Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by Andres (administrator) on ANDRES-PC on 03-11-2014 15:27:06
Running from C:\Users\Andres\Desktop
Loaded Profile: Andres (Available profiles: Andres)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
() C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OIS.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OIS.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OIS.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-03-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [383424 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1794085492-3921057888-2474691628-1001\...\Run: [Facebook Update] => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-31] (Facebook Inc.)
HKU\S-1-5-21-1794085492-3921057888-2474691628-1001\...\Run: [TK8 StickyNotes] => C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe [10103808 2013-11-05] ()
HKU\S-1-5-21-1794085492-3921057888-2474691628-1001\...\Run: [GoogleChromeAutoLaunch_8768AEDF7A925857BF9ADB340A37CED5] => C:\Program Files\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL =
http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Andres\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Andres\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Andres\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Andres\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Andres\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Andres\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
Chrome:
=======
CHR HomePage: Default -> hxxp://
www.google.com/
CHR StartupUrls: Default -> "
https://www.google.com.mx/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google
ageClassification}{google:searchVersion}{google:sessionToken}{google
refetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-09-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Adblock Plus) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-31]
CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2014-04-11]
CHR Extension: (Follow) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2014-10-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-06-26]
CHR Extension: (Google Wallet) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Motivation) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofdgfpchbidcgncgfpdlpclnpaemakoj [2014-07-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-13] (Flexera Software, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-30] (AVG Technologies)
R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [177152 2007-10-24] (Conexant Systems Inc.) [File not signed]
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 15:27 - 2014-11-03 15:27 - 00014034 _____ () C:\Users\Andres\Desktop\FRST.txt
2014-11-03 13:18 - 2014-11-03 12:57 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-03 05:15 - 2014-11-03 05:15 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-03 05:15 - 2014-11-03 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-03 05:13 - 2014-11-03 15:18 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-03 05:13 - 2014-11-03 13:19 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 18:17 - 2014-11-03 15:26 - 00000000 ____D () C:\Users\Andres\Desktop\FRST-OlderVersion
2014-11-01 18:03 - 2014-11-01 18:03 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Andres\Desktop\tdsskiller.exe
2014-10-30 12:25 - 2014-10-30 12:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-30 12:24 - 2014-10-30 12:24 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-30 12:24 - 2014-10-30 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-30 12:24 - 2014-10-30 12:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-30 12:24 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-30 12:24 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-30 12:24 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-30 12:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-10-30 12:14 - 2014-10-30 12:18 - 00000000 ____D () C:\AdwCleaner
2014-10-30 12:12 - 2014-10-30 12:13 - 01375089 _____ () C:\Users\Andres\Desktop\AdwCleaner.exe
2014-10-30 12:11 - 2014-10-30 12:17 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Andres\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-28 10:32 - 2014-10-28 10:23 - 00002137 _____ () C:\fixlist.txt
2014-10-27 15:44 - 2014-11-03 15:27 - 00000000 ____D () C:\FRST
2014-10-27 15:32 - 2014-11-03 13:19 - 00006802 _____ () C:\zoek-results.log
2014-10-27 15:30 - 2014-11-03 15:26 - 01106432 _____ (Farbar) C:\Users\Andres\Desktop\FRST.exe
2014-10-27 15:30 - 2014-11-03 13:19 - 00000000 ____D () C:\zoek_backup
2014-10-27 14:28 - 2014-10-27 14:28 - 01290752 _____ () C:\Users\Andres\Desktop\zoek.exe
2014-10-23 18:52 - 2014-11-03 15:11 - 00000516 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1794085492-3921057888-2474691628-1001.job
2014-10-23 18:52 - 2014-10-23 18:52 - 00000000 ____D () C:\Program Files\Citrix
2014-10-23 18:51 - 2014-10-23 18:51 - 00000000 ____D () C:\Users\Andres\AppData\Local\Citrix
2014-10-23 10:06 - 2014-10-31 17:29 - 00000000 ____D () C:\Users\Andres\Desktop\GUIDE
2014-10-21 08:36 - 2014-11-03 14:38 - 00000000 ____D () C:\Users\Andres\Desktop\PUNTA VENADO
2014-10-19 04:41 - 2014-10-19 04:41 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\TK8 Software
2014-10-19 04:40 - 2014-10-19 04:40 - 00001032 _____ () C:\Users\Andres\AppData\Roaming\Microsoft\Windows\Start Menu\TK8 StickyNotes.lnk
2014-10-19 04:40 - 2014-10-19 04:40 - 00001008 _____ () C:\Users\Andres\Desktop\TK8 StickyNotes.lnk
2014-10-19 04:40 - 2014-10-19 04:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TK8 StickyNotes
2014-10-19 04:40 - 2014-10-19 04:40 - 00000000 ____D () C:\Program Files\TK8 StickyNotes
2014-10-15 02:02 - 2014-10-09 19:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 02:02 - 2014-10-09 19:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 02:02 - 2014-10-09 19:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 02:02 - 2014-09-28 18:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 02:01 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 02:01 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 02:01 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 02:01 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 02:01 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 02:01 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 02:01 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 02:01 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 02:01 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 02:01 - 2014-09-18 19:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 02:01 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 02:01 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 02:01 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 02:01 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 02:01 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 02:01 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 02:01 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 