon\Downloads\160509.ADCW.0000590.BAAA860527AW2.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-05-09 00:23 - 00005437 ____N C:\Users\Pelon\Downloads\160509.ADCW.0000590.BAAA860527AW2.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-05-06 11:30 - 00033945 ____N C:\Users\Pelon\Downloads\160506.AYLZ.0000130.AOSV751103MJ8.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-05-06 11:30 - 00033664 ____N C:\Users\Pelon\Downloads\160506.CRU.0002367.CAQM810907IL5.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-05-06 11:30 - 00005102 ____N C:\Users\Pelon\Downloads\160506.AYLZ.0000130.AOSV751103MJ8.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-05-06 11:30 - 00004584 ____N C:\Users\Pelon\Downloads\160506.CRU.0002367.CAQM810907IL5.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-05-04 03:22 - 00033884 ____N C:\Users\Pelon\Downloads\160504.BEGF.0000197.EIJJ8809148H1.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-05-04 03:22 - 00033707 ____N C:\Users\Pelon\Downloads\160504.BFET.0000171.DEER681112QQ6.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-05-04 03:22 - 00005405 ____N C:\Users\Pelon\Downloads\160504.BEGF.0000197.EIJJ8809148H1.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-05-04 03:22 - 00004556 ____N C:\Users\Pelon\Downloads\160504.BFET.0000171.DEER681112QQ6.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-05-03 16:16 - 00033665 ____N C:\Users\Pelon\Downloads\160503.IGE.0000615.RICF810808EF6.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-05-03 16:16 - 00004535 ____N C:\Users\Pelon\Downloads\160503.IGE.0000615.RICF810808EF6.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-04-21 21:06 - 00034361 ____N C:\Users\Pelon\Downloads\160421.BXYM.0000066.GAER6806076C4.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-04-21 21:06 - 00034159 ____N C:\Users\Pelon\Downloads\160421.YBM.0000208.PUIA840304GB5.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-04-21 21:06 - 00034138 ____N C:\Users\Pelon\Downloads\160421.AJOS.0000292.ROFO691019BP4.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-04-21 21:06 - 00034130 ____N C:\Users\Pelon\Downloads\160421.BCKB.0000100.GAAD830711FC8.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-04-21 21:06 - 00034106 ____N C:\Users\Pelon\Downloads\160421.AVWU.0000029.EISG641125HX8.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-04-21 21:06 - 00034088 ____N C:\Users\Pelon\Downloads\160421.AQUV.0243728.DSA130408AM2.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-04-21 21:06 - 00034034 ____N C:\Users\Pelon\Downloads\160421.FRP.0001087.SACP891030GVA.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-04-21 21:06 - 00034005 ____N C:\Users\Pelon\Downloads\160421.AQUV.0243730.DSA130408AM2.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-04-21 21:06 - 00033926 ____N C:\Users\Pelon\Downloads\160421.ERJ.0000761.PUVC601104515.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-04-21 21:06 - 00033900 ____N C:\Users\Pelon\Downloads\160421.EOB.0000248.CARE6412236W6.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-04-21 21:06 - 00033877 ____N C:\Users\Pelon\Downloads\160421.BOWI.0000071.TTI120503IV4.AEAI760604QE9.pdf
2016-05-12 08:39 - 2016-04-21 21:06 - 00005474 ____N C:\Users\Pelon\Downloads\160421.BXYM.0000066.GAER6806076C4.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-04-21 21:06 - 00005445 ____N C:\Users\Pelon\Downloads\160421.YBM.0000208.PUIA840304GB5.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-04-21 21:06 - 00005428 ____N C:\Users\Pelon\Downloads\160421.AVWU.0000029.EISG641125HX8.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-04-21 21:06 - 00005401 ____N C:\Users\Pelon\Downloads\160421.BCKB.0000100.GAAD830711FC8.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-04-21 21:06 - 00005385 ____N C:\Users\Pelon\Downloads\160421.AJOS.0000292.ROFO691019BP4.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-04-21 21:06 - 00005201 ____N C:\Users\Pelon\Downloads\160421.AQUV.0243728.DSA130408AM2.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-04-21 21:06 - 00005184 ____N C:\Users\Pelon\Downloads\160421.AQUV.0243730.DSA130408AM2.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-04-21 21:06 - 00004593 ____N C:\Users\Pelon\Downloads\160421.EOB.0000248.CARE6412236W6.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-04-21 21:06 - 00004551 ____N C:\Users\Pelon\Downloads\160421.BOWI.0000071.TTI120503IV4.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-04-21 21:06 - 00004544 ____N C:\Users\Pelon\Downloads\160421.FRP.0001087.SACP891030GVA.AEAI760604QE9.xml
2016-05-12 08:39 - 2016-04-21 21:06 - 00004531 ____N C:\Users\Pelon\Downloads\160421.ERJ.0000761.PUVC601104515.AEAI760604QE9.xml
2016-05-11 13:19 - 2016-05-11 13:19 - 00434151 _____ C:\Users\Juli\Desktop\PE45B IH 1.20 isometrico.pdf
2016-05-11 12:03 - 2016-04-23 12:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 12:03 - 2016-04-23 11:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 12:03 - 2016-04-23 00:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 12:03 - 2016-04-23 00:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 12:03 - 2016-04-23 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 12:03 - 2016-04-23 00:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 12:03 - 2016-04-23 00:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 12:03 - 2016-04-23 00:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 12:03 - 2016-04-23 00:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 12:03 - 2016-04-23 00:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 12:03 - 2016-04-23 00:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 12:03 - 2016-04-22 23:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 12:03 - 2016-04-22 23:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 12:03 - 2016-04-22 23:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 12:03 - 2016-04-22 23:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 12:03 - 2016-04-22 23:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 12:03 - 2016-04-22 23:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 12:03 - 2016-04-22 23:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 12:03 - 2016-04-22 23:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 12:03 - 2016-04-22 23:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 12:03 - 2016-04-22 23:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 12:03 - 2016-04-22 23:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 12:03 - 2016-04-22 23:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 12:03 - 2016-04-22 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 12:03 - 2016-04-22 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 12:03 - 2016-04-22 23:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 12:03 - 2016-04-22 23:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 12:03 - 2016-04-22 23:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 12:03 - 2016-04-22 23:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 12:03 - 2016-04-22 23:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 12:03 - 2016-04-22 23:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 12:03 - 2016-04-22 23:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 12:03 - 2016-04-22 23:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 12:03 - 2016-04-22 23:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 12:03 - 2016-04-22 23:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 12:03 - 2016-04-22 23:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 12:03 - 2016-04-22 23:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 12:03 - 2016-04-22 23:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 12:03 - 2016-04-22 23:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 12:03 - 2016-04-22 23:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 12:03 - 2016-04-22 23:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 12:03 - 2016-04-22 23:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 12:03 - 2016-04-22 23:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 12:03 - 2016-04-22 22:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 12:03 - 2016-04-22 22:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 12:03 - 2016-04-22 22:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 12:03 - 2016-04-22 22:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 12:03 - 2016-04-22 22:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 12:03 - 2016-04-22 22:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 12:03 - 2016-04-22 22:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 12:03 - 2016-04-22 22:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 12:03 - 2016-04-22 22:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 12:03 - 2016-04-22 22:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 