Jump to content

Strange cmd.exe running in the background


Recommended Posts

Since a weeks ago a cmd.exe has been running in the background, it doesnt always starts in all the day but when it does a quick cmd window pop up and then dissapear, I can confirm that it is still running because I check the task manager.

I dont know if is a virus or just a software that I installed because mbam daily scans my pc and it doesnt found any threat, I got the premium version, I can add that I can close the cmd from the task manager but it will start again in a few hours, also sometimes it close for itself.

Sorry for bad english, here are some reports:

 

Quote

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/27/17
Scan Time: 1:23 PM
Logfile: 
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1375
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User1-PC\User1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361243
Time Elapsed: 25 min, 28 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

Quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2017
Ran by User1 (administrator) on USER1-PC (13-03-2017 23:36:44)
Running from C:\Users\User1\Downloads
Loaded Profiles: User1 (Available Profiles: User1)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectify.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hammer & Chisel, Inc.) C:\Users\User1\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\User1\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\User1\AppData\Local\Discord\app-0.0.297\Discord.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\User1\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User1\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [3761952 2014-03-04] (Connectify)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User1\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\...\MountPoints2: {0dda49db-0927-11e5-94e5-e839df2b512c} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\...\MountPoints2: {e5752f55-caae-11e4-aacd-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\lol.scr
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-03-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{339B4103-662D-4F2B-9364-A3F44E589ECD}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{339B4103-662D-4F2B-9364-A3F44E589ECD}: [DhcpNameServer] 192.168.15.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q=
HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.mx/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKLM -> {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKLM -> {4CA7A89B-B509-4CBF-AB97-6307132C0EF3} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKLM -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKLM -> {D0196D2A-1578-4CC2-8692-9F617C64D184} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3727247753-1957238348-2522231245-1000 -> {C4FF044E-A3AE-44E4-B426-107D300B024F} URL = hxxps://www.google.com/search?q={searchTerms}
BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\4en47why.default-1444497115602 [2017-02-22]
FF Homepage: Mozilla\Firefox\Profiles\4en47why.default-1444497115602 -> hxxp://www.google.com.mx/
FF Extension: (Adblock Plus) - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\4en47why.default-1444497115602\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-03-16] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-03-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3727247753-1957238348-2522231245-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-21] (Unity Technologies ApS)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.mx/
CHR StartupUrls: Default -> "hxxp://www.google.com.mx/"
CHR DefaultSearchURL: Default -> hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default [2017-03-13]
CHR Extension: (BetterTTV) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-08-08]
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (DownAlbum) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2017-03-11]
CHR Extension: (Búsqueda de Google) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1489416 2017-02-21] ()
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2014-03-04] (Connectify) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [84480 2012-07-03] (Intel Corporation) [File not signed]
