Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
My browser opens "login.lataminternet.com" and usb shows a trash folder
Message
<blockquote data-quote="Rohr35" data-source="post: 291699" data-attributes="member: 29426"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014</p><p>Ran by Andres (administrator) on ANDRES-PC on 03-11-2014 15:27:06</p><p>Running from C:\Users\Andres\Desktop</p><p>Loaded Profile: Andres (Available profiles: Andres)</p><p>Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe</p><p>(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe</p><p>(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe</p><p>(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe</p><p>(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe</p><p>() C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OIS.EXE</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OIS.EXE</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OIS.EXE</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-03-11] (Alps Electric Co., Ltd.)</p><p>HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)</p><p>HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)</p><p>HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [383424 2012-02-05] (Autodesk, Inc.)</p><p>HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)</p><p>HKU\S-1-5-21-1794085492-3921057888-2474691628-1001\...\Run: [Facebook Update] => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-31] (Facebook Inc.)</p><p>HKU\S-1-5-21-1794085492-3921057888-2474691628-1001\...\Run: [TK8 StickyNotes] => C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe [10103808 2013-11-05] ()</p><p>HKU\S-1-5-21-1794085492-3921057888-2474691628-1001\...\Run: [GoogleChromeAutoLaunch_8768AEDF7A925857BF9ADB340A37CED5] => C:\Program Files\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)</p><p>HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk</p><p>ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = <a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a></p><p>BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll (LastPass)</p><p>BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)</p><p>BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)</p><p>Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File</p><p>Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File</p><p>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)</p><p>Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.254</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)</p><p>FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Andres\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)</p><p>FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Andres\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)</p><p>FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Andres\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)</p><p>FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Andres\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)</p><p>FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Users\Andres\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)</p><p>FF Plugin ProgramFiles/Appdata: C:\Users\Andres\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: Default -> hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a></p><p>CHR StartupUrls: Default -> "<a href="https://www.google.com.mx/" target="_blank">https://www.google.com.mx/</a>"</p><p>CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite115" alt=":p" title="Stick out tongue :p" loading="lazy" data-shortname=":p" />ageClassification}{google:searchVersion}{google:sessionToken}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite115" alt=":p" title="Stick out tongue :p" loading="lazy" data-shortname=":p" />refetchQuery}sugkey={google:suggestAPIKeyParameter}</p><p>CHR Profile: C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-09-18]</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]</p><p>CHR Extension: (Adblock Plus) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-31]</p><p>CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2014-04-11]</p><p>CHR Extension: (Follow) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2014-10-27]</p><p>CHR Extension: (LastPass: Free Password Manager) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-06-26]</p><p>CHR Extension: (Google Wallet) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]</p><p>CHR Extension: (Motivation) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofdgfpchbidcgncgfpdlpclnpaemakoj [2014-07-27]</p><p>CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)</p><p>R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)</p><p>R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)</p><p>R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)</p><p>S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-13] (Flexera Software, Inc.)