12:03 - 2016-04-22 22:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 12:03 - 2016-04-22 22:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 12:03 - 2016-04-22 22:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 12:03 - 2016-04-22 22:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 12:03 - 2016-04-22 22:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 12:03 - 2016-04-22 22:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 12:03 - 2016-04-22 22:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 12:03 - 2016-04-22 22:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 12:03 - 2016-04-22 22:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 12:03 - 2016-04-22 22:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 12:03 - 2016-04-22 22:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 12:03 - 2016-04-22 22:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 12:03 - 2016-04-22 22:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 12:03 - 2016-04-14 08:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 12:03 - 2016-04-14 08:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 12:03 - 2016-04-09 02:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 12:03 - 2016-04-09 02:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 12:03 - 2016-04-09 01:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 12:03 - 2016-04-09 01:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 12:03 - 2016-04-09 01:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 12:03 - 2016-04-09 01:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 12:03 - 2016-04-09 01:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 12:03 - 2016-04-09 00:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 12:03 - 2016-04-06 10:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 12:03 - 2016-03-09 13:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 12:03 - 2016-03-09 13:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 12:02 - 2016-04-09 02:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 12:02 - 2016-04-09 02:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 12:02 - 2016-04-09 02:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 12:02 - 2016-04-09 02:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 12:02 - 2016-04-09 02:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 12:02 - 2016-04-09 01:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 12:02 - 2016-04-09 01:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 12:02 - 2016-04-09 01:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 12:02 - 2016-04-09 01:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 00:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 12:02 - 2016-04-09 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 12:02 - 2016-04-09 00:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 12:02 - 2016-04-09 00:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 12:02 - 2016-04-09 00:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 12:02 - 2016-04-09 00:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 12:02 - 2016-04-09 00:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 12:02 - 2016-04-09 00:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 12:02 - 2016-04-09 00:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 12:02 - 2016-04-09 00:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 12:02 - 2016-04-09 00:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 12:02 - 2016-04-09 00:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 12:02 - 2016-04-09 00:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 12:02 - 2016-04-09 00:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 12:02 - 2016-04-09 00:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 12:02 - 2016-04-09 00:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 12:02 - 2016-04-09 00:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 12:02 - 2016-04-09 00:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 00:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 00:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 12:02 - 2016-04-09 00:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 12:02 - 2016-04-08 23:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 12:02 - 2016-04-08 22:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 10:41 - 2016-05-11 10:41 - 00028731 _____ C:\Users\Juli\Downloads\pestalozzi (1).xlsx
2016-05-10 15:07 - 2016-05-10 15:07 - 00470701 _____ C:\Users\Juli\Desktop\YU PROPUESTA.pdf
2016-05-10 15:06 - 2016-05-10 15:06 - 00255299 _____ C:\Users\Juli\Desktop\YU CORTEA.pdf
2016-05-10 14:50 - 2016-05-10 14:50 - 00470595 _____ C:\Users\Juli\Desktop\YU EDO.ACTUAL.pdf
2016-05-10 11:18 - 2016-05-10 15:04 - 13316319 _____ C:\Users\Juli\Downloads\camellon yucatan prop SEMOVImayo.bak
2016-05-10 11:17 - 2016-05-10 15:08 - 13547732 _____ C:\Users\Juli\Desktop\camellon yucatan prop SEMOVImayo.dwg
2016-05-10 11:06 - 2016-05-10 15:05 - 13437457 _____ C:\Users\Juli\Downloads\camellon yucatan prop SEMOVImayo.dwg
2016-05-09 16:19 - 2016-05-09 16:19 - 00374181 _____ C:\Users\Pelon\Downloads\2016.04.21-21.06.33.CFDI.AEAI760604QE9.571987298a1d9.zip
2016-05-09 16:19 - 2016-05-09 16:19 - 00067580 _____ C:\Users\Pelon\Downloads\2016.05.04-03.20.02.CFDI.AEAI760604QE9.5729b159530b3.zip
2016-05-09 16:19 - 2016-05-09 16:19 - 00033323 _____ C:\Users\Pelon\Downloads\2016.05.03-16.15.02.CFDI.AEAI760604QE9.572915418943f.zip
2016-05-09 16:17 - 2016-05-09 16:17 - 00067312 _____ C:\Users\Pelon\Downloads\2016.05.06-11.30.01.CFDI.AEAI760604QE9.572cc6b502a5a.zip
2016-05-09 16:16 - 2016-05-09 16:16 - 00034216 _____ C:\Users\Pelon\Downloads\2016.05.09-00.20.02.CFDI.AEAI760604QE9.57301eec2965b.zip
2016-05-09 15:54 - 2016-05-09 15:54 - 00028913 _____ C:\Users\Pelon\Downloads\Comprobante (61).pdf
2016-05-09 15:46 - 2016-05-09 15:46 - 00029250 _____ C:\Users\Pelon\Downloads\Comprobante (60).pdf
2016-05-09 15:45 - 2016-05-09 15:45 - 00029250 _____ C:\Users\Pelon\Downloads\Comprobante (59).pdf
2016-05-04 18:02 - 2016-05-04 18:02 - 00240257 _____ C:\Users\Juli\Desktop\CHIA 9.0 PROPUESTA oficina-Layout1.pdf
2016-05-04 17:55 - 2016-05-04 17:55 - 00046364 _____ C:\Users\Juli\Desktop\Doble carta PIE HORIZONTAL VS.dwg
2016-05-04 12:33 - 2016-05-04 12:31 - 00181275 _____ C:\Users\Juli\Desktop\3pn.bak
2016-05-04 12:31 - 2016-05-04 12:31 - 00178371 _____ C:\Users\Juli\Desktop\2pb.bak
2016-05-04 12:30 - 2016-05-04 12:30 - 00092726 _____ C:\Users\Juli\Desktop\1sota.bak
2016-05-04 12:17 - 2016-05-04 12:30 - 00092726 _____ C:\Users\Juli\Desktop\1sota.dwg
2016-05-04 11:17 - 2016-05-04 18:04 - 00178371 _____ C:\Users\Juli\Desktop\2pb.dwg
2016-05-04 11:12 - 2016-05-04 12:33 - 00187497 _____ C:\Users\Juli\Desktop\3pn.dwg
2016-05-03 18:28 - 2016-05-03 18:30 - 15088606 _____ C:\Users\Juli\Desktop\DON.pdf
2016-05-03 18:23 - 2016-05-03 18:25 - 00345158 _____ C:\Users\Juli\Desktop\DON.CALAS-Layout1.pdf
2016-05-02 17:26 - 2016-05-02 17:26 - 00762276 _____ C:\Users\Juli\Desktop\Trámite-INAH-00-017.pdf
2016-05-02 17:22 - 2016-05-02 17:22 - 00171971 _____ C:\Users\Juli\Desktop\INAH 00-017.PDF
2016-05-02 16:50 - 2016-05-02 16:50 - 00385351 _____ C:\Users\Juli\Downloads\Querétaro CASAS300.pdf
2016-04-29 13:09 - 2016-05-11 11:36 - 15164529 _____ C:\Users\Juli\Desktop\escal AZC.skb
2016-04-29 13:07 - 2016-05-11 13:21 - 15164529 _____ C:\Users\Juli\Desktop\escal AZC.skp
2016-04-28 17:41 - 2016-04-28 17:41 - 00015009 _____ C:\Users\Pelon\Downloads\[kat.cr]microsoft.project.2016.x64.pro.vl.multi.17.apr.2016.gen2 (1).torrent
2016-04-28 17:38 - 2016-05-16 10:55 - 00000000 ____D C:\Users\Pelon\Downloads\Microsoft Project 2016 x64 Pro VL Multi-17 Apr 2016 {Gen2}
2016-04-28 17:37 - 2016-04-28 17:37 - 00015009 _____ C:\Users\Pelon\Downloads\[kat.cr]microsoft.project.2016.x64.pro.vl.multi.17.apr.2016.gen2.torrent
2016-04-27 18:08 - 2016-04-27 16:56 - 00411732 _____ C:\Users\Juli\Downloads\camellon yucatan.bak
2016-04-27 16:56 - 2016-04-27 18:08 - 00411732 _____ C:\Users\Juli\Downloads\camellon yucatan.dwg
2016-04-26 11:10 - 2016-04-26 11:10 - 00249472 _____ C:\Users\Juli\Downloads\JALAPA 68 Cocina 2 muebles.pdf
2016-04-26 11:06 - 2016-04-26 11:06 - 00112499 _____ C:\Users\Juli\Desktop\Presupuesto Preliminar Jalapa 68.pdf
2016-04-26 10:24 - 2016-04-26 10:24 - 00119896 _____ C:\Users\Juli\Downloads\Corte Jalapa 68 al 25ABR16.pdf
2016-04-22 17:11 - 2016-04-22 17:11 - 00140307 _____ C:\Users\Pelon\Downloads\Presupuesto Preliminar Jalapa 68 ACTUALIZADO abril.pdf
2016-04-22 15:26 - 2016-04-22 15:26 - 00132615 _____ C:\Users\Pelon\Downloads\PPTO #1 COCINA JALAPA.xlsx
2016-04-21 14:53 - 2016-04-21 14:53 - 10541894 _____ C:\Users\Juli\Downloads\103755_Reglamento de Construccion DF. 2005 (1).pdf