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [35352 2016-03-31] (Connectify)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-03-06] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-13] (Malwarebytes)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2017-02-08] (BigNox Corporation)
U0 aswVmm; no ImagePath
S3 ManyCam; system32\DRIVERS\mcvidrv.sys [X]
S3 mcaudrv_simple; system32\drivers\mcaudrv_x64.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-13 23:36 - 2017-03-13 23:39 - 00014369 _____ C:\Users\User1\Downloads\FRST.txt
2017-03-13 23:36 - 2017-03-13 23:36 - 00000000 ____D C:\FRST
2017-03-13 23:34 - 2017-03-13 23:34 - 00001096 _____ C:\Users\User1\Desktop\mbam.txt
2017-03-13 23:26 - 2017-03-13 23:27 - 02424832 _____ (Farbar) C:\Users\User1\Downloads\FRST64.exe
2017-03-08 21:55 - 2017-03-08 21:55 - 00000000 ____D C:\Users\User1\Documents\BlueEye
2017-03-08 21:55 - 2017-03-08 21:55 - 00000000 ____D C:\Users\User1\AppData\Local\BlueEye
2017-03-08 21:55 - 2017-03-08 21:55 - 00000000 ____D C:\ProgramData\Isolated Storage
2017-03-08 21:54 - 2017-03-08 21:55 - 00000000 ____D C:\Program Files (x86)\Blue Eye Macro
2017-03-08 21:54 - 2017-03-08 21:54 - 00000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Eye Macro
2017-03-08 21:54 - 2017-03-08 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Eye Macro
2017-03-08 21:37 - 2017-03-08 21:37 - 00017679 _____ C:\Users\User1\Downloads\1366x768.txt
2017-03-07 00:02 - 2017-03-07 00:02 - 00000000 ____D C:\Users\User1\AppData\Roaming\Avallon Alliance
2017-03-06 01:29 - 2017-03-06 01:29 - 00665658 _____ C:\Users\User1\Downloads\148873947965.webm
2017-03-06 01:28 - 2017-03-06 01:29 - 04174337 _____ C:\Users\User1\Downloads\148871501890.webm
2017-03-05 17:48 - 2017-03-05 17:48 - 01341855 _____ C:\Users\User1\Downloads\bd35b74d8b2871b449a698273f0e2d88.webm
2017-03-01 21:01 - 2017-03-11 08:55 - 00000000 ____D C:\Users\User1\AppData\Roaming\discord
2017-03-01 21:01 - 2017-03-01 21:01 - 00000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-03-01 21:01 - 2017-03-01 21:01 - 00000000 ____D C:\Users\User1\AppData\Local\SquirrelTemp
2017-03-01 21:01 - 2017-03-01 21:01 - 00000000 ____D C:\Users\User1\AppData\Local\Discord
2017-02-27 14:03 - 2017-02-27 14:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-27 14:03 - 2017-02-27 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-02-27 13:52 - 2017-02-27 13:53 - 01629144 _____ (Skype Technologies S.A.) C:\Users\User1\Downloads\SkypeSetup.exe
2017-02-25 16:23 - 2017-02-25 16:23 - 00000222 _____ C:\Users\User1\Desktop\Digimon Masters Online.url
2017-02-23 10:10 - 2017-02-02 10:36 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-02-23 10:10 - 2017-02-02 10:32 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-23 10:10 - 2017-02-02 08:06 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-02-23 10:10 - 2016-12-31 09:36 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-23 10:10 - 2016-12-31 09:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-23 10:10 - 2016-12-31 09:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-23 10:10 - 2016-12-31 09:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-23 10:10 - 2016-12-31 09:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-23 10:10 - 2016-12-31 09:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-22 16:15 - 2017-02-22 16:15 - 00000000 ____D C:\ProgramData\Intel
2017-02-22 16:15 - 2016-10-18 17:14 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2017-02-22 16:09 - 2017-02-22 16:13 - 09940072 _____ (Intel) C:\Users\User1\Downloads\Intel Driver Update Utility Installer.exe
2017-02-21 03:08 - 2017-02-21 03:19 - 83075724 _____ C:\Users\User1\Downloads\zxlzgp.mp4
2017-02-20 15:22 - 2017-02-20 15:22 - 00000000 ____D C:\Users\User1\AppData\Roaming\.mono
2017-02-17 14:19 - 2017-02-17 14:29 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\User1\Downloads\DiscordSetup.exe
2017-02-13 10:19 - 2017-02-13 10:32 - 51153764 _____ C:\Users\User1\Downloads\com.nintendo.zaba_1.0.2-9913_minAPI17(armeabi-v7a,x86)(nodpi)_apkmirror.com.apk
2017-02-13 10:04 - 2016-11-23 07:37 - 00000570 _____ C:\Users\User1\AppData\Local\TroubleshooterConfig.json
2017-02-13 10:02 - 2017-02-13 12:57 - 00000000 ____D C:\Users\User1\AppData\Local\Bluestacks

