Solved My browser opens "login.lataminternet.com" and usb shows a trash folder

Rohr35 · Oct 31, 2014

Still happening

TwinHeadedEagle · Oct 31, 2014

Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

Right-click on

icon and select

Run as Administrator to start the tool.
Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
Your machine may appear very slow and unusable after that - it's normal.
TDSSKiller will run automaticaly. Click on Change parameters and click OK.
Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:

If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
If Cure is not available, please choose Skip instead.
Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Rohr35 · Nov 1, 2014

Firts tool didn't find anything, here are the files

TwinHeadedEagle · Nov 2, 2014

Can you try to reinstall your browser?

Rohr35 · Nov 3, 2014

I did but didn't work. I use google chrome and my extensions and bookmarks were there after I re installed. I saw another member saying he deleted the file from the keys in the registry, but I don't know how to that.

TwinHeadedEagle · Nov 3, 2014

Which member?

Rohr35 · Nov 3, 2014

http://malwaretips.com/threads/hell...cker-called-pum-hijack-homepagecontrol.34963/

TwinHeadedEagle · Nov 3, 2014

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on

icon and select

Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

Code:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Rohr35 · Nov 3, 2014

Zoek.exe v5.0.0.0 Updated 03-November-2014
Tool run by Andres on 03/11/2014 at 12:58:08.98.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Andres\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-10-27-213310.log 818 bytes

==== System Restore Info ======================

03/11/2014 13:00:38 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater3.2.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater3.2.0 deleted successfully

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\Users\Andres\AppData\Local\cache deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Windows\System32\AI_RecycleBin deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted

==== Firefox Extensions ======================

==== Firefox Plugins ======================

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 17:22]

Google Voice Search Hotword (Beta) - Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
News Feed Eradicator for Facebook - Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg
Follow - Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij
LastPass - Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Motivation - Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofdgfpchbidcgncgfpdlpclnpaemakoj
Sidekick - Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd

==== Chromium Fix ======================

C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage deleted successfully
C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd deleted successfully
C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oiiaigjnkhngdbnoookogelabohpglmd_0.localstorage deleted successfully
C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oiiaigjnkhngdbnoookogelabohpglmd deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
@="http://login.lataminternet.com/search.php?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Users\Andres\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=487 folders=34 6543849 bytes)

==== Empty Temp Folders ======================

C:\Users\Andres\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Andres\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 03/11/2014 at 13:19:53.78 ======================

TwinHeadedEagle · Nov 3, 2014

Any progress?

Rohr35 · Nov 3, 2014

It still opens the scan says IE auto starts the site, I don't know what to search for or delete in my files I am thinking on deleting everything under chrome.

TwinHeadedEagle · Nov 3, 2014

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Rohr35 · Nov 3, 2014

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by Andres (administrator) on ANDRES-PC on 03-11-2014 15:27:06
Running from C:\Users\Andres\Desktop
Loaded Profile: Andres (Available profiles: Andres)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
() C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OIS.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OIS.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OIS.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-03-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [383424 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1794085492-3921057888-2474691628-1001\...\Run: [Facebook Update] => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-31] (Facebook Inc.)
HKU\S-1-5-21-1794085492-3921057888-2474691628-1001\...\Run: [TK8 StickyNotes] => C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe [10103808 2013-11-05] ()
HKU\S-1-5-21-1794085492-3921057888-2474691628-1001\...\Run: [GoogleChromeAutoLaunch_8768AEDF7A925857BF9ADB340A37CED5] => C:\Program Files\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Andres\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Andres\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Andres\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Andres\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Andres\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Andres\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com.mx/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google