</p><p>R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)</p><p>R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)</p><p>R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)</p><p>R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-30] (AVG Technologies)</p><p>R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [177152 2007-10-24] (Conexant Systems Inc.) [File not signed]</p><p>R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)</p><p>S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]</p><p>R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software)</p><p>R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()</p><p>U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-11-03 15:27 - 2014-11-03 15:27 - 00014034 _____ () C:\Users\Andres\Desktop\FRST.txt</p><p>2014-11-03 13:18 - 2014-11-03 12:57 - 00024064 _____ () C:\Windows\zoek-delete.exe</p><p>2014-11-03 05:15 - 2014-11-03 05:15 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2014-11-03 05:15 - 2014-11-03 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>2014-11-03 05:13 - 2014-11-03 15:18 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2014-11-03 05:13 - 2014-11-03 13:19 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2014-11-01 18:17 - 2014-11-03 15:26 - 00000000 ____D () C:\Users\Andres\Desktop\FRST-OlderVersion</p><p>2014-11-01 18:03 - 2014-11-01 18:03 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Andres\Desktop\tdsskiller.exe</p><p>2014-10-30 12:25 - 2014-10-30 12:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-10-30 12:24 - 2014-10-30 12:24 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2014-10-30 12:24 - 2014-10-30 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-10-30 12:24 - 2014-10-30 12:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware</p><p>2014-10-30 12:24 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2014-10-30 12:24 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2014-10-30 12:24 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys</p><p>2014-10-30 12:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll</p><p>2014-10-30 12:14 - 2014-10-30 12:18 - 00000000 ____D () C:\AdwCleaner</p><p>2014-10-30 12:12 - 2014-10-30 12:13 - 01375089 _____ () C:\Users\Andres\Desktop\AdwCleaner.exe</p><p>2014-10-30 12:11 - 2014-10-30 12:17 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Andres\Desktop\mbam-setup-2.0.3.1025.exe</p><p>2014-10-28 10:32 - 2014-10-28 10:23 - 00002137 _____ () C:\fixlist.txt</p><p>2014-10-27 15:44 - 2014-11-03 15:27 - 00000000 ____D () C:\FRST</p><p>2014-10-27 15:32 - 2014-11-03 13:19 - 00006802 _____ () C:\zoek-results.log</p><p>2014-10-27 15:30 - 2014-11-03 15:26 - 01106432 _____ (Farbar) C:\Users\Andres\Desktop\FRST.exe</p><p>2014-10-27 15:30 - 2014-11-03 13:19 - 00000000 ____D () C:\zoek_backup</p><p>2014-10-27 14:28 - 2014-10-27 14:28 - 01290752 _____ () C:\Users\Andres\Desktop\zoek.exe</p><p>2014-10-23 18:52 - 2014-11-03 15:11 - 00000516 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1794085492-3921057888-2474691628-1001.job</p><p>2014-10-23 18:52 - 2014-10-23 18:52 - 00000000 ____D () C:\Program Files\Citrix</p><p>2014-10-23 18:51 - 2014-10-23 18:51 - 00000000 ____D () C:\Users\Andres\AppData\Local\Citrix</p><p>2014-10-23 10:06 - 2014-10-31 17:29 - 00000000 ____D () C:\Users\Andres\Desktop\GUIDE</p><p>2014-10-21 08:36 - 2014-11-03 14:38 - 00000000 ____D () C:\Users\Andres\Desktop\PUNTA VENADO</p><p>2014-10-19 04:41 - 2014-10-19 04:41 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\TK8 Software</p><p>2014-10-19 04:40 - 2014-10-19 04:40 - 00001032 _____ () C:\Users\Andres\AppData\Roaming\Microsoft\Windows\Start Menu\TK8 StickyNotes.lnk</p><p>2014-10-19 04:40 - 2014-10-19 04:40 - 00001008 _____ () C:\Users\Andres\Desktop\TK8 StickyNotes.lnk</p><p>2014-10-19 04:40 - 2014-10-19 04:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TK8 StickyNotes</p><p>2014-10-19 04:40 - 2014-10-19 04:40 - 00000000 ____D () C:\Program Files\TK8 StickyNotes</p><p>2014-10-15 02:02 - 2014-10-09 19:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll</p><p>2014-10-15 02:02 - 2014-10-09 19:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll</p><p>2014-10-15 02:02 - 2014-10-09 19:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll</p><p>2014-10-15 02:02 - 2014-09-28 18:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2014-10-15 02:01 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2014-10-15 02:01 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2014-10-15 02:01 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2014-10-15 02:01 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2014-10-15 02:01 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2014-10-15 02:01 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2014-10-15 02:01 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2014-10-15 02:01 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2014-10-15 02:01 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2014-10-15 02:01 - 2014-09-18 19:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll</p><p>2014-10-15 02:01 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2014-10-15 02:01 