2016-04-21 12:07 - 2016-04-21 12:07 - 10541894 _____ C:\Users\Juli\Downloads\103755_Reglamento de Construccion DF. 2005.pdf
2016-04-21 12:07 - 2016-04-21 12:07 - 10541894 _____ C:\Users\Juli\Desktop\Reglamento de Construccion DF. 2005.pdf
2016-04-20 13:49 - 2016-04-20 13:49 - 01834132 _____ C:\Users\Juli\Desktop\Jalapa Acabados.pdf
2016-04-20 13:07 - 2016-04-20 13:08 - 27203644 _____ C:\Users\Juli\Desktop\ACABADOS Jalapa.layout
2016-04-20 13:07 - 2016-04-20 13:07 - 00000000 _____ C:\Users\Juli\Desktop\Backup of ACABADOS Jalapa.layout
2016-04-19 18:03 - 2016-04-19 18:03 - 25250991 _____ C:\Users\Juli\Desktop\ACABADOS.psd
2016-04-19 16:55 - 2016-04-19 16:55 - 08951609 _____ C:\Users\Juli\Downloads\Catalogo-Optima-2016.pdf
2016-04-19 16:55 - 2016-04-19 16:55 - 00093439 _____ C:\Users\Juli\Downloads\0
2016-04-18 16:01 - 2016-04-18 16:04 - 13321325 _____ C:\Users\Juli\Downloads\LEV- CALLE PRIMAVERA 120 AZCAPOTZALCO ENTREGA FINAL ABRIL-2016dwg.dwg
2016-04-18 16:01 - 2016-04-18 16:01 - 20066892 _____ C:\Users\Juli\Downloads\LEV- CALLE PRIMAVERA 120 AZCAPOTZALCO ENTREGA FINAL ABRIL-2016dwg.bak
2016-04-18 14:51 - 2016-05-13 12:10 - 00002145 _____ C:\Users\Juli\Desktop\AZCAPOTZALCO 120 - Acceso directo.lnk
2016-04-18 12:12 - 2016-04-18 12:12 - 00132615 _____ C:\Users\Juli\Downloads\PPTO #1 COCINA JALAPA (1).xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-17 16:43 - 2015-03-04 11:57 - 00000000 ___RD C:\Users\Pelon\Dropbox
2016-05-17 16:16 - 2014-01-31 13:47 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-17 16:14 - 2009-07-13 23:45 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-17 16:14 - 2009-07-13 23:45 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-17 16:13 - 2014-02-07 12:39 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-17 16:01 - 2014-02-07 12:38 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-17 16:01 - 2014-02-07 12:38 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-17 15:48 - 2015-06-16 18:36 - 00000960 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1675142385-12572573-2060317242-1000UA.job
2016-05-17 15:45 - 2015-07-24 12:40 - 00000956 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1675142385-12572573-2060317242-1002UA.job
2016-05-17 14:16 - 2014-02-07 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-05-17 14:12 - 2014-02-15 12:40 - 00000000 ____D C:\Users\Pelon\AppData\Roaming\BitTorrent
2016-05-17 14:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-05-17 13:38 - 2014-06-26 10:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-17 12:48 - 2015-06-16 18:36 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1675142385-12572573-2060317242-1000Core.job
2016-05-17 12:45 - 2015-07-24 12:40 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1675142385-12572573-2060317242-1002Core.job
2016-05-17 12:34 - 2014-06-04 09:26 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-05-17 12:25 - 2014-02-07 13:22 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2016-05-17 03:17 - 2014-01-30 15:42 - 00000000 ____D C:\Windows\system32\MRT
2016-05-17 03:00 - 2014-01-30 15:42 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-16 22:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-05-16 22:10 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-16 22:09 - 2014-01-30 18:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-16 18:18 - 2015-12-03 11:26 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-16 17:00 - 2014-02-07 12:39 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-16 17:00 - 2014-01-30 18:44 - 00000000 ____D C:\Users\UpdatusUser
2016-05-16 16:59 - 2014-01-30 15:15 - 00000000 ____D C:\Users\Pelon
2016-05-16 14:44 - 2015-02-09 17:15 - 00000000 ____D C:\Users\Pelon\AppData\Local\ElevatedDiagnostics
2016-05-16 10:58 - 2015-07-31 14:55 - 00000000 ____D C:\Users\Juli\AppData\Local\Spotify
2016-05-16 10:55 - 2015-12-03 11:26 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-05-16 10:55 - 2015-02-28 15:09 - 00000000 ____D C:\Users\Juli
2016-05-16 10:55 - 2014-04-01 11:22 - 00000000 ____D C:\Users\Pelon\AppData\LocalLow\Google
2016-05-16 10:55 - 2009-07-14 05:10 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-05-16 10:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-05-16 09:42 - 2014-06-04 09:26 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2016-05-16 09:41 - 2014-06-04 09:26 - 00003312 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2016-05-16 09:41 - 2014-06-04 09:26 - 00002972 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2016-05-16 09:36 - 2014-08-21 11:57 - 00000000 ____D C:\Users\Pelon\AppData\Roaming\Dropbox
2016-05-13 18:02 - 2015-07-31 14:55 - 00000000 ____D C:\Users\Juli\AppData\Roaming\Spotify
2016-05-13 12:53 - 2014-02-07 17:49 - 00000000 ____D C:\Users\Pelon\Documents\ARQFORM
2016-05-13 12:10 - 2016-04-06 13:23 - 00002096 _____ C:\Users\Juli\Desktop\JALAPA 68 - Acceso directo.lnk
2016-05-13 10:41 - 2015-07-24 12:46 - 00000000 ___RD C:\Users\Juli\Dropbox
2016-05-12 16:16 - 2014-01-31 13:47 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-12 16:16 - 2014-01-31 13:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 16:16 - 2014-01-31 13:47 - 00003776 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-12 13:09 - 2015-07-24 12:41 - 00000000 ____D C:\Users\Juli\AppData\Roaming\Dropbox
2016-05-12 11:03 - 2014-12-11 10:46 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 09:01 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\addins
2016-05-12 08:26 - 2009-07-14 04:31 - 00747396 _____ C:\Windows\system32\perfh00A.dat
2016-05-12 08:26 - 2009-07-14 04:31 - 00158868 _____ C:\Windows\system32\perfc00A.dat
2016-05-12 08:26 - 2009-07-14 00:13 - 01676890 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-12 08:22 - 2014-02-06 12:26 - 05185784 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 04:38 - 2009-07-14 05:11 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 04:38 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-05-12 04:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2016-05-11 13:07 - 2015-04-30 18:32 - 00000000 ____D C:\Users\Public\Downloads\OTK2010V217B1
2016-05-10 11:06 - 2015-03-10 14:35 - 00000000 ____D C:\Users\Juli\AppData\Local\cache
2016-05-09 13:17 - 2015-04-06 14:25 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-09 13:17 - 2015-04-06 14:25 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-03 15:56 - 2014-02-07 12:38 - 00004032 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-03 15:56 - 2014-02-07 12:38 - 00003780 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-02 18:11 - 2014-01-31 11:41 - 01650540 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-02 16:49 - 2015-03-31 17:59 - 00000000 ____D C:\Users\Juli\Desktop\julieta
2016-04-29 19:04 - 2015-06-01 18:31 - 00000000 ____D C:\Users\Pelon\AppData\Local\Spotify
2016-04-29 19:03 - 2015-06-01 18:31 - 00000000 ____D C:\Users\Pelon\AppData\Roaming\Spotify
2016-04-29 18:38 - 2014-02-07 18:43 - 00000000 ____D C:\Windows\Minidump
2016-04-22 15:19 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-04-21 15:05 - 2014-01-30 15:36 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-07-21 18:23 - 2015-07-21 18:27 - 0000132 _____ () C:\Users\Pelon\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-03-08 15:55 - 2014-03-08 16:09 - 0099384 _____ () C:\Users\Pelon\AppData\Roaming\inst.exe
2014-03-08 15:55 - 2014-03-08 16:09 - 0007859 _____ () C:\Users\Pelon\AppData\Roaming\pcouffin.cat
2014-03-08 15:55 - 2014-03-08 16:09 - 0001167 _____ () C:\Users\Pelon\AppData\Roaming\pcouffin.inf
2014-03-08 15:55 - 2014-03-08 16:09 - 0000055 _____ () C:\Users\Pelon\AppData\Roaming\pcouffin.log
2014-03-08 15:55 - 2014-03-08 16:09 - 0082816 _____ (VSO Software) C:\Users\Pelon\AppData\Roaming\pcouffin.sys
2014-06-25 19:18 - 2014-06-26 09:45 - 0000092 _____ () C:\Users\Pelon\AppData\Roaming\regsvr32.exe_log.txt
2014-12-01 10:04 - 2014-12-01 10:04 - 0000000 _____ () C:\Users\Pelon\AppData\Roaming\RSDevID.fig
2014-12-01 10:04 - 2015-07-18 13:01 - 0000019 _____ () C:\Users\Pelon\AppData\Roaming\RSIdAndPort.fig
2014-12-01 10:04 - 2016-02-16 15:46 - 0000033 _____ () C:\Users\Pelon\AppData\Roaming\RSIpAndPort.fig
2014-03-08 16:10 - 2014-03-08 17:50 - 0001189 _____ () C:\Users\Pelon\AppData\Roaming\vso_ts_preview.xml
2014-07-01 11:48 - 2014-07-01 15:00 - 0000600 _____ () C:\Users\Pelon\AppData\Roaming\winscp.rnd
2014-02-25 14:03 - 2014-02-25 14:12 - 0001456 _____ () C:\Users\Pelon\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2014-05-01 12:01 - 2015-06-04 20:27 - 0001456 _____ () C:\Users\Pelon\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-01 14:58 - 2014-07-01 14:58 - 0000600 _____ () C:\Users\Pelon\AppData\Local\PUTTY.RND
2015-09-07 11:45 - 2015-09-07 11:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-12-01 10:04 - 2015-11-11 19:13 - 0000281 _____ () C:\ProgramData\RSUserCfg.ini