ageClassification}{google:searchVersion}{google:sessionToken}{google

refetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-09-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Adblock Plus) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-31]
CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2014-04-11]
CHR Extension: (Follow) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2014-10-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-06-26]
CHR Extension: (Google Wallet) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Motivation) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofdgfpchbidcgncgfpdlpclnpaemakoj [2014-07-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-13] (Flexera Software, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-30] (AVG Technologies)
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [177152 2007-10-24] (Conexant Systems Inc.) [File not signed]
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 15:27 - 2014-11-03 15:27 - 00014034 _____ () C:\Users\Andres\Desktop\FRST.txt
2014-11-03 13:18 - 2014-11-03 12:57 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-03 05:15 - 2014-11-03 05:15 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-03 05:15 - 2014-11-03 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-03 05:13 - 2014-11-03 15:18 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-03 05:13 - 2014-11-03 13:19 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 18:17 - 2014-11-03 15:26 - 00000000 ____D () C:\Users\Andres\Desktop\FRST-OlderVersion
2014-11-01 18:03 - 2014-11-01 18:03 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Andres\Desktop\tdsskiller.exe
2014-10-30 12:25 - 2014-10-30 12:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-30 12:24 - 2014-10-30 12:24 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-30 12:24 - 2014-10-30 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-30 12:24 - 2014-10-30 12:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-30 12:24 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-30 12:24 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-30 12:24 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-30 12:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-10-30 12:14 - 2014-10-30 12:18 - 00000000 ____D () C:\AdwCleaner
2014-10-30 12:12 - 2014-10-30 12:13 - 01375089 _____ () C:\Users\Andres\Desktop\AdwCleaner.exe
2014-10-30 12:11 - 2014-10-30 12:17 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Andres\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-28 10:32 - 2014-10-28 10:23 - 00002137 _____ () C:\fixlist.txt
2014-10-27 15:44 - 2014-11-03 15:27 - 00000000 ____D () C:\FRST
2014-10-27 15:32 - 2014-11-03 13:19 - 00006802 _____ () C:\zoek-results.log
2014-10-27 15:30 - 2014-11-03 15:26 - 01106432 _____ (Farbar) C:\Users\Andres\Desktop\FRST.exe
2014-10-27 15:30 - 2014-11-03 13:19 - 00000000 ____D () C:\zoek_backup
2014-10-27 14:28 - 2014-10-27 14:28 - 01290752 _____ () C:\Users\Andres\Desktop\zoek.exe
2014-10-23 18:52 - 2014-11-03 15:11 - 00000516 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1794085492-3921057888-2474691628-1001.job
2014-10-23 18:52 - 2014-10-23 18:52 - 00000000 ____D () C:\Program Files\Citrix
2014-10-23 18:51 - 2014-10-23 18:51 - 00000000 ____D () C:\Users\Andres\AppData\Local\Citrix
2014-10-23 10:06 - 2014-10-31 17:29 - 00000000 ____D () C:\Users\Andres\Desktop\GUIDE
2014-10-21 08:36 - 2014-11-03 14:38 - 00000000 ____D () C:\Users\Andres\Desktop\PUNTA VENADO
2014-10-19 04:41 - 2014-10-19 04:41 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\TK8 Software
2014-10-19 04:40 - 2014-10-19 04:40 - 00001032 _____ () C:\Users\Andres\AppData\Roaming\Microsoft\Windows\Start Menu\TK8 StickyNotes.lnk
2014-10-19 04:40 - 2014-10-19 04:40 - 00001008 _____ () C:\Users\Andres\Desktop\TK8 StickyNotes.lnk
2014-10-19 04:40 - 2014-10-19 04:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TK8 StickyNotes
2014-10-19 04:40 - 2014-10-19 04:40 - 00000000 ____D () C:\Program Files\TK8 StickyNotes
2014-10-15 02:02 - 2014-10-09 19:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 02:02 - 2014-10-09 19:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 02:02 - 2014-10-09 19:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 02:02 - 2014-09-28 18:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 02:01 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 02:01 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 02:01 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 02:01 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 02:01 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 02:01 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 02:01 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 02:01 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 02:01 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 02:01 - 2014-09-18 19:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 02:01 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 02:01 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 02:01 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 02:01 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 02:01 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 02:01 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 02:01 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 02:01 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 02:01 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 02:01 - 2014-09-18 18:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 02:01 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 02:01 - 2014-09-18 18:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 02:01 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 02:01 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 02:01 - 2014-09-18 18:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 02:01 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 02:01 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 02:01 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 02:01 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 