• Registrarse
  • Iniciar sesión


  • Página 2 de 3 PrimeroPrimero 123 ÚltimoÚltimo
    Resultados 11 al 20 de 29

    AUTORUN.INF y mi log de HJT

    ...

    1. #11
      Moderador
      Avatar de @MiguelRiaguel
      Registrado
      dic 2008
      Ubicación
      España
      Mensajes
      12.256

      Re: AUTORUN.INF y mi log de HJT

      No hay problema... cuando puedas, los copias para que podamos analizarlos. No olvides tampoco comentar cómo sigue funcionando el equipo.
      Saludos.
      El problema de los virus es pasajero y durará un par de años / John McAfee - fundador de McAfee

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    2. #12
      Usuario Avatar de diego2005
      Registrado
      mar 2006
      Ubicación
      colombia
      Mensajes
      64

      Re: AUTORUN.INF y mi log de HJT

      Muy bn dia lamento la tardanza.... espero estés muy bn y gracias por tu colaboración tan importante para mí...

      el equipo funciona un poco lento aún, como te dije antes, no se si es por los programas que hay instalados, o por algo más.....aun no logro acceder al dar click sobre C o F desde el espacio en la ventana del Explorador sin que salte el usbfix ( a no ser q ya tuviese que haberlo desinstalado o borrado).....

      el internet a veces se cuelga el equipo y lo pone lento.....

      inicio con el reorte de adwarecleaner

      # AdwCleaner 7.0.6.0 - Logfile created on Tue Jan 09 19:13:15 2018
      # Updated on 2017/21/12 by Malwarebytes
      # Running on Windows 7 Home Premium (X64)
      # Mode: clean
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      Deleted: panda_url_filtering


      ***** [ Folders ] *****

      Deleted: C:\ProgramData\IObit\Advanced SystemCare
      Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
      Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
      Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
      Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
      Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
      Deleted: C:\Users\All Users\IObit\Advanced SystemCare
      Deleted: C:\Users\hejave\AppData\LocalLow\IObit\Advanced SystemCare
      Deleted: C:\Users\hejave\AppData\Roaming\IObit\Advanced SystemCare
      Deleted: C:\ProgramData\IObit\Advanced SystemCare
      Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
      Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
      Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
      Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
      Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
      Deleted: C:\Users\All Users\IObit\Advanced SystemCare
      Deleted: C:\Users\hejave\AppData\LocalLow\IObit\Advanced SystemCare
      Deleted: C:\Users\hejave\AppData\Roaming\IObit\Advanced SystemCare
      Deleted: C:\ProgramData\rvlkl
      Deleted: C:\ProgramData\Application Data\rvlkl
      Deleted: C:\Users\All Users\rvlkl
      Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
      Deleted: C:\Program Files (x86)\mipony
      Deleted: C:\Users\hejave\AppData\Roaming\mipony
      Deleted: C:\Users\hejave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mipony
      Deleted: C:\Users\hejave\Documents\mipony
      Deleted: C:\Program Files (x86)\pandasecuritytb
      Deleted: C:\Users\hejave\AppData\LocalLow\pandasecuritytb
      Deleted: C:\Program Files\WinZip Smart Monitor
      Deleted: C:\ProgramData\IObit\ASCDownloader
      Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
      Deleted: C:\Users\All Users\IObit\ASCDownloader
      Deleted: C:\Program Files\Panda Security URL Filtering


      ***** [ Files ] *****

      Deleted: C:\Users\hejave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk


      ***** [ DLL ] *****

      No malicious DLLs cleaned.

      ***** [ WMI ] *****

      No malicious WMI cleaned.

      ***** [ Shortcuts ] *****

      No malicious shortcuts cleaned.

      ***** [ Tasks ] *****

      Deleted: Driver Booster Scheduler


      ***** [ Registry ] *****

      Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
      Deleted: [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare
      Deleted: [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector
      Deleted: [Key] - HKLM\SOFTWARE\IObit\ASC
      Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
      Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page [http:\\start.myplaycity.com\]
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MiPony
      Deleted: [Key] - HKLM\SOFTWARE\WinZiper
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MiPony.exe
      Deleted: [Key] - HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
      Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
      Deleted: [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe
      Deleted: [Key] - HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\Software\Vittalia
      Deleted: [Key] - HKCU\Software\Vittalia
      Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing|bProtectShowTabsWelcome


      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries deleted.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries deleted.

      *************************

      ::Tracing keys deleted
      ::Winsock settings cleared
      ::Additional Actions: 0



      *************************

      C:/AdwCleaner/AdwCleaner[S0].txt - [5234 B] - [2018/1/9 1940]


      ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

    3. #13
      Usuario Avatar de diego2005
      Registrado
      mar 2006
      Ubicación
      colombia
      Mensajes
      64

      Re: AUTORUN.INF y mi log de HJT

      REPORTE DE ESET ONLINE..... tardó muchísimo, mas de 11 horas...

      C:\AdwCleaner\Quarantine\oZYFYZ5B6k\Panda_URL_Filteringc.dll una variante de Win64/NetFilter.A aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
      C:\AdwCleaner\Quarantine\oZYFYZ5B6k\Panda_URL_Filteringd.sys una variante de Win64/NetFilter.A aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
      C:\AdwCleaner\Quarantine\sMlaZTXC1O\pandasecurityDx.dll una variante de Win32/Toolbar.Visicom.B aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado
      C:\AdwCleaner\Quarantine\sMlaZTXC1O\pandasecurityDx64.dll una variante de Win64/Toolbar.Visicom.A aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado
      C:\AdwCleaner\Quarantine\sMlaZTXC1O\pandasecuritytb.dll una variante de Win32/Toolbar.Visicom.A aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado
      C:\AdwCleaner\Quarantine\sMlaZTXC1O\uninstall.exe una variante de Win32/Visicom.A aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado
      C:\Program Files\Strogino CS Portal\Garrys Mod\steamclient.dll una variante de Win32/RiskWare.GameHack.AL aplicación no se ha podido desinfectar - archivo eliminado
      C:\Users\hejave\AppData\Local\Songr\Songr.Core.dll una variante de MSIL/Xamasoft.A aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado
      C:\Users\hejave\Downloads\km5p1c0w1n10y0ff1c32016.rar una variante de MSIL/HackTool.IdleKMS.E aplicación potencialmente peligrosa eliminado
      C:\Users\hejave\Downloads\KMSpico_setup.exe una variante de MSIL/HackTool.IdleKMS.E aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
      C:\Users\hejave\Downloads\Programs\recuva.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
      C:\Windows\SysWOW64\Mpk\lsynchost.exe una variante de Win32/KeyLogger.Refog.F aplicación no se ha podido desinfectar - archivo eliminado
      C:\Windows\SysWOW64\Mpk\Mpk.dll una variante de Win32/KeyLogger.Refog.F aplicación no se ha podido desinfectar - archivo eliminado
      C:\Windows\SysWOW64\Mpk\Mpk64.dll una variante de Win64/KeyLogger.Refog.A aplicación no se ha podido desinfectar - archivo eliminado
      C:\Windows\SysWOW64\Mpk\MpkHCA.dll una variante de Win32/KeyLogger.Refog.F aplicación no se ha podido desinfectar - archivo eliminado
      C:\Windows\SysWOW64\Mpk\MPKInst.exe una variante de Win32/KeyLogger.Refog.F aplicación no se ha podido desinfectar - archivo eliminado
      C:\Windows\SysWOW64\Mpk\MpkL64.exe una variante de Win64/KeyLogger.Refog.A aplicación no se ha podido desinfectar - archivo eliminado
      C:\Windows\SysWOW64\Mpk\MPKView.exe una variante de Win32/KeyLogger.Refog.F aplicación no se ha podido desinfectar - archivo eliminado
      F:\DESCARGAS MEGA\MSOFC2013X32\MSOFC2013X32\MSOFC2013X32\Programasvirtualespc - Windows, Software, Utilidades PC, Ofimática.url LNK/Agent.CH Troyano no se ha podido desinfectar - archivo eliminado
      F:\PROGRAMAS 2017\CCleaner_v5.36.6278.exe Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
      F:\PROGRAMAS 2017\epm.exe una variante de Win32/FusionCore.P aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado
      F:\PROGRAMAS 2017\Microsoft Toolkit 2.6.3 Final (Windows and Office Activator) [NLSoftware].rar una variante de MSIL/HackKMS.G aplicación potencialmente peligrosa eliminado
      F:\PROGRAMAS 2017\Microsoft Toolkit.zip una variante de MSIL/HackKMS.G aplicación potencialmente peligrosa eliminado
      F:\PROGRAMAS 2017\11.0.1.56-PVP\Programasvirtualespc - Windows, Software, Utilidades PC, Ofimática.url LNK/Agent.CH Troyano no se ha podido desinfectar - archivo eliminado
      F:\PROGRAMAS 2017\CCLEANER 5.36.6278-PVP\cr-piriform.exe una variante de Win32/Keygen.CX aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
      F:\PROGRAMAS 2017\CCLEANER 5.36.6278-PVP\Keymaker-CORE.rar una variante de Win32/Keygen.CX aplicación potencialmente peligrosa eliminado
      F:\PROGRAMAS 2017\CCLEANER 5.36.6278-PVP\Programasvirtualespc - Windows, Software, Utilidades PC, Ofimática.url LNK/Agent.CH Troyano no se ha podido desinfectar - archivo eliminado
      F:\PROGRAMAS 2017\Internet.Download.Manager.v6.28.Build.11.Retail.FiNAL.Incl.Crack-REiS\disable_activation.cmd BAT/HostsChanger.A aplicación potencialmente peligrosa no se ha podido desinfectar - archivo eliminado
      F:\PROGRAMAS 2017\Internet.Download.Manager.v6.28.Build.11.Retail.FiNAL.Incl.Crack-REiS\Patchs Viejos\idm.6.25.1-patch-babelpatcher.zip una variante de Win32/HackTool.Patcher.DG aplicación potencialmente peligrosa eliminado
      F:\PROGRAMAS 2017\PND4v301\FREE 30 Días\CloudAntivirus.exe Win32/Visicom.C aplicación potencialmente indeseable no se ha podido desinfectar - archivo eliminado

    4. #14
      Usuario Avatar de diego2005
      Registrado
      mar 2006
      Ubicación
      colombia
      Mensajes
      64

      Re: AUTORUN.INF y mi log de HJT

      Reporte de frst64


      frst.txt
      scan result of farbar recovery scan tool (frst) (x64) version: 02.01.2018
      ran by hejave (administrator) on cheff2005 (10-01-2018 11:24:22)
      running from c:\users\hejave\desktop
      loaded profiles: Hejave (available profiles: Hejave)
      platform: Windows 7 home premium service pack 1 (x64) language: Español (españa, internacional)
      internet explorer version 11 (default browser: Chrome)
      boot mode: Normal
      tutorial for farbar recovery scan tool: ***********************************************************************************************************

      ==================== processes (whitelisted) =================

      (if an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (acer incorporated) c:\program files\gateway\gateway updater\updaterservice.exe
      (panda security, s.l.) c:\program files (x86)\panda security\panda security protection\psanhost.exe
      (panda security, s.l.) c:\program files (x86)\panda security\panda devices agent\agentsvc.exe
      (panda security, s.l.) c:\program files (x86)\panda security\panda security protection\psuaservice.exe
      (malwarebytes) c:\program files\malwarebytes\anti-malware\mbamservice.exe
      (dt soft ltd) c:\program files (x86)\daemon tools pro\dtshellhlp.exe
      (piriform ltd) c:\program files\ccleaner\ccleaner64.exe
      (malwarebytes) c:\program files\malwarebytes\anti-malware\mbamtray.exe
      (cyberlink) c:\program files (x86)\cyberlink\mediaespresso\devicedetector\devicedetector.exe
      (dritek system inc.) c:\program files (x86)\launch manager\lmanager.exe
      (dropbox, inc.) c:\program files (x86)\dropbox\client\dropbox.exe
      (dritek system inc.) c:\program files (x86)\launch manager\mmdx64fx.exe
      (panda security, s.l.) c:\program files (x86)\panda security\panda security protection\psuamain.exe
      (dropbox, inc.) c:\program files (x86)\dropbox\client\dropbox.exe
      (intel corporation) c:\windows\system32\igfxext.exe
      (intel corporation) c:\windows\system32\igfxsrvc.exe
      (dropbox, inc.) c:\program files (x86)\dropbox\client\dropbox.exe
      (microsoft corporation) c:\windows\syswow64\wbem\wmiprvse.exe

      ==================== registry (whitelisted) ===========================

      (if an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      hklm-x32\...\run: [lmanager] => c:\program files (x86)\launch manager\lmanager.exe [1106512 2012-03-02] (dritek system inc.)
      hklm-x32\...\run: [dropbox] => c:\program files (x86)\dropbox\client\dropbox.exe [3567928 2017-12-04] (dropbox, inc.)
      hklm-x32\...\run: [psuamain] => c:\program files (x86)\panda security\panda security protection\psuamain.exe [109824 2016-08-04] (panda security, s.l.)
      hklm\...\winlogon: [userinit] c:\windows\syswow64\userinit.exe,
      winlogon\notify\igfxcui: C:\windows\system32\igfxdev.dll (intel corporation)
      hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\run: [ccleaner monitoring] => c:\program files\ccleaner\ccleaner64.exe [10021040 2017-10-18] (piriform ltd)
      hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\run: [idman] => c:\program files (x86)\internet download manager\idman.exe [4022328 2017-05-25] (tonec inc.)
      hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\policies\explorer: []
      hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\policies\explorer: [nolowdiskspacechecks] 1
      hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\mountpoints2: {c3dc8bb4-3db0-11e7-a0eb-dc0ea1b7dea6} - h:\hisuitedownloader.exe
      hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\winlogon: [shell] c:\windows\explorer.exe [3229696 2016-10-06] (microsoft corporation) <==== attention
      hku\s-1-5-18\...\run: [skype] => c:\program files (x86)\skype\phone\skype.exe [30877280 2014-12-11] (skype technologies s.a.)
      bootexecute: Autocheck autochk *
      grouppolicy: Restriction <==== attention