Some files in TEMP:
====================
C:\Users\Juli\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmyskff.dll
C:\Users\Juli\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\Juli\AppData\Local\Temp\{130BA19D-13B6-4931-84A5-F97EF30BFEC4}-DropboxClient_3.14.7.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-09 13:54

==================== End of FRST.txt ============================

 

 

and the addition....

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-05-2016
Ran by Pelon (2016-05-17 16:44:34)
Running from C:\Users\Pelon\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-01-30 20:15:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1675142385-12572573-2060317242-500 - Administrator - Disabled)
Invitado (S-1-5-21-1675142385-12572573-2060317242-501 - Limited - Enabled)
Juli (S-1-5-21-1675142385-12572573-2060317242-1002 - Limited - Enabled) => C:\Users\Juli
Pelon (S-1-5-21-1675142385-12572573-2060317242-1000 - Administrator - Enabled) => C:\Users\Pelon
UpdatusUser (S-1-5-21-1675142385-12572573-2060317242-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Actualización de NVIDIA 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced IP Scanner 2.4 (HKLM-x32\...\{8722FA10-A89E-4107-AE30-26D815330A38}) (Version: 2.4.2526 - Famatech)
Apple Application Support (32 bits) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
BitTorrent (HKU\S-1-5-21-1675142385-12572573-2060317242-1000\...\BitTorrent) (Version: 7.9.6.42095 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}) (Version: 3.1.9 - Canon)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
ConvertXtoDVD 4.1.7.343 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.7.343 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disk SpeedUp 1.4.0.888 (HKLM-x32\...\Disk SpeedUp) (Version: 1.4.0.888 - Glarysoft Ltd)
Dropbox (HKU\S-1-5-21-1675142385-12572573-2060317242-1000\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
ffdshow v1.1.3572 [2010-09-13] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3572.0 - )
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Glary Utilities 5.51 (HKLM-x32\...\Glary Utilities 5) (Version: 5.51.0.71 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HP Officejet 7110 series Software básico del dispositivo (HKLM\...\{1E5C9671-F7FF-4B83-B91C-B42D8F4E16D8}) (Version: 29.1.971.39251 - Hewlett-Packard Co.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Incomedia WebSite X5 v11 - Free (HKLM-x32\...\{28F47AC9-1912-4494-96FA-C50390077FA7}_is1) (Version: 11.0.4.21 - Incomedia s.r.l.)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java SE Development Kit 7 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Lorex_Stratus_Client1 (HKLM-x32\...\{4332B198-445E-4D5C-80D3-D2ABE451EC68}) (Version: 1.1.1186.0 - Lorex)
Malwarebytes Anti-Malware versión 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1675142385-12572573-2060317242-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 es-MX)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA Controlador de 3D Vision 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
Panel de control de NVIDIA 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoStitch (x32 Version: 3.1.9 - Canon) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPRO_{DC528101-617D-4E9F-B131-F8F8C52E649B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0057-0000-1000-0000000FF1CE}_Office14.VISIO_{3C578F10-F74F-4655-B2A6-9F88A6C415E8}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Spotify (HKU\S-1-5-21-1675142385-12572573-2060317242-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SU Podium V2 2.7 (HKLM-x32\...\SU Podium V2_is1) (Version:  - Cadalog Inc.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}) (Version: 18.0.11023 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1675142385-12572573-2060317242-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Pelon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0296F50C-9856-4973-8F79-D9E299641504} - System32\Tasks\{84F2AB7C-67E3-4856-A903-D67AB86A72FC} => pcalua.exe -a C:\Users\Pelon\Downloads\personas.exe -d C:\Users\Pelon\Downloads
Task: {029B3FCA-F993-4E6A-849A-2241EABB81DF} - System32\Tasks\{42B4A892-38FA-4237-8DA5-F3A2CB55F26A} => pcalua.exe -a C:\Users\Pelon\Downloads\construcción.exe -d C:\Users\Pelon\Downloads
Task: {0BA637E9-A19C-443A-8799-6D76ADE7AA9E} - System32\Tasks\AdobeAAMUpdater-1.0-EQUIPO_3-Pelon => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {0DE14ED9-B284-4FA0-A3C7-4B1F057F4DA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {0FAB0CD0-AE5B-4C02-8D7C-E3A997CBA471} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1675142385-12572573-2060317242-1000UA => C:\Users\Pelon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {15ADD2A5-7769-4DB5-942D-45516063D687} - System32\Tasks\{E2605AF5-21E8-4B4F-B37B-CF464ACBDD8F} => pcalua.exe -a C:\Users\Pelon\Downloads\paisajismo.exe -d C:\Users\Pelon\Downloads
Task: {22E68AFC-868C-49E1-AA02-9BEE43AB09FA} - System32\Tasks\{160F10CE-A0B7-41C0-8E8C-5E72FFD61A0C} => pcalua.exe -a C:\Users\Pelon\Downloads\arquitectura.exe -d C:\Users\Pelon\Downloads
Task: {29D2AC4D-8DE1-4D15-B16A-7922753945F4} - System32\Tasks\{BD0DC389-0E44-41B5-A26E-069BDA2EDE3D} => pcalua.exe -a C:\Users\Pelon\Downloads\simbolos.exe -d C:\Users\Pelon\Downloads
Task: {2BF00D2C-7139-47C4-BB65-27C462675762} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1675142385-12572573-2060317242-1000Core => C:\Users\Pelon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {3796C107-4EED-4887-84E1-71A8B0E9595D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {3A3D5B74-29F5-49FB-A1D9-F9CCB28AEB03} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {3A5E1F8A-129F-4BE7-A6D7-93F43044F3B6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {3D7AA94B-1FB4-4824-BD83-63DF5E4E6AB9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {41066D0E-35F4-4D4F-B226-3D9C0BDCA71C} - System32\Tasks\{C09A3C78-6B2E-48D0-A50A-A25190432E94} => pcalua.exe -a C:\Users\Pelon\Downloads\MaterialWEN.exe -d C:\Users\Pelon\Downloads
Task: {45FF50FD-54CA-4E28-BEE9-B6084918BEC1} - System32\Tasks\{A7AA4C8C-CDBF-422E-8F44-1EAE09A1ACB7} => pcalua.exe -a "C:\Users\Pelon\Downloads\cine y teatro.exe" -d C:\Users\Pelon\Downloads
Task: {4C5BEB87-6A55-4C2B-BF99-E1090E04842A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1675142385-12572573-2060317242-1002Core => C:\Users\Juli\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-24] (Dropbox, Inc.)
Task: {598D0179-1FFC-496D-A288-2F32F64DCEEE} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-05-15] (Glarysoft Ltd)
Task: {60673033-C96A-4A54-8FB7-C03D85A1ACFB} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-05-15] (Glarysoft Ltd)
Task: {714A2B6A-E8F8-4DF3-A1A3-27ACBD4F91AB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1675142385-12572573-2060317242-1002UA => C:\Users\Juli\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-24] (Dropbox, Inc.)
Task: {9798BA1B-21CA-43D4-94C2-11BC7B3C70B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A6167A04-0C4A-4D2C-87A6-8CF8A5B070A0} - System32\Tasks\{6F306B6A-2F02-4A2D-8332-D44CE3143907} => pcalua.exe -a F:\software\SetupWizard2.exe -d F:\software
Task: {B20CC6B3-4D78-4C98-B71C-582AF7B0A738} - System32\Tasks\{17494D1F-D843-431B-9B38-91F913740819} => pcalua.exe -a "C:\Users\Pelon\Downloads\diseño mecanico.exe" -d C:\Users\Pelon\Downloads
Task: {B8860482-3B23-437A-8775-5B7A0D7BAC62} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {C2514E8E-08C0-4199-814C-F71533B29919} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D601C3E7-D0FE-4E7D-99FD-5E4F620F30DF} - System32\Tasks\{040BC38E-B90D-4C12-BC71-6A91E8B09A74} => pcalua.exe -a "C:\Users\Pelon\Downloads\paquete extra.exe" -d C:\Users\Pelon\Downloads
Task: {D7EAC5A0-6307-4FAC-B338-26B1D0ACBFC5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {DACCA0AC-7CC0-4397-8B35-32DF9AEA47CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {EF6219CC-7740-4642-A4F0-461B2FA743BF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {EFD06C3B-0F60-4EBB-974D-767EB79C1CD6} - System32\Tasks\{B74AC7B7-B481-4A85-8A12-A3CDD7988319} => pcalua.exe -a C:\Users\Pelon\Downloads\transporte.exe -d C:\Users\Pelon\Downloads
Task: {F2625C86-6DA2-4745-8FC6-75CC1392C23B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {FF5D433D-5A75-4E50-8EE1-1DC54F7F153F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1675142385-12572573-2060317242-1000Core.job => C:\Users\Pelon\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1675142385-12572573-2060317242-1000UA.job => C:\Users\Pelon\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1675142385-12572573-2060317242-1002Core.job => C:\Users\Juli\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1675142385-12572573-2060317242-1002UA.job => C:\Users\Juli\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-04-08 18:50 - 2012-12-06 13:52 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll
2014-02-11 04:21 - 2014-02-11 04:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2015-07-20 12:27 - 2015-07-20 12:27 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 12:26 - 2015-07-20 12:26 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-16 17:00 - 2016-05-16 17:00 - 02906624 _____ () C:\Program Files\AVAST Software\Avast\defs\16051602\algo.dll
2016-05-17 07:00 - 2016-05-17 07:00 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\16051702\algo.dll
2016-05-17 16:25 - 2016-05-17 16:25 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\16051703\algo.dll