02:01 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 02:01 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 02:00 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 02:00 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 02:00 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 02:00 - 2014-07-16 19:39 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 02:00 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 02:00 - 2014-07-16 19:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 02:00 - 2014-07-16 19:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 02:00 - 2014-07-08 19:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 02:00 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 02:00 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 02:00 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 02:00 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 01:59 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 01:59 - 2014-08-18 20:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 01:59 - 2014-08-18 20:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 01:59 - 2014-08-18 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 01:59 - 2014-08-18 20:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 01:59 - 2014-08-18 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 01:59 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 01:59 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 01:59 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 01:59 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 01:59 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 01:59 - 2014-07-06 19:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 01:59 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 01:59 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 01:59 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 01:59 - 2014-07-06 19:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 01:59 - 2014-06-27 18:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 01:59 - 2014-06-27 18:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 01:59 - 2014-06-27 18:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-11 12:06 - 2014-10-11 12:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-06 15:03 - 2014-10-06 15:03 - 00000165 ____H () C:\Users\Andres\Desktop\~$Monthly Hit List.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 15:17 - 2013-03-24 16:54 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job
2014-11-03 15:11 - 2009-07-13 22:39 - 02172288 _____ () C:\Windows\setupact.log
2014-11-03 14:17 - 2013-03-24 16:54 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job
2014-11-03 14:13 - 2012-10-31 20:08 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job
2014-11-03 13:27 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-03 13:27 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 13:23 - 2012-08-18 07:49 - 01160841 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 13:19 - 2012-08-18 13:11 - 00113168 _____ () C:\Windows\PFRO.log
2014-11-03 13:19 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 13:16 - 2009-07-13 20:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-03 09:25 - 2012-08-18 11:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-03 05:15 - 2012-10-13 01:31 - 00000000 ____D () C:\Program Files\Google
2014-11-03 05:13 - 2012-08-18 10:41 - 00000000 ____D () C:\Users\Andres\AppData\Local\Deployment
2014-11-03 05:04 - 2014-07-18 13:19 - 00001344 _____ () C:\Users\Andres\Desktop\operacion y links.txt
2014-11-01 20:13 - 2012-10-31 20:08 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job
2014-10-30 17:17 - 2012-08-18 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatteryCare
2014-10-30 16:10 - 2014-07-29 17:24 - 00000000 ____D () C:\Users\Andres\Desktop\PUBLI
2014-10-30 15:08 - 2013-10-11 00:31 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\Applian FLV and Media Player
2014-10-30 12:24 - 2013-04-15 17:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-29 12:22 - 2013-04-03 06:01 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\Mozilla
2014-10-27 21:39 - 2012-08-18 10:23 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-27 15:31 - 2013-05-07 12:23 - 00000000 ____D () C:\Users\Andres\Desktop\Agencia
2014-10-27 14:19 - 2014-02-10 19:17 - 00000024 _____ () C:\Users\Andres\Desktop\PASS.txt
2014-10-27 01:34 - 2014-03-11 10:51 - 00001568 _____ () C:\Users\Andres\Desktop\educacion.txt
2014-10-26 15:45 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-25 14:18 - 2012-10-09 14:03 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\Skype
2014-10-23 15:57 - 2014-08-06 15:40 - 00029298 _____ () C:\Users\Andres\Desktop\Monthly Hit List.xlsx
2014-10-23 15:56 - 2014-03-06 22:29 - 00024233 _____ () C:\Users\Andres\Desktop\Sales Tracking Sheet.xlsx
2014-10-23 09:49 - 2014-06-14 13:58 - 00000504 _____ () C:\Users\Andres\Desktop\guia SEO.txt
2014-10-16 17:41 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 17:07 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 16:27 - 2009-07-13 22:33 - 00410456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:35 - 2014-05-06 15:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:05 - 2012-08-23 14:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 01:29 - 2011-02-02 00:36 - 00003692 _____ () C:\Users\Andres\Desktop\Posts.txt
2014-10-15 02:36 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 02:15 - 2013-07-31 16:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:05 - 2012-08-18 12:57 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 12:48 - 2014-09-30 13:23 - 00013732 _____ () C:\Users\Andres\Desktop\MAN OS.xlsx
2014-10-11 12:06 - 2014-03-01 22:19 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-11 12:06 - 2013-04-21 10:43 - 00000000 ___RD () C:\Program Files\Skype
2014-10-11 12:06 - 2012-10-09 14:03 - 00000000 ____D () C:\ProgramData\Skype
2014-10-09 21:45 - 2009-07-13 22:53 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-07 00:15 - 2014-08-30 11:52 - 00000000 ____D () C:\Program Files\AVG Web TuneUp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-31 07:08