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2014-10-15 02:01 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll</p><p>2014-10-15 02:01 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll</p><p>2014-10-15 02:01 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2014-10-15 02:01 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2014-10-15 02:01 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2014-10-15 02:01 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2014-10-15 02:01 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2014-10-15 02:01 - 2014-09-18 18:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe</p><p>2014-10-15 02:01 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll</p><p>2014-10-15 02:01 - 2014-09-18 18:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe</p><p>2014-10-15 02:01 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll</p><p>2014-10-15 02:01 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll</p><p>2014-10-15 02:01 - 2014-09-18 18:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2014-10-15 02:01 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2014-10-15 02:01 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll</p><p>2014-10-15 02:01 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2014-10-15 02:01 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2014-10-15 02:01 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll</p><p>2014-10-15 02:01 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll</p><p>2014-10-15 02:00 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll</p><p>2014-10-15 02:00 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll</p><p>2014-10-15 02:00 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll</p><p>2014-10-15 02:00 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll</p><p>2014-10-15 02:00 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe</p><p>2014-10-15 02:00 - 2014-07-16 19:39 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll</p><p>2014-10-15 02:00 - 2014-07-16 19:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll</p><p>2014-10-15 02:00 - 2014-07-16 19:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe</p><p>2014-10-15 02:00 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll</p><p>2014-10-15 02:00 - 2014-07-16 19:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll</p><p>2014-10-15 02:00 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll</p><p>2014-10-15 02:00 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll</p><p>2014-10-15 02:00 - 2014-07-16 19:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys</p><p>2014-10-15 02:00 - 2014-07-16 19:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys</p><p>2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL</p><p>2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL</p><p>2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL</p><p>2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL</p><p>2014-10-15 02:00 - 2014-07-08 19:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL</p><p>2014-10-15 02:00 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\system32\locale.nls</p><p>2014-10-15 02:00 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll</p><p>2014-10-15 02:00 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll</p><p>2014-10-15 02:00 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll</p><p>2014-10-15 01:59 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll</p><p>2014-10-15 01:59 - 2014-08-18 20:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll</p><p>2014-10-15 01:59 - 2014-08-18 20:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll</p><p>2014-10-15 01:59 - 2014-08-18 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe</p><p>2014-10-15 01:59 - 2014-08-18 20:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe</p><p>2014-10-15 01:59 - 2014-08-18 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx</p><p>2014-10-15 01:59 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL</p><p>2014-10-15 01:59 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe</p><p>2014-10-15 01:59 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe</p><p>2014-10-15 01:59 - 2014-07-06 19:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe</p><p>2014-10-15 01:59 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe</p><p>2014-10-15 01:59 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe</p><p>2014-10-15 01:59 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll</p><p>2014-10-15 01:59 - 2014-07-06 19:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys</p><p>2014-10-15 01:59 - 2014-06-27 18:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe</p><p>2014-10-15 01:59 - 2014-06-27 18:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe</p><p>2014-10-15 01:59 - 2014-06-27 18:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll</p><p>2014-10-11 12:06 - 2014-10-11 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype</p><p>2014-10-11 12:06 - 2014-10-11 12:06 - 00000000 ____D () C:\Program Files\Common