2016-05-16 18:16 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-05-16 18:16 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-05-16 18:16 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-05-16 18:16 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-05-16 18:16 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-07-20 12:28 - 2015-07-20 12:29 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-11 11:27 - 2016-04-19 14:47 - 00034768 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-05-16 09:36 - 2016-04-19 14:48 - 00019408 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-05-16 09:36 - 2016-04-19 14:47 - 00116688 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 11:27 - 2016-04-19 14:47 - 00093640 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 11:27 - 2016-04-19 14:47 - 00018376 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 11:27 - 2016-05-06 17:35 - 00019760 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00105928 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-05-16 09:36 - 2016-04-19 14:47 - 00392144 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 11:27 - 2016-05-06 17:35 - 00381752 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 11:27 - 2016-04-19 14:47 - 00692688 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-05-16 09:36 - 2016-05-06 17:34 - 00020816 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 11:27 - 2016-04-19 14:48 - 00121296 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-05-16 09:36 - 2016-05-06 17:34 - 01682760 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-05-16 09:36 - 2016-05-06 17:34 - 00020808 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 11:27 - 2016-05-06 17:35 - 00021840 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-05-16 09:36 - 2016-05-06 17:34 - 00038696 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-05-16 09:36 - 2016-04-19 14:49 - 00020936 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00024528 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00114640 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00124880 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-20 15:03 - 2016-05-06 17:35 - 00021832 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00024016 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00175560 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00030160 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00043472 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00028616 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00048592 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-05-16 09:36 - 2016-05-06 17:34 - 00026456 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00057808 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00024016 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-05-16 09:36 - 2016-05-06 17:34 - 00117056 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-05-16 09:36 - 2016-05-06 17:34 - 00052024 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 11:27 - 2016-04-19 14:47 - 00134608 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-05-16 09:36 - 2016-04-19 14:47 - 00134088 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-05-16 09:36 - 2016-04-19 14:48 - 00240584 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-02-20 15:03 - 2016-05-06 17:35 - 00020800 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-20 15:03 - 2016-05-06 17:35 - 00021824 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-20 15:03 - 2016-05-06 17:35 - 00019776 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-20 15:03 - 2016-05-06 17:35 - 00020800 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-05-16 09:36 - 2016-05-06 17:34 - 00024392 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-05-16 09:36 - 2016-04-19 14:50 - 00036296 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\librsync.dll
2016-05-16 09:36 - 2016-05-06 17:34 - 00020280 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 11:27 - 2016-05-06 17:35 - 00023376 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00350152 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-20 15:03 - 2016-05-06 17:35 - 00022352 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-05-16 09:36 - 2016-05-06 17:34 - 00084280 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-05-16 09:36 - 2016-05-06 17:34 - 01826096 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 11:27 - 2016-04-19 14:48 - 00083912 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\sip.pyd
2016-05-16 09:36 - 2016-05-06 17:35 - 03928880 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-05-16 09:36 - 2016-05-06 17:34 - 01971504 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-05-16 09:36 - 2016-05-06 17:34 - 00531248 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-05-16 09:36 - 2016-05-06 17:35 - 00132912 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-05-16 09:36 - 2016-05-06 17:35 - 00223544 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-05-16 09:36 - 2016-05-06 17:34 - 00207672 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 11:27 - 2016-04-19 14:49 - 00060880 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\win32print.pyd
2015-12-11 11:27 - 2016-05-06 17:35 - 00024904 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-05-16 09:36 - 2016-05-06 17:35 - 00546096 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-05-16 09:36 - 2016-05-06 17:35 - 00357680 _____ () C:\Users\Pelon\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1675142385-12572573-2060317242-1000\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-02-05 19:23 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1675142385-12572573-2060317242-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pelon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.15.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Pelon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0B5ECA01-0EAC-4B49-8656-6AE020BD9C0F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9CFD62E4-D49C-4F05-AFD6-40D0A5AFC5E6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1F3D53A7-F2EC-4F27-8117-EDCAC5F488A8}] => (Allow) C:\Users\Pelon\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{4C621111-D0BC-4B52-A9FC-F28B5A3067C2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{031B432D-15E7-4365-BFE2-453F67C50FC7}] => (Allow) LPort=2869
FirewallRules: [{D6C79250-BCC5-4F95-99C5-EC2AF499B4CE}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{EBFB4004-A976-40B4-90AC-94F549AC8AA3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{802C8674-C78C-4F6A-AABB-4DD5283F3769}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{535CCA67-A3CF-4928-BB8A-AA9D01A32A34}] => (Allow) LPort=50248
FirewallRules: [TCP Query User{5445D60B-0A50-4F79-AEBE-6A2F4F4B086E}C:\program files (x86)\sketchup\sketchup 2013\plugins\su_podium_v2\programs\oopr.exe] => (Allow) C:\program files (x86)\sketchup\sketchup 2013\plugins\su_podium_v2\programs\oopr.exe
FirewallRules: [UDP Query User{FA7F12E4-8178-4091-B17B-7988D239BD93}C:\program files (x86)\sketchup\sketchup 2013\plugins\su_podium_v2\programs\oopr.exe] => (Allow) C:\program files (x86)\sketchup\sketchup 2013\plugins\su_podium_v2\programs\oopr.exe
FirewallRules: [{08B991FD-D588-4226-891A-62F6A2753EBB}] => (Allow) C:\Users\Pelon\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EA732BD7-657A-43F1-8BBE-E39FC22E600A}] => (Allow) C:\Users\Pelon\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A8DD085D-C1FC-4572-A068-B01CBBE5A977}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{DEC2AC05-A7DC-46F3-BCF5-9FA5EDCF1981}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{2301D6AD-9A17-4A05-B939-C3A0F1F85BDA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{05DD1D0A-7987-4F6C-B71D-3D936106B0FF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{57B877EA-DAD4-4037-B552-A2DBEA73C4E6}] => (Allow) C:\Users\Pelon\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{56EA7C6F-F103-42B2-86C3-73A34046DDD4}] => (Allow) C:\Users\Pelon\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{EA73B01B-799D-452B-B09E-4127ACBB402F}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{9771C5EE-887B-41D7-89BA-F75C8F1BA9D9}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{AE809D82-B55D-464F-A70C-CB9F5CE38A53}C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe] => (Allow) C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe
FirewallRules: [UDP Query User{2D5114B7-DB24-4229-9C71-46D40A2BFF5B}C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe] => (Allow) C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe
FirewallRules: [TCP Query User{10FB1B2A-D831-46DF-A676-33A57999B3A0}C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe] => (Allow) C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe
FirewallRules: [UDP Query User{738AD044-9E0D-4A44-8192-81BB21192751}C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe] => (Allow) C:\program files (x86)\lorex_stratus_client1\lorex_stratus_client1.exe
FirewallRules: [TCP Query User{75498D62-1555-491C-B104-C08BFD237704}C:\program files (x86)\sketchup\sketchup 2013\plugins\su_podium_v2\programs\oopr.exe] => (Allow) C:\program files (x86)\sketchup\sketchup 2013\plugins\su_podium_v2\programs\oopr.exe
FirewallRules: [UDP Query User{7A3328A4-97A4-41CE-90CA-2AFFE3E7A970}C:\program files (x86)\sketchup\sketchup 2013\plugins\su_podium_v2\programs\oopr.exe] => (Allow) C:\program files (x86)\sketchup\sketchup 2013\plugins\su_podium_v2\programs\oopr.exe
FirewallRules: [{8509453D-3FD0-4568-9FD5-521809151D5B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{3554F1E3-111E-41A1-9A40-890776E06C6A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{7989645D-1F78-45EC-AC1B-B272321C23F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C869D8B6-8969-4BD2-A829-4F462F3EC586}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0B1717BE-AB64-46B1-8F23-DF4F4DB85FF9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5CB9F48C-6BDB-46CD-80AB-A44E6A0DBC1E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{D1909297-C179-428B-B36A-D742FB295E5C}C:\users\pelon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pelon\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{26B6E656-83C6-43A1-A82C-BC77E757B695}C:\users\pelon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pelon\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DD3A9828-25B0-428C-B233-6C144592740A}C:\users\pelon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pelon\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{39E35FE6-E214-4706-BC5F-D479318FC0C5}C:\users\pelon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pelon\appdata\roaming\spotify\spotify.exe
FirewallRules: [{46AEFFE7-4367-4CE1-BFFC-E041C3D49BE0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{EB4D1F92-7370-4E83-89D0-D059906DF486}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{63DA0CD9-BEE5-498D-A2B1-9D929F3FE6BC}C:\users\juli\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\juli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{62540403-9B1F-44E9-9639-E3AD8650A2FD}C:\users\juli\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\juli\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B2980960-EED7-4B00-A0DD-E67D59B851E6}C:\users\juli\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\juli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6D27DE5F-5BAC-4531-8D8B-01AE6336B320}C:\users\juli\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\juli\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AB674AF3-7545-488F-B4D4-651E71F028E1}] => (Allow) C:\Program Files\HP\HP Officejet 7110 series\Bin\DeviceSetup.exe
FirewallRules: [{3D2257CF-82B2-4383-96E0-EAE07F757C75}] => (Allow) C:\Program Files\HP\HP Officejet 7110 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{CBA8E33F-0616-4A46-BEAB-F1599D857490}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1219A1CA-ECB3-4305-9610-7E2FC5443D28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{207A4ED3-7F7E-477A-B804-D2CA3C822FAA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B562134-C89E-4058-A063-C4944DA7FCBC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{62ED79B6-8C96-4F2F-8D28-68AC76FF05EC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{EB7999D5-3241-4D75-BC3A-46F7467B0BD8}C:\users\pelon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pelon\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{97C247B8-9E98-4245-BBFF-F632D8853A28}C:\users\pelon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\pelon\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{922E1D9C-0264-4A83-89C7-EC81ADD80BC5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