==================== End Of Log ============================

Rohr35 · Nov 3, 2014

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014
Ran by Andres at 2014-11-03 15:28:26
Running from C:\Users\Andres\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.271 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM\...\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}) (Version: 9.0.16.0 - Adobe Systems, Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV and Media Player 3.1.1.12 (HKLM\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.)
Autodesk Material Library 2013 (HKLM\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4031 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Compatibilidad con Aplicaciones de Apple (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.31.4.0 - Conexant)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.3.1.606 - Foxit Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Talk Plugin (HKLM\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 6.4.3.1767 (HKCU\...\GoToMeeting) (Version: 6.4.3.1767 - CitrixOnline)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Internet Telcel Banda Ancha Móvil (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)
LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RICOH R5U8xx Media Driver ver.3.62.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH)
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
TK8 StickyNotes 4.3 (HKLM\...\TK8 StickyNotes_is1) (Version: - TK8 Software)
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.104 - TuneUp Software)
TuneUp Utilities 2012 (Version: 12.0.3600.104 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (Version: 12.0.3600.104 - TuneUp Software) Hidden
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Andres\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1767\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Andres\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Andres\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1794085492-3921057888-2474691628-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)

==================== Restore Points =========================

16-10-2014 08:00:40 Windows Update
27-10-2014 21:32:23 zoek.exe restore point
03-11-2014 19:00:17 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2013-08-09 04:03 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {018134C5-D6B0-4D19-AE96-4A7BDD70A2A6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)
Task: {0746ADBF-CF6E-44F4-AF04-66E720C02B78} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {1D9CD3F2-587B-4129-9669-A00B6C17D287} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)
Task: {310F6B07-F433-4A1D-89C9-747AE97206B0} - System32\Tasks\Google Updater and Installer => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)
Task: {49B9BB13-D3D8-4B60-BEC0-584AB39A826A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-31] (Facebook Inc.)
Task: {69223E26-D18A-4D36-B9F9-0814D73F20EA} - System32\Tasks\G2MUpdateTask-S-1-5-21-1794085492-3921057888-2474691628-1001 => C:\Program Files\Citrix\GoToMeeting\1767\g2mupdate.exe [2014-10-23] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {848E637B-3BC5-401D-A12A-D831DAA44525} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-18] (Google Inc.)
Task: {84F10BF4-227D-4BE0-ADA8-4ECAE5C8DB06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.)
Task: {C0876AF1-A304-41D4-B663-841D4F0F3135} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-31] (Facebook Inc.)
Task: {D31920AE-32F4-4686-9851-2AEDF03D0BA6} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {E31BF408-466C-4941-8F09-F4EFE1256699} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F2A30414-AFD8-4F1E-B09A-C75315BEDC40} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F6E7B92B-44EB-4D3E-9577-1192399EFD8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1794085492-3921057888-2474691628-1001.job => C:\Program Files\Citrix\GoToMeeting\1767\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job => C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-19 04:40 - 2013-11-05 09:32 - 10103808 _____ () C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
2014-11-03 05:15 - 2014-10-21 22:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-11-03 05:15 - 2014-10-21 22:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-11-03 05:15 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-11-03 05:15 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-11-03 05:15 - 2014-10-21 22:05 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99077618.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99077618.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1794085492-3921057888-2474691628-500 - Administrator - Disabled)
Andres (S-1-5-21-1794085492-3921057888-2474691628-1001 - Administrator - Enabled) => C:\Users\Andres
Guest (S-1-5-21-1794085492-3921057888-2474691628-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1794085492-3921057888-2474691628-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2014 11:47:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program QuickTimePlayer.exe version 7.75.80.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 368