      ==================== internet (whitelisted) ====================

      (if an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      tcpip\parameters: [dhcpnameserver] 192.168.1.1
      tcpip\..\interfaces\{06de9cd1-0241-42a1-839a-46460f481891}: [dhcpnameserver] 192.168.1.1

      internet explorer:
      ==================
      hklm\software\microsoft\internet explorer\main,start page = Google
      hklm\software\wow6432node\microsoft\internet explorer\main,start page =
      hklm\software\wow6432node\microsoft\internet explorer\main,search page =
      hklm\software\microsoft\internet explorer\main,default_page_url = Google
      hklm\software\wow6432node\microsoft\internet explorer\main,default_page_url = Google
      hklm\software\wow6432node\microsoft\internet explorer\main,default_search_url =
      hku\.default\software\microsoft\internet explorer\main,start page = hxxp://www.msn.com/?pc=msert1
      searchscopes: Hklm -> defaultscope value is missing
      searchscopes: Hklm -> {0633ee93-d776-472f-a0ff-e1416b8b2e3a} url =
      searchscopes: Hklm-x32 -> defaultscope value is missing
      searchscopes: Hklm-x32 -> {0633ee93-d776-472f-a0ff-e1416b8b2e3a} url =
      searchscopes: Hku\s-1-5-21-3032391462-2345422213-4090516585-1000 -> defaultscope {3bd44f0e-0596-4008-aee0-45d47e3a8f0e} url = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasecuritytb&v=4_3&idate=2018-01-03&ent=ch_675&q={searchterms}
      searchscopes: Hku\s-1-5-21-3032391462-2345422213-4090516585-1000 -> {0633ee93-d776-472f-a0ff-e1416b8b2e3a} url = hxxp://www.bing.com/search?form=up97df&pc=up97&q={searchterms}&src=ie-searchbox
      searchscopes: Hku\s-1-5-21-3032391462-2345422213-4090516585-1000 -> {3bd44f0e-0596-4008-aee0-45d47e3a8f0e} url = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasecuritytb&v=4_3&idate=2018-01-03&ent=ch_675&q={searchterms}
      searchscopes: Hku\s-1-5-21-3032391462-2345422213-4090516585-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} url = hxxp://start.myplaycity.com/results.php?category=web&s={searchterms}
      bho: Idm integration (idmiehlprobj class) -> {0055c089-8582-441b-a0bf-17b458c2a3a8} -> c:\program files (x86)\internet download manager\idmiecc64.dll [2016-12-10] (internet download manager, tonec inc.)
      bho: Explorerwnd helper -> {10921475-03ce-4e04-90ce-e2e7ef20c814} -> c:\program files (x86)\iobit\iobit uninstaller\uninstallexplorer.dll [2015-11-12] (iobit)
      bho: Groove gfs browser helper -> {72853161-30c5-4d22-b7f9-0bbc1d38a37e} -> c:\program files\microsoft office\office14\grooveex.dll [2013-12-19] (microsoft corporation)
      bho: Java(tm) plug-in ssv helper -> {761497bb-d6f0-462c-b6eb-d4daf1d92d43} -> c:\program files\java\jre1.8.0_151\bin\ssv.dll [2017-11-02] (oracle corporation)
      bho: Windows live id sign-in helper -> {9030d464-4c02-4abf-8ecc-5164760863c6} -> c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll [2011-03-28] (microsoft corp.)
      bho: Panda safe web -> {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} -> c:\program files (x86)\pandasecuritytb\pandasecuritydx64.dll => no file
      bho: Java(tm) plug-in 2 ssv helper -> {dbc80044-a445-435b-bc74-9c25c1c588a9} -> c:\program files\java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-02] (oracle corporation)
      bho-x32: Idm integration (idmiehlprobj class) -> {0055c089-8582-441b-a0bf-17b458c2a3a8} -> c:\program files (x86)\internet download manager\idmiecc.dll [2016-12-10] (internet download manager, tonec inc.)
      bho-x32: Realnetworks download and record plugin for internet explorer -> {3049c3e9-b461-4bc5-8870-4c09146192ca} -> c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll [2012-11-29] (realdownloader)
      bho-x32: Groove gfs browser helper -> {72853161-30c5-4d22-b7f9-0bbc1d38a37e} -> c:\program files (x86)\microsoft office\office14\grooveex.dll [2013-12-19] (microsoft corporation)
      bho-x32: Windows live id sign-in helper -> {9030d464-4c02-4abf-8ecc-5164760863c6} -> c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll [2011-03-28] (microsoft corp.)
      bho-x32: No name -> {92ef2ead-a7ce-4424-b0db-499cf856608e} -> no file
      bho-x32: Office document cache handler -> {b4f3a835-0e21-4959-ba22-42b3008e02ff} -> c:\program files (x86)\microsoft office\office14\urlredir.dll [2013-03-06] (microsoft corporation)
      bho-x32: Panda safe web -> {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} -> c:\program files (x86)\pandasecuritytb\pandasecuritydx.dll => no file
      toolbar: Hklm - panda safe web - {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\pandasecuritytb\pandasecuritydx64.dll no file
      toolbar: Hklm-x32 - panda safe web - {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\pandasecuritytb\pandasecuritydx.dll no file
      handler-x32: Skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\program files (x86)\common files\skype\skype4com.dll [2017-07-18] (skype technologies)
      startmenuinternet: Iexplore.exe - iexplore.exe

      firefox:
      ========
      ff hklm-x32\...\firefox\extensions: [{34712c68-7391-4c47-94f3-8f88d49ad632}] - c:\programdata\realnetworks\realdownloader\browserplugins\firefox\ext
      ff extension: (realdownloader) - c:\programdata\realnetworks\realdownloader\browserplugins\firefox\ext [2012-12-31] [legacy] [not signed]
      ff hklm-x32\...\firefox\extensions: [{abde892b-13a8-4d1b-88e6-365a6e755758}] - c:\programdata\realnetworks\realdownloader\browserplugins\firefox\ext
      ff hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\seamonkey\extensions: [[email protected]] - c:\users\hejave\appdata\roaming\idm\idmmzcc5
      ff extension: (idm cc) - c:\users\hejave\appdata\roaming\idm\idmmzcc5 [2018-01-02] [legacy] [not signed]
      ff hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\seamonkey\extensions: [[email protected]] - c:\program files (x86)\internet download manager\idmmzcc2.xpi
      ff extension: (idm integration) - c:\program files (x86)\internet download manager\idmmzcc2.xpi [2017-01-26] [legacy]
      ff plugin: @adobe.com/flashplayer -> c:\windows\system32\macromed\flash\npswf64_28_0_0_126.dll [2017-12-12] ()
      ff plugin: @java.com/dtplugin,version=11.151.2 -> c:\program files\java\jre1.8.0_151\bin\dtplugin\npdeployjava1.dll [2017-11-02] (oracle corporation)
      ff plugin: @java.com/javaplugin,version=11.151.2 -> c:\program files\java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-02] (oracle corporation)
      ff plugin: @microsoft.com/npctrl,version=1.0 -> c:\program files\microsoft silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( microsoft corporation)
      ff plugin: @microsoft.com/officeauthz,version=14.0 -> c:\progra~1\micros~2\office14\npauthz.dll [2010-01-09] (microsoft corporation)
      ff plugin-x32: @adobe.com/flashplayer -> c:\windows\syswow64\macromed\flash\npswf32_28_0_0_126.dll [2017-12-12] ()
      ff plugin-x32: @intel-webapi.intel.com/intel webapi ipt;version=2.0.59 -> c:\program files (x86)\intel\intel(r) management engine components\ipt\npintelwebapiipt.dll [2012-01-06] (intel corporation)
      ff plugin-x32: @intel-webapi.intel.com/intel webapi updater -> c:\program files (x86)\intel\intel(r) management engine components\ipt\npintelwebapiupdater.dll [2012-01-06] (intel corporation)
      ff plugin-x32: @microsoft.com/npctrl,version=1.0 -> c:\program files (x86)\microsoft silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( microsoft corporation)
      ff plugin-x32: @microsoft.com/officeauthz,version=14.0 -> c:\progra~2\micros~4\office14\npauthz.dll [2010-01-09] (microsoft corporation)
      ff plugin-x32: @microsoft.com/sharepoint,version=14.0 -> c:\progra~2\micros~4\office14\npspwrap.dll [2010-03-24] (microsoft corporation)
      ff plugin-x32: @microsoft.com/wlpg,version=15.4.3502.0922 -> c:\program files (x86)\windows live\photo gallery\npwlpg.dll [2011-05-13] (microsoft corporation)
      ff plugin-x32: @microsoft.com/wlpg,version=15.4.3538.0513 -> c:\program files (x86)\windows live\photo gallery\npwlpg.dll [2011-05-13] (microsoft corporation)
      ff plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\netscape6\nppl3260.dll [2012-12-31] (realnetworks, inc.)
      ff plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll [2012-11-29] (realnetworks, inc.)
      ff plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll [2012-11-29] (realnetworks, inc.)
      ff plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll [2012-11-29] (realnetworks, inc.)
      ff plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\netscape6\nprpplugin.dll [2012-12-31] (realplayer)
      ff plugin-x32: @realnetworks.com/npdlplugin;version=1 -> c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll [2012-11-29] (realdownloader)
      ff plugin-x32: @tools.google.com/google update;version=3 -> c:\program files (x86)\google\update\1.3.33.7\npgoogleupdate3.dll [2017-11-13] (google inc.)
      ff plugin-x32: @tools.google.com/google update;version=9 -> c:\program files (x86)\google\update\1.3.33.7\npgoogleupdate3.dll [2017-11-13] (google inc.)
      ff plugin-x32: @videolan.org/vlc,version=2.0.2 -> c:\program files (x86)\videolan\vlc\npvlc.dll [2017-05-24] (videolan)
      ff plugin-x32: @videolan.org/vlc,version=2.1.5 -> c:\program files (x86)\videolan\vlc\npvlc.dll [2017-05-24] (videolan)
      ff plugin-x32: @videolan.org/vlc,version=2.2.4 -> c:\program files (x86)\videolan\vlc\npvlc.dll [2017-05-24] (videolan)
      ff plugin-x32: @videolan.org/vlc,version=2.2.6 -> c:\program files (x86)\videolan\vlc\npvlc.dll [2017-05-24] (videolan)
      ff plugin-x32: @zylom.com/zylomgamesplayer -> c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll [2009-10-26] (zylom)
      ff plugin-x32: Adobe reader -> c:\program files (x86)\adobe\acrobat reader dc\reader\air\nppdf32.dll [2017-11-04] (adobe systems inc.)

      chrome:
      =======
      chr defaultprofile: Chromedefaultdata
      chr startupurls: Chromedefaultdata -> "hxxps://www.google.com/"
      chr defaultsearchurl: Chromedefaultdata -> hxxp://www.bing.com/search?form=__param__df&pc=__param__&q={searchterms}
      chr defaultsearchkeyword: Chromedefaultdata -> bing.com
      chr profile: C:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata [2018-01-10] <==== attention
      chr extension: (google drive) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-21]
      chr extension: (youtube) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-21]
      chr extension: (tampermonkey) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-28]
      chr extension: (adobe acrobat) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-08]
      chr extension: (video downloader professional) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-08-03]
      chr extension: (panda safe web) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\fagakgcelolinfnkfgekcnedpaklfcok [2018-01-03]
      chr extension: (adblock) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-08]
      chr extension: (nicestats) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\jmcigkgkjjlkpljojolkfienmmjjhegb [2017-11-22]
      chr extension: (idm integration module) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-01-02]
      chr extension: (sistema de pagos de chrome web store) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
      chr extension: (gmail) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-21]
      chr extension: (chrome media router) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-19]
      chr extension: (youtube video and mp3 downloader) - c:\users\hejave\downloads\youtube video downloader [2017-12-20]
      chr profile: C:\users\hejave\appdata\local\google\chrome\user data\default [2018-01-09]
      chr extension: (avast safeprice) - c:\users\hejave\appdata\local\google\chrome\user data\default\extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-12]
      chr extension: (avast online security) - c:\users\hejave\appdata\local\google\chrome\user data\default\extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-17]
      chr extension: (skype) - c:\users\hejave\appdata\local\google\chrome\user data\default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-12]
      chr extension: (sistema de pagos de chrome web store) - c:\users\hejave\appdata\local\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
      chr extension: (descarga videos con fvd video downloader) - c:\users\hejave\appdata\local\google\chrome\user data\default\extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2016-12-12]
      chr extension: (chrome media router) - c:\users\hejave\appdata\local\google\chrome\user data\default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-12]
      chr hklm\...\chrome\extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
      chr hklm\...\chrome\extension: [ngpampappnmepgilojfohadhhmbhlaek] - c:\program files (x86)\internet download manager\idmgcext.crx [2017-05-25]
      chr hku\s-1-5-21-3032391462-2345422213-4090516585-1000\software\google\chrome\extensions\...\chrome\extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
      chr hklm-x32\...\chrome\extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
      chr hklm-x32\...\chrome\extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
      chr hklm-x32\...\chrome\extension: [ngpampappnmepgilojfohadhhmbhlaek] - c:\program files (x86)\internet download manager\idmgcext.crx [2017-05-25]

      ==================== services (whitelisted) ====================

      (if an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      s3 dbupdate; c:\program files (x86)\dropbox\update\dropboxupdate.exe [143144 2017-07-16] (dropbox, inc.)
      s3 dbupdatem; c:\program files (x86)\dropbox\update\dropboxupdate.exe [143144 2017-07-16] (dropbox, inc.)
      s3 dbxsvc; c:\windows\system32\dbxsvc.exe [51016 2017-12-04] (dropbox, inc.)
      s3 jhi_service; c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe [161560 2012-02-07] (intel corporation)
      s3 liveupdatesvc; c:\program files (x86)\iobit\liveupdate\liveupdate.exe [2945312 2016-01-14] (iobit)
      r2 mbamservice; c:\program files\malwarebytes\anti-malware\mbamservice.exe [6234056 2017-11-01] (malwarebytes)
      s3 memusvc; c:\program files\microvirt\memu\memuservice.exe [269480 2017-05-26] (microvirt software technology co. Ltd.)
      r2 nanoservicemain; c:\program files (x86)\panda security\panda security protection\psanhost.exe [153096 2016-08-04] (panda security, s.l.)
      s3 nti ischedulesvc; c:\program files (x86)\nti\gateway mybackup\ischedulesvc.exe [256536 2012-01-05] (nti corporation)
      s3 origin client service; c:\program files (x86)\origin\originclientservice.exe [2142728 2016-10-28] (electronic arts)
      s3 origin web helper service; c:\program files (x86)\origin\originwebhelperservice.exe [2209296 2016-10-28] (electronic arts)
      r2 pandaagent; c:\program files (x86)\panda security\panda devices agent\agentsvc.exe [86104 2016-07-19] (panda security, s.l.)
      r2 psuaservice; c:\program files (x86)\panda security\panda security protection\psuaservice.exe [47096 2017-04-26] (panda security, s.l.)
      s3 realnetworks downloader resolver service; c:\program files (x86)\realnetworks\realdownloader\rndlresolversvc.exe [38608 2012-11-29] ()
      s3 richvideo; c:\program files (x86)\cyberlink\shared files\richvideo.exe [272024 2007-05-14] ()
      s2 setuparservice; c:\program files (x86)\realtek\audio\setupafterrebootservice.exe [24576 2017-06-30] (realtek semiconductor.) [file not signed]
      s3 unchecky; c:\program files (x86)\unchecky\bin\unchecky_svc.exe [254904 2016-06-23] (rammichael)
      s3 wacservice; c:\program files (x86)\wondershare\wondershare application center\wacservice.exe [103272 2012-11-09] (wondershare)
      r2 windefend; c:\program files\windows defender\mpsvc.dll [1011712 2013-05-27] (microsoft corporation)