Files\Skype</p><p>2014-10-06 15:03 - 2014-10-06 15:03 - 00000165 ____H () C:\Users\Andres\Desktop\~$Monthly Hit List.xlsx</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-11-03 15:17 - 2013-03-24 16:54 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job</p><p>2014-11-03 15:11 - 2009-07-13 22:39 - 02172288 _____ () C:\Windows\setupact.log</p><p>2014-11-03 14:17 - 2013-03-24 16:54 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job</p><p>2014-11-03 14:13 - 2012-10-31 20:08 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job</p><p>2014-11-03 13:27 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-11-03 13:27 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-11-03 13:23 - 2012-08-18 07:49 - 01160841 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-11-03 13:19 - 2012-08-18 13:11 - 00113168 _____ () C:\Windows\PFRO.log</p><p>2014-11-03 13:19 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-11-03 13:16 - 2009-07-13 20:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy</p><p>2014-11-03 09:25 - 2012-08-18 11:00 - 00000000 ____D () C:\ProgramData\MFAData</p><p>2014-11-03 05:15 - 2012-10-13 01:31 - 00000000 ____D () C:\Program Files\Google</p><p>2014-11-03 05:13 - 2012-08-18 10:41 - 00000000 ____D () C:\Users\Andres\AppData\Local\Deployment</p><p>2014-11-03 05:04 - 2014-07-18 13:19 - 00001344 _____ () C:\Users\Andres\Desktop\operacion y links.txt</p><p>2014-11-01 20:13 - 2012-10-31 20:08 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job</p><p>2014-10-30 17:17 - 2012-08-18 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatteryCare</p><p>2014-10-30 16:10 - 2014-07-29 17:24 - 00000000 ____D () C:\Users\Andres\Desktop\PUBLI</p><p>2014-10-30 15:08 - 2013-10-11 00:31 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\Applian FLV and Media Player</p><p>2014-10-30 12:24 - 2013-04-15 17:23 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-10-29 12:22 - 2013-04-03 06:01 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\Mozilla</p><p>2014-10-27 21:39 - 2012-08-18 10:23 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-10-27 15:31 - 2013-05-07 12:23 - 00000000 ____D () C:\Users\Andres\Desktop\Agencia</p><p>2014-10-27 14:19 - 2014-02-10 19:17 - 00000024 _____ () C:\Users\Andres\Desktop\PASS.txt</p><p>2014-10-27 01:34 - 2014-03-11 10:51 - 00001568 _____ () C:\Users\Andres\Desktop\educacion.txt</p><p>2014-10-26 15:45 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF</p><p>2014-10-25 14:18 - 2012-10-09 14:03 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\Skype</p><p>2014-10-23 15:57 - 2014-08-06 15:40 - 00029298 _____ () C:\Users\Andres\Desktop\Monthly Hit List.xlsx</p><p>2014-10-23 15:56 - 2014-03-06 22:29 - 00024233 _____ () C:\Users\Andres\Desktop\Sales Tracking Sheet.xlsx</p><p>2014-10-23 09:49 - 2014-06-14 13:58 - 00000504 _____ () C:\Users\Andres\Desktop\guia SEO.txt</p><p>2014-10-16 17:41 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache</p><p>2014-10-16 17:07 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET</p><p>2014-10-16 16:27 - 2009-07-13 22:33 - 00410456 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2014-10-16 03:35 - 2014-05-06 15:16 - 00000000 ___SD () C:\Windows\system32\CompatTel</p><p>2014-10-16 02:05 - 2012-08-23 14:05 - 00000000 ____D () C:\ProgramData\Microsoft Help</p><p>2014-10-16 01:29 - 2011-02-02 00:36 - 00003692 _____ () C:\Users\Andres\Desktop\Posts.txt</p><p>2014-10-15 02:36 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk</p><p>2014-10-15 02:15 - 2013-07-31 16:47 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-10-15 02:05 - 2012-08-18 12:57 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-10-14 12:48 - 2014-09-30 13:23 - 00013732 _____ () C:\Users\Andres\Desktop\MAN OS.xlsx</p><p>2014-10-11 12:06 - 2014-03-01 22:19 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk</p><p>2014-10-11 12:06 - 2013-04-21 10:43 - 00000000 ___RD () C:\Program Files\Skype</p><p>2014-10-11 12:06 - 2012-10-09 14:03 - 00000000 ____D () C:\ProgramData\Skype</p><p>2014-10-09 21:45 - 2009-07-13 22:53 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT</p><p>2014-10-07 00:15 - 2014-08-30 11:52 - 00000000 ____D () C:\Program Files\AVG Web TuneUp</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\system32\winlogon.exe => File is digitally signed</p><p>C:\Windows\system32\wininit.exe => File is digitally signed</p><p>C:\Windows\system32\svchost.exe => File is digitally signed</p><p>C:\Windows\system32\services.exe => File is digitally signed</p><p>C:\Windows\system32\User32.dll => File is digitally signed</p><p>C:\Windows\system32\userinit.exe => File is digitally signed</p><p>C:\Windows\system32\rpcss.dll => File is digitally signed</p><p>C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-10-31 07:08</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Rohr35, post: 291699, member: 29426"] Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014 Ran by Andres (administrator) on ANDRES-PC on 03-11-2014 15:27:06 Running from C:\Users\Andres\Desktop Loaded Profile: Andres (Available profiles: Andres) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe () C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OIS.