Start Time: 01cff78dffac7f57

Termination Time: 40

Application Path: C:\Program Files\QuickTime\QuickTimePlayer.exe

Report Id: 62b9fa2e-6381-11e4-87b8-001d7262ff5e

Error: (11/03/2014 11:47:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program QuickTimePlayer.exe version 7.75.80.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12a8

Start Time: 01cff78de75fea89

Termination Time: 46

Application Path: C:\Program Files\QuickTime\QuickTimePlayer.exe

Report Id: 5085d441-6381-11e4-87b8-001d7262ff5e

Error: (10/31/2014 03:54:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program QuickTimePlayer.exe version 7.75.80.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d74

Start Time: 01cff551d40e5833

Termination Time: 75

Application Path: C:\Program Files\QuickTime\QuickTimePlayer.exe

Report Id: 67cbfe69-6148-11e4-a359-001d7262ff5e

Error: (10/31/2014 03:23:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program QuickTimePlayer.exe version 7.75.80.95 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 168

Start Time: 01cff550cf5fa19d

Termination Time: 40

Application Path: C:\Program Files\QuickTime\QuickTimePlayer.exe

Report Id: 287eb3b4-6144-11e4-a359-001d7262ff5e

Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4711

Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4711

Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3541

Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3541

Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (11/03/2014 01:20:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/03/2014 01:16:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 01:16:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 01:16:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 01:16:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 01:16:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 01:16:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 01:16:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 01:16:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/03/2014 01:16:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (11/03/2014 11:47:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QuickTimePlayer.exe7.75.80.9536801cff78dffac7f5740C:\Program Files\QuickTime\QuickTimePlayer.exe62b9fa2e-6381-11e4-87b8-001d7262ff5e

Error: (11/03/2014 11:47:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QuickTimePlayer.exe7.75.80.9512a801cff78de75fea8946C:\Program Files\QuickTime\QuickTimePlayer.exe5085d441-6381-11e4-87b8-001d7262ff5e

Error: (10/31/2014 03:54:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QuickTimePlayer.exe7.75.80.95d7401cff551d40e583375C:\Program Files\QuickTime\QuickTimePlayer.exe67cbfe69-6148-11e4-a359-001d7262ff5e

Error: (10/31/2014 03:23:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: QuickTimePlayer.exe7.75.80.9516801cff550cf5fa19d40C:\Program Files\QuickTime\QuickTimePlayer.exe287eb3b4-6144-11e4-a359-001d7262ff5e

Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4711

Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4711

Error: (10/23/2014 07:04:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3541

Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3541

Error: (10/23/2014 07:04:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
Date: 2013-09-29 23:41:52.734
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-29 23:38:59.758
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-29 23:36:28.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-29 23:24:15.586
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-29 21:39:21.394
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-29 21:33:33.669
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-29 21:31:18.823
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-29 21:10:12.793
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-29 20:57:45.150
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-09-29 20:56:49.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\CnxtAp32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 59%
Total physical RAM: 3062.37 MB
Available physical RAM: 1231.89 MB
Total Pagefile: 6123.02 MB
Available Pagefile: 3893.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.2 GB) (Free:140.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6E186E18)
Partition 1: (Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

TwinHeadedEagle · Nov 4, 2014

Please attach all reports.

Rohr35 · Nov 4, 2014

Rohr35 · Nov 4, 2014

TwinHeadedEagle · Nov 5, 2014

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Rohr35 · Nov 5, 2014

This isn't working man.

TwinHeadedEagle · Nov 5, 2014

Can you try to restore your router to factory settings? Is this happening only in IE?

Solved My browser opens "login.lataminternet.com" and usb shows a trash folder

New Member

Level 41

New Member

Attachments

Level 41

New Member

Level 41

New Member

Level 41

New Member

Level 41

New Member

Level 41

New Member

New Member

Level 41

New Member

Attachments

New Member

Level 41

Attachments

New Member

Attachments

Level 41

Similar threads