      ===================== drivers (whitelisted) ======================

      (if an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      s3 cpuz143; c:\windows\temp\cpuz143\cpuz143_x64.sys [48960 2018-01-05] (cpuid)
      s3 dg_ssudbus; c:\windows\system32\drivers\ssudbus.sys [129152 2016-04-25] (samsung electronics co., ltd.)
      r1 dtsoftbus01; c:\windows\system32\drivers\dtsoftbus01.sys [283200 2016-06-17] (dt soft ltd)
      r1 esprotectiondriver; c:\windows\system32\drivers\mbae64.sys [77432 2017-12-18] ()
      s4 filemonitor; no imagepath
      r1 gubootstartup; c:\windows\system32\drivers\gubootstartup.sys [20160 2017-06-30] (glarysoft ltd)
      r1 hwinfo32; c:\windows\syswow64\drivers\hwinfo64a.sys [27552 2016-06-30] (realix(tm))
      r2 mbamchameleon; c:\windows\system32\drivers\mbamchameleon.sys [193968 2018-01-09] (malwarebytes)
      r3 mbamfarflt; c:\windows\system32\drivers\farflt.sys [110016 2018-01-10] (malwarebytes)
      r3 mbamprotection; c:\windows\system32\drivers\mbam.sys [46008 2018-01-10] (malwarebytes)
      r3 mbamswissarmy; c:\windows\system32\drivers\mbamswissarmy.sys [253880 2018-01-10] (malwarebytes)
      r3 mbamwebprotection; c:\windows\system32\drivers\mwac.sys [84256 2018-01-10] (malwarebytes)
      r3 meix64; c:\windows\system32\drivers\teedriverx64.sys [181304 2016-07-08] (intel corporation)
      r2 memudrv; c:\program files\microvirt\memuhyperv\memudrv.sys [260368 2015-11-02] (microvirt corporation)
      r1 nnsalpc; c:\windows\system32\drivers\nnsalpc.sys [94456 2015-12-04] (panda security, s.l.)
      r1 nnshttp; c:\windows\system32\drivers\nnshttp.sys [201464 2015-12-04] (panda security, s.l.)
      r1 nnshttps; c:\windows\system32\drivers\nnshttps.sys [110840 2015-12-04] (panda security, s.l.)
      r1 nnsids; c:\windows\system32\drivers\nnsids.sys [110840 2015-12-04] (panda security, s.l.)
      r1 nnsnahsl; c:\windows\system32\drivers\nnsnahsl.sys [48912 2015-04-27] (panda security, s.l.)
      r1 nnspicc; c:\windows\system32\drivers\nnspicc.sys [103160 2015-12-04] (panda security, s.l.)
      r1 nnspihsw; c:\windows\system32\drivers\nnspihsw.sys [80592 2016-03-14] (panda security, s.l.)
      r1 nnspop3; c:\windows\system32\drivers\nnspop3.sys [124152 2015-12-04] (panda security, s.l.)
      r1 nnsprot; c:\windows\system32\drivers\nnsprot.sys [300280 2015-12-04] (panda security, s.l.)
      r1 nnsprv; c:\windows\system32\drivers\nnsprv.sys [177424 2016-02-17] (panda security, s.l.)
      r1 nnssmtp; c:\windows\system32\drivers\nnssmtp.sys [113400 2015-12-04] (panda security, s.l.)
      r1 nnsstrm; c:\windows\system32\drivers\nnsstrm.sys [264976 2016-02-17] (panda security, s.l.)
      r1 nnstlsc; c:\windows\system32\drivers\nnstlsc.sys [106232 2015-12-04] (panda security, s.l.)
      s3 porttalk; c:\windows\syswow64\drivers\porttalk.sys [3567 2002-01-12] (beyond logic hxxp://www.beyondlogic.org) [file not signed]
      r2 psinaflt; c:\windows\system32\drivers\psinaflt.sys [171792 2016-08-04] (panda security, s.l.)
      r2 psinfile; c:\windows\system32\drivers\psinfile.sys [127248 2016-08-04] (panda security, s.l.)
      r1 psinknc; c:\windows\system32\drivers\psinknc.sys [205072 2016-08-04] (panda security, s.l.)
      r2 psinproc; c:\windows\system32\drivers\psinproc.sys [131344 2016-08-04] (panda security, s.l.)
      r2 psinprot; c:\windows\system32\drivers\psinprot.sys [144656 2016-08-04] (panda security, s.l.)
      r2 psinreg; c:\windows\system32\drivers\psinreg.sys [114960 2016-08-04] (panda security, s.l.)
      r3 pskmad; c:\windows\system32\drivers\pskmad.sys [70360 2016-08-08] (panda security, s.l.)
      s3 regfilter; no imagepath
      s3 rimusb; c:\windows\system32\drivers\rimusb_amd64.sys [27520 2007-05-14] (research in motion limited)
      s3 ssudmdm; c:\windows\system32\drivers\ssudmdm.sys [166288 2017-11-09] (samsung electronics co., ltd.)
      s3 wdm_usb; c:\windows\system32\drivers\usb2ser.sys [159936 2016-08-16] (mbb)
      r2 {fe4c91e7-22c2-4d0c-9f6b-82f1b7742054}; c:\program files (x86)\cyberlink\powerdvd8\000.fcl [32240 2008-02-01] (cyberlink corp.)
      s3 iobit_monitor_server; \??\c:\program files (x86)\iobit\advanced systemcare ultimate\drivers\monitor_win7_x64.sys [x]
      s3 panda_url_filteringd; \??\c:\program files\panda security url filtering\panda_url_filteringd.sys [x]

      ==================== netsvcs (whitelisted) ===================

      (if an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== one month created files and folders ========

      (if an entry is included in the fixlist, the file/folder will be moved.)