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-13 23:31 - 2015-03-15 11:54 - 00003978 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7CFFF3F0-B7D5-41CE-A51A-BCF44205F8C1}
2017-03-13 23:18 - 2015-04-04 09:47 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-13 22:33 - 2017-02-09 14:44 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-13 21:57 - 2016-04-02 16:51 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-13 21:42 - 2016-11-03 08:37 - 00000000 ____D C:\Users\User1\AppData\Local\Akamai
2017-03-13 14:25 - 2009-07-13 22:45 - 00031920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-13 14:25 - 2009-07-13 22:45 - 00031920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-13 07:33 - 2015-03-16 13:25 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-03-13 07:31 - 2017-02-09 14:44 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-13 07:31 - 2017-02-09 14:44 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-13 07:31 - 2017-02-09 14:44 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-13 07:31 - 2017-02-09 14:44 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-13 07:30 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-07 01:33 - 2016-04-08 00:00 - 00000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-03-06 17:28 - 2017-02-09 14:43 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-02 12:56 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2017-03-01 19:21 - 2015-03-20 17:12 - 00000000 ____D C:\Users\User1\AppData\Roaming\Skype
2017-03-01 03:38 - 2015-06-07 10:15 - 00007618 _____ C:\Users\User1\AppData\Local\Resmon.ResmonCfg
2017-02-27 14:03 - 2015-03-20 17:11 - 00000000 ____D C:\ProgramData\Skype
2017-02-23 10:19 - 2015-03-15 12:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-02-23 10:19 - 2015-03-15 12:22 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-23 10:17 - 2015-03-15 10:00 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 10:13 - 2015-03-15 12:20 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 23:10 - 2015-11-21 09:25 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 16:27 - 2015-09-05 11:38 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-22 16:27 - 2015-03-14 21:30 - 00000000 ____D C:\Program Files\Intel
2017-02-22 16:19 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2017-02-20 17:54 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-14 13:21 - 2015-04-04 09:47 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 13:21 - 2015-04-04 09:47 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 13:21 - 2015-04-04 09:47 - 00003776 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 13:21 - 2015-04-04 09:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 13:20 - 2015-04-04 09:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-13 12:58 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-13 10:05 - 2015-04-05 13:27 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-11 00:46 - 2017-02-10 01:50 - 00000000 ____D C:\Users\User1\AppData\LocalLow\Mozilla

==================== Files in the root of some directories =======

2015-06-07 10:15 - 2017-03-01 03:38 - 0007618 _____ () C:\Users\User1\AppData\Local\Resmon.ResmonCfg
2017-02-13 10:04 - 2016-11-23 07:37 - 0000570 _____ () C:\Users\User1\AppData\Local\TroubleshooterConfig.json
2015-03-21 20:31 - 2015-03-21 20:31 - 0000003 _____ () C:\Users\User1\AppData\Local\updater.log
2015-03-21 20:32 - 2016-08-06 19:08 - 0000424 _____ () C:\Users\User1\AppData\Local\UserProducts.xml
2015-03-14 22:05 - 2015-03-14 22:06 - 0008492 _____ () C:\Users\User1\AppData\Local\WiDiSetupLog.20150314.220538.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-02 12:47

==================== End of FRST.txt ============================

 