12-05-2016 03:00:51 Windows Update
12-05-2016 11:03:07 Windows Update
16-05-2016 09:44:24 Windows Update
16-05-2016 16:58:12 avast! antivirus system restore point
17-05-2016 03:00:27 Windows Update
17-05-2016 16:09:42 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Adaptador de tunelización Teredo de Microsoft
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/16/2016 04:16:24 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
    El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/16/2016 04:16:24 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:
    El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/16/2016 04:16:24 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
    El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/16/2016 04:16:24 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
    No se ha encontrado el elemento.  (HRESULT : 0x80070490) (0x80070490)

Error: (05/16/2016 04:16:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.JetPropStore>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
    El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/16/2016 04:16:19 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: El servicio Windows Search no puede cargar la información del almacén de propiedades.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
    La base de datos del índice de contenido está dañada.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/16/2016 04:16:19 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

Detalles:
    El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/16/2016 04:16:19 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: El servicio de búsqueda detectó archivos de datos dañados en el índice {id=4700}. Este servicio intentará corregir este problema automáticamente mediante la nueva generación del índice.

Detalles:
    El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/16/2016 04:16:18 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: El servicio Windows Search no puede abrir el almacén de propiedades de Jet.

Detalles:
    0x%08x (0xc0041800 - La base de datos del índice de contenido está dañada.  (HRESULT : 0xc0041800))

Error: (05/16/2016 04:16:18 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (212) Windows: Error -1811 al abrir un archivo de registro C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0075A.log.


System errors:
=============
Error: (05/17/2016 04:43:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk2\DR2.

Error: (05/17/2016 04:10:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio NVIDIA Display Driver Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/17/2016 02:44:48 PM) (Source: atapi) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Ide\IdePort0.

Error: (05/17/2016 02:22:58 PM) (Source: atapi) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Ide\IdePort0.

Error: (05/17/2016 12:48:29 PM) (Source: atapi) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Ide\IdePort0.

Error: (05/17/2016 12:31:44 PM) (Source: cdrom) (EventID: 15) (User: )
Description: El dispositivo, \Device\CdRom0, aún no está listo para acceso.

Error: (05/17/2016 12:31:44 PM) (Source: atapi) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Ide\IdePort2.

Error: (05/17/2016 12:31:43 PM) (Source: cdrom) (EventID: 15) (User: )
Description: El dispositivo, \Device\CdRom0, aún no está listo para acceso.

Error: (05/17/2016 12:31:42 PM) (Source: cdrom) (EventID: 15) (User: )
Description: El dispositivo, \Device\CdRom0, aún no está listo para acceso.

Error: (05/17/2016 12:31:41 PM) (Source: cdrom) (EventID: 15) (User: )
Description: El dispositivo, \Device\CdRom0, aún no está listo para acceso.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 6143.11 MB
Available physical RAM: 3769.91 MB
Total Virtual: 12284.4 MB
Available Virtual: 10077.18 MB

==================== Drives ================================

Drive c: (SysWin7) (Fixed) (Total:829.98 GB) (Free:552.48 GB) NTFS
Drive e: (Backup) (Fixed) (Total:1032.94 GB) (Free:932.55 GB) NTFS
Drive f: (FreeAgent Disk) (Fixed) (Total:1397.26 GB) (Free:959.12 GB) NTFS
Drive g: (ArqForm) (Fixed) (Total:37.27 GB) (Free:27.44 GB) NTFS
Drive h: () (Removable) (Total:7.6 GB) (Free:6.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 37.3 GB) (Disk ID: 2DB62DB6)
Partition 1: (Not Active) - (Size=37.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 88A2A0FB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=830 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1032.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1397.3 GB) (Disk ID: AB250546)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 7.6 GB) (Disk ID: 007540E8)
Partition 1: (Active) - (Size=7.6 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

Hope this is useful!

thanks again!!

 

 

 

Link to post
Share on other sites

The cause of your problem isn't malware infection. It is most likely malfunctioned hard drive that needs replacement. Let's check it quickly:

 

2eyjdoj.png Check Disk

  • Press the WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
    chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.


Check Disk report:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type powershell.exe and click OK.
  • Copy and paste the following command inside powershell window and press Enter:
get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt
  • On your Desktop, you will find CHKDSKResults.txt. Please attach it in your next message.


 

Link to post
Share on other sites

Sorry bout the delay!

Work has been crazy

Here are de chckdisc reuslts

 

TimeCreated : 19/05/2016 12:01:01 p.m.
Message     : 
              
              Comprobando el sistema de archivos en C:
              El tipo del sistema de archivos es NTFS.
              La etiqueta de volumen es SysWin7.
              
              Se ha programado una comprobación del disco.
              Windows comprobará ahora el disco.                       
              
              CHKDSK está comprobando archivos (etapa 1 de 5)...
                368640 registros de archivos procesados.                       
                      
              Comprobación de archivos completada.
                1776 registros de archivos grandes procesados.                 
                    
                0 registros de archivos no válidos procesados.                 
                 
                2 registros de EA procesados.                                  
                       
                103 registros de análisis procesados.                          
                   
              CHKDSK está comprobando índices (etapa 2 de 5)...
                459776 entradas de índice procesadas.                          
                            
              Comprobación de índices completada.
                0 archivos no indizados examinados.                            
                 
                0 archivos no indizados recuperados.                           
                 
              CHKDSK está comprobando descriptores de seguridad (etapa 3 de 5).
              ..
                368640 SD/SID de archivo procesados.                           
                           
              Liberando 37 entradas de índice no usadas del índice $SII del arc
              hivo 0x9.
              Liberando 37 entradas de índice no usadas del índice $SDH del arc
              hivo 0x9.
              Liberando 37 descriptores de seguridad no usados.
              Comprobación de descriptores de seguridad completada.
                45569 archivos de datos procesados.                            
                     
              CHKDSK está comprobando el diario USN...
                33896952 bytes de USN procesados.                              
                            
              Se ha completado la comprobación del diario USN.
              CHKDSK está comprobando los datos de archivo (etapa 4 de 5)...
                368624 archivos procesados.                                    
                          
              Comprobación de datos de archivo completada.
              CHKDSK está comprobando el espacio disponible (etapa 5 de 5)...
                144788627 clústeres disponibles procesados.                    
                         
              La comprobación del espacio disponible se completó.
              Windows ha comprobado el sistema de archivos y no encontró proble
              mas.
              
               870297599 KB de espacio total en disco.
               290471124 KB en 282963 archivos.
                  175156 KB en 45570 índices.
                       0 KB en sectores defectuosos.
                  496811 KB en uso por el sistema.
              El archivo de registro ha ocupado      65536 kilobytes.
               579154508 KB disponibles en disco.
              
                    4096 bytes en cada unidad de asignación.
               217574399 unidades de asignación en disco en total.
               144788627 unidades de asignación disponibles en disco.
              
              Información interna:
              00 a0 05 00 88 01 05 00 dd 1c 09 00 00 00 00 00  ................
              9a 39 00 00 67 00 00 00 00 00 00 00 00 00 00 00  .9..g...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows ha finalizado la comprobación del disco.
              Espere mientras se reinicia el sistema.
              

TimeCreated : 17/05/2016 06:36:24 p.m.
Message     : 
              
              Comprobando el sistema de archivos en C:
              El tipo del sistema de archivos es NTFS.
              La etiqueta de volumen es SysWin7.
              