      2018-01-10 11:17 - 2018-01-10 11:19 - 000070739 _____ c:\users\hejave\desktop\addition.txt
      2018-01-10 11:16 - 2018-01-10 11:25 - 000025258 _____ c:\users\hejave\desktop\frst.txt
      2018-01-10 11:15 - 2018-01-10 11:24 - 000000000 ____d c:\frst
      2018-01-10 10:36 - 2018-01-10 10:36 - 000009786 _____ c:\users\hejave\desktop\eset.txt
      2018-01-09 14:19 - 2018-01-09 14:19 - 000000000 ____d c:\program files (x86)\eset
      2018-01-09 14:17 - 2018-01-09 14:17 - 000004486 _____ c:\users\hejave\desktop\adwcleaner[c0].txt
      2018-01-09 14:15 - 2018-01-10 11:23 - 000110016 _____ (malwarebytes) c:\windows\system32\drivers\farflt.sys
      2018-01-09 14:15 - 2018-01-10 11:23 - 000084256 _____ (malwarebytes) c:\windows\system32\drivers\mwac.sys
      2018-01-09 14:15 - 2018-01-10 11:23 - 000046008 _____ (malwarebytes) c:\windows\system32\drivers\mbam.sys
      2018-01-09 14:15 - 2018-01-09 14:15 - 000193968 _____ (malwarebytes) c:\windows\system32\drivers\mbamchameleon.sys
      2018-01-09 14:14 - 2018-01-10 11:23 - 000253880 _____ (malwarebytes) c:\windows\system32\drivers\mbamswissarmy.sys
      2018-01-09 14:10 - 2018-01-09 14:10 - 000005234 _____ c:\users\hejave\desktop\adwcleaner[s0].txt
      2018-01-09 14:05 - 2018-01-09 14:06 - 008198432 _____ (malwarebytes) c:\users\hejave\desktop\adwcleaner_7.0.6.0.exe
      2018-01-09 14:04 - 2018-01-09 14:13 - 000000000 ____d c:\adwcleaner
      2018-01-06 15:59 - 2018-01-06 15:59 - 021484925 _____ c:\users\hejave\downloads\videoplayback.mp4
      2018-01-06 14:15 - 2015-09-29 18:53 - 000000396 _____ c:\users\hejave\downloads\leeme.txt
      2018-01-06 14:15 - 2015-08-30 20:47 - 000006489 _____ c:\users\hejave\downloads\readme kmspico install.txt
      2018-01-06 14:15 - 2013-10-24 20:53 - 000000146 _____ c:\users\hejave\downloads\uninstall_service.cmd
      2018-01-06 13:15 - 2018-01-06 13:15 - 002393088 _____ (farbar) c:\users\hejave\desktop\frst64.exe
      2018-01-06 13:14 - 2018-01-06 13:14 - 002870984 _____ (eset) c:\users\hejave\desktop\esetsmartinstaller_esn.exe
      2018-01-05 16:32 - 2018-01-05 17:45 - 000000000 ____d c:\program files (x86)\softlogica
      2018-01-05 16:02 - 2018-01-05 16:02 - 000001567 _____ c:\users\hejave\desktop\malware anti2.txt
      2018-01-05 12:28 - 2018-01-05 12:28 - 000021244 _____ c:\users\hejave\desktop\cc_20180105_122805.reg
      2018-01-05 11:53 - 2018-01-05 11:54 - 000000000 ____d c:\users\hejave\desktop\orgull0ypr3juici0
      2018-01-05 10:21 - 2018-01-05 10:21 - 000000000 _____ c:\windows\system32\attrib
      2018-01-05 00:38 - 2018-01-05 00:38 - 000000000 ____d c:\programdata\1515130691_00000000_base
      2018-01-04 14:04 - 2018-01-04 14:04 - 000011374 _____ c:\users\hejave\desktop\cc_20180104_140400.reg
      2018-01-04 14:02 - 2018-01-04 14:02 - 000001618 _____ c:\users\hejave\desktop\cc_20180104_140241.reg
      2018-01-04 13:51 - 2018-01-04 13:51 - 000005916 _____ c:\users\hejave\desktop\malware.txt
      2018-01-04 11:59 - 2018-01-04 14:06 - 000005374 _____ c:\users\hejave\desktop\usbfix_report.txt
      2018-01-03 22:08 - 2018-01-03 22:08 - 000000000 ____d c:\users\hejave\appdata\local\emu
      2018-01-03 22:01 - 2018-01-03 22:01 - 000001558 _____ c:\users\public\desktop\brothers - a tale of two sons.lnk
      2018-01-03 22:01 - 2018-01-03 22:01 - 000000000 ____d c:\programdata\microsoft\windows\start menu\programs\brothers - a tale of two sons
      2018-01-03 21:59 - 2018-01-03 22:01 - 000000000 ____d c:\program files (x86)\brothers - a tale of two sons
      2018-01-03 18:59 - 2018-01-03 18:59 - 000000000 ____d c:\users\hejave\appdata\local\midway
      2018-01-03 18:34 - 2018-01-03 18:34 - 000001838 _____ c:\users\public\desktop\blacksite area 51.lnk
      2018-01-03 18:34 - 2018-01-03 18:34 - 000000000 ____d c:\programdata\microsoft\windows\start menu\programs\blacksite area 51
      2018-01-03 18:16 - 2018-01-03 18:16 - 000000000 ____d c:\games
      2018-01-03 17:49 - 2018-01-03 17:49 - 001790024 _____ (malwarebytes) c:\users\hejave\desktop\jrt.exe
      2018-01-03 11:53 - 2018-01-03 11:54 - 000688992 _____ (swearware) c:\users\hejave\desktop\dds.scr
      2018-01-03 11:43 - 2018-01-03 11:43 - 000000000 ____d c:\users\hejave\appdata\roaming\search the web
      2018-01-03 11:42 - 2018-01-03 11:44 - 000002192 _____ c:\users\public\desktop\panda global protection.lnk
      2018-01-03 11:42 - 2018-01-03 11:42 - 000000000 ____d c:\programdata\microsoft\windows\start menu\programs\panda global protection
      2018-01-03 11:42 - 2016-08-08 04:00 - 000070360 _____ (panda security, s.l.) c:\windows\system32\drivers\pskmad.sys
      2018-01-03 10:35 - 2018-01-09 00:12 - 000000000 ____d c:\programdata\panda_url_filtering
      2018-01-03 10:34 - 2018-01-03 11:42 - 000000000 ____d c:\users\hejave\appdata\roaming\panda security
      2018-01-03 10:33 - 2018-01-03 11:43 - 000000000 ____d c:\program files (x86)\panda security
      2018-01-03 00:27 - 2018-01-03 10:22 - 000000493 _____ c:\programdata\panda.result
      2018-01-03 00:25 - 2018-01-03 11:43 - 000000000 ____d c:\programdata\panda security
      2018-01-02 17:44 - 2018-01-02 17:44 - 000000000 ____d c:\users\hejave\appdata\local\eset
      2018-01-02 11:12 - 2018-01-05 16:31 - 000000000 ____d c:\users\hejave\appdata\roaming\idm
      2018-01-02 11:10 - 2018-01-02 11:10 - 000000000 ____d c:\users\hejave\appdata\roaming\microsoft\windows\start menu\programs\internet download manager
      2018-01-02 11:10 - 2018-01-02 11:10 - 000000000 ____d c:\programdata\microsoft\windows\start menu\programs\internet download manager
      2018-01-02 11:05 - 2018-01-02 18:57 - 000000000 ____d c:\program files (x86)\usbfix
      2018-01-02 09:09 - 2018-01-03 16:54 - 003223072 _____ c:\windows\system32\fntcache.dat
      2018-01-01 13:57 - 2018-01-03 11:42 - 000195016 _____ c:\users\hejave\appdata\local\gdipfontcachev1.dat
      2018-01-01 11:00 - 2018-01-01 11:00 - 000001290 _____ c:\users\hejave\documents\cc_20180101_110006.reg
      2017-12-31 16:07 - 2018-01-01 10:54 - 000000000 ____d c:\program files (x86)\felixthekat
      2017-12-31 15:43 - 2018-01-05 09:16 - 000000000 __shd c:\$360section
      2017-12-31 12:14 - 2017-12-31 12:14 - 000001672 _____ c:\users\hejave\documents\cc_20171231_121425.reg
      2017-12-30 21:50 - 2018-01-04 11:43 - 000000000 ____d c:\users\hejave\desktop\nueva carpeta
      2017-12-30 13:52 - 2017-12-30 13:52 - 000000000 ____d c:\users\hejave\appdata\local\logmein
      2017-12-30 13:52 - 2017-12-30 13:52 - 000000000 ____d c:\programdata\logmein
      2017-12-30 13:31 - 2017-12-30 13:31 - 000000000 ____d c:\programdata\microsoft\windows\start menu\programs\strogino cs portal
      2017-12-30 13:24 - 2017-12-30 13:24 - 000000000 ____d c:\program files\strogino cs portal
      2017-12-29 22:33 - 2017-12-31 08:32 - 000000000 ____d c:\program files (x86)\steam
      2017-12-29 22:33 - 2017-12-29 22:33 - 000000000 ____d c:\programdata\microsoft\windows\start menu\programs\steam
      2017-12-28 09:55 - 2018-01-06 10:37 - 000000000 ____d c:\program files\easeus
      2017-12-26 21:56 - 2017-12-26 21:56 - 000000000 ____d c:\users\hejave\appdata\local\{aa4a37a1-e12f-4f91-a1c7-6da747ba7d3f}
      2017-12-26 21:56 - 2017-12-26 21:56 - 000000000 ____d c:\users\hejave\appdata\local\{9bba3630-f1b4-427b-9aee-53756b32272f}
      2017-12-26 18:55 - 2017-12-26 18:55 - 000000000 ____d c:\program files (x86)\msxml 4.0
      2017-12-26 18:34 - 2017-12-31 09:25 - 000000000 ____d c:\programdata\microsoft\windows\start menu\programs\winzip 21.5
      2017-12-26 18:33 - 2017-12-26 21:19 - 000000000 ____d c:\program files\winzip
      2017-12-26 18:33 - 2017-12-26 18:33 - 000000000 ____d c:\users\hejave\appdata\roaming\microsoft\windows\start menu\programs\winzip 21.5
      2017-12-26 18:30 - 2017-12-31 10:39 - 000000000 ____d c:\windows\tasks\360disabled
      2017-12-26 18:29 - 2017-12-26 18:29 - 000000000 ____d c:\programdata\uniqueid
      2017-12-26 18:26 - 2017-12-15 08:03 - 000086248 _____ (360.cn) c:\windows\syswow64\drivers\360avflt.sys
      2017-12-26 18:25 - 2018-01-05 09:16 - 000000000 ____d c:\programdata\microsoft\windows\start menu\programs\360 security center
      2017-12-26 11:22 - 2017-12-26 11:22 - 000000000 ____d c:\programdata\microsoft\windows\start menu\programs\cpuid
      2017-12-26 11:22 - 2017-12-26 11:22 - 000000000 ____d c:\program files\cpuid
      2017-12-24 22:51 - 2017-12-24 22:51 - 000000670 _____ c:\users\hejave\documents\cc_20171224_225113.reg
      2017-12-23 15:21 - 2017-12-24 16:28 - 000000000 ____d c:\programdata\skype
      2017-12-23 12:07 - 2017-11-16 23:23 - 003222528 _____ (microsoft corporation) c:\windows\system32\win32k.sys
      2017-12-23 12:07 - 2017-11-14 20:27 - 000395968 _____ (microsoft corporation) c:\windows\system32\iedkcs32.dll
      2017-12-23 12:07 - 2017-11-14 19:36 - 000347336 _____ (microsoft corporation) c:\windows\syswow64\iedkcs32.dll
      2017-12-23 12:07 - 2017-11-13 22:57 - 025731072 _____ (microsoft corporation) c:\windows\system32\mshtml.dll
      2017-12-23 12:07 - 2017-11-13 22:43 - 002724864 _____ (microsoft corporation) c:\windows\system32\mshtml.tlb
      2017-12-23 12:07 - 2017-11-13 22:43 - 000004096 _____ (microsoft corporation) c:\windows\system32\ieetwcollectorres.dll
      2017-12-23 12:07 - 2017-11-13 22:32 - 002903552 _____ (microsoft corporation) c:\windows\system32\iertutil.dll
      2017-12-23 12:07 - 2017-11-13 22:31 - 000066560 _____ (microsoft corporation) c:\windows\system32\iesetup.dll
      2017-12-23 12:07 - 2017-11-13 22:31 - 000048640 _____ (microsoft corporation) c:\windows\system32\ieetwproxystub.dll
      2017-12-23 12:07 - 2017-11-13 22:30 - 000577024 _____ (microsoft corporation) c:\windows\system32\vbscript.dll
      2017-12-23 12:07 - 2017-11-13 22:30 - 000417792 _____ (microsoft corporation) c:\windows\system32\html.iec
      2017-12-23 12:07 - 2017-11-13 22:30 - 000088064 _____ (microsoft corporation) c:\windows\system32\mshtmldac.dll
      2017-12-23 12:07 - 2017-11-13 22:25 - 005925888 _____ (microsoft corporation) c:\windows\system32\jscript9.dll
      2017-12-23 12:07 - 2017-11-13 22:24 - 000054784 _____ (microsoft corporation) c:\windows\system32\jsproxy.dll
      2017-12-23 12:07 - 2017-11-13 22:24 - 000034304 _____ (microsoft corporation) c:\windows\system32\iernonce.dll
      2017-12-23 12:07 - 2017-11-13 22:21 - 000615936 _____ (microsoft corporation) c:\windows\system32\ieui.dll
      2017-12-23 12:07 - 2017-11-13 22:20 - 000817152 _____ (microsoft corporation) c:\windows\system32\jscript.dll
      2017-12-23 12:07 - 2017-11-13 22:20 - 000814080 _____ (microsoft corporation) c:\windows\system32\jscript9diag.dll
      2017-12-23 12:07 - 2017-11-13 22:20 - 000144384 _____ (microsoft corporation) c:\windows\system32\ieunatt.exe
      2017-12-23 12:07 - 2017-11-13 22:20 - 000116224 _____ (microsoft corporation) c:\windows\system32\ieetwcollector.exe
      2017-12-23 12:07 - 2017-11-13 22:15 - 000968704 _____ (microsoft corporation) c:\windows\system32\msspellcheckingfacility.exe
      2017-12-23 12:07 - 2017-11-13 22:12 - 000489984 _____ (microsoft corporation) c:\windows\system32\dxtmsft.dll
      2017-12-23 12:07 - 2017-11-13 22:06 - 000087552 _____ (microsoft corporation) c:\windows\system32\tdc.ocx
      2017-12-23 12:07 - 2017-11-13 22:06 - 000077824 _____ (microsoft corporation) c:\windows\system32\javascriptcollectionagent.dll
      2017-12-23 12:07 - 2017-11-13 22:05 - 000107520 _____ (microsoft corporation) c:\windows\system32\inseng.dll
      2017-12-23 12:07 - 2017-11-13 22:03 - 000199680 _____ (microsoft corporation) c:\windows\system32\msrating.dll
      2017-12-23 12:07 - 2017-11-13 22:02 - 000092160 _____ (microsoft corporation) c:\windows\system32\mshtmled.dll
      2017-12-23 12:07 - 2017-11-13 22:00 - 000315392 _____ (microsoft corporation) c:\windows\system32\dxtrans.dll
      2017-12-23 12:07 - 2017-11-13 21:59 - 000152064 _____ (microsoft corporation) c:\windows\system32\occache.dll
      2017-12-23 12:07 - 2017-11-13 21:51 - 000262144 _____ (microsoft corporation) c:\windows\system32\webcheck.dll
      2017-12-23 12:07 - 2017-11-13 21:48 - 015267328 _____ (microsoft corporation) c:\windows\system32\ieframe.dll
      2017-12-23 12:07 - 2017-11-13 21:48 - 000807936 _____ (microsoft corporation) c:\windows\system32\msfeeds.dll
      2017-12-23 12:07 - 2017-11-13 21:48 - 000726528 _____ (microsoft corporation) c:\windows\system32\ie4uinit.exe
      2017-12-23 12:07 - 2017-11-13 21:47 - 001359360 _____ (microsoft corporation) c:\windows\system32\mshtmlmedia.dll
      2017-12-23 12:07 - 2017-11-13 21:46 - 002134528 _____ (microsoft corporation) c:\windows\system32\inetcpl.cpl
      2017-12-23 12:07 - 2017-11-13 21:39 - 003241472 _____ (microsoft corporation) c:\windows\system32\wininet.dll
      2017-12-23 12:07 - 2017-11-13 21:27 - 001544192 _____ (microsoft corporation) c:\windows\system32\urlmon.dll
      2017-12-23 12:07 - 2017-11-13 21:16 - 000800768 _____ (microsoft corporation) c:\windows\system32\ieapfltr.dll
      2017-12-23 12:07 - 2017-11-13 20:37 - 013679616 _____ (microsoft corporation) c:\windows\syswow64\ieframe.dll
      2017-12-23 12:07 - 2017-11-13 20:15 - 000416256 _____ (microsoft corporation) c:\windows\syswow64\dxtmsft.dll
      2017-12-23 12:07 - 2017-11-13 20:15 - 000279040 _____ (microsoft corporation) c:\windows\syswow64\dxtrans.dll
      2017-12-23 12:07 - 2017-11-13 20:15 - 000076288 _____ (microsoft corporation) c:\windows\syswow64\mshtmled.dll
      2017-12-23 12:07 - 2017-11-13 20:10 - 020269056 _____ (microsoft corporation) c:\windows\syswow64\mshtml.dll
      2017-12-23 12:07 - 2017-11-13 19:32 - 000499200 _____ (microsoft corporation) c:\windows\syswow64\vbscript.dll
      2017-12-23 12:07 - 2017-11-13 19:31 - 000064000 _____ (microsoft corporation) c:\windows\syswow64\mshtmldac.dll
      2017-12-23 12:07 - 2017-11-07 15:56 - 002724864 _____ (microsoft corporation) c:\windows\syswow64\mshtml.tlb
      2017-12-23 12:07 - 2017-11-07 15:46 - 000341504 _____ (microsoft corporation) c:\windows\syswow64\html.iec
      2017-12-23 12:07 - 2017-11-07 15:46 - 000062464 _____ (microsoft corporation) c:\windows\syswow64\iesetup.dll
      2017-12-23 12:07 - 2017-11-07 15:46 - 000047616 _____ (microsoft corporation) c:\windows\syswow64\ieetwproxystub.dll
      2017-12-23 12:07 - 2017-11-07 15:44 - 002293760 _____ (microsoft corporation) c:\windows\syswow64\iertutil.dll
      2017-12-23 12:07 - 2017-11-07 15:41 - 000047104 _____ (microsoft corporation) c:\windows\syswow64\jsproxy.dll
      2017-12-23 12:07 - 2017-11-07 15:41 - 000030720 _____ (microsoft corporation) c:\windows\syswow64\iernonce.dll
      2017-12-23 12:07 - 2017-11-07 15:40 - 000476160 _____ (microsoft corporation) c:\windows\syswow64\ieui.dll
      2017-12-23 12:07 - 2017-11-07 15:39 - 000662016 _____ (microsoft corporation) c:\windows\syswow64\jscript.dll
      2017-12-23 12:07 - 2017-11-07 15:38 - 000620032 _____ (microsoft corporation) c:\windows\syswow64\jscript9diag.dll
      2017-12-23 12:07 - 2017-11-07 15:38 - 000115712 _____ (microsoft corporation) c:\windows\syswow64\ieunatt.exe
      2017-12-23 12:07 - 2017-11-07 15:29 - 000060416 _____ (microsoft corporation) c:\windows\syswow64\javascriptcollectionagent.dll
      2017-12-23 12:07 - 2017-11-07 15:28 - 000091136 _____ (microsoft corporation) c:\windows\syswow64\inseng.dll
      2017-12-23 12:07 - 2017-11-07 15:28 - 000073216 _____ (microsoft corporation) c:\windows\syswow64\tdc.ocx
      2017-12-23 12:07 - 2017-11-07 15:27 - 004509696 _____ (microsoft corporation) c:\windows\syswow64\jscript9.dll
      2017-12-23 12:07 - 2017-11-07 15:26 - 000168960 _____ (microsoft corporation) c:\windows\syswow64\msrating.dll
      2017-12-23 12:07 - 2017-11-07 15:24 - 000130048 _____ (microsoft corporation) c:\windows\syswow64\occache.dll
      2017-12-23 12:07 - 2017-11-07 15:19 - 000230400 _____ (microsoft corporation) c:\windows\syswow64\webcheck.dll
      2017-12-23 12:07 - 2017-11-07 15:18 - 000694272 _____ (microsoft corporation) c:\windows\syswow64\msfeeds.dll
      2017-12-23 12:07 - 2017-11-07 15:17 - 002058752 _____ (microsoft corporation) c:\windows\syswow64\inetcpl.cpl
      2017-12-23 12:07 - 2017-11-07 15:17 - 001155072 _____ (microsoft corporation) c:\windows\syswow64\mshtmlmedia.dll
      2017-12-23 12:07 - 2017-11-07 15:04 - 002767872 _____ (microsoft corporation) c:\windows\syswow64\wininet.dll
      2017-12-23 12:07 - 2017-11-07 15:01 - 001313280 _____ (microsoft corporation) c:\windows\syswow64\urlmon.dll
      2017-12-23 12:07 - 2017-11-07 14:58 - 000710144 _____ (microsoft corporation) c:\windows\syswow64\ieapfltr.dll
      2017-12-23 12:07 - 2017-11-07 11:31 - 000002048 _____ (microsoft corporation) c:\windows\system32\tzres.dll
      2017-12-23 12:07 - 2017-11-07 11:13 - 000002048 _____ (microsoft corporation) c:\windows\syswow64\tzres.dll
      2017-12-23 12:07 - 2017-11-04 10:31 - 000194048 _____ (microsoft corporation) c:\windows\system32\itircl.dll
      2017-12-23 12:07 - 2017-11-04 10:31 - 000170496 _____ (microsoft corporation) c:\windows\system32\itss.dll
      2017-12-23 12:07 - 2017-11-04 10:10 - 000158720 _____ (microsoft corporation) c:\windows\syswow64\itircl.dll
      2017-12-23 12:07 - 2017-11-04 10:10 - 000142336 _____ (microsoft corporation) c:\windows\syswow64\itss.dll
      2017-12-23 12:07 - 2017-11-02 11:55 - 000281600 _____ (microsoft corporation) c:\windows\system32\iprtrmgr.dll
      2017-12-23 12:07 - 2017-11-02 11:55 - 000138240 _____ (microsoft corporation) c:\windows\system32\rtm.dll
      2017-12-23 12:07 - 2017-11-02 11:55 - 000097792 _____ (microsoft corporation) c:\windows\system32\mprdim.dll
      2017-12-23 12:07 - 2017-11-02 11:55 - 000009728 _____ (microsoft corporation) c:\windows\system32\iprtprio.dll
      2017-12-23 12:07 - 2017-11-02 10:11 - 000271360 _____ (microsoft corporation) c:\windows\syswow64\iprtrmgr.dll
      2017-12-23 12:07 - 2017-11-02 10:11 - 000115200 _____ (microsoft corporation) c:\windows\syswow64\rtm.dll
      2017-12-23 12:07 - 2017-11-02 10:11 - 000075264 _____ (microsoft corporation) c:\windows\syswow64\mprdim.dll
      2017-12-23 12:07 - 2017-11-02 09:56 - 000008192 _____ (microsoft corporation) c:\windows\syswow64\iprtprio.dll
      2017-12-23 12:07 - 2017-10-16 18:04 - 001001984 _____ (microsoft corporation) c:\windows\system32\gpedit.dll
      2017-12-23 12:07 - 2017-10-16 17:46 - 000953344 _____ (microsoft corporation) c:\windows\syswow64\gpedit.dll
      2017-12-23 12:07 - 2017-10-11 19:20 - 000317440 _____ (microsoft corporation) c:\windows\system32\drivers\rdbss.sys
      2017-12-23 11:28 - 2018-01-02 09:26 - 000002890 _____ c:\windows\system32\tasks\driver booster skipuac (hejave)
      2017-12-23 11:28 - 2017-12-23 11:28 - 000000000 ____d c:\programdata\microsoft\windows\start menu\programs\driver booster 5
      2017-12-23 10:06 - 2017-12-23 10:06 - 000000000 ____d c:\programdata\bdlogging
      2017-12-23 10:06 - 2017-12-23 10:06 - 000000000 ____d c:\programdata\{d76294e6-03b8-4971-af2e-3f846161a690}
      2017-12-23 10:06 - 2017-12-23 10:06 - 000000000 ____d c:\programdata\{7f40de3e-8294-4e24-b2ea-80f6c6bb173c}
      2017-12-21 14:17 - 2017-12-21 14:17 - 000001858 _____ c:\users\hejave\documents\cc_20171221_141728.reg
      2017-12-21 14:16 - 2017-12-21 14:16 - 000170182 _____ c:\users\hejave\documents\cc_20171221_141630.reg
      2017-12-18 14:49 - 2017-12-18 14:49 - 000001184 _____ c:\users\hejave\documents\cc_20171218_144919.reg
      2017-12-12 15:14 - 2017-12-12 15:14 - 000002026 _____ c:\users\hejave\documents\cc_20171212_151444.reg

      ==================== one month modified files and folders ========

      (if an entry is included in the fixlist, the file/folder will be moved.)