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OIS.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OIS.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [159744 2007-03-11] (Alps Electric Co., Ltd.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [383424 2012-02-05] (Autodesk, Inc.) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-1794085492-3921057888-2474691628-1001\...\Run: [Facebook Update] => C:\Users\Andres\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-31] (Facebook Inc.) HKU\S-1-5-21-1794085492-3921057888-2474691628-1001\...\Run: [TK8 StickyNotes] => C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe [10103808 2013-11-05] () HKU\S-1-5-21-1794085492-3921057888-2474691628-1001\...\Run: [GoogleChromeAutoLaunch_8768AEDF7A925857BF9ADB340A37CED5] => C:\Program Files\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = [url]http://www.google.com/search?q={searchTerms}[/url] BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll (LastPass) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Andres\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Andres\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Andres\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Andres\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Andres\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Andres\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Andres\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) Chrome: ======= CHR HomePage: Default -> hxxp://[url="http://www.google.com/"]www.google.com/[/url] CHR StartupUrls: Default -> "[url]https://www.google.com.mx/[/url]" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-09-18] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (Adblock Plus) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-31] CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2014-04-11] CHR Extension: (Follow) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2014-10-27] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-06-26] CHR Extension: (Google Wallet) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] CHR Extension: (Motivation) - C:\Users\Andres\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofdgfpchbidcgncgfpdlpclnpaemakoj [2014-07-27] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-13] (Flexera Software, Inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-30] (AVG Technologies) R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [177152 2007-10-24] (Conexant Systems Inc.) [File not signed] R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed] R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2012-05-08] (TuneUp Software) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-03 15:27 - 2014-11-03 15:27 - 00014034 _____ () C:\Users\Andres\Desktop\FRST.txt 2014-11-03 13:18 - 2014-11-03 12:57 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-11-03 05:15 - 2014-11-03 05:15 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-03 05:15 - 2014-11-03 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-03 05:13 - 2014-11-03 15:18 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-03 05:13 - 2014-11-03 13:19 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-01 18:17 - 2014-11-03 15:26 - 00000000 ____D () C:\Users\Andres\Desktop\FRST-OlderVersion 2014-11-01 18:03 - 2014-11-01 18:03 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Andres\Desktop\tdsskiller.exe 2014-10-30 12:25 - 2014-10-30 12:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-30 12:24 - 2014-10-30 12:24 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-30 12:24 - 2014-10-30 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-30 12:24 - 2014-10-30 12:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-10-30 12:24 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-30 12:24 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-30 12:24 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-30 12:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-10-30 12:14 - 2014-10-30 12:18 - 00000000 ____D () C:\AdwCleaner 2014-10-30 12:12 - 2014-10-30 12:13 - 01375089 _____ () C:\Users\Andres\Desktop\AdwCleaner.exe 2014-10-30 12:11 - 2014-10-30 12:17 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Andres\Desktop\mbam-setup-2.0.3.1025.exe 2014-10-28 10:32 - 2014-10-28 10:23 - 00002137 _____ () C:\fixlist.txt 2014-10-27 15:44 - 2014-11-03 15:27 - 00000000 ____D () C:\FRST 2014-10-27 15:32 - 2014-11-03 13:19 - 00006802 _____ () C:\zoek-results.log 2014-10-27 15:30 - 2014-11-03 15:26 - 01106432 _____ (Farbar) C:\Users\Andres\Desktop\FRST.exe 2014-10-27 15:30 - 2014-11-03 13:19 - 00000000 ____D () C:\zoek_backup 2014-10-27 14:28 - 2014-10-27 14:28 - 01290752 _____ () C:\Users\Andres\Desktop\zoek.exe 2014-10-23 18:52 - 2014-11-03 15:11 - 00000516 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1794085492-3921057888-2474691628-1001.job 