Quote

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017
Ran by User1 (13-03-2017 23:39:54)
Running from C:\Users\User1\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-03-15 01:18:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3727247753-1957238348-2522231245-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-3727247753-1957238348-2522231245-1002 - Limited - Enabled)
Invitado (S-1-5-21-3727247753-1957238348-2522231245-501 - Limited - Disabled)
User1 (S-1-5-21-3727247753-1957238348-2522231245-1000 - Administrator - Enabled) => C:\Users\User1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version:  - ) Hidden
2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Blue Eye Macro 2.61 (HKLM-x32\...\Blue Eye Macro) (Version: 2.61 - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CodeBlocks (HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0C0A-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Connectify (HKLM\...\Connectify) (Version: 7.3.3.30440 - Connectify)
Digimon Masters Online (HKLM\...\Steam App 537180) (Version:  - Move Games Co., Ltd.)
Discord (HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HDMI Control Manager (HKLM-x32\...\{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}) (Version: 2.0 - TOSHIBA CORPORATION)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.45.0 - JMicron Technology Corp.)
K-Lite Mega Codec Pack 10.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
League client alpha (HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\...\League client alpha 1.0) (Version: 1.0 - Riot Games, Inc)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes versión 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 es-ES)) (Version: 50.1.0 - Mozilla)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.1.2.4 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.38 - TOSHIBA Corporation)
Unity Web Player (HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3727247753-1957238348-2522231245-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3727247753-1957238348-2522231245-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3727247753-1957238348-2522231245-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3727247753-1957238348-2522231245-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3727247753-1957238348-2522231245-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3727247753-1957238348-2522231245-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2699B619-E455-4EC6-B2A6-1788D42ECB28} - System32\Tasks\{57CF1630-C7B7-4885-9A76-4DD2A983FDB2} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-05-07] ()
Task: {26E4D38B-6ACE-471E-9270-BD82AA53BF08} - System32\Tasks\{44CF4F6E-A8AD-4ED3-A871-73FAD9F7D242} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/es/abandoninstall?page=tsProgressBar
Task: {44DB7B57-C76D-469D-8CE5-7545D32899DA} - System32\Tasks\{69A9A103-E2FD-4199-8A2D-73144DA2FB78} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/es/abandoninstall?page=tsProgressBar
Task: {57103B59-B5D3-4180-8704-E48F83A389E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
Task: {7916044C-9181-4BD3-B69C-4035C9209F63} - System32\Tasks\{D9AF3D93-362E-4F71-A77C-A64BB26EF8D1} => pcalua.exe -a C:\Users\User1\AppData\Local\Temp\jre-8u77-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {828C2509-C10F-49B7-8D5E-6C7E12A6B3DC} - System32\Tasks\{93B38AEC-2114-4F03-B185-35BC1ADDA96A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.24.0.104/es/abandoninstall?page=tsProgressBar
Task: {8436070C-BB24-45D5-AE08-8B3827506D3D} - System32\Tasks\{5EFFC9CD-C418-463C-8098-430DAFBD686F} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-05-07] ()
Task: {B468D050-C318-4C51-A4F6-333E07A5E65E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {DA971E0C-681F-43D9-A2C2-22B5F8B08B39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
Task: {E268FC87-2A50-43A7-9B77-7AF93AE824DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
Task: {ED455B00-475F-40B7-B779-AD5C972D731F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {F805FF8D-D190-4D0A-8752-3704CE7F3D75} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {FD0DE7A9-60B5-48B1-AC5E-C3D85AADF1F8} - System32\Tasks\{DA91F279-E883-46C4-9AE1-F6E03D070E9E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.22.0.109/es/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2017-02-09 14:43 - 2017-03-06 17:28 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-09 14:43 - 2017-03-06 17:28 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-03-31 15:30 - 2014-03-04 14:30 - 00376608 _____ () C:\Program Files (x86)\Connectify\NativeLibrary.dll
2016-03-31 15:30 - 2014-03-04 14:30 - 03177760 _____ () C:\Program Files (x86)\Connectify\ConnectifyNAT.dll
2016-03-31 15:30 - 2014-03-04 14:30 - 00714016 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll
2016-03-31 15:30 - 2014-03-04 14:30 - 00354080 _____ () C:\Program Files (x86)\Connectify\LibDispatch.dll
2017-02-06 15:54 - 2017-02-01 03:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 15:54 - 2017-02-01 03:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-03-01 21:01 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\User1\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-03-01 21:01 - 2017-03-01 21:01 - 01082880 _____ () \\?\C:\Users\User1\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-03-01 21:01 - 2017-03-01 21:01 - 03750400 _____ () \\?\C:\Users\User1\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-03-01 21:01 - 2017-03-01 21:01 - 00914432 _____ () \\?\C:\Users\User1\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-03-01 21:01 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\User1\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-03-01 21:01 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\User1\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-03-13 19:14 - 2017-03-13 19:14 - 00148992 _____ () \\?\C:\Users\User1\AppData\Local\Temp\8024.tmp.node
2017-03-01 21:01 - 2017-03-01 21:01 - 02658304 _____ () \\?\C:\Users\User1\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-03-01 21:10 - 2017-03-01 21:10 - 02130432 _____ () \\?\C:\Users\User1\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:888AFB86 [110]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\...\aeriagames.com -> hxxp://aeriagames.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-11-28 08:28 - 2017-02-09 14:42 - 00001199 ___RA C:\Windows\system32\Drivers\etc\hosts