      2018-01-10 11:24 - 2012-11-07 14:19 - 000000932 _____ c:\windows\tasks\facebookupdatetaskusers-1-5-21-3032391462-2345422213-4090516585-1000ua.job
      2018-01-10 11:22 - 2009-07-14 00:08 - 000000006 ____h c:\windows\tasks\sa.dat
      2018-01-10 10:23 - 2017-03-01 20:41 - 000000000 __shd c:\windows\syswow64\mpk
      2018-01-10 10:22 - 2015-05-22 10:08 - 000000000 ____d c:\users\hejave\appdata\local\songr
      2018-01-09 14:21 - 2009-07-13 23:45 - 000024608 ____h c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0
      2018-01-09 14:21 - 2009-07-13 23:45 - 000024608 ____h c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0
      2018-01-09 14:20 - 2013-03-14 15:09 - 000751544 _____ c:\windows\system32\perfh00a.dat
      2018-01-09 14:20 - 2013-03-14 15:09 - 000160602 _____ c:\windows\system32\perfc00a.dat
      2018-01-09 14:20 - 2009-07-14 00:13 - 001687288 _____ c:\windows\system32\perfstringbackup.ini
      2018-01-09 14:20 - 2009-07-13 22:20 - 000000000 ____d c:\windows\inf
      2018-01-09 14:13 - 2016-03-17 11:19 - 000000000 ____d c:\programdata\iobit
      2018-01-09 14:10 - 2016-06-29 14:03 - 000000000 ____d c:\users\hejave\appdata\roaming\iobit
      2018-01-09 14:10 - 2016-03-17 11:19 - 000000000 ____d c:\users\hejave\appdata\locallow\iobit
      2018-01-09 14:10 - 2016-03-17 11:19 - 000000000 ____d c:\program files (x86)\iobit
      2018-01-06 13:41 - 2016-02-17 19:30 - 000000000 ____d c:\users\hejave\appdata\roaming\dmcache
      2018-01-06 11:59 - 2017-09-23 14:29 - 004866560 ___sh c:\users\hejave\downloads\thumbs.db
      2018-01-06 11:13 - 2016-06-28 22:20 - 000002908 _____ c:\windows\system32\tasks\uninstaller_skipuac_hejave
      2018-01-05 22:27 - 2016-06-17 12:23 - 000000000 ____d c:\users\hejave\appdata\roaming\daemon tools pro
      2018-01-05 22:07 - 2012-08-16 18:06 - 000000000 ____d c:\users\hejave
      2018-01-05 21:14 - 2017-06-30 09:00 - 000000000 ____d c:\users\hejave\appdata\roaming\glarysoft
      2018-01-05 20:52 - 2017-06-30 09:00 - 000000000 ____d c:\program files (x86)\glary utilities 5
      2018-01-05 09:42 - 2016-02-17 19:30 - 000000000 ____d c:\users\hejave\downloads\compressed
      2018-01-05 09:30 - 2017-11-09 10:38 - 000000000 ____d c:\program files (x86)\evernote
      2018-01-05 09:20 - 2017-05-20 19:13 - 000000000 ____d c:\program files (x86)\photoshop cs6
      2018-01-04 13:50 - 2012-08-24 20:10 - 000000000 ____d c:\programdata\winzip
      2018-01-03 22:14 - 2016-12-02 16:05 - 000000000 ____d c:\users\hejave\documents\my games
      2018-01-03 18:58 - 2014-03-22 10:02 - 000000000 ____d c:\windows\syswow64\directx
      2018-01-03 14:15 - 2012-12-23 14:14 - 000000000 ____d c:\users\hejave\my downloads
      2018-01-02 17:40 - 2016-06-21 20:03 - 000000282 __rsh c:\programdata\ntuser.pol
      2018-01-02 17:19 - 2016-02-17 19:30 - 000000000 ____d c:\users\hejave\downloads\video
      2018-01-02 16:23 - 2013-06-16 12:24 - 000000000 ____d c:\users\hejave\appdata\roaming\vlc
      2018-01-02 11:12 - 2016-02-17 19:30 - 000000000 ____d c:\program files (x86)\internet download manager
      2018-01-01 19:51 - 2012-11-08 16:29 - 000000000 ____d c:\windows\minidump
      2018-01-01 13:28 - 2012-03-19 02:17 - 000000000 ____d c:\programdata\temp
      2018-01-01 13:28 - 2007-07-11 20:49 - 000000000 ____d c:\windows\panther
      2017-12-31 10:02 - 2017-07-16 21:03 - 000003958 _____ c:\windows\system32\tasks\dropboxupdatetaskmachineua
      2017-12-31 10:02 - 2017-07-16 21:03 - 000003706 _____ c:\windows\system32\tasks\dropboxupdatetaskmachinecore
      2017-12-31 10:02 - 2012-09-28 17:48 - 000003426 _____ c:\windows\system32\tasks\googleupdatetaskmachineua
      2017-12-31 10:02 - 2012-09-28 17:48 - 000003298 _____ c:\windows\system32\tasks\googleupdatetaskmachinecore
      2017-12-31 10:02 - 2012-03-19 02:12 - 000004314 _____ c:\windows\system32\tasks\adobe flash player updater
      2017-12-31 10:02 - 2012-03-19 02:00 - 000004000 _____ c:\windows\system32\tasks\ualu notificatin
      2017-12-31 09:48 - 2016-06-25 17:27 - 000000000 ____d c:\programdata\productdata
      2017-12-31 09:45 - 2017-11-09 09:46 - 000004132 _____ c:\windows\system32\tasks\ccleaner update
      2017-12-30 13:32 - 2015-05-29 23:59 - 000000000 ____d c:\programdata\package cache
      2017-12-29 22:48 - 2015-05-27 02:07 - 000000000 ____d c:\users\hejave\appdata\local\steam
      2017-12-28 08:35 - 2009-07-14 00:08 - 000032566 _____ c:\windows\tasks\schedlgu.txt
      2017-12-26 18:40 - 2017-06-30 09:00 - 000002978 _____ c:\windows\system32\tasks\gu5skipuac
      2017-12-26 18:40 - 2017-05-08 13:21 - 000000000 ____d c:\users\hejave\appdata\roaming\sony
      2017-12-26 18:40 - 2015-06-30 10:38 - 000004478 _____ c:\windows\system32\tasks\adobe acrobat update task
      2017-12-26 18:40 - 2012-06-01 20:40 - 000000000 ____d c:\programdata\install_clap
      2017-12-26 18:40 - 2012-03-19 02:13 - 000000000 ____d c:\programdata\norton
      2017-12-26 18:34 - 2009-07-13 21:34 - 000000546 _____ c:\windows\win.ini
      2017-12-26 18:19 - 2012-09-28 17:47 - 000000000 ____d c:\program files\avast software
      2017-12-26 17:31 - 2017-04-03 15:44 - 000000000 _____ c:\windows\syswow64\last.dump
      2017-12-26 17:29 - 2012-09-28 17:47 - 000000000 ____d c:\programdata\avast software
      2017-12-24 16:28 - 2017-03-16 18:32 - 000000000 ____d c:\programdata\microsoft\windows\start menu\programs\skype
      2017-12-24 16:28 - 2012-03-19 01:55 - 000000000 ___rd c:\program files (x86)\skype
      2017-12-23 17:43 - 2009-07-13 22:20 - 000000000 ____d c:\windows\syswow64\setup
      2017-12-23 17:43 - 2009-07-13 22:20 - 000000000 ____d c:\windows\system32\setup
      2017-12-23 15:13 - 2017-10-14 09:58 - 133326408 ____c (microsoft corporation) c:\windows\system32\mrt-kb890830.exe
      2017-12-23 15:13 - 2015-05-16 10:13 - 133326408 ____c (microsoft corporation) c:\windows\system32\mrt.exe
      2017-12-23 15:13 - 2015-05-16 10:13 - 000000000 ____d c:\windows\system32\mrt
      2017-12-23 10:56 - 2017-06-30 09:00 - 000003318 _____ c:\windows\system32\tasks\glaryinitialize 5
      2017-12-20 18:08 - 2016-06-22 19:30 - 000002170 _____ c:\programdata\microsoft\windows\start menu\programs\google chrome.lnk
      2017-12-20 17:47 - 2017-05-20 10:38 - 000000000 ____d c:\users\hejave\downloads\youtube video downloader
      2017-12-20 17:09 - 2017-12-03 15:07 - 000000000 ____d c:\program files (x86)\myplaycity.com
      2017-12-20 12:55 - 2017-12-03 14:28 - 000000000 ____d c:\program files (x86)\juegos bettyboopz
      2017-12-19 19:26 - 2012-08-22 16:30 - 000000000 ____d c:\users\hejave\appdata\local\microsoft help
      2017-12-18 14:12 - 2017-11-09 10:49 - 000077432 _____ c:\windows\system32\drivers\mbae64.sys
      2017-12-12 12:54 - 2012-03-19 02:12 - 000803328 _____ (adobe systems incorporated) c:\windows\syswow64\flashplayerapp.exe
      2017-12-12 12:54 - 2012-03-19 02:12 - 000144896 _____ (adobe systems incorporated) c:\windows\syswow64\flashplayercplapp.cpl
      2017-12-12 12:54 - 2012-03-19 02:12 - 000000000 ____d c:\windows\syswow64\macromed
      2017-12-12 12:54 - 2012-03-19 02:12 - 000000000 ____d c:\windows\system32\macromed

      ==================== files in the root of some directories =======

      2007-10-04 12:00 - 2017-12-26 11:26 - 000003134 __rsh () c:\program files (x86)\common files\logo.ico
      2017-05-20 22:36 - 2017-05-20 23:02 - 000000132 _____ () c:\users\hejave\appdata\roaming\prefs. De formato png de adobe cs6
      2017-07-03 17:23 - 2017-07-03 17:23 - 000000097 _____ () c:\users\hejave\appdata\roaming\thehunterprimal_launchersettings_live.cfg
      2017-07-03 17:18 - 2017-07-03 17:18 - 000007503 _____ () c:\users\hejave\appdata\roaming\thehunterprimevalsettings_live.bin
      2016-12-09 20:27 - 2016-12-09 20:27 - 000004608 _____ () c:\users\hejave\appdata\local\dcbc2a71-70d8-4dan-ehr8-e0d61dea3fdf.ini
      2016-06-22 06:39 - 2017-07-29 16:25 - 000007611 _____ () c:\users\hejave\appdata\local\resmon.resmoncfg
      2017-04-14 16:40 - 2017-04-14 16:40 - 000000552 _____ () c:\users\hejave\appdata\local\troubleshooterconfig.json

      some files in temp:
      ====================
      2018-01-05 09:16 - 2017-12-15 08:03 - 000345000 _____ (qihu 360 software co. Limited) c:\users\hejave\appdata\local\temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_360tray.exe
      2018-01-05 09:16 - 2017-09-15 06:42 - 002009696 _____ (qihu 360 software co. Limited) c:\users\hejave\appdata\local\temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_systemcompact.exe

      ==================== bamital & volsnap ======================

      (there is no automatic fix for files that do not pass verification.)

      c:\windows\system32\winlogon.exe => file is digitally signed
      c:\windows\system32\wininit.exe => file is digitally signed
      c:\windows\syswow64\wininit.exe => file is digitally signed
      c:\windows\explorer.exe => file is digitally signed
      c:\windows\syswow64\explorer.exe => file is digitally signed
      c:\windows\system32\svchost.exe => file is digitally signed
      c:\windows\syswow64\svchost.exe => file is digitally signed
      c:\windows\system32\services.exe => file is digitally signed
      c:\windows\system32\user32.dll => file is digitally signed
      c:\windows\syswow64\user32.dll => file is digitally signed
      c:\windows\system32\userinit.exe => file is digitally signed
      c:\windows\syswow64\userinit.exe => file is digitally signed
      c:\windows\system32\rpcss.dll => file is digitally signed
      c:\windows\system32\dnsapi.dll => file is digitally signed
      c:\windows\syswow64\dnsapi.dll => file is digitally signed
      c:\windows\system32\drivers\volsnap.sys => file is digitally signed

      lastregback: 2018-01-02 15:18

      ==================== end of frst.txt ============================

    5. #15
      Usuario Avatar de diego2005
      Registrado
      mar 2006
      Ubicación
      colombia
      Mensajes
      64

      Re: AUTORUN.INF y mi log de HJT

      Y POR ULTIMO el reporte addition.txt es muy largo lo coloco en 2 partes...

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
      Ran by hejave (10-01-2018 11:26:03)
      Running from C:\Users\hejave\Desktop
      Windows 7 Home Premium Service Pack 1 (X64) (2012-08-16 23:06:06)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrator (S-1-5-21-3032391462-2345422213-4090516585-500 - Administrator - Disabled)
      Guest (S-1-5-21-3032391462-2345422213-4090516585-501 - Limited - Disabled)
      hejave (S-1-5-21-3032391462-2345422213-4090516585-1000 - Administrator - Enabled) => C:\Users\hejave
      HomeGroupUser$ (S-1-5-21-3032391462-2345422213-4090516585-1002 - Limited - Enabled)