2014-10-23 18:52 - 2014-10-23 18:52 - 00000000 ____D () C:\Program Files\Citrix 2014-10-23 18:51 - 2014-10-23 18:51 - 00000000 ____D () C:\Users\Andres\AppData\Local\Citrix 2014-10-23 10:06 - 2014-10-31 17:29 - 00000000 ____D () C:\Users\Andres\Desktop\GUIDE 2014-10-21 08:36 - 2014-11-03 14:38 - 00000000 ____D () C:\Users\Andres\Desktop\PUNTA VENADO 2014-10-19 04:41 - 2014-10-19 04:41 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\TK8 Software 2014-10-19 04:40 - 2014-10-19 04:40 - 00001032 _____ () C:\Users\Andres\AppData\Roaming\Microsoft\Windows\Start Menu\TK8 StickyNotes.lnk 2014-10-19 04:40 - 2014-10-19 04:40 - 00001008 _____ () C:\Users\Andres\Desktop\TK8 StickyNotes.lnk 2014-10-19 04:40 - 2014-10-19 04:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TK8 StickyNotes 2014-10-19 04:40 - 2014-10-19 04:40 - 00000000 ____D () C:\Program Files\TK8 StickyNotes 2014-10-15 02:02 - 2014-10-09 19:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-15 02:02 - 2014-10-09 19:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-15 02:02 - 2014-10-09 19:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-15 02:02 - 2014-09-28 18:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 02:01 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 02:01 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 02:01 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 02:01 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 02:01 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 02:01 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 02:01 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 02:01 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 02:01 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 02:01 - 2014-09-18 19:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 02:01 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 02:01 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 02:01 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 02:01 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 02:01 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 02:01 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 02:01 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 02:01 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 02:01 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 02:01 - 2014-09-18 18:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 02:01 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 02:01 - 2014-09-18 18:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 02:01 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 02:01 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 02:01 - 2014-09-18 18:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 02:01 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 02:01 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 02:01 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 02:01 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 02:01 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 02:01 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 02:00 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 02:00 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 02:00 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 02:00 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 02:00 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 02:00 - 2014-07-16 19:39 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-15 02:00 - 2014-07-16 19:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 02:00 - 2014-07-16 19:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 02:00 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-15 02:00 - 2014-07-16 19:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 02:00 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 02:00 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 02:00 - 2014-07-16 19:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 02:00 - 2014-07-16 19:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-15 02:00 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-15 02:00 - 2014-07-08 19:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-15 02:00 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-15 02:00 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 02:00 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 02:00 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 01:59 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-15 01:59 - 2014-08-18 20:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-15 01:59 - 2014-08-18 20:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-15 01:59 - 2014-08-18 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-15 01:59 - 2014-08-18 20:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-15 01:59 - 2014-08-18 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-15 01:59 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-15 01:59 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-15 01:59 