02:01 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 02:01 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 02:01 - 2014-09-18 18:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 02:01 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 02:01 - 2014-09-18 18:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 02:01 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 02:01 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 02:01 - 2014-09-18 18:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 02:01 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 02:01 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 02:01 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 02:01 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 02:01 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 02:01 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 02:00 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 02:00 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 02:00 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 02:00 - 2014-07-16 19:39 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 02:00 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 02:00 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 02:00 - 2014-07-16 19:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 02:00 - 2014-07-16 19:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 02:00 - 2014-07-08 19:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 02:00 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 02:00 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 02:00 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 02:00 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 01:59 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 01:59 - 2014-08-18 20:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 01:59 - 2014-08-18 20:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 01:59 - 2014-08-18 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 01:59 - 2014-08-18 20:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 01:59 - 2014-08-18 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 01:59 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 01:59 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 01:59 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 01:59 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 01:59 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 01:59 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 01:59 - 2014-07-06 19:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 01:59 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 01:59 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 01:59 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 01:59 - 2014-07-06 19:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 01:59 - 2014-06-27 18:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 01:59 - 2014-06-27 18:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 01:59 - 2014-06-27 18:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-11 12:06 - 2014-10-11 12:06 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-06 15:03 - 2014-10-06 15:03 - 00000165 ____H () C:\Users\Andres\Desktop\~$Monthly Hit List.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 15:17 - 2013-03-24 16:54 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job
2014-11-03 15:11 - 2009-07-13 22:39 - 02172288 _____ () C:\Windows\setupact.log
2014-11-03 14:17 - 2013-03-24 16:54 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job
2014-11-03 14:13 - 2012-10-31 20:08 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job
2014-11-03 13:27 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-03 13:27 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 13:23 - 2012-08-18 07:49 - 01160841 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 13:19 - 2012-08-18 13:11 - 00113168 _____ () C:\Windows\PFRO.log
2014-11-03 13:19 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 13:16 - 2009-07-13 20:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-03 09:25 - 2012-08-18 11:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-03 05:15 - 2012-10-13 01:31 - 00000000 ____D () C:\Program Files\Google
2014-11-03 05:13 - 2012-08-18 10:41 - 00000000 ____D () C:\Users\Andres\AppData\Local\Deployment
2014-11-03 05:04 - 2014-07-18 13:19 - 00001344 _____ () C:\Users\Andres\Desktop\operacion y links.txt
2014-11-01 20:13 - 2012-10-31 20:08 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job
2014-10-30 17:17 - 2012-08-18 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatteryCare
2014-10-30 16:10 - 2014-07-29 17:24 - 00000000 ____D () C:\Users\Andres\Desktop\PUBLI
2014-10-30 15:08 - 2013-10-11 00:31 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\Applian FLV and Media Player
2014-10-30 12:24 - 2013-04-15 17:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-29 12:22 - 2013-04-03 06:01 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\Mozilla
2014-10-27 21:39 - 2012-08-18 10:23 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-27 15:31 - 2013-05-07 12:23 - 00000000 ____D () C:\Users\Andres\Desktop\Agencia
2014-10-27 14:19 - 2014-02-10 19:17 - 00000024 _____ () C:\Users\Andres\Desktop\PASS.txt
2014-10-27 01:34 - 2014-03-11 10:51 - 00001568 _____ () C:\Users\Andres\Desktop\educacion.txt
2014-10-26 15:45 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-25 14:18 - 2012-10-09 14:03 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\Skype
2014-10-23 15:57 - 2014-08-06 15:40 - 00029298 _____ () C:\Users\Andres\Desktop\Monthly Hit List.xlsx
2014-10-23 15:56 - 2014-03-06 22:29 - 00024233 _____ () C:\Users\Andres\Desktop\Sales Tracking Sheet.xlsx
2014-10-23 09:49 - 2014-06-14 13:58 - 00000504 _____ () C:\Users\Andres\Desktop\guia SEO.txt
2014-10-16 17:41 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 17:07 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 16:27 - 2009-07-13 22:33 - 00410456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:35 - 2014-05-06 15:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:05 - 2012-08-23 14:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 01:29 - 2011-02-02 00:36 - 00003692 _____ () C:\Users\Andres\Desktop\Posts.txt
2014-10-15 02:36 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 02:15 - 2013-07-31 16:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:05 - 2012-08-18 12:57 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 12:48 - 2014-09-30 13:23 - 00013732 _____ () C:\Users\Andres\Desktop\MAN OS.xlsx
2014-10-11 12:06 - 2014-03-01 22:19 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-11 12:06 - 2013-04-21 10:43 - 00000000 ___RD () C:\Program Files\Skype
2014-10-11 12:06 - 2012-10-09 14:03 - 00000000 ____D () C:\ProgramData\Skype
2014-10-09 21:45 - 2009-07-13 22:53 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-07 00:15 - 2014-08-30 11:52 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-31 07:08
==================== End Of Log ============================