154.53.224.162 www.mega.co.nz
154.53.224.166 www.mega.co.nz
154.53.224.158 www.mega.co.nz

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3727247753-1957238348-2522231245-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LOA2.lnk => C:\Windows\pss\LOA2.lnk.Startup
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\User1\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Connectify Dispatch => C:\Program Files (x86)\Connectify\DispatchUI.exe autorun
MSCONFIG\startupreg: Connectify Hotspot => C:\Program Files (x86)\Connectify\Connectify.exe
MSCONFIG\startupreg: HDMICtrlMan => C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ITSecMng => %ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1D6B8385-96DD-4354-A070-0792331C1154}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{88F16728-AE96-4307-8715-837B1F406BE0}C:\users\user1\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user1\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3CFC5AD9-0833-4FF9-9C48-BDFB091275C2}C:\users\user1\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user1\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{8D6BAE03-60B7-4236-BFF5-2D82DF019E73}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{21F57242-582F-44DC-8788-FD68FF62221D}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{84D78C2B-D9E9-47B7-8B56-9BD4B50A72B4}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe
FirewallRules: [{82C70BBF-9905-4584-84B5-A6C69111E0AC}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{E94EAB5E-4B64-4A36-BBFF-E9572A56B42F}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{77EAC7F3-ED30-45C8-B2E5-BF673DC8118E}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{B6FDA156-4C12-4F1D-9E9A-A98E93AA85A8}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{ED5F7D19-D4A5-4259-947A-706DD83A86DE}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{6AA34A4E-E59D-420B-8DD4-E744CFFD78C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{15F52A41-2BF2-4625-894C-FB122169E2BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{A9A45554-32B8-40A7-8CDD-95734E40921E}C:\users\user1\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user1\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4D881E49-9BDB-4CD0-B4FA-F49B500C05FE}C:\users\user1\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user1\appdata\local\akamai\netsession_win.exe
FirewallRules: [{25998269-0ABD-438D-9F6D-2ACE0F66B5D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BED9102-85B9-48D7-9951-FCFE6CA1173B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DEBF48BB-3B7B-4C8E-9C23-916A587FFA98}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{55967D50-CA42-45A3-9D6B-B109F720CE51}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{C6D72913-681C-43FD-8516-68F8E355DDB9}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{43368B8C-452F-4025-AABA-4783B3D01F56}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{2BE7FA4D-1A3A-441E-BBAB-43B541EDAAD6}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.admin.exe
FirewallRules: [{F9FC2C06-3E32-409E-A520-1180783BD852}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.admin.exe
FirewallRules: [{8D95D861-0E18-4785-BE05-2CC9238DA4F1}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.admin.exe
FirewallRules: [{E5E2B158-0709-4047-89A6-2577F0DFF75B}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.admin.exe
FirewallRules: [TCP Query User{71AB45E0-360F-4372-846C-0124094720F3}C:\program files (x86)\steam\steamapps\common\dfo\dfo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dfo\dfo.exe
FirewallRules: [UDP Query User{FB6ADA17-DBC2-4E8F-BF67-EA4F3AA4F43A}C:\program files (x86)\steam\steamapps\common\dfo\dfo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dfo\dfo.exe
FirewallRules: [{DA8D71A5-5F27-4ED8-A57A-E8CFACCA0E20}] => (Allow) LPort=5000
FirewallRules: [{8DB284A1-99A3-4FFF-9F9A-10853C00EC48}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9D1B832D-0155-49CF-A4CA-41254B6B3329}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F2200F7F-A5A7-450F-8AEC-6390D6FB2773}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D05949FC-B53A-449D-B103-41F194B5140C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Digimon Masters Online - Steam\DMLauncher.exe
FirewallRules: [{45956212-3E70-4010-8134-DC76BFA6BA79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Digimon Masters Online - Steam\DMLauncher.exe
FirewallRules: [{53256079-2628-4B19-9A88-ED914DB73D2C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6319BB05-19E6-42E2-BB6D-9829B0B6A957}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{7B33713B-19F7-49BD-8BF9-ED75FDF6FBC2}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{46D8C3E5-CD55-49E7-8A8D-74607814F615}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{28D254FF-D8B7-4527-A403-6681540B3B93}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{91D8D85D-8901-4ED4-94F4-43AC6B5E51FE}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{F91B3187-A4B1-4C64-A2DC-343F1D32435E}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{43DE82D0-7CEB-4EA1-B234-CC777409D84F}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{132B0D5F-6C2E-46C9-99FD-4EE4753F4836}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{CAEB7A86-4BFB-4BBD-B3C5-586DE12616B0}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{2E49E08A-E6F0-471B-B446-5D8CE5E9DD2F}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{05553A4B-A02C-41C7-A233-985E58FCC9A3}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{B2B1A1FE-A394-4A54-BF40-7EB9BABCCB3C}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{DFA54D13-5E3F-42B3-8512-238BBCF1A24B}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{324E9AFA-90A3-4C78-AF9C-FE3138599CB9}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{6B7444D9-5DB8-4576-B7B9-DACD3961D74B}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{6C728B65-A94B-4401-A7CF-3AAFE5FA7050}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{CB9AFBD3-DC12-48FF-9E6A-CF7CC675D88D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{4B463FC1-74BC-4D77-9E96-EC8515AA1FCF}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{16CEB93F-AFCB-4455-8ACB-A53BDA81D540}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{0880D752-C672-4F50-8D47-A10F5D2F94CD}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{4C07208E-71F3-413B-BE29-FED3E9E0F362}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{DAD57914-DC1A-4BB4-8B56-13B467541C81}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{5E4CEFCF-95F5-4AF2-84D4-2AC2E4A9C274}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{3A2A6AFA-4CE7-4E85-AAF9-D5AFC4A3A164}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{50F5F80C-3777-4E89-AC2A-22F841E667BF}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{4AAC1906-3ABF-48D9-91BE-60A18491DB06}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{86FCF84E-8BAF-4D3F-9ED2-6C0843C6E98A}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe

==================== Restore Points =========================

02-03-2017 12:55:01 Punto de control programado
03-03-2017 08:27:19 Windows Update
07-03-2017 12:18:55 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2017 09:42:08 PM) (Source: MsiInstaller) (EventID: 11310) (User: User1-PC)
Description: Producto: Akamai NetSession Interface -- Error 1310. Error al escribir en el archivo C:\Users\User1\AppData\Local\Akamai\admintool.exe.  Error del sistema 0. Compruebe que dispone de acceso a ese directorio.

Error: (03/13/2017 09:41:32 PM) (Source: MsiInstaller) (EventID: 11310) (User: User1-PC)
Description: Producto: Akamai NetSession Interface -- Error 1310. Error al escribir en el archivo C:\Users\User1\AppData\Local\Akamai\admintool.exe.  Error del sistema 0. Compruebe que dispone de acceso a ese directorio.

Error: (03/13/2017 05:37:13 PM) (Source: MsiInstaller) (EventID: 11310) (User: User1-PC)
Description: Producto: Akamai NetSession Interface -- Error 1310. Error al escribir en el archivo C:\Users\User1\AppData\Local\Akamai\admintool.exe.  Error del sistema 0. Compruebe que dispone de acceso a ese directorio.

Error: (03/13/2017 05:36:44 PM) (Source: MsiInstaller) (EventID: 11310) (User: User1-PC)
Description: Producto: Akamai NetSession Interface -- Error 1310. Error al escribir en el archivo C:\Users\User1\AppData\Local\Akamai\admintool.exe.  Error del sistema 0. Compruebe que dispone de acceso a ese directorio.

Error: (03/13/2017 01:24:47 PM) (Source: MsiInstaller) (EventID: 11310) (User: User1-PC)
Description: Producto: Akamai NetSession Interface -- Error 1310. Error al escribir en el archivo C:\Users\User1\AppData\Local\Akamai\admintool.exe.  Error del sistema 0. Compruebe que dispone de acceso a ese directorio.