              
              Se ha programado una comprobación del disco.
              Windows comprobará ahora el disco.                       
              
              CHKDSK está comprobando archivos (etapa 1 de 3)...
                368640 registros de archivos procesados.                       
                      
              Comprobación de archivos completada.
                1773 registros de archivos grandes procesados.                 
                    
                0 registros de archivos no válidos procesados.                 
                 
                2 registros de EA procesados.                                  
                       
                103 registros de análisis procesados.                          
                   
              CHKDSK está comprobando índices (etapa 2 de 3)...
                459744 entradas de índice procesadas.                          
                            
              Comprobación de índices completada.
                0 archivos no indizados examinados.                            
                 
                0 archivos no indizados recuperados.                           
                 
              CHKDSK está comprobando descriptores de seguridad (etapa 3 de 3).
              ..
                368640 SD/SID de archivo procesados.                           
                           
              Liberando 213 entradas de índice no usadas del índice $SII del ar
              chivo 0x9.
              Liberando 213 entradas de índice no usadas del índice $SDH del ar
              chivo 0x9.
              Liberando 213 descriptores de seguridad no usados.
              CHKDSK está compactando la secuencia de descriptores de seguridad
                45553 archivos de datos procesados.                            
                     
              CHKDSK está comprobando el diario USN...
                35997808 bytes de USN procesados.                              
                            
              Se ha completado la comprobación del diario USN.
              Corrigiendo errores en el mapa de bits del volumen.
              Windows ha hecho algunas correciones en el sistema de archivos.
              
               870297599 KB de espacio total en disco.
               290466304 KB en 280434 archivos.
                  174936 KB en 45556 índices.
                       0 KB en sectores defectuosos.
                  498251 KB en uso por el sistema.
              El archivo de registro ha ocupado      65536 kilobytes.
               579158108 KB disponibles en disco.
              
                    4096 bytes en cada unidad de asignación.
               217574399 unidades de asignación en disco en total.
               144789527 unidades de asignación disponibles en disco.
              
              Información interna:
              00 a0 05 00 9d f7 04 00 b6 0f 09 00 00 00 00 00  ................
              94 39 00 00 67 00 00 00 00 00 00 00 00 00 00 00  .9..g...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows ha finalizado la comprobación del disco.
              Espere mientras se reinicia el sistema.
              

TimeCreated : 09/05/2016 07:29:00 p.m.
Message     : 
              
              Comprobando el sistema de archivos en C:
              El tipo del sistema de archivos es NTFS.
              La etiqueta de volumen es SysWin7.
              
              
              Se ha programado una comprobación del disco.
              Windows comprobará ahora el disco.                       
              
              CHKDSK está comprobando archivos (etapa 1 de 3)...
                368640 registros de archivos procesados.                       
                      
              Comprobación de archivos completada.
                1812 registros de archivos grandes procesados.                 
                    
                0 registros de archivos no válidos procesados.                 
                 
                2 registros de EA procesados.                                  
                       
                103 registros de análisis procesados.                          
                   
              CHKDSK está comprobando índices (etapa 2 de 3)...
                458924 entradas de índice procesadas.                          
                            
              Comprobación de índices completada.
                0 archivos no indizados examinados.                            
                 
                0 archivos no indizados recuperados.                           
                 
              CHKDSK está comprobando descriptores de seguridad (etapa 3 de 3).
              ..
                368640 SD/SID de archivo procesados.                           
                           
              Liberando 379 entradas de índice no usadas del índice $SII del ar
              chivo 0x9.
              Liberando 379 entradas de índice no usadas del índice $SDH del ar
              chivo 0x9.
              Liberando 379 descriptores de seguridad no usados.
              Comprobación de descriptores de seguridad completada.
                45143 archivos de datos procesados.                            
                     
              CHKDSK está comprobando el diario USN...
                36921888 bytes de USN procesados.                              
                            
              Se ha completado la comprobación del diario USN.
              Windows ha comprobado el sistema de archivos y no encontró proble
              mas.
              
               870297599 KB de espacio total en disco.
               320141656 KB en 273864 archivos.
                  166572 KB en 45144 índices.
                       0 KB en sectores defectuosos.
                  499875 KB en uso por el sistema.
              El archivo de registro ha ocupado      65536 kilobytes.
               549489496 KB disponibles en disco.
              
                    4096 bytes en cada unidad de asignación.
               217574399 unidades de asignación en disco en total.
               137372374 unidades de asignación disponibles en disco.
              
              Información interna:
              00 a0 05 00 5e dc 04 00 09 d4 08 00 00 00 00 00  ....^...........
              70 39 00 00 67 00 00 00 00 00 00 00 00 00 00 00  p9..g...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows ha finalizado la comprobación del disco.
              Espere mientras se reinicia el sistema.
              

TimeCreated : 09/05/2016 12:51:47 p.m.
Message     : 
              
              Comprobando el sistema de archivos en C:
              El tipo del sistema de archivos es NTFS.
              La etiqueta de volumen es SysWin7.
              
              Se ha programado una comprobación del disco.
              Windows comprobará ahora el disco.                       
              
              CHKDSK está comprobando archivos (etapa 1 de 5)...
                368640 registros de archivos procesados.                       
                      
              Comprobación de archivos completada.
                2076 registros de archivos grandes procesados.                 
                    
                0 registros de archivos no válidos procesados.                 
                 
                2 registros de EA procesados.                                  
                       
                103 registros de análisis procesados.                          
                   
              CHKDSK está comprobando índices (etapa 2 de 5)...
                466086 entradas de índice procesadas.                          
                            
              Comprobación de índices completada.
                0 archivos no indizados examinados.                            
                 
                0 archivos no indizados recuperados.                           
                 
              CHKDSK está comprobando descriptores de seguridad (etapa 3 de 5).
              ..
                368640 SD/SID de archivo procesados.                           
                           
              Liberando 643 entradas de índice no usadas del índice $SII del ar
              chivo 0x9.
              Liberando 643 entradas de índice no usadas del índice $SDH del ar
              chivo 0x9.
              Liberando 643 descriptores de seguridad no usados.
              CHKDSK está compactando la secuencia de descriptores de seguridad
                48724 archivos de datos procesados.                            
                     
              CHKDSK está comprobando el diario USN...
                34844648 bytes de USN procesados.                              
                            
              Se ha completado la comprobación del diario USN.
              CHKDSK está comprobando los datos de archivo (etapa 4 de 5)...
                368624 archivos procesados.                                    
                          
              Comprobación de datos de archivo completada.
              CHKDSK está comprobando el espacio disponible (etapa 5 de 5)...
                136592239 clústeres disponibles procesados.                    
                         
              La comprobación del espacio disponible se completó.
              Corrigiendo errores en el mapa de bits del volumen.
              Windows ha hecho algunas correciones en el sistema de archivos.
              
               870297599 KB de espacio total en disco.
               323261816 KB en 290774 archivos.
                  169800 KB en 48727 índices.
                       0 KB en sectores defectuosos.
                  497023 KB en uso por el sistema.
              El archivo de registro ha ocupado      65536 kilobytes.
               546368960 KB disponibles en disco.
              
                    4096 bytes en cada unidad de asignación.
               217574399 unidades de asignación en disco en total.
               136592240 unidades de asignación disponibles en disco.
              
              Información interna:
              00 a0 05 00 6b 2c 05 00 ba 6e 09 00 00 00 00 00  ....k,...n......
              69 39 00 00 67 00 00 00 00 00 00 00 00 00 00 00  i9..g...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows ha finalizado la comprobación del disco.
              Espere mientras se reinicia el sistema.
              

TimeCreated : 03/03/2016 10:49:11 a.m.
Message     : 
              
              Comprobando el sistema de archivos en C:
              El tipo del sistema de archivos es NTFS.
              La etiqueta de volumen es SysWin7.
              
              
              Se ha programado una comprobación del disco.
              Windows comprobará ahora el disco.                       
              
              CHKDSK está comprobando archivos (etapa 1 de 3)...
              Liberando etiquetas de instancia para el archivo 0x477c.
                363776 registros de archivos procesados.                       
                      
              Comprobación de archivos completada.
                1671 registros de archivos grandes procesados.                 
                    
                0 registros de archivos no válidos procesados.                 
                 
                2 registros de EA procesados.                                  
                       
                103 registros de análisis procesados.                          
                   
              CHKDSK está comprobando índices (etapa 2 de 3)...
                468056 entradas de índice procesadas.                          
                            
              Comprobación de índices completada.
                0 archivos no indizados examinados.                            
                 
                0 archivos no indizados recuperados.                           
                 
              CHKDSK está comprobando descriptores de seguridad (etapa 3 de 3).
              ..
                363776 SD/SID de archivo procesados.                           
                           
              Liberando 2004 entradas de índice no usadas del índice $SII del a
              rchivo 0x9.
              Liberando 2004 entradas de índice no usadas del índice $SDH del a
              rchivo 0x9.
              Liberando 2004 descriptores de seguridad no usados.
              CHKDSK está compactando la secuencia de descriptores de seguridad
                52141 archivos de datos procesados.                            
                     
              CHKDSK está comprobando el diario USN...
                33898080 bytes de USN procesados.                              
                            
              Se ha completado la comprobación del diario USN.
              Corrigiendo errores en el mapa de bits del volumen.
              Windows ha hecho algunas correciones en el sistema de archivos.
              