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
      AV: Panda Global Protection (Disabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
      AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
      AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Panda Global Protection (Disabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
      FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
      Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
      Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.5 - Adobe Systems Incorporated)
      Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
      Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
      Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
      Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
      Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
      Backup Manager V3 (HKLM-x32\...\{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation) Hidden
      Battlefield 1 1.00 (HKLM-x32\...\Battlefield 1 1.00) (Version: 1.00 - DICE)
      BlackSite Area 51 MULTi6 - ElAmigos versión 1.2 (HKLM-x32\...\{F496348A-0221-4C64-AE84-E22C8AD53FEA}_is1) (Version: 1.2 - Midway Games)
      Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.2 - Broadcom Corporation)
      Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
      Brothers - A Tale of Two Sons (HKLM-x32\...\Brothers - A Tale of Two Sons_is1) (Version: - 505 Games)
      CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
      clear.fi SDK- Movie 2 (HKLM-x32\...\{DAF7BB88-6392-40aa-A714-8392C4BDBD2C}) (Version: 2.0.1406 - CyberLink Corp.) Hidden
      CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - )
      CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
      CyberLink PowerDVD8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1513 - CyberLink Corp.)
      D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
      DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
      Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.1.0 - IObit)
      Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
      Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
      eRclient 2.0.10.210 (HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\{5CBD4386-2DE5-43A2-AED7-E690BF9B0F04}_is1) (Version: 2.0.10.210 - eRmail Company, s. r. o.)
      ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
      Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
      FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
      Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
      Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
      Garrys Mod version 14.09.08 (HKLM\...\{C8F834F5-46EA-4933-8AA9-F6CD7D29EED0}_is1) (Version: 14.09.08 - Strogino CS Portal)
      Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
      Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Gateway Incorporated)
      Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Gateway Incorporated)
      Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3506 - Gateway Incorporated)
      Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0915.2011 - Gateway Incorporated)
      Gateway Social Networks (HKLM-x32\...\{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 3.0.3106 - CyberLink Corp.) Hidden
      Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 3.0.3106 - CyberLink Corp.)
      Glary Utilities PRO 5.88 (HKLM-x32\...\Glary Utilities 5) (Version: 5.88.0.109 - Glarysoft Ltd)
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.5 - Google Inc.) Hidden
      Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
      Image to PDF Converter Free 6.5 (HKLM-x32\...\Image to PDF Converter Free_is1) (Version: - PDFArea Software)
      Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
      Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
      Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
      Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
      Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
      Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
      Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
      IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.6.101 - IObit)
      Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
      Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
      Loquendo TTS 7 Carlos Multimedia High Quality (HKLM-x32\...\{CCB512D7-4500-4E5F-A2EA-26D512E4B2BF}) (Version: 7.3.0 - Loquendo)
      Loquendo TTS 7 Carmen Multimedia High Quality (HKLM-x32\...\{08E73A78-70C4-4168-BB68-98B6D7A9001F}) (Version: 7.3.0 - Loquendo)
      Loquendo TTS 7 Engine Full Distribution (HKLM-x32\...\{16096EE7-3343-4835-B9AF-C63492BD89B3}) (Version: 7.5.0 - Loquendo)
      Loquendo TTS 7 Jorge Multimedia High Quality (HKLM-x32\...\{22BF5757-B409-4936-B711-959FE897BD4A}) (Version: 7.3.0 - Loquendo)
      Loquendo TTS 7 SDK Distribution (HKLM-x32\...\{30139AC2-AB19-4AEA-865F-2154240D851F}) (Version: 7.3.1 - Loquendo)
      Loquendo TTS 7 Soledad Multimedia High Quality (HKLM-x32\...\{5A073D9F-DC37-4581-BD40-A88EEAB5048D}) (Version: 7.3.1 - Loquendo)
      Loquendo TTS 7 Spanish (HKLM-x32\...\{02B7FE27-CF87-4380-B57B-9D7A543B1674}) (Version: 7.4.0 - Loquendo)
      Loquendo TTS: Diego (Spanish) (HKLM-x32\...\LoqTTS-Diego_is1) (Version: - )
      Loquendo TTS: Jorge (Spanish) (HKLM-x32\...\LoqTTS-Jorge_is1) (Version: - )
      Macromedia Extension Manager (HKLM-x32\...\{F443F171-B49B-4645-915C-580E7ED79992}) (Version: 1.7.277 - Nombre de su organización)
      Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
      MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
      MEmu (HKLM-x32\...\MEmu) (Version: 3.0.8.0 - Microvirt Software Technology Co. Ltd.)
      Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
      Microsoft .NET Framework 4.7 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
      Microsoft Encarta 2009 Biblioteca Premium (HKLM-x32\...\{09140081-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
      Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
      Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
      Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
      Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
      Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
      Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
      Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
      Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
      Módulo de extensión de Autodesk Inventor Fusion para AutoCAD 2013 (HKLM\...\{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}) (Version: 0.2.0.230 - Autodesk) Hidden
      MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
      MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
      MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
      MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
      Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
      Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
      Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
      Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
      Nicequest Premium (HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\Nicequest Premium) (Version: - Wakoopa B.V.)
      NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
      NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
      OpenAL (HKLM-x32\...\OpenAL) (Version: - )
      Origin (HKLM-x32\...\Origin) (Version: 10.2.1.38915 - Electronic Arts, Inc.)
      Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
      Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
      Panda Global Protection (HKLM\...\{456A8117-2915-414D-8435-AC57447C4E2D}) (Version: 8.31.10 - Panda Security) Hidden
      Panda Global Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
      Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.20 - Panda Security and Visicom Media Inc.)
      Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
      Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000) (HKLM\...\76F6B4A696B8C9A7ACFF01D4E1D6EF2D974C3E67) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
      Paquete de controladores de Windows - MediaTek Inc. (usbser) Ports (09/01/2011 2.0.1136.0) (HKLM\...\32DC281B7E359EA3D16ECC7D98609F6A592B981D) (Version: 09/01/2011 2.0.1136.0 - MediaTek Inc.)
      Paquete de controladores de Windows - MediaTek Inc. Net (07/14/2011 1.1129.00) (HKLM\...\8BC3CF920AF63C7AEF78B82D1C60D94704FB95CD) (Version: 07/14/2011 1.1129.00 - MediaTek Inc.)
      Paquete de controladores de Windows - Microsoft (WUDFRd) WPD (02/22/2006 5.2.5326.4762) (HKLM\...\B77DDB8A5697AAF5DA4E4859E53C301B877DD206) (Version: 02/22/2006 5.2.5326.4762 - Microsoft)
      Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
      Paquete de idioma del módulo de extensión de Autodesk Inventor Fusion para AutoCAD 2013 (HKLM\...\{FE2F4875-095C-427C-9A97-4F8DE05ACF22}) (Version: 0.2.0.230 - Autodesk) Hidden
      Photoshop Camera Raw (HKLM-x32\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
      Pixel Bender Toolkit (HKLM-x32\...\{43509E18-076E-40FE-AF38-CA5ED400A5A9}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
      Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.0 - Qualcomm Atheros)
      QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
      RealDownloader (HKLM-x32\...\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}) (Version: 1.3.0 - RealNetworks, Inc.) Hidden
      RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
      RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
      RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
      Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
      Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
      Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
      Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
      SodelsCot Empresarial (HKLM-x32\...\{4846D28C-7E6E-4235-A75E-2B781D1A5388}) (Version: 3.9.16 - )
      Songr (HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\Songr) (Version: 2.1 - Xamasoft)
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      Suite Shared Configuration CS4 (HKLM-x32\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
      UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
      UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
      Unchecky v0.4.3 (HKLM-x32\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
      Uplay (HKLM-x32\...\Uplay) (Version: 24.0 - Ubisoft)
      UsbFix Anti-Malware Premium (HKLM-x32\...\UsbFix) (Version: 10.0.0.5 - SOSVirus (SOSVirus.Net))
      Video Web Camera (HKLM-x32\...\{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.) Hidden
      Video Web Camera (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.)
      VideoCAM NB (HKLM-x32\...\{9CA01B9A-FB39-4E17-8CA9-A8D485CBE7DD}) (Version: - )
      VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
      Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3507 - Gateway Incorporated)
      Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
      WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
      Wondershare Application Center 1.0.0.58 (HKLM-x32\...\{769CC8AC-50C3-4776-95F5-A1ABF15A38F4}_is1) (Version: 1.0.0.58 - Wondershare)
      Wondershare PDF Converter (Build 4.0.1) (HKLM-x32\...\{A888A8D1-ACCB-4EBE-AAA8-903D2B8FB6A4}_is1) (Version: 4.0.1 - Wondershare Software)
      Wondershare PDF Converter Pro (Build 4.0.0) (HKLM-x32\...\{67CC8351-9D8B-4EDF-AAEE-B8CB17E5F3AC}_is1) (Version: 4.0.0 - Wondershare Software)
      Wondershare PDF Editor(Build 3.6.0) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.6.0.10 - Wondershare Software Co.,Ltd.)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => -> No File
      ContextMenuHandlers1: [DaemonShellExtImage] -> {40966797-8FFE-46C8-9EF8-7003F33CCF0F} => C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll [2012-10-23] (DT Soft Ltd)
      ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
      ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
      ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2016-08-04] (Panda Security, S.L.)
      ContextMenuHandlers1: [WinRAR] -> _{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
      ContextMenuHandlers1: [WinRAR32] -> _{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
      ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
      ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
      ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2016-03-17] (Intel Corporation)
      ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2016-08-04] (Panda Security, S.L.)
      ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2016-06-22] (Glarysoft Ltd)
      ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
      ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
      ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
      ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2016-08-04] (Panda Security, S.L.)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {06643C59-04E4-4ACE-8760-1DEBCBAD8834} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-16] (Dropbox, Inc.)
      Task: {11EB3FA1-7288-4229-92F7-5CD264839996} - System32\Tasks\{882D7FE5-0216-4C06-9F2C-68376B480048} => C:\Windows\system32\pcalua.exe -a "F:\JUEGOS\juegos\The Magicians Handbook - Cursed Valley.exe" -d F:\JUEGOS\juegos
      Task: {133A90F9-E3F9-4BA3-B73C-6DF59DE4C60B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3032391462-2345422213-4090516585-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
      Task: {1459F732-6B0F-4204-A8FA-AD982CB9CB58} - System32\Tasks\Programa de actualización online de Adobe => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
      Task: {175B0DB4-105B-46B5-9CE3-BA80D13D41CD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-16] (Dropbox, Inc.)
      Task: {22F405E5-3CA7-405C-BF5E-42A0BFB0CC0D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
      Task: {25697140-93E7-4DBE-A7A8-4F138D7BE3E7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe
      Task: {25E16EC9-6D6E-4B6F-9038-01A781664191} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000UA => C:\Users\hejave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-07] (Facebook Inc.)
      Task: {2A1B0156-02E0-436F-8BF2-4B2E5E57BFFB} - System32\Tasks\{571EBCAA-B299-4454-A76A-6E859AA3CBC7} => C:\Windows\system32\pcalua.exe -a C:\Users\hejave\Downloads\RegCleanerSetup.exe -d C:\Users\hejave\Downloads
      Task: {2A9CF678-F140-448D-A679-E086B38D8CB2} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
      Task: {31D65A7E-52ED-43CA-9B5E-B57C1CF63D46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
      Task: {3A856728-FE33-4BCC-9905-101D8C328A17} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
      Task: {3B8AB64C-EA7F-462B-94BD-2D10351BCB27} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-11-19] (Glarysoft Ltd)
      Task: {458DA0E0-D72B-479A-9BF2-09541DC6FE4F} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
      Task: {458DA0E0-D72B-479A-9BF2-09541DC6FE4F} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
      Task: {458DA0E0-D72B-479A-9BF2-09541DC6FE4F} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe
      Task: {46E0F44F-53D6-482A-8B72-A50B55D71BC6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
      Task: {47B145A2-A8B0-4830-BBBB-64B1B896D037} - System32\Tasks\{6DACBD83-5500-4592-BAFF-ECF6B5FC168C} => C:\Windows\system32\pcalua.exe -a F:\install.exe -d F:\
      Task: {63E6BFB5-CDB7-4DA2-BFB5-8CDA2E21E4BA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3032391462-2345422213-4090516585-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
      Task: {76832DFC-595E-4695-A97A-4EF83345C403} - System32\Tasks\Uninstaller_SkipUac_hejave => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-04] (IObit)
      Task: {78168268-94B6-4F48-9B39-66236D022011} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
      Task: {7F7DF6FB-2E89-454D-BEE2-DE1FA5FAE77C} - System32\Tasks\{64382B79-D3D5-4F96-AD3A-34E3B42D8E55} => C:\Windows\system32\pcalua.exe -a "C:\Users\hejave\Desktop\T.E.U Winzip 19.exe" -d C:\Users\hejave\Desktop
      Task: {8188B8A3-59CC-476F-AF75-E00E76680F31} - System32\Tasks\{66ADE003-34B9-453A-9A71-3BA783827780} => C:\Windows\system32\pcalua.exe -a "F:\JUEGOS\juegos\juegos\GTA Vice City\Uninstal.exe" -d "F:\JUEGOS\juegos\juegos\GTA Vice City"
      Task: {8CCDD6CB-5C0F-4790-9CC4-C948DA423B0B} - System32\Tasks\UALU notificatin => C:\Program Files\Gateway\Gateway Updater\UALU.exe [2012-02-06] (Acer Incorporated)
      Task: {8ED4C8EC-1541-49BA-B60B-0DA6D927BAB2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
      Task: {972A4844-9688-406A-8FE1-BB237F75D3C9} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3032391462-2345422213-4090516585-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
      Task: {AF2C8D97-F887-40AE-8D78-ED7148594F3E} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-11-19] (Glarysoft Ltd)
      Task: {CEF6D68D-85EF-4F72-8705-11A288657858} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3032391462-2345422213-4090516585-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
      Task: {D1337D3D-C0D9-4640-A79A-6CB09BEB5F0A} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
      Task: {D1337D3D-C0D9-4640-A79A-6CB09BEB5F0A} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
      Task: {D6686AED-CA3E-4EF5-B54A-F78A169FB11A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000Core => C:\Users\hejave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-07] (Facebook Inc.)
      Task: {D9EEC226-3B66-4893-ABD6-40E6743214EF} - System32\Tasks\{DA5B3676-B1C6-4B34-AE4E-5E7B015AF2E9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Omiga Plus\eUninstall.exe" <==== ATTENTION
      Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
      Task: {EE01FC8D-C8F5-4D97-9446-CCD0F8EBAC8C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
      Task: {F4EACA50-4BE3-4DFC-9A42-E712AC2B8A8F} - System32\Tasks\Driver Booster SkipUAC (hejave) => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe [2017-11-16] (IObit)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

      Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000UA.job => C:\Users\hejave\AppData\Local\Facebook\Update\FacebookUpdate.exe

      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============

      2017-11-09 10:49 - 2017-12-18 14:12 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
      2017-11-09 10:49 - 2017-12-18 14:12 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
      2017-11-09 10:14 - 2017-11-09 10:14 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
      2017-10-18 11:19 - 2017-10-18 11:19 - 000098688 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
      2015-12-15 12:17 - 2015-12-15 12:17 - 000618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
      2016-06-17 12:26 - 2012-10-23 19:26 - 000002560 _____ () C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll
      2017-12-06 21:00 - 2017-12-04 20:06 - 000725312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
      2017-12-06 21:00 - 2017-12-04 20:06 - 002075456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
      2017-12-06 21:00 - 2017-12-04 20:06 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
      2017-12-06 21:00 - 2017-12-04 20:08 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
      2017-12-06 21:00 - 2017-12-04 20:06 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
      2017-12-06 21:00 - 2017-12-04 20:08 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
      2017-12-06 21:00 - 2017-12-04 20:08 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
      2017-12-06 21:00 - 2017-12-04 20:08 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
      2017-12-06 21:00 - 2017-12-04 20:09 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
      2017-12-06 21:00 - 2017-12-04 20:08 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000155464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
      2017-12-06 21:00 - 2017-12-04 20:09 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
      2017-12-06 21:00 - 2017-12-04 20:09 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
      2017-12-06 21:00 - 2017-12-04 20:09 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
      2017-12-06 21:00 - 2017-12-04 20:08 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
      2017-12-06 21:00 - 2017-12-04 20:09 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
      2017-12-06 21:00 - 2017-12-04 20:09 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
      2017-12-06 21:00 - 2017-12-04 20:09 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
      2017-12-06 21:00 - 2017-12-04 20:06 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
      2017-12-06 21:00 - 2017-12-04 20:07 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
      2017-12-06 21:00 - 2017-12-04 20:08 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
      2017-12-06 21:00 - 2017-12-04 20:07 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
      2017-12-06 21:00 - 2017-12-04 20:09 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
      2017-12-06 21:00 - 2017-12-04 20:07 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)

      AlternateDataStreams: C:\Users\hejave:zylomtest [0]
      AlternateDataStreams: C:\Users\hejave:zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VSQ} [34]
      AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68 [183]
      AlternateDataStreams: C:\ProgramData\Temp:268A5068 [256]
      AlternateDataStreams: C:\ProgramData\Temp:F33C37D5 [133]
      AlternateDataStreams: C:\ProgramData\Temp:FB6A21E3 [228]

      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ASCAntivirusSrv => "@"="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive"

    6. #16
      Usuario Avatar de diego2005
      Registrado
      mar 2006
      Ubicación
      colombia
      Mensajes
      64

      Re: AUTORUN.INF y mi log de HJT

      2a parte addition.txt....

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

      HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)

      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\007guard.com -> install.007guard.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\008i.com -> 008i.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\008k.com -> 008k.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\00hq.com -> www.00hq.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\010402.com -> 010402.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\0190-dialers.com -> 0190-dialers.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\01i.info -> 01i.info
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\05p.com -> 05p.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\0calories.net -> 0calories.net
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\0cj.net -> 0cj.net
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\0scan.com -> 0scan.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\1-2005-search.com -> 1-2005-search.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
      IE restricted site: HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\...\1-se.com -> 1-se.com

      There are 11261 more sites.


      ==================== Hosts content: ===============================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2009-07-13 21:34 - 2017-11-09 10:42 - 000000401 ____R C:\Windows\system32\Drivers\etc\hosts

      127.0.0.1 localhost

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hejave\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
      DNS Servers: 192.168.1.1
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      MSCONFIG\startupfolder: C:^Users^hejave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
      MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      MSCONFIG\startupreg: Argente Utilities =>
      MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
      MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      MSCONFIG\startupreg: CursorXP =>
      MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
      MSCONFIG\startupreg: Dropbox Update =>
      MSCONFIG\startupreg: Facebook Update => "C:\Users\hejave\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      MSCONFIG\startupreg: GoogleDriveSync =>
      MSCONFIG\startupreg: Nicequest Premium => C:\Users\hejave\AppData\Local\Nicequest Premium\Nicequest Premium.exe
      MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
      MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
      MSCONFIG\startupreg: SkyDrive =>
      MSCONFIG\startupreg: Skype =>

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [{9FFDE226-F7C2-4D2F-BA5C-9B2912351A60}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
      FirewallRules: [{B1F3AE02-8B56-439E-9346-3D5E00DD9724}] => (Allow) LPort=2869
      FirewallRules: [{4E05DCD1-FF50-4D87-9DB1-238E7CD5515D}] => (Allow) LPort=1900
      FirewallRules: [{5CE72A02-6A81-4C2C-ADA3-D71418A5F5AF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
      FirewallRules: [{B73E93CB-3624-4982-9CF6-F06D1062370A}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
      FirewallRules: [{6FEF8913-5766-402E-A782-3464CDB1A498}] => (Allow) C:\Users\hejave\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
      FirewallRules: [{93952592-2504-403C-BD7D-09ECB4BCBE26}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
      FirewallRules: [{A74E9244-4FBB-4234-87E0-FE3F8D0A01F6}] => (Allow) LPort=50248
      FirewallRules: [TCP Query User{E51F2A9B-16F5-4FAC-B76A-16B6657882CB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
      FirewallRules: [UDP Query User{320903F5-AA8F-45F0-87FA-B149EC2A3022}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
      FirewallRules: [TCP Query User{823870FB-D604-4B4B-896F-38734A2F36CE}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
      FirewallRules: [UDP Query User{7E385113-5290-45D6-A54D-C478118B7CE1}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
      FirewallRules: [{1C756184-D9F5-4913-89EE-ECE7A80283AE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
      FirewallRules: [{79F8C883-75DD-450F-99ED-5CD79CA408A7}] => (Allow) C:\Windows\SysWOW64\Mpk\MpkView.exe
      FirewallRules: [{E77CA119-A3CF-4D23-B3F8-CF5AFCD1E4EF}] => (Block) LPort=445
      FirewallRules: [{5641A4CD-E334-40C9-A0D3-821B16AE62E9}] => (Block) LPort=445
      FirewallRules: [{4045E286-A42A-4ACF-8845-9600A6FBD47D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      FirewallRules: [{DF3B64DA-23AF-4B5C-985A-69A790A23D2C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      FirewallRules: [{773DF158-FAE4-4864-AA1E-38DAB8F7FE23}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
      FirewallRules: [{23BDEC1C-D6FC-4ECC-8EF5-E957B372A433}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
      FirewallRules: [{6BF6E957-517C-4B68-B615-0FF33D74653B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe
      FirewallRules: [{4B626CA0-C76B-41D0-AB61-7E6C6C7F7B48}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe
      FirewallRules: [{4C7355FA-3F5B-4F28-BFF4-53685E05E81B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe
      FirewallRules: [{0771AB65-04A5-45C1-9ACD-92D12CD6F38D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe
      FirewallRules: [{CF2DB3EC-6EDF-4BC5-B6B0-34CB7A3A7A05}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
      FirewallRules: [{DAF99261-FF97-4018-91A8-825FA8F37B88}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{9D401AB1-8C9C-41FC-9AFC-661EFBD5200E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{0C899A1B-1A4D-4C69-AA5E-4D7AB5FAC4FC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{6E40B44B-0ECE-405E-BDBB-394D0073E28B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [TCP Query User{3DB4E9A2-CD39-482F-A4BE-77FF29DC4E63}C:\program files\strogino cs portal\garrys mod\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\bin\tools\steamcmd.exe
      FirewallRules: [UDP Query User{8A1E1214-E6A5-46A4-B50C-1D63614E452A}C:\program files\strogino cs portal\garrys mod\bin\tools\steamcmd.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\bin\tools\steamcmd.exe
      FirewallRules: [{23B72119-C057-4BAD-BCE8-CC7A1C963DF1}] => (Block) C:\program files\strogino cs portal\garrys mod\bin\tools\steamcmd.exe
      FirewallRules: [{CFF59C16-E0D6-4846-B44A-BFB31EEF5EFA}] => (Block) C:\program files\strogino cs portal\garrys mod\bin\tools\steamcmd.exe
      FirewallRules: [TCP Query User{A9AA43A9-48CA-42E5-B273-B508F9D8F4D3}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
      FirewallRules: [UDP Query User{992CB5E4-D6BB-49BB-B7B1-CE32FE18A7EE}C:\program files\strogino cs portal\garrys mod\hl2.exe] => (Allow) C:\program files\strogino cs portal\garrys mod\hl2.exe
      FirewallRules: [{30B98BC6-5C1C-4902-B609-F1E962DD0ECD}] => (Block) C:\program files\strogino cs portal\garrys mod\hl2.exe
      FirewallRules: [{16F42992-C1C0-4364-968F-C8660FF9D814}] => (Block) C:\program files\strogino cs portal\garrys mod\hl2.exe
      FirewallRules: [TCP Query User{63FEB677-B6C0-425B-9C4F-867EC39DFF59}C:\games\blacksite area 51\binaries\blacksite.exe] => (Allow) C:\games\blacksite area 51\binaries\blacksite.exe
      FirewallRules: [UDP Query User{C30BD5F6-2679-4A5D-9C58-A67E145C6BF3}C:\games\blacksite area 51\binaries\blacksite.exe] => (Allow) C:\games\blacksite area 51\binaries\blacksite.exe

      ==================== Restore Points =========================

      29-12-2017 21:31:39 Windows Update
      30-12-2017 13:31:42 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
      30-12-2017 13:48:49 Installed LogMeIn Hamachi
      31-12-2017 09:49:22 Driver Booster : Microsoft DirectX Patch
      02-01-2018 12:12:51 Windows Update
      03-01-2018 22:01:45 Se ha instalado DirectX

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (01/10/2018 11:23:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (01/10/2018 11:22:37 AM) (Source: SetupARService) (EventID: 0) (User: )
      Description: No se puede iniciar el servicio. System.NullReferenceException: Referencia a objeto no establecida como instancia de un objeto.
      en SetupAfterRebootService.SetupARService.OnStart(String[] args)
      en System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

      Error: (01/10/2018 10:54:54 AM) (Source: SideBySide) (EventID: 80) (User: )
      Description: Error al generar el contexto de activación para "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Error en el archivo de manifiesto o directiva "" en la línea .
      Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
      Los componentes en conflicto son:.
      Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
      Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

      Error: (01/10/2018 01:52:25 AM) (Source: SideBySide) (EventID: 80) (User: )
      Description: Error al generar el contexto de activación para "C:\Users\hejave\Desktop\esetsmartinstaller_esn.exe". Error en el archivo de manifiesto o directiva "" en la línea .
      Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
      Los componentes en conflicto son:.
      Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
      Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

      Error: (01/10/2018 01:51:32 AM) (Source: SideBySide) (EventID: 80) (User: )
      Description: Error al generar el contexto de activación para "C:\Users\hejave\Desktop\esetsmartinstaller_esn.exe". Error en el archivo de manifiesto o directiva "" en la línea .
      Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
      Los componentes en conflicto son:.
      Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
      Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

      Error: (01/09/2018 02:19:07 PM) (Source: SideBySide) (EventID: 80) (User: )
      Description: Error al generar el contexto de activación para "C:\Users\hejave\Desktop\esetsmartinstaller_esn.exe". Error en el archivo de manifiesto o directiva "" en la línea .
      Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
      Los componentes en conflicto son:.
      Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
      Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

      Error: (01/09/2018 02:15:31 PM) (Source: SideBySide) (EventID: 80) (User: )
      Description: Error al generar el contexto de activación para "C:\Users\hejave\Desktop\esetsmartinstaller_esn.exe". Error en el archivo de manifiesto o directiva "" en la línea .
      Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
      Los componentes en conflicto son:.
      Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
      Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

      Error: (01/09/2018 02:15:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

      Error: (01/09/2018 02:14:35 PM) (Source: SetupARService) (EventID: 0) (User: )
      Description: No se puede iniciar el servicio. System.NullReferenceException: Referencia a objeto no establecida como instancia de un objeto.
      en SetupAfterRebootService.SetupARService.OnStart(String[] args)
      en System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

      Error: (01/09/2018 12:48:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
      Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


      System errors:
      =============
      Error: (01/10/2018 10:26:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (01/10/2018 10:26:56 AM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: Se bloqueó la carga de \??\C:\Users\hejave\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

      Error: (01/10/2018 10:26:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (01/10/2018 10:26:56 AM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: Se bloqueó la carga de \??\C:\Users\hejave\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

      Error: (01/10/2018 10:26:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (01/10/2018 10:26:56 AM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: Se bloqueó la carga de \??\C:\Users\hejave\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

      Error: (01/10/2018 10:26:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (01/10/2018 10:26:56 AM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: Se bloqueó la carga de \??\C:\Users\hejave\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

      Error: (01/10/2018 10:26:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error:
      Se ha bloqueado la descarga de este controlador

      Error: (01/10/2018 10:26:55 AM) (Source: Application Popup) (EventID: 1060) (User: )
      Description: Se bloqueó la carga de \??\C:\Users\hejave\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.


      CodeIntegrity:
      ===================================
      Date: 2016-02-29 13:06:15.767
      Description: Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

      Date: 2016-02-29 13:06:15.752
      Description: Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

      Date: 2016-02-29 13:06:15.721
      Description: Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

      Date: 2016-02-29 13:06:15.658
      Description: Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

      Date: 2016-02-29 13:06:14.622
      Description: Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

      Date: 2016-02-29 13:06:14.621
      Description: Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

      Date: 2016-02-29 13:06:14.608
      Description: Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

      Date: 2016-02-29 13:06:14.545
      Description: Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

      Date: 2016-02-29 13:06:13.014
      Description: Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.

      Date: 2016-02-29 13:06:12.999
      Description: Windows no puede comprobar la integridad del archivo \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe porque se revocó el certificado de firma. Compruebe con el editor si hay disponible una nueva versión firmada del módulo de kernel.


      ==================== Memory info ===========================

      Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
      Percentage of memory in use: 44%
      Total physical RAM: 3932.36 MB
      Available physical RAM: 2186.75 MB
      Total Virtual: 8030.54 MB
      Available Virtual: 6251.08 MB

      ==================== Drives ================================

      Drive c: (PRINCIPAL SISTEMA) (Fixed) (Total:122.97 GB) (Free:16.4 GB) NTFS
      Drive f: (ARCHIVOS) (Fixed) (Total:324.69 GB) (Free:202.17 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4C0C54BE)
      Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
      Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=123 GB) - (Type=07 NTFS)
      Partition 4: (Not Active) - (Size=324.7 GB) - (Type=OF Extended)

      ==================== End of Addition.txt ============================

    7. #17
      Usuario Avatar de diego2005
      Registrado
      mar 2006
      Ubicación
      colombia
      Mensajes
      64

      Re: AUTORUN.INF y mi log de HJT

      estimado @MiguelRiaguel listo, análisis enviado y quedo en espera de tu tan atenta ayuda.....

      saber que proceso continuamos y saber si quito programas inútiles creo yo, hay mucha carpeta vacía en el C, y si quito ya todas esas herramientas que se han utilizado, mil y mil gracias y tengas un excelente día

    8. #18
      Moderador
      Avatar de @MiguelRiaguel
      Registrado
      dic 2008
      Ubicación
      España
      Mensajes
      12.256

      Re: AUTORUN.INF y mi log de HJT

      Como primer paso, desinstala USBFix... ya hizo su trabajo. Así que podemos eliminarlo del sistema

      Una vez desinstalado USBFix, ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro:

      • Para hacerlo descarga >> DelFix.exe en tu escritorio.

        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

        • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación, ve a:

      Inicio >>> Ejecutar >>>Escribes notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\run: [idman] => c:\program files (x86)\internet download manager\idman.exe [4022328 2017-05-25] (tonec inc.)
      hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\winlogon: [shell] c:\windows\explorer.exe [3229696 2016-10-06] (microsoft corporation) <==== attention
      grouppolicy: Restriction <==== attention
      searchscopes: Hklm -> defaultscope value is missing
      searchscopes: Hklm-x32 -> defaultscope value is missing
      searchscopes: Hku\s-1-5-21-3032391462-2345422213-4090516585-1000 -> {0633ee93-d776-472f-a0ff-e1416b8b2e3a} url = hxxp://www.bing.com/search?form=up97df&pc=up97&q={searchterms}&src=ie-searchbox
      searchscopes: Hku\s-1-5-21-3032391462-2345422213-4090516585-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} url = hxxp://start.myplaycity.com/results.php?category=web&s={searchterms}
      bho: Idm integration (idmiehlprobj class) -> {0055c089-8582-441b-a0bf-17b458c2a3a8} -> c:\program files (x86)\internet download manager\idmiecc64.dll [2016-12-10] (internet download manager, tonec inc.)
      bho: Explorerwnd helper -> {10921475-03ce-4e04-90ce-e2e7ef20c814} -> c:\program files (x86)\iobit\iobit uninstaller\uninstallexplorer.dll [2015-11-12] (iobit)
      bho: Panda safe web -> {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} -> c:\program files (x86)\pandasecuritytb\pandasecuritydx64.dll => no file
      bho-x32: Idm integration (idmiehlprobj class) -> {0055c089-8582-441b-a0bf-17b458c2a3a8} -> c:\program files (x86)\internet download manager\idmiecc.dll [2016-12-10] (internet download manager, tonec inc.)
      bho-x32: No name -> {92ef2ead-a7ce-4424-b0db-499cf856608e} -> no file
      bho-x32: Panda safe web -> {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} -> c:\program files (x86)\pandasecuritytb\pandasecuritydx.dll => no file
      toolbar: Hklm - panda safe web - {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\pandasecuritytb\pandasecuritydx64.dll no file
      toolbar: Hklm-x32 - panda safe web - {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\pandasecuritytb\pandasecuritydx.dll no file
      ff hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\seamonkey\extensions: [[email protected]] - c:\users\hejave\appdata\roaming\idm\idmmzcc5
      ff extension: (idm cc) - c:\users\hejave\appdata\roaming\idm\idmmzcc5 [2018-01-02] [legacy] [not signed]
      ff hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\seamonkey\extensions: [[email protected]] - c:\program files (x86)\internet download manager\idmmzcc2.xpi
      ff extension: (idm integration) - c:\program files (x86)\internet download manager\idmmzcc2.xpi [2017-01-26] [legacy]
      chr profile: C:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata [2018-01-10] <==== attention
      chr extension: (video downloader professional) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-08-03]
      chr extension: (idm integration module) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-01-02]
      chr extension: (avast safeprice) - c:\users\hejave\appdata\local\google\chrome\user data\default\extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-12]
      chr extension: (avast online security) - c:\users\hejave\appdata\local\google\chrome\user data\default\extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-17]
      chr hklm\...\chrome\extension: [ngpampappnmepgilojfohadhhmbhlaek] - c:\program files (x86)\internet download manager\idmgcext.crx [2017-05-25]
      chr hklm-x32\...\chrome\extension: [ngpampappnmepgilojfohadhhmbhlaek] - c:\program files (x86)\internet download manager\idmgcext.crx [2017-05-25]
      s3 liveupdatesvc; c:\program files (x86)\iobit\liveupdate\liveupdate.exe [2945312 2016-01-14] (iobit)
      2018-01-05 09:16 - 2017-12-15 08:03 - 000345000 _____ (qihu 360 software co. Limited) c:\users\hejave\appdata\local\temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_360tray.exe
      2018-01-05 09:16 - 2017-09-15 06:42 - 002009696 _____ (qihu 360 software co. Limited) c:\users\hejave\appdata\local\temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_systemcompact.exe
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => -> No File
      ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
      ContextMenuHandlers1: [WinRAR] -> _{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
      ContextMenuHandlers1: [WinRAR32] -> _{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
      ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
      ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
      ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
      Task: {25E16EC9-6D6E-4B6F-9038-01A781664191} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000UA => C:\Users\hejave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-07] (Facebook Inc.)
      Task: {76832DFC-595E-4695-A97A-4EF83345C403} - System32\Tasks\Uninstaller_SkipUac_hejave => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-04] (IObit)
      Task: {D6686AED-CA3E-4EF5-B54A-F78A169FB11A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000Core => C:\Users\hejave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-07] (Facebook Inc.)
      Task: {D9EEC226-3B66-4893-ABD6-40E6743214EF} - System32\Tasks\{DA5B3676-B1C6-4B34-AE4E-5E7B015AF2E9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Omiga Plus\eUninstall.exe" <==== ATTENTION
      Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
      Task: {F4EACA50-4BE3-4DFC-9A42-E712AC2B8A8F} - System32\Tasks\Driver Booster SkipUAC (hejave) => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe [2017-11-16] (IObit)
      Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000UA.job => C:\Users\hejave\AppData\Local\Facebook\Update\FacebookUpdate.exe
      AlternateDataStreams: C:\Users\hejave:zylomtest [0]
      AlternateDataStreams: C:\Users\hejave:zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VSQ} [34]
      AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68 [183]
      AlternateDataStreams: C:\ProgramData\Temp:268A5068 [256]
      AlternateDataStreams: C:\ProgramData\Temp:F33C37D5 [133]
      AlternateDataStreams: C:\ProgramData\Temp:FB6A21E3 [228]
      
      CMD:  ipconfig /release 
      CMD:  ipconfig /renew 
      CMD:  ipconfig /flushdns 
      CMD:  ipconfig /registerdns
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.
      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.


      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Reinicias el equipo y comentas cómo sigue funcionando todo.
      Saludos.
      El problema de los virus es pasajero y durará un par de años / John McAfee - fundador de McAfee

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #19
      Usuario Avatar de diego2005
      Registrado
      mar 2006
      Ubicación
      colombia
      Mensajes
      64

      Re: AUTORUN.INF y mi log de HJT

      muy bna tarde, ya esta listo lo que pediste....

      en cuanto al equipo, sigo sintiendolo quedado, por otra arte el EXPLORADOR AL ACCEDER A C: NO DEJA DANDO DOBLE CLICK, aparece un mensaje de error, pero si deja desde el arbol en equipo, c o f.....



      2. las aplicaciones o herramientas que hay( adwarecleaner, frts etc; las borro, elimino? ya me diras que hacer con ellas......

      3. al hacer el proceso de fix, el equipo inicio bien ero al abrir el navegador chrome que es el q uso, han desaparecido todos los datos, cuentas contraseñas, los marcadores y favoritas han desaparecido todos........

      quedo en espera de tus comentarios tan utiles para mi......

    10. #20
      Usuario Avatar de diego2005
      Registrado
      mar 2006
      Ubicación
      colombia
      Mensajes
      64

      Re: AUTORUN.INF y mi log de HJT

      amigo, aqui dejo el reporte del fix....

      Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
      Ran by hejave (11-01-2018 14:50:37) Run:1
      Running from C:\Users\hejave\Desktop
      Loaded Profiles: hejave (Available Profiles: hejave)
      Boot Mode: Normal
      ==============================================

      fixlist content:
      *****************
      Start
      CreateRestorePoint:
      CloseProcesses:

      hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\run: [idman] => c:\program files (x86)\internet download manager\idman.exe [4022328 2017-05-25] (tonec inc.)
      hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\winlogon: [shell] c:\windows\explorer.exe [3229696 2016-10-06] (microsoft corporation) <==== attention
      grouppolicy: Restriction <==== attention
      searchscopes: Hklm -> defaultscope value is missing
      searchscopes: Hklm-x32 -> defaultscope value is missing
      searchscopes: Hku\s-1-5-21-3032391462-2345422213-4090516585-1000 -> {0633ee93-d776-472f-a0ff-e1416b8b2e3a} url = hxxp://www.bing.com/search?form=up97df&pc=up97&q={searchterms}&src=ie-searchbox
      searchscopes: Hku\s-1-5-21-3032391462-2345422213-4090516585-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} url = hxxp://start.myplaycity.com/results.php?category=web&s={searchterms}
      bho: Idm integration (idmiehlprobj class) -> {0055c089-8582-441b-a0bf-17b458c2a3a8} -> c:\program files (x86)\internet download manager\idmiecc64.dll [2016-12-10] (internet download manager, tonec inc.)
      bho: Explorerwnd helper -> {10921475-03ce-4e04-90ce-e2e7ef20c814} -> c:\program files (x86)\iobit\iobit uninstaller\uninstallexplorer.dll [2015-11-12] (iobit)
      bho: Panda safe web -> {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} -> c:\program files (x86)\pandasecuritytb\pandasecuritydx64.dll => no file
      bho-x32: Idm integration (idmiehlprobj class) -> {0055c089-8582-441b-a0bf-17b458c2a3a8} -> c:\program files (x86)\internet download manager\idmiecc.dll [2016-12-10] (internet download manager, tonec inc.)
      bho-x32: No name -> {92ef2ead-a7ce-4424-b0db-499cf856608e} -> no file
      bho-x32: Panda safe web -> {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} -> c:\program files (x86)\pandasecuritytb\pandasecuritydx.dll => no file
      toolbar: Hklm - panda safe web - {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\pandasecuritytb\pandasecuritydx64.dll no file
      toolbar: Hklm-x32 - panda safe web - {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files (x86)\pandasecuritytb\pandasecuritydx.dll no file
      ff hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\seamonkey\extensions: [[email protected]] - c:\users\hejave\appdata\roaming\idm\idmmzcc5
      ff extension: (idm cc) - c:\users\hejave\appdata\roaming\idm\idmmzcc5 [2018-01-02] [legacy] [not signed]
      ff hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\seamonkey\extensions: [[email protected]] - c:\program files (x86)\internet download manager\idmmzcc2.xpi
      ff extension: (idm integration) - c:\program files (x86)\internet download manager\idmmzcc2.xpi [2017-01-26] [legacy]
      chr profile: C:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata [2018-01-10] <==== attention
      chr extension: (video downloader professional) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-08-03]
      chr extension: (idm integration module) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-01-02]
      chr extension: (avast safeprice) - c:\users\hejave\appdata\local\google\chrome\user data\default\extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-12]
      chr extension: (avast online security) - c:\users\hejave\appdata\local\google\chrome\user data\default\extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-17]
      chr hklm\...\chrome\extension: [ngpampappnmepgilojfohadhhmbhlaek] - c:\program files (x86)\internet download manager\idmgcext.crx [2017-05-25]
      chr hklm-x32\...\chrome\extension: [ngpampappnmepgilojfohadhhmbhlaek] - c:\program files (x86)\internet download manager\idmgcext.crx [2017-05-25]
      s3 liveupdatesvc; c:\program files (x86)\iobit\liveupdate\liveupdate.exe [2945312 2016-01-14] (iobit)
      2018-01-05 09:16 - 2017-12-15 08:03 - 000345000 _____ (qihu 360 software co. Limited) c:\users\hejave\appdata\local\temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_360tray.exe
      2018-01-05 09:16 - 2017-09-15 06:42 - 002009696 _____ (qihu 360 software co. Limited) c:\users\hejave\appdata\local\temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_systemcompact.exe
      ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
      ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => -> No File
      ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
      ContextMenuHandlers1: [WinRAR] -> _{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
      ContextMenuHandlers1: [WinRAR32] -> _{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
      ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => -> No File
      ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
      ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
      Task: {25E16EC9-6D6E-4B6F-9038-01A781664191} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000UA => C:\Users\hejave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-07] (Facebook Inc.)
      Task: {76832DFC-595E-4695-A97A-4EF83345C403} - System32\Tasks\Uninstaller_SkipUac_hejave => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-04] (IObit)
      Task: {D6686AED-CA3E-4EF5-B54A-F78A169FB11A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000Core => C:\Users\hejave\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-07] (Facebook Inc.)
      Task: {D9EEC226-3B66-4893-ABD6-40E6743214EF} - System32\Tasks\{DA5B3676-B1C6-4B34-AE4E-5E7B015AF2E9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Omiga Plus\eUninstall.exe" <==== ATTENTION
      Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
      Task: {F4EACA50-4BE3-4DFC-9A42-E712AC2B8A8F} - System32\Tasks\Driver Booster SkipUAC (hejave) => C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe [2017-11-16] (IObit)
      Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000UA.job => C:\Users\hejave\AppData\Local\Facebook\Update\FacebookUpdate.exe
      AlternateDataStreams: C:\Users\hejave:zylomtest [0]
      AlternateDataStreams: C:\Users\hejave:zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VSQ} [34]
      AlternateDataStreams: C:\ProgramData\Temp:1AAB2E68 [183]
      AlternateDataStreams: C:\ProgramData\Temp:268A5068 [256]
      AlternateDataStreams: C:\ProgramData\Temp:F33C37D5 [133]
      AlternateDataStreams: C:\ProgramData\Temp:FB6A21E3 [228]

      CMD: ipconfig /release
      CMD: ipconfig /renew
      CMD: ipconfig /flushdns
      CMD: ipconfig /registerdns
      RemoveProxy:
      EmptyTemp:
      Hosts:
      *****************

      Restore point was successfully created.
      Processes closed successfully.
      "HKU\s-1-5-21-3032391462-2345422213-4090516585-1000\Software\Microsoft\Windows\CurrentVersion\Run\\idman" => removed successfully
      "HKU\s-1-5-21-3032391462-2345422213-4090516585-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
      "C:\Windows\system32\GroupPolicyUsers\grouppolicy: Restriction <==== attention" => not found
      C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
      C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
      "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
      "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
      "HKU\searchscopes: Hku\s-1-5-21-3032391462-2345422213-4090516585-1000 -> {0633ee93-d776-472f-a0ff-e1416b8b2e3a} url = hxxp://www.bing.com/search?form=up97df&pc=up97&q={searchterms}&src=ie-searchbox\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\searchscopes: Hku\s-1-5-21-3032391462-2345422213-4090516585-1000 -> {0633ee93-d776-472f-a0ff-e1416b8b2e3a} url = hxxp://www.bing.com/search?form=up97df&pc=up97&q={searchterms}&src=ie-searchbox" => not found
      "HKU\searchscopes: Hku\s-1-5-21-3032391462-2345422213-4090516585-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} url = hxxp://start.myplaycity.com/results.php?category=web&s={searchterms}\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\searchscopes: Hku\s-1-5-21-3032391462-2345422213-4090516585-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} url = hxxp://start.myplaycity.com/results.php?category=web&s={searchterms}" => not found
      "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}" => removed successfully
      "HKLM\Software\Classes\CLSID\{0055c089-8582-441b-a0bf-17b458c2a3a8}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03ce-4e04-90ce-e2e7ef20c814}" => removed successfully
      "HKLM\Software\Classes\CLSID\{10921475-03ce-4e04-90ce-e2e7ef20c814}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}" => removed successfully
      HKLM\Software\Classes\CLSID\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} => key not found
      "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}" => removed successfully
      "HKLM\Software\Wow6432Node\Classes\CLSID\{0055c089-8582-441b-a0bf-17b458c2a3a8}" => removed successfully
      "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92ef2ead-a7ce-4424-b0db-499cf856608e}" => removed successfully
      HKLM\Software\Wow6432Node\Classes\CLSID\{92ef2ead-a7ce-4424-b0db-499cf856608e} => key not found
      "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}" => removed successfully
      HKLM\Software\Wow6432Node\Classes\CLSID\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} => key not found
      "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}" => removed successfully
      HKLM\Software\Classes\CLSID\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} => key not found
      "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}" => removed successfully
      HKLM\Software\Wow6432Node\Classes\CLSID\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} => key not found
      ff hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\seamonkey\extensions: [[email protected]] - c:\users\hejave\appdata\roaming\idm\idmmzcc5 => Error: No automatic fix found for this entry.
      c:\users\hejave\appdata\roaming\idm\idmmzcc5 => moved successfully
      ff hku\s-1-5-21-3032391462-2345422213-4090516585-1000\...\seamonkey\extensions: [[email protected]] - c:\program files (x86)\internet download manager\idmmzcc2.xpi => Error: No automatic fix found for this entry.
      c:\program files (x86)\internet download manager\idmmzcc2.xpi => moved successfully
      C:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata => moved successfully
      chr extension: (video downloader professional) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-08-03] => Error: No automatic fix found for this entry.
      chr extension: (idm integration module) - c:\users\hejave\appdata\local\google\chrome\user data\chromedefaultdata\extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-01-02] => Error: No automatic fix found for this entry.
      chr extension: (avast safeprice) - c:\users\hejave\appdata\local\google\chrome\user data\default\extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-12] => Error: No automatic fix found for this entry.
      chr extension: (avast online security) - c:\users\hejave\appdata\local\google\chrome\user data\default\extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-17] => Error: No automatic fix found for this entry.
      "HKLM\System\CurrentControlSet\Services\liveupdatesvc" => removed successfully
      liveupdatesvc => service removed successfully
      "c:\users\hejave\appdata\local\temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_360tray.exe" => not found
      "c:\users\hejave\appdata\local\temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_systemcompact.exe" => not found
      "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
      HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
      "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
      HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
      "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AcShellExtension.AcContextMenuHandler" => removed successfully
      HKLM\Software\Classes\CLSID\{2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => key not found
      "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUnstaler" => removed successfully
      "HKLM\Software\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027}" => removed successfully
      "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR" => removed successfully
      HKLM\Software\Classes\CLSID\_{B41DB860-64E4-11D2-9906-E49FADC173CA} => key not found
      "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32" => removed successfully
      HKLM\Software\Classes\CLSID\_{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found
      "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinZip" => removed successfully
      HKLM\Software\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000} => key not found
      "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUnstaler" => removed successfully
      HKLM\Software\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027} => key not found
      "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUnstaler" => removed successfully
      HKLM\Software\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027} => key not found
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25E16EC9-6D6E-4B6F-9038-01A781664191} => could not remove key. ErrorCode1: 0x00000002
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25E16EC9-6D6E-4B6F-9038-01A781664191}" => removed successfully
      C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000UA => moved successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000UA" => removed successfully
      HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76832DFC-595E-4695-A97A-4EF83345C403} => key not found
      C:\Windows\System32\Tasks\Uninstaller_SkipUac_hejave => moved successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_hejave" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6686AED-CA3E-4EF5-B54A-F78A169FB11A}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6686AED-CA3E-4EF5-B54A-F78A169FB11A}" => removed successfully
      C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000Core => moved successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000Core" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9EEC226-3B66-4893-ABD6-40E6743214EF}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9EEC226-3B66-4893-ABD6-40E6743214EF}" => removed successfully
      C:\Windows\System32\Tasks\{DA5B3676-B1C6-4B34-AE4E-5E7B015AF2E9} => moved successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DA5B3676-B1C6-4B34-AE4E-5E7B015AF2E9}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4EACA50-4BE3-4DFC-9A42-E712AC2B8A8F}" => removed successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4EACA50-4BE3-4DFC-9A42-E712AC2B8A8F}" => removed successfully
      C:\Windows\System32\Tasks\Driver Booster SkipUAC (hejave) => moved successfully
      "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (hejave)" => removed successfully
      C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3032391462-2345422213-4090516585-1000UA.job => moved successfully
      C:\Users\hejave => ":zylomtest" ADS removed successfully
      C:\Users\hejave => ":zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VSQ}" ADS removed successfully
      C:\ProgramData\Temp => ":1AAB2E68" ADS removed successfully
      C:\ProgramData\Temp => ":268A5068" ADS removed successfully
      C:\ProgramData\Temp => ":F33C37D5" ADS removed successfully
      C:\ProgramData\Temp => ":FB6A21E3" ADS removed successfully

      ========= ipconfig /release =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Wireless Network Connection 2 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Local Area Connection mientras los medios
      est‚n desconectados.

      Adaptador de LAN inal*mbrica Wireless Network Connection 2:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de LAN inal*mbrica Wireless Network Connection:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::28bd:19be:1a9e:6e3b%12
      Puerta de enlace predeterminada . . . . . :

      Adaptador de Ethernet Local Area Connection:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= ipconfig /renew =========


      Configuraci¢n IP de Windows

      No se puede realizar ninguna operaci¢n en Wireless Network Connection 2 mientras los medios
      est‚n desconectados.
      No se puede realizar ninguna operaci¢n en Local Area Connection mientras los medios
      est‚n desconectados.

      Adaptador de LAN inal*mbrica Wireless Network Connection 2:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      Adaptador de LAN inal*mbrica Wireless Network Connection:

      Sufijo DNS espec¡fico para la conexi¢n. . :
      V¡nculo: direcci¢n IPv6 local. . . : fe80::28bd:19be:1a9e:6e3b%12
      Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.3
      M*scara de subred . . . . . . . . . . . . : 255.255.255.0
      Puerta de enlace predeterminada . . . . . : 192.168.1.1

      Adaptador de Ethernet Local Area Connection:

      Estado de los medios. . . . . . . . . . . : medios desconectados
      Sufijo DNS espec¡fico para la conexi¢n. . :

      ========= End of CMD: =========


      ========= ipconfig /flushdns =========


      Configuraci¢n IP de Windows

      Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

      ========= End of CMD: =========


      ========= ipconfig /registerdns =========


      Configuraci¢n IP de Windows

      Se inici¢ el registro de los registros de recursos DNS para todos
      los adaptadores de este equipo. Cualquier error se notificar* en
      el Visor de eventos en 15 minutos.

      ========= End of CMD: =========


      ========= RemoveProxy: =========

      "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
      "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
      "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
      "HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
      "HKU\S-1-5-21-3032391462-2345422213-4090516585-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


      ========= End of RemoveProxy: =========

      C:\Windows\System32\Drivers\etc\hosts => moved successfully
      Hosts restored successfully.

      =========== EmptyTemp: ==========

      BITS transfer queue => 8388608 B
      DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12697779 B
      Java, Flash, Steam htmlcache => 29438013 B
      Windows/system/drivers => 10522291 B
      Edge => 0 B
      Chrome => 21451085 B
      Firefox => 0 B
      Opera => 389120 B

      Temp, IE cache, history, cookies, recent:
      Users => 0 B
      Default => 0 B
      Public => 0 B
      ProgramData => 0 B
      systemprofile => 66176 B
      systemprofile32 => 115799 B
      LocalService => 16384 B
      NetworkService => 0 B
      hejave => 20989515 B

      RecycleBin => 50212993 B
      EmptyTemp: => 147.1 MB temporary data Removed.

      ================================


      The system needed a reboot.

      ==== End of Fixlog 14:53:59 ====