Error: (03/13/2017 01:24:09 PM) (Source: MsiInstaller) (EventID: 11310) (User: User1-PC)
Description: Producto: Akamai NetSession Interface -- Error 1310. Error al escribir en el archivo C:\Users\User1\AppData\Local\Akamai\admintool.exe.  Error del sistema 0. Compruebe que dispone de acceso a ese directorio.

Error: (03/13/2017 08:30:37 AM) (Source: MsiInstaller) (EventID: 11310) (User: User1-PC)
Description: Producto: Akamai NetSession Interface -- Error 1310. Error al escribir en el archivo C:\Users\User1\AppData\Local\Akamai\admintool.exe.  Error del sistema 0. Compruebe que dispone de acceso a ese directorio.

Error: (03/13/2017 08:30:04 AM) (Source: MsiInstaller) (EventID: 11310) (User: User1-PC)
Description: Producto: Akamai NetSession Interface -- Error 1310. Error al escribir en el archivo C:\Users\User1\AppData\Local\Akamai\admintool.exe.  Error del sistema 0. Compruebe que dispone de acceso a ese directorio.

Error: (03/12/2017 09:37:58 PM) (Source: MsiInstaller) (EventID: 11310) (User: User1-PC)
Description: Producto: Akamai NetSession Interface -- Error 1310. Error al escribir en el archivo C:\Users\User1\AppData\Local\Akamai\admintool.exe.  Error del sistema 0. Compruebe que dispone de acceso a ese directorio.

Error: (03/12/2017 09:37:26 PM) (Source: MsiInstaller) (EventID: 11310) (User: User1-PC)
Description: Producto: Akamai NetSession Interface -- Error 1310. Error al escribir en el archivo C:\Users\User1\AppData\Local\Akamai\admintool.exe.  Error del sistema 0. Compruebe que dispone de acceso a ese directorio.


System errors:
=============
Error: (03/13/2017 06:02:43 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.

Error: (03/13/2017 11:02:44 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.

Error: (03/13/2017 07:37:08 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 no pudo configurar la pila IPv6.

Error: (03/13/2017 07:33:20 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: El asignador DHCP se ha deshabilitado a sí mismo en la dirección IP 192.168.158.1, puesto que la dirección IP está fuera del ámbito 192.168.137.0/255.255.255.0 desde donde se asignan las direcciones a los clientes DHCP. Para habilitar el asignador DHCP en esta dirección IP, cambie el ámbito para que incluya la dirección IP o cambie la dirección IP para que esté incluida dentro del ámbito.

Error: (03/13/2017 07:32:54 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 no pudo configurar la pila IPv6.

Error: (03/13/2017 07:32:46 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.

Error: (03/13/2017 07:32:45 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: El asignador DHCP se ha deshabilitado a sí mismo en la dirección IP 192.168.158.1, puesto que la dirección IP está fuera del ámbito 192.168.137.0/255.255.255.0 desde donde se asignan las direcciones a los clientes DHCP. Para habilitar el asignador DHCP en esta dirección IP, cambie el ámbito para que incluya la dirección IP o cambie la dirección IP para que esté incluida dentro del ámbito.

Error: (03/13/2017 07:32:44 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.

Error: (03/13/2017 07:32:33 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.

Error: (03/12/2017 04:21:48 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: El agente proxy de DNS no puede asignar 0 bytes de memoria. Esto puede indicar que el sistema tiene poca memoria virtual o que el administrador de memoria ha encontrado un error interno.


CodeIntegrity:
===================================
  Date: 2016-07-30 07:59:16.492
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2016-07-29 21:34:47.300
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2016-07-29 15:44:53.663
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2016-07-29 08:29:55.663
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2016-07-29 02:15:44.627
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2016-07-28 16:40:07.554
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2016-07-28 07:13:06.805
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2016-07-28 00:35:59.694
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2016-07-27 16:09:06.289
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2016-07-27 07:57:29.819
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 66%
Total physical RAM: 3890.67 MB
Available physical RAM: 1318.93 MB
Total Virtual: 7779.53 MB
Available Virtual: 4552.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:377.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E6387586)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Screenshot_1.png

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.