               870297599 KB de espacio total en disco.
               323321464 KB en 297870 archivos.
                  170072 KB en 52144 índices.
                       0 KB en sectores defectuosos.
                  491347 KB en uso por el sistema.
              El archivo de registro ha ocupado      65536 kilobytes.
               546314716 KB disponibles en disco.
              
                    4096 bytes en cada unidad de asignación.
               217574399 unidades de asignación en disco en total.
               136578679 unidades de asignación disponibles en disco.
              
              Información interna:
              00 8d 05 00 d6 56 05 00 f5 d6 09 00 00 00 00 00  .....V..........
              9b 3a 00 00 67 00 00 00 00 00 00 00 00 00 00 00  .:..g...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows ha finalizado la comprobación del disco.
              Espere mientras se reinicia el sistema.
              

TimeCreated : 06/07/2015 08:40:12 a.m.
Message     : 
              
              Comprobando el sistema de archivos en C:
              El tipo del sistema de archivos es NTFS.
              La etiqueta de volumen es SysWin7.
              
              
              Se ha programado una comprobación del disco.
              Windows comprobará ahora el disco.                       
              
              CHKDSK está comprobando archivos (etapa 1 de 3)...
                279552 registros de archivos procesados.                       
                      
              Comprobación de archivos completada.
                1275 registros de archivos grandes procesados.                 
                    
                0 registros de archivos no válidos procesados.                 
                 
                2 registros de EA procesados.                                  
                       
                102 registros de análisis procesados.                          
                   
              CHKDSK está comprobando índices (etapa 2 de 3)...
                368040 entradas de índice procesadas.                          
                            
              Comprobación de índices completada.
                0 archivos no indizados examinados.                            
                 
                0 archivos no indizados recuperados.                           
                 
              CHKDSK está comprobando descriptores de seguridad (etapa 3 de 3).
              ..
                279552 SD/SID de archivo procesados.                           
                           
              Liberando 58 entradas de índice no usadas del índice $SII del arc
              hivo 0x9.
              Liberando 58 entradas de índice no usadas del índice $SDH del arc
              hivo 0x9.
              Liberando 58 descriptores de seguridad no usados.
              Comprobación de descriptores de seguridad completada.
                44245 archivos de datos procesados.                            
                     
              CHKDSK está comprobando el diario USN...
                37545384 bytes de USN procesados.                              
                            
              Se ha completado la comprobación del diario USN.
              Windows ha comprobado el sistema de archivos y no encontró proble
              mas.
              
               870297599 KB de espacio total en disco.
               567250348 KB en 227934 archivos.
                  132628 KB en 44246 índices.
                       0 KB en sectores defectuosos.
                  412283 KB en uso por el sistema.
              El archivo de registro ha ocupado      65536 kilobytes.
               302502340 KB disponibles en disco.
              
                    4096 bytes en cada unidad de asignación.
               217574399 unidades de asignación en disco en total.
                75625585 unidades de asignación disponibles en disco.
              
              Información interna:
              00 44 04 00 26 27 04 00 8b a1 07 00 00 00 00 00  .D..&'..........
              f3 35 00 00 66 00 00 00 00 00 00 00 00 00 00 00  .5..f...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows ha finalizado la comprobación del disco.
              Espere mientras se reinicia el sistema.
              

TimeCreated : 01/07/2015 12:45:06 p.m.
Message     : 
              
              Comprobando el sistema de archivos en C:
              El tipo del sistema de archivos es NTFS.
              La etiqueta de volumen es SysWin7.
              
              
              Se ha programado una comprobación del disco.
              Windows comprobará ahora el disco.                       
              
              CHKDSK está comprobando archivos (etapa 1 de 3)...
                279552 registros de archivos procesados.                       
                      
              Comprobación de archivos completada.
                1275 registros de archivos grandes procesados.                 
                    
                0 registros de archivos no válidos procesados.                 
                 
                2 registros de EA procesados.                                  
                       
                102 registros de análisis procesados.                          
                   
              CHKDSK está comprobando índices (etapa 2 de 3)...
                367978 entradas de índice procesadas.                          
                            
              Comprobación de índices completada.
                0 archivos no indizados examinados.                            
                 
                0 archivos no indizados recuperados.                           
                 
              CHKDSK está comprobando descriptores de seguridad (etapa 3 de 3).
              ..
                279552 SD/SID de archivo procesados.                           
                           
              Liberando 579 entradas de índice no usadas del índice $SII del ar
              chivo 0x9.
              Liberando 579 entradas de índice no usadas del índice $SDH del ar
              chivo 0x9.
              Liberando 579 descriptores de seguridad no usados.
              CHKDSK está compactando la secuencia de descriptores de seguridad
                44214 archivos de datos procesados.                            
                     
              CHKDSK está comprobando el diario USN...
                34050680 bytes de USN procesados.                              
                            
              Se ha completado la comprobación del diario USN.
              Corrigiendo errores en el mapa de bits del volumen.
              Windows ha hecho algunas correciones en el sistema de archivos.
              
               870297599 KB de espacio total en disco.
               556415064 KB en 227398 archivos.
                  132516 KB en 44217 índices.
                       0 KB en sectores defectuosos.
                  407583 KB en uso por el sistema.
              El archivo de registro ha ocupado      65536 kilobytes.
               313342436 KB disponibles en disco.
              
                    4096 bytes en cada unidad de asignación.
               217574399 unidades de asignación en disco en total.
                78335609 unidades de asignación disponibles en disco.
              
              Información interna:
              00 44 04 00 f1 24 04 00 e3 9d 07 00 00 00 00 00  .D...$..........
              ca 35 00 00 66 00 00 00 00 00 00 00 00 00 00 00  .5..f...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows ha finalizado la comprobación del disco.
              Espere mientras se reinicia el sistema.
              

TimeCreated : 14/04/2015 12:04:17 p.m.
Message     : 
              
              Comprobando el sistema de archivos en C:
              El tipo del sistema de archivos es NTFS.
              La etiqueta de volumen es SysWin7.
              
              
              Se ha programado una comprobación del disco.
              Windows comprobará ahora el disco.                       
              
              CHKDSK está comprobando archivos (etapa 1 de 3)...
                274176 registros de archivos procesados.                       
                      
              Comprobación de archivos completada.
                1210 registros de archivos grandes procesados.                 
                    
                0 registros de archivos no válidos procesados.                 
                 
                2 registros de EA procesados.                                  
                       
                99 registros de análisis procesados.                           
                  
              CHKDSK está comprobando índices (etapa 2 de 3)...
                360160 entradas de índice procesadas.                          
                            
              Comprobación de índices completada.
                0 archivos no indizados examinados.                            
                 
                0 archivos no indizados recuperados.                           
                 
              CHKDSK está comprobando descriptores de seguridad (etapa 3 de 3).
              ..
                274176 SD/SID de archivo procesados.                           
                           
              Liberando 766 entradas de índice no usadas del índice $SII del ar
              chivo 0x9.
              Liberando 766 entradas de índice no usadas del índice $SDH del ar
              chivo 0x9.
              Liberando 766 descriptores de seguridad no usados.
              CHKDSK está compactando la secuencia de descriptores de seguridad
                42993 archivos de datos procesados.                            
                     
              CHKDSK está comprobando el diario USN...
                36813712 bytes de USN procesados.                              
                            
              Se ha completado la comprobación del diario USN.
              Corrigiendo errores en el mapa de bits del volumen.
              Windows ha hecho algunas correciones en el sistema de archivos.
              
               870297599 KB de espacio total en disco.
               366948632 KB en 225060 archivos.
                  130560 KB en 42996 índices.
                       0 KB en sectores defectuosos.
                  404627 KB en uso por el sistema.
              El archivo de registro ha ocupado      65536 kilobytes.
               502813780 KB disponibles en disco.
              
                    4096 bytes en cada unidad de asignación.
               217574399 unidades de asignación en disco en total.
               125703445 unidades de asignación disponibles en disco.
              
              Información interna:
              00 2f 04 00 16 17 04 00 b4 7d 07 00 00 00 00 00  ./.......}......
              8d 31 00 00 63 00 00 00 00 00 00 00 00 00 00 00  .1..c...........
              00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows ha finalizado la comprobación del disco.
              Espere mientras se reinicia el sistema.
              

 

Link to post
Share on other sites

  • 2 weeks later...
  • 2 months later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.