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-15 01:59 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-15 01:59 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-10-15 01:59 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-15 01:59 - 2014-07-06 19:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-15 01:59 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-15 01:59 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-15 01:59 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-15 01:59 - 2014-07-06 19:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-15 01:59 - 2014-06-27 18:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-15 01:59 - 2014-06-27 18:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-15 01:59 - 2014-06-27 18:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-11 12:06 - 2014-10-11 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-11 12:06 - 2014-10-11 12:06 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-10-06 15:03 - 2014-10-06 15:03 - 00000165 ____H () C:\Users\Andres\Desktop\~$Monthly Hit List.xlsx ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-03 15:17 - 2013-03-24 16:54 - 00001050 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job 2014-11-03 15:11 - 2009-07-13 22:39 - 02172288 _____ () C:\Windows\setupact.log 2014-11-03 14:17 - 2013-03-24 16:54 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job 2014-11-03 14:13 - 2012-10-31 20:08 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001UA.job 2014-11-03 13:27 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-03 13:27 - 2009-07-13 22:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-03 13:23 - 2012-08-18 07:49 - 01160841 _____ () C:\Windows\WindowsUpdate.log 2014-11-03 13:19 - 2012-08-18 13:11 - 00113168 _____ () C:\Windows\PFRO.log 2014-11-03 13:19 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-03 13:16 - 2009-07-13 20:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-11-03 09:25 - 2012-08-18 11:00 - 00000000 ____D () C:\ProgramData\MFAData 2014-11-03 05:15 - 2012-10-13 01:31 - 00000000 ____D () C:\Program Files\Google 2014-11-03 05:13 - 2012-08-18 10:41 - 00000000 ____D () C:\Users\Andres\AppData\Local\Deployment 2014-11-03 05:04 - 2014-07-18 13:19 - 00001344 _____ () C:\Users\Andres\Desktop\operacion y links.txt 2014-11-01 20:13 - 2012-10-31 20:08 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1794085492-3921057888-2474691628-1001Core.job 2014-10-30 17:17 - 2012-08-18 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatteryCare 2014-10-30 16:10 - 2014-07-29 17:24 - 00000000 ____D () C:\Users\Andres\Desktop\PUBLI 2014-10-30 15:08 - 2013-10-11 00:31 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\Applian FLV and Media Player 2014-10-30 12:24 - 2013-04-15 17:23 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-29 12:22 - 2013-04-03 06:01 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\Mozilla 2014-10-27 21:39 - 2012-08-18 10:23 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-27 15:31 - 2013-05-07 12:23 - 00000000 ____D () C:\Users\Andres\Desktop\Agencia 2014-10-27 14:19 - 2014-02-10 19:17 - 00000024 _____ () C:\Users\Andres\Desktop\PASS.txt 2014-10-27 01:34 - 2014-03-11 10:51 - 00001568 _____ () C:\Users\Andres\Desktop\educacion.txt 2014-10-26 15:45 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-25 14:18 - 2012-10-09 14:03 - 00000000 ____D () C:\Users\Andres\AppData\Roaming\Skype 2014-10-23 15:57 - 2014-08-06 15:40 - 00029298 _____ () C:\Users\Andres\Desktop\Monthly Hit List.xlsx 2014-10-23 15:56 - 2014-03-06 22:29 - 00024233 _____ () C:\Users\Andres\Desktop\Sales Tracking Sheet.xlsx 2014-10-23 09:49 - 2014-06-14 13:58 - 00000504 _____ () C:\Users\Andres\Desktop\guia SEO.txt 2014-10-16 17:41 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache 2014-10-16 17:07 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-16 16:27 - 2009-07-13 22:33 - 00410456 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 03:35 - 2014-05-06 15:16 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 02:05 - 2012-08-23 14:05 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 01:29 - 2011-02-02 00:36 - 00003692 _____ () C:\Users\Andres\Desktop\Posts.txt 2014-10-15 02:36 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-10-15 02:15 - 2013-07-31 16:47 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 02:05 - 2012-08-18 12:57 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-14 12:48 - 2014-09-30 13:23 - 00013732 _____ () C:\Users\Andres\Desktop\MAN OS.xlsx 2014-10-11 12:06 - 2014-03-01 22:19 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-10-11 12:06 - 2013-04-21 10:43 - 00000000 ___RD () C:\Program Files\Skype 2014-10-11 12:06 - 2012-10-09 14:03 - 00000000 ____D () C:\ProgramData\Skype 2014-10-09 21:45 - 2009-07-13 22:53 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-07 00:15 - 2014-08-30 11:52 - 00000000 ____D () C:\Program Files\AVG Web TuneUp